diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml
new file mode 100644
index 00000000..7d9b0a09
--- /dev/null
+++ b/.github/workflows/validate.yml
@@ -0,0 +1,26 @@
+name: Validate YAMLs
+
+on: 
+  push:
+    branches:
+      - "*"
+  pull_request:
+    branches: [main]
+
+jobs:
+  validate-yaml:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+      with:
+        submodules: true
+    - name: Set up Python 3.12
+      uses: actions/setup-python@v4.5.0
+      with:
+        python-version: 3.12
+    - name: Install Poetry
+      run: curl -sSL https://install.python-poetry.org | python -
+    - name: Install dependencies with Poetry
+      run: poetry install
+    - name: Run YAML Checks
+      run: poetry run python bin/validate.py -v
diff --git a/LICENSE b/LICENSE
new file mode 100644
index 00000000..f49a4e16
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,201 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
\ No newline at end of file
diff --git a/README.md b/README.md
new file mode 100644
index 00000000..e69de29b
diff --git a/bin/site.py b/bin/site.py
new file mode 100644
index 00000000..11b0da01
--- /dev/null
+++ b/bin/site.py
@@ -0,0 +1,237 @@
+import yaml
+import argparse
+import sys
+import re
+import os
+import json
+import datetime
+import jinja2
+import csv
+
+def write_bootloaders_csv(bootloaders, output_dir, VERBOSE):
+    output_file = os.path.join(output_dir, 'content', 'api', 'bootloaders.csv')
+    
+    header = ['Id', 'Author', 'Created', 'Command', 'Description', 'Usecase', 'Category', 'Privileges', 'MitreID',
+              'OperatingSystem', 'Resources', 'bootloader Description', 'Person', 'Handle', 'Detection',
+              'KnownVulnerableSamples_MD5', 'KnownVulnerableSamples_SHA1', 'KnownVulnerableSamples_SHA256',
+              'KnownVulnerableSamples_Publisher', 'KnownVulnerableSamples_Date',
+              'KnownVulnerableSamples_Company', 'KnownVulnerableSamples_Description', 
+              'KnownVulnerableSamples_Authentihash_MD5', 'KnownVulnerableSamples_Authentihash_SHA1', 'KnownVulnerableSamples_Authentihash_SHA256', 'Verified', 'Tags']
+
+    with open(output_file, 'w', newline='') as f:
+        writer = csv.DictWriter(f, fieldnames=header)
+        writer.writeheader()
+
+        for bootloader in bootloaders:
+            if VERBOSE:
+                print(f"Writing bootloader CSV: {bootloader['Id']}")
+
+            md5s = [s['MD5'] for s in bootloader['KnownVulnerableSamples'] if 'MD5' in s]
+            sha1s = [s['SHA1'] for s in bootloader['KnownVulnerableSamples'] if 'SHA1' in s]
+            sha256s = [s['SHA256'] for s in bootloader['KnownVulnerableSamples'] if 'SHA256' in s]
+            publishers = [s['Publisher'] for s in bootloader['KnownVulnerableSamples'] if 'Publisher' in s]
+            dates = [s['Date'] for s in bootloader['KnownVulnerableSamples'] if 'Date' in s]
+            companies = [s['Company'] for s in bootloader['KnownVulnerableSamples'] if 'Company' in s]
+            descriptions = [s['Description'] for s in bootloader['KnownVulnerableSamples'] if 'Description' in s]
+            authentihash_md5s = [s['Authentihash']['MD5'] for s in bootloader['KnownVulnerableSamples'] if 'Authentihash' in s]
+            authentihash_sha1s = [s['Authentihash']['SHA1'] for s in bootloader['KnownVulnerableSamples'] if 'Authentihash' in s]
+            authentihash_sha256s = [s['Authentihash']['SHA256'] for s in bootloader['KnownVulnerableSamples'] if 'Authentihash' in s]
+
+        
+            row = {
+                'Id': bootloader.get('Id', ''),
+                'Author': bootloader.get('Author', ''),
+                'Created': bootloader.get('Created', ''),
+                'Command': bootloader.get('Command', ''),
+                'Description': bootloader.get('Description', ''),
+                'Usecase': bootloader.get('Usecase', ''),
+                'Category': bootloader.get('Category', ''),
+                'Privileges': bootloader.get('Privileges', ''),
+                'MitreID': bootloader.get('MitreID', ''),
+                'OperatingSystem': bootloader.get('OperatingSystem', ''),
+                'Resources': bootloader.get('Resources', ''),
+                'bootloader Description': bootloader.get('bootloader Description', ''),
+                'Person': bootloader.get('Person', ''),
+                'Handle': bootloader.get('Handle', ''),
+                'Detection': bootloader.get('Detection', ''),
+                'KnownVulnerableSamples_MD5': ', '.join(str(md5) for md5 in md5s),
+                'KnownVulnerableSamples_SHA1': ', '.join(str(sha1) for sha1 in sha1s),
+                'KnownVulnerableSamples_SHA256': ', '.join(str(sha256) for sha256 in sha256s),
+                'KnownVulnerableSamples_Publisher': ', '.join(str(publisher) for publisher in publishers),
+                'KnownVulnerableSamples_Date': ', '.join(str(date) for date in dates),
+                'KnownVulnerableSamples_Company': ', '.join(str(company) for company in companies),
+                'KnownVulnerableSamples_Description': ', '.join(str(description) for description in descriptions),
+                'KnownVulnerableSamples_Authentihash_MD5': ', '.join(str(md5) for md5 in authentihash_md5s),
+                'KnownVulnerableSamples_Authentihash_SHA1': ', '.join(str(sha1) for sha1 in authentihash_sha1s),
+                'KnownVulnerableSamples_Authentihash_SHA256': ', '.join(str(sha256) for sha256 in authentihash_sha256s),
+                'Verified': bootloader.get('Verified', ''),
+                'Tags': ', '.join(str(tag) for tag in bootloader['Tags'])                                  
+            }
+
+            writer.writerow(row)
+
+
+
+
+
+def write_top_os(bootloaders, output_dir, top_n=5):
+    os_count = {}
+    for bootloader in bootloaders:
+        command = bootloader.get('Commands')
+        if not command:
+            continue
+        os_name = command.get('OperatingSystem')
+        if not os_name or os_name.isspace() or os_name.lower() == 'n/a':
+            continue
+        os_name = os_name.strip().replace(',', '')
+        if os_name not in os_count:
+            os_count[os_name] = 0
+        os_count[os_name] += 1
+    sorted_os = sorted(os_count.items(), key=lambda x: x[1], reverse=True)[:top_n]
+    with open(f"{output_dir}/content/bootloaders_top_{top_n}_os.csv", "w") as f:
+        writer = csv.writer(f)
+        for os, count in sorted_os:
+            for _ in range(count):
+                writer.writerow([count, os])
+
+def write_top_publishers(bootloaders, output_dir, top_n=5):
+    publishers_count = {}
+
+    for bootloader in bootloaders:
+        for hash_info in bootloader['KnownVulnerableSamples']:
+            publisher_str = hash_info.get('Publisher')  # Use the `get()` method here
+
+            if not publisher_str:
+                continue
+
+            publishers = re.findall(r'\"(.*?)\"|([^,]+)', publisher_str)
+            for publisher_tuple in publishers:
+                publisher = next(filter(None, publisher_tuple)).strip()
+
+                if publisher.lower() == 'n/a' or publisher.isspace() or publisher.lower() == 'ltd.':
+                    continue
+
+                if publisher not in publishers_count:
+                    publishers_count[publisher] = 0
+
+                publishers_count[publisher] += 1
+
+    sorted_publishers = sorted(publishers_count.items(), key=lambda x: x[1], reverse=True)[:top_n]
+
+    with open(f"{output_dir}/content/bootloaders_top_{top_n}_os.csv", "w") as f:
+        writer = csv.writer(f)
+
+        for publisher, count in sorted_publishers:
+            for _ in range(count):
+                writer.writerow([count, publisher])
+
+
+
+def generate_doc_bootloaders(REPO_PATH, OUTPUT_DIR, TEMPLATE_PATH, messages, VERBOSE):
+    manifest_files = []
+    for root, dirs, files in os.walk(REPO_PATH):
+        for file in files:
+                manifest_files.append((os.path.join(root, file)))
+
+    bootloaders = []
+    for manifest_file in manifest_files:
+        bootloader = dict()
+        if VERBOSE:
+            print("processing bootloader {0}".format(manifest_file))
+
+        with open(manifest_file, 'r') as stream:
+            try:
+                object = list(yaml.safe_load_all(stream))[0]
+            except yaml.YAMLError as exc:
+                print(exc)
+                print("Error reading {0}".format(manifest_file))
+                sys.exit(1)
+
+        bootloaders.append(object)
+
+    # write markdowns
+    j2_env = jinja2.Environment(loader=jinja2.FileSystemLoader(TEMPLATE_PATH), trim_blocks=True, autoescape=True, lstrip_blocks=False)
+    d = datetime.datetime.now()
+    template = j2_env.get_template('bootloader.md.j2')
+    for bootloader in bootloaders:
+        file_name = bootloader["Id"] + '.md'
+        output_path = os.path.join(OUTPUT_DIR + '/content/bootloaders/' + file_name)
+        output = template.render(bootloader=bootloader, time=str(d.strftime("%Y-%m-%d")))
+        with open(output_path, 'w', encoding="utf-8") as f:
+            f.write(output)
+    messages.append("site_gen.py wrote {0} bootloaders markdown to: {1}".format(len(bootloaders),OUTPUT_DIR + '/content/bootloaders/'))
+
+    # write api csv
+    write_bootloaders_csv(bootloaders, OUTPUT_DIR, VERBOSE)
+    messages.append("site_gen.py wrote bootloaders CSV to: {0}".format(OUTPUT_DIR + '/content/api/bootloaders.csv'))
+
+    # write api json
+    with open(OUTPUT_DIR + '/content/api/' + 'bootloaders.json', 'w', encoding='utf-8') as f:
+        json.dump(bootloaders, f, ensure_ascii=False, indent=4)
+    messages.append("site_gen.py wrote bootloaders JSON to: {0}".format(OUTPUT_DIR + '/content/api/bootloaders.json'))
+
+    # write listing csv
+    with open(OUTPUT_DIR + '/content/' + 'bootloaders_table.csv', 'w') as f:
+        writer = csv.writer(f)
+        for bootloader in bootloaders:
+            link = '[' + bootloader['Tags'][0] + '](bootloaders/' + bootloader["Id"] + '/)'
+            if ('SHA256' not in bootloader['KnownVulnerableSamples'][0]) or (bootloader['KnownVulnerableSamples'][0]['SHA256'] is None ) or (bootloader['KnownVulnerableSamples'][0]['SHA256'] == ''):
+                sha256='not available '
+            else:
+                sha256='[' + bootloader['KnownVulnerableSamples'][0]['SHA256'] + '](bootloaders/' + bootloader["Id"]+ '/)'
+            writer.writerow([link, sha256, bootloader['Category'].capitalize(), bootloader['Created']])
+    messages.append("site_gen.py wrote bootloaders table to: {0}".format(OUTPUT_DIR + '/content/bootloaders_table.csv'))
+
+    # write top 5 os
+    write_top_os(bootloaders, OUTPUT_DIR)
+    messages.append("site_gen.py wrote bootloaders products to: {0}".format(OUTPUT_DIR + '/content/bootloaders_top_n_products.csv'))
+
+    return bootloaders, messages
+
+
+if __name__ == "__main__":
+
+    # grab arguments
+    parser = argparse.ArgumentParser(description="Generates bootloaders.io site", epilog="""
+    This tool converts all bootloaders.io yamls and builds the site with all the supporting components.""")
+    parser.add_argument("-p", "--path", required=False, default="yaml", help="path to lolbootloader yaml folder. Defaults to `yaml`")
+    parser.add_argument("-o", "--output", required=False, default="bootloaders.io", help="path to the output directory for the site, defaults to `bootloaders.io`")
+    parser.add_argument("-v", "--verbose", required=False, default=False, action='store_true', help="prints verbose output")
+
+    # parse them
+    args = parser.parse_args()
+    REPO_PATH = args.path
+    OUTPUT_DIR = args.output
+    VERBOSE = args.verbose
+
+
+    TEMPLATE_PATH = os.path.join(REPO_PATH, '../bin/jinja2_templates')
+
+    if VERBOSE:
+        print("wiping the {0}/content/bootloaders/ folder".format(OUTPUT_DIR))
+
+    # first clean up old bootloaders
+    try:
+        for root, dirs, files in os.walk(OUTPUT_DIR + '/content/bootloaders/'):
+            for file in files:
+                if file.endswith(".md") and not file == '_index.md':
+                    os.remove(root + '/' + file)
+    except OSError as e:
+        print("error: %s : %s" % (file, e.strerror))
+        sys.exit(1)
+
+
+    # also clean up API artifacts
+    if os.path.exists(OUTPUT_DIR + '/content/api/bootloaders.json'):
+        os.remove(OUTPUT_DIR + '/content/api/bootloaders.json')         
+    if os.path.exists(OUTPUT_DIR + '/content/api/bootloaders.csv'):        
+        os.remove(OUTPUT_DIR + '/content/api/bootloaders.csv')
+
+
+    messages = []
+    bootloaders, messages = generate_doc_bootloaders(REPO_PATH, OUTPUT_DIR, TEMPLATE_PATH, messages, VERBOSE)
+
+    # print all the messages from generation
+    for m in messages:
+        print(m)
+    print("finished successfully!")
diff --git a/bin/spec/lolrmm.spec.json b/bin/spec/lolrmm.spec.json
new file mode 100644
index 00000000..e69de29b
diff --git a/bin/validate.py b/bin/validate.py
new file mode 100644
index 00000000..909754a4
--- /dev/null
+++ b/bin/validate.py
@@ -0,0 +1,118 @@
+#!/usr/bin/python
+
+'''
+Validates YAML files in a directory against a JSON schema.
+'''
+
+import glob
+import json
+import jsonschema
+import yaml
+import sys
+import argparse
+from pathlib import Path
+from os import path, walk
+
+
+def check_md5_length(object):
+    md5_len = 32
+    known_vulnerable_samples = object.get('KnownVulnerableSamples', [])
+    for sample in known_vulnerable_samples:
+        md5 = sample.get('MD5', '')
+        if md5 and len(md5) != md5_len:
+            return f"ERROR: MD5 length is not {md5_len} characters for object: {object['Id']}"
+    return None
+
+def check_sha1_length(object):
+    sha1_len = 40
+    known_vulnerable_samples = object.get('KnownVulnerableSamples', [])
+    for sample in known_vulnerable_samples:
+        sha1 = sample.get('SHA1', '')
+        if sha1 and len(sha1) != sha1_len:
+            return f"ERROR: SHA1 length is not {sha1_len} characters for object: {object['Id']}"
+    return None
+
+def check_sha256_length(object):
+    sha256_len = 64
+    known_vulnerable_samples = object.get('KnownVulnerableSamples', [])
+    for sample in known_vulnerable_samples:
+        sha256 = sample.get('SHA256', '')
+        if sha256 and len(sha256) != sha256_len:
+            return f"ERROR: SHA256 length is not {sha256_len} characters for object: {object['Id']}"
+    return None
+
+
+def validate_schema(yaml_dir, schema_file, verbose):
+
+    error = False
+    errors = []
+
+    try:
+        with open(schema_file, 'rb') as f:
+            schema = json.load(f)
+    except IOError:
+        print("ERROR: reading schema file {0}".format(schema_file))
+
+    yaml_files = glob.glob(path.join(yaml_dir, "*.yaml"))
+
+    for yaml_file in yaml_files:
+        if verbose:
+            print("processing YAML file {0}".format(yaml_file))
+
+        with open(yaml_file, 'r') as stream:
+            try:
+                yaml_data = yaml.safe_load(stream)
+            except yaml.YAMLError as exc:
+                print(exc)
+                print("Error reading {0}".format(yaml_file))
+                errors.append("ERROR: Error reading {0}".format(yaml_file))
+                error = True
+                continue
+
+        validator = jsonschema.Draft7Validator(schema, format_checker=jsonschema.FormatChecker())
+        for schema_error in validator.iter_errors(yaml_data):
+            errors.append("ERROR: {0} at file {1}:\n\t{2}".format(json.dumps(schema_error.message), yaml_file, schema_error.path))
+            error = True
+
+        # Additional YAML checks
+        check_errors = [
+            check_md5_length(yaml_data),
+            check_sha1_length(yaml_data),
+            check_sha256_length(yaml_data),
+        ]
+
+        for check_error in check_errors:
+            if check_error:
+                errors.append(check_error)
+                error = True
+
+    return error, errors
+
+
+def main(yaml_dir, schema_file, verbose):
+
+    error, errors = validate_schema(yaml_dir, schema_file, verbose)
+
+    for err in errors:
+        print(err)
+
+    if error:
+        sys.exit("Errors found")
+    else:
+        print("No Errors found")
+
+
+if __name__ == "__main__":
+    # grab arguments
+    parser = argparse.ArgumentParser(description="Validates YAML files in a directory against a JSON schema")
+    parser.add_argument("-y", "--yaml_dir", default='yaml/', help="path to the directory containing YAML files")
+    parser.add_argument("-s", "--schema_file", default='bin/spec/bootloaders.spec.json', help="path to the JSON schema file")
+    parser.add_argument("-v", "--verbose", required=False, action='store_true', help="prints verbose output")
+    # parse them
+    args = parser.parse_args()
+    yaml_dir = args.yaml_dir
+    schema_file = args.schema_file
+    verbose = args.verbose
+
+    main(yaml_dir, schema_file, verbose)
+
diff --git a/lolrmm.com/.gitignore b/lolrmm.com/.gitignore
new file mode 100644
index 00000000..4b63e5de
--- /dev/null
+++ b/lolrmm.com/.gitignore
@@ -0,0 +1,3 @@
+public/
+node_modules/
+.DS_Store
diff --git a/lolrmm.com/.gitmodules b/lolrmm.com/.gitmodules
new file mode 100644
index 00000000..e69de29b
diff --git a/lolrmm.com/.hugo_build.lock b/lolrmm.com/.hugo_build.lock
new file mode 100644
index 00000000..e69de29b
diff --git a/lolrmm.com/LICENSE b/lolrmm.com/LICENSE
new file mode 100644
index 00000000..261eeb9e
--- /dev/null
+++ b/lolrmm.com/LICENSE
@@ -0,0 +1,201 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
diff --git a/lolrmm.com/config.toml b/lolrmm.com/config.toml
new file mode 100644
index 00000000..19fbafd2
--- /dev/null
+++ b/lolrmm.com/config.toml
@@ -0,0 +1,9 @@
+baseURL = "https://www.lolrmm.com/"
+title = "lolrmm.com"
+enableRobotsTXT = true
+theme = ["compose"] # loading from local
+enableGitInfo = true
+# Google Analytics
+googleAnalytics = "G-9F510YT8DQ"
+[outputs]
+  home = ["HTML", "RSS","JSON"]
diff --git a/lolrmm.com/config/_default/markup.toml b/lolrmm.com/config/_default/markup.toml
new file mode 100644
index 00000000..adc933a2
--- /dev/null
+++ b/lolrmm.com/config/_default/markup.toml
@@ -0,0 +1,19 @@
+[goldmark]
+  [goldmark.renderer]
+    unsafe = true
+  [goldmark.extensions]
+    typographer = false
+[highlight]
+  codeFences = true
+  guessSyntax = false
+  hl_Lines = ""
+  lineNoStart = 1
+  lineNos = true
+  lineNumbersInTable = false
+  noClasses = false
+  style = "monokai"
+  tabWidth = 2
+[tableOfContents]
+  endLevel = 4
+  ordered = false
+  startLevel = 2
\ No newline at end of file
diff --git a/lolrmm.com/config/_default/menus/menu.en.toml b/lolrmm.com/config/_default/menus/menu.en.toml
new file mode 100644
index 00000000..4102b960
--- /dev/null
+++ b/lolrmm.com/config/_default/menus/menu.en.toml
@@ -0,0 +1,4 @@
+[[main]]
+  name = "About"
+  weight = 5
+  url = "about/"
diff --git a/lolrmm.com/config/_default/params.toml b/lolrmm.com/config/_default/params.toml
new file mode 100644
index 00000000..48fbecf4
--- /dev/null
+++ b/lolrmm.com/config/_default/params.toml
@@ -0,0 +1,45 @@
+# use the setting below to set multiple docs directories.
+
+uniqueHomePage = true # change to false to add sidebar to homepage
+
+# repo = "https://github.com/josehelps/compose"
+
+enableDarkMode = false # set to false to disable darkmode by default # user will still have the option to use dark mode
+
+# sets the maximum number of lines per codeblock. The codeblock will however be scrollable and expandable.
+codeMaxLines = 7
+
+# show/hide line numbers by default. Switch to `true` if you'd rather have them on.
+showLineNumbers = false
+
+# By default the template will look for icons under the icons directory. In some situations you might wanna change that. edit the line below
+# iconsPath = 'icons/'
+
+# otherSearchableFields = ["Tags"] # As they appear in frontmatter
+enableSearch = true
+
+[search]
+on = false
+global = false
+[search.algolia]
+enable = false
+
+
+# Site logo
+[logo]
+  #lightMode = "images/compose.svg"
+  #darkMode = "images/compose-light.svg"
+  lightMode = "images/logo.png"
+  darkMode = "images/logo-dark.png"
+
+
+[source]
+  name = "GitHub"
+  iconLight = "images/GitHubMarkLight.svg"
+  iconDark = "images/GitHubMarkDark.svg"
+  url = "https://github.com/magicsword-io/bootloaders"
+
+[author]  
+  name = "With ♥️ from Magicsword"
+  url = "https://lolrmm.com/about"
+
diff --git a/lolrmm.com/content/_index.md b/lolrmm.com/content/_index.md
new file mode 100644
index 00000000..b4081e5e
--- /dev/null
+++ b/lolrmm.com/content/_index.md
@@ -0,0 +1,53 @@
++++
+title = "lolrmm.com"
+[dataset1]
+  fileLink = "content/bootloaders_table.csv"
+  colors = ["#ef7f1a", "#627c62", "#11819b", "#4e1154"] # chart colors
+  columnTitles = ['Tag','SHA256','Category', 'Created'] # optional if not table will be displayed from dataset
+  baseChartOn = 4 # number of column the chart(s) and graph should be drawn from # can be overridden directly via shortcode parameter # it's therefore optional
+  charts = ["table"]
+  title = "Bootkit List"
+
+[dataset2]
+  fileLink = "content/bootloaders_top_5_os.csv"
+  colors = ["#ef7f1a", "#627c62", "#11819b", "#4e1154", "#a1c9a2", "#38a9d9", "#f9b34c", "#824da4", "#e0c7c2", "#c2c2a3", "#d6a994", "#f2c057"] # chart colors
+  columnTitles = ["Count", "Name"] # optional if not table will be displayed from dataset
+  baseChartOn = 2 # number of column the chart(s) and graph should be drawn from # can be overridden directly via shortcode parameter # it's therefore optional
+  piechart = true
+  barchart = true
+  title = "Top OS"
+
++++
+
+{{< block "grid-3" >}}
+
+{{< column "mt-4">}}
+
+# lolrmm.com
+lolrmm.com is a curated list of known malicious bootloaders for various operating systems. The project aims to assist security professionals in staying informed and mitigating potential threats associated with bootloaders.
+
+{{< tip "warning" >}}
+Feel free to open a [PR](https://github.com/magicsword-io/bootloaders/pulls), raise an [issue](https://github.com/magicsword-io/bootloaders/issues/new/choose "Open a Github Issue"), or suggest new bootkit(s) to be added.
+{{< /tip >}}
+
+{{< tip >}}
+You can also access the malicious bootkit list via **API** using [CSV](api/bootloaders.csv) or [JSON](api/bootloaders.json). For users of security monitoring tools, check out the pre-built [configurations](https://github.com/magicsword-io/bootloaders/blob/main/detections/configs). We also provide [Sigma rules](https://github.com/magicsword-io/bootloaders/blob/main/detections/sigma) for SIEMs.  
+{{< /tip >}}
+
+{{< /column >}}
+
+{{< column "mt-4">}}
+
+# Top Architecture
+
+{{% chart "dataset2" "pie" %}}
+
+{{< /column >}}
+
+{{< /block >}}
+
+{{< block "grid-1" >}}
+{{< column >}}
+{{% chart "dataset1" "table" %}}
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/about/_index.md b/lolrmm.com/content/about/_index.md
new file mode 100644
index 00000000..9ba6026c
--- /dev/null
+++ b/lolrmm.com/content/about/_index.md
@@ -0,0 +1,35 @@
+---
+title: "About"
+---
+
+{{< block "grid-2" >}}
+{{< column "mt-1 pt-1">}}
+
+#``
+# About Bootloaders
+
+Bootloaders is a community-driven project that provides a curated list of all malicious bootloaders that have been found to be abused by adversaries to bypass security controls and execute malicious code. The project was inspired by Michael Haag's work in hunting evil and the need to track malicious drivers that adversaries use to evade detection, now extended to bootloaders. Jose Enrique Hernandez is instrumental in putting the project together and continues to contribute to its development.
+
+Bootloaders is an open-source project that welcomes contributions from the security community. By sharing knowledge and expertise, we can help each other stay informed and better defend against emerging threats. Whether you're a researcher, incident responder, or system administrator, we hope that Bootloaders will be a valuable resource in your fight against cyberattacks.
+
+{{< button "/" "Drivers" >}}
+{{< /column >}}
+
+{{< column "mt-1 pt-1">}}
+#``
+# [Michael Haag](https://twitter.com/M_haggis)
+{{< picture "michael-headshot.png" "michael-headshot.png" >}}
+Michael Haag is a Principal Threat Researcher at Splunk. Michael has more than a decade of experience in security architecture and operations. His specialties include advanced threat hunting and investigations, atomic testing, and technological evaluations and detection engineering. Michaels is the co-founder of the [Atomic Red Team](https://github.com/Atomics-on-A-Friday) project and co-host of [Atomics on a Friday](https://www.youtube.com/@atomicsonafriday).
+
+# [Jose Hernandez](https://twitter.com/_josehelps)
+{{< picture "jose-headshot.png" "jose-headshot.png" >}}
+Currently, Jose Enrique Hernandez is a Distinguished Cloud Threat Researcher at Laceworks. Previously he founded and lead the  Threat Research team at Splunk (STRT). Jose is known for creating several security-related projects, including: [Splunk Attack Range](https://github.com/splunk/attack_range), [Splunk Security Content](https://github.com/splunk/security_content), [Git-Wild-Hunt](https://github.com/josehelps/git-wild-hunt), [Melting-Cobalt](https://github.com/splunk/melting-cobalt), and [BlackCert](https://github.com/josehelps/blackcert) projects. He also works as  a maintainer to security industry critical repositories such as [Atomic Red Team](atomicredteam.io/) and [lolbas-project.github.io](lolbas-project.github.io/).
+
+# [Nasreddine Bencherchali](https://twitter.com/nas_bench)
+{{< picture "nas-headshot.png" "nas-headshot.png" >}}
+Currently, Nasreddine Bencherchali is a Threat Researcher at Nextron Systems, with a focus in Detection Engineering and Threat Hunting. Nasreddine is also currently one of the maintainers of the SIGMA project and the co-founder of the [EVTX-ETW-Resources project](https://github.com/nasbench/EVTX-ETW-Resources/), he also write a blog about [Detection and other security topics](https://nasbench.medium.com)
+
+Honorable mentions, [Florian](https://twitter.com/cyb3rops)  and [Patrick](https://twitter.com/bareiss_patrick) for all their help getting the idea and the project off the ground!
+{{< /column >}}
+{{< /block >}}
+
diff --git a/lolrmm.com/content/api/drivers.csv b/lolrmm.com/content/api/drivers.csv
new file mode 100644
index 00000000..ba680095
--- /dev/null
+++ b/lolrmm.com/content/api/drivers.csv
@@ -0,0 +1,521 @@
+Id,Author,Created,Command,Description,Usecase,Category,Privileges,MitreID,OperatingSystem,Resources,Driver Description,Person,Handle,Detection,KnownVulnerableSamples_MD5,KnownVulnerableSamples_SHA1,KnownVulnerableSamples_SHA256,KnownVulnerableSamples_Publisher,KnownVulnerableSamples_Date,KnownVulnerableSamples_Company,KnownVulnerableSamples_Description,KnownVulnerableSamples_Authentihash_MD5,KnownVulnerableSamples_Authentihash_SHA1,KnownVulnerableSamples_Authentihash_SHA256,Verified,Tags
+eefbdef0-8570-4a68-9824-042e17b71f98,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,CB9E3E372C5F707858E1DE6421C2D3407C240F9D7BC43A9B9F3BA1F6037615B9,,,,,,,41D1EEB177C0324E17DD6557F384E532DE0CF51A019A446B01EFB351BC259D77,TRUE,eefbdef0-8570-4a68-9824-042e17b71f98
+b3b0f086-0c9c-4e10-b65c-47509c6f0dfb,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",fe08109ce34ae68fed49348549b9ead1,7fb211ce3088f2e657c72dcc80574310becde3e7,d8732eb8bd7240f17d90656424aabc0669c3d13e3117efc4805bb59dd21ceb1d,,,Microsoft Corporation,Boot Manager,724bc2c9091c4dd631e113c32702d9f4,f8799b5f344ad92948a1468937cd9255e6873dac,f197a171a09ab640aa8ac4ff7ddfc88377a89fdbb3fee014abb9097d92575b67,TRUE,bootmgfw.efi
+7a216607-3204-4536-9507-a3beccc529a8,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",87b6d22295a16073d8d456fc574441a8,0c26596b3297d5e5a06f8d3788579edc7895a622,783d088ce72996a064c0da796579475e0aef23c5e6e0e5905c98571bf8620e20,,,Microsoft Corporation,Boot Manager,dd9b5d03a87f0e8ddba5df77f7a98999,a18abd2b659c6d0eb756052a05e463f4c2eab7cd,8ede7732284dab4aa384606ca07be29e72fded094597261a2f6473494a8aca0a,TRUE,bootmgfw.efi
+e774e770-0d9e-40c1-b9e1-ac09484a837f,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,DEA5BD5268B76F56B4091A20C806124DE8054FB07A652CF0E883BBA9A0938DE0,,,,,,,7490AD46B3AEA32DD21C46A7A42FF4183FFAA7C486C75C6438ADF936E512B9A5,TRUE,bootmgfw.efi
+96d26340-d5ec-43a8-b1e7-068f46a2aeaa,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,A739C0624B7608F40645D417E79CE0B22FA568D885ACEBE51949F268565098B4,,,,,,,65B2E7CC18D903C331DF1152DF73CA0DC932D29F17997481C56F3087B2DD3147,TRUE,96d26340-d5ec-43a8-b1e7-068f46a2aeaa
+0a9c062b-91a3-44f9-b577-0128708bf124,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",9962f9fb820e5d7f5a31b86b9d164d33,84376651061fc88774ec945b9062c112139c883e,f6208932ed98aa64f5ec0d9f59138d4c1dddbd82437315aac4aa913e5d4f825e,,,Microsoft Corporation,Boot Manager (Test),662458438867c4c20ffa9adb1dbe99da,e407452938d3438b835e875dd8c40785587a6e0b,cfd2a8f23bbce7424f4a6e27def368f17b086ffa226528900fa092736e705ef9,TRUE,bootx64.efi
+d9cb5f15-653d-4fdc-aee2-279681f7f91f,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,F06D3E0F031A2FDC63DD2BA2BE7F32E0D432434C3515C2F840D812FFBFA530F6,,,,,,,9954A1A99D55E8B189AB1BCA414B91F6A017191F6C40A86B6F3EF368DD860031,TRUE,d9cb5f15-653d-4fdc-aee2-279681f7f91f
+45647cc8-3eeb-483b-97c3-170693cfea9a,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,E8E83E3E343C069277EC4C1E79C5C61D20917E0451B9A980346732EEB7B840C1,,,,,,,A109E71AE3A0376CA0059A421250508EDB2BB624B6517A291F51E249F16B5CE7,TRUE,bootarm.efi
+6f2d1488-6c25-477a-97ad-e0a570723b20,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,A8CE55447F57564F1CE95A7B3C505A7996BDAC4A06710DD101ECD5B818653E27,,,,,,,90A483526B4238C55BC5DED289D7C1D376109B9D5F3E93529EDA75C4D451523A,TRUE,bootmgfw.efi
+0e46bd88-7635-4162-a02e-85d9bd33be3a,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,30CF3AD2DF14F05D89BC321744559E857055A5C84D7F0834B3DBD261ACE1CF5D,,,,,,,EDD2CB55726E10ABEDEC9DE8CA5DED289AD793AB3B6919D163C875FEC1209CD5,TRUE,miniloader.efi
+4cc6cdc2-6f4e-4b25-b3a2-383174f52460,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,24C0732D77F6BC85BE8A6CA9B0FA3BA8611F950CA4E0194E972E59A433DC05C6,,,,,,,9AF92541E63EACBC5784BB44DB66F9B60726174F4EC178C6CE32EAF647EEBCA2,TRUE,bootmgfw.efi
+25025124-0a03-422d-8fe8-530afd16951c,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,372968218A3CBA11D964EF1B1E8CFF3804EDF96481B96B929208D1B483ADB30C,,,,,,,D28AEC97E28A38D94BE65369E43D01F6266195D6113E7ED17A6930A309288800,TRUE,bootarm.efi
+e081d394-fa4c-46c9-8a1c-c8790790aa3c,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,84A6C5F6C7AC07F1CC405F7B53B69BFF17BE0E4B9A428C21D39DCE0CDD4EF16B,,,,,,,91656AA4EF493B3824A0B7263248E4E2D657A5C8488D880CB65B01730932FB53,TRUE,e081d394-fa4c-46c9-8a1c-c8790790aa3c
+7e81b1d7-7526-4958-98cf-688b36cf8ea0,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,FE4B7349F21EE077096B6986693C3F250758C5DDF96C14AF4BBFD96EE74A70A0,,,,,,,3A9E49E6E644C0ABEC17D32D020339D171439ABA327409A7797E6686BD0F641C,TRUE,bootmgfw.efi
+f2418902-5951-4626-8a5f-79d4d022337f,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",41218ac4af41772dbaa3d4738e0c2bf3,4d7caebdafbc4bb3866676173dace618baa6a129,aef3e0a113345c1adca2d627c5853a11ddfc4e0e07fd28c10049a9b766c0fbc5,,,,,59ee638030fd199a10f08a99e2cecb60,e123503e3c7764b8d9e60439069505f997287914,c9ec350406f26e559affb4030de2ebde5435054c35a998605b8fcf04972d8d55,TRUE,bootnetx64.efi
+3b215ee9-89b8-4437-bd89-dc9fa92cb727,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,21BB3AD3C8E0198CA40E2636E5C3F27EAC047C1C0B39F19D81332FCA03DC4FC0,,,,,,,09F7699631C18DB0C33491EB4B3C65B8F279238C5FC5E3AB0BA52737DBBD26F3,TRUE,bootmgfw.efi
+1f0649ef-7118-46ab-b168-e4b9736bcea4,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,3F5AFCDADFA8F590C39764BD9A31CE160FD7A929654491154AFD6738C0523D2C,,,,,,,85255700890931C5B71A73DFF09EA5125CD702EA65F45B4054C1463E00173FDC,TRUE,bootmgfw.efi
+46412487-6c24-4809-8b77-f2165d5a8395,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,DEB3FC384826610AD277DDD592F6CA8FA9D00E56457724D470DAAC32962532F9,,,,,,,2E6921DC970AAC433DE9AE4ED66B2681A4CD2BE649D2EE9A561871C335E8B1B7,TRUE,bootmgfw.efi
+10baff75-83cd-4786-ac2b-ade269c71421,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,268CED16B53E3430A28F1713A0D155A68BED89DB264D8D8170EB6BC548C9424B,,,,,,,75E78C197FF91F574735A3A606E56862E9E0B84DF0CF69F7C7F43CBC171AB371,TRUE,bootmgfw.efi
+0fe6f9a2-7b13-4c27-bf9a-412d9acf533f,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,9A02C839424A2DB0C3B98553C179C0583E7B8760C7A061176F76B6970746B8AC,,,,,,,AE1DCA8AAB7C4BDD21C5AA19A323F597BD1850445D76695CB2910CCCB5F163B8,TRUE,bootmgfw.efi
+cd9dcfdd-25a1-42d5-bd95-3778087060b5,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,4B6C8947CAA89BE6077E2964C4F97425C663AEFEBCDFC373CAFD982367FB5CFF,,,,,,,73BAEB8EB0B64056A7BC309642FDC589BF219928A906666D107E65E8B0DBF496,TRUE,bootia32.efi
+795fbec7-a5f6-4e5d-b2c3-c968bf758e26,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,3166EE4CE65D10105DEEE3A0163E236AC872E2C45652DC1DD78F8CE984463C12,,,,,,,040B3BC339E9B6F9ACD828B88F3482A5C3F64E67E5A714BA1DA8A70453B34AF6,TRUE,shim-sles.efi
+27c9ba50-5540-4ff3-90eb-8798c48599a1,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,127B01B1F605183BBA4D1A07B7EEFE01BA88203A6CD6686B28F3883F33C0ED42,,,,,,,1CB4DCCAF2C812CFA7B4938E1371FE2B96910FE407216FD95428672D6C7E7316,TRUE,27c9ba50-5540-4ff3-90eb-8798c48599a1
+a2a7bdd7-c7bd-4195-97d5-a7b127691dfe,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,DE1CB8E571EEF26A3C4BABCEC97BA41894AE9DE7528A35BFF5FDDFF5C025CEED,,,,,,,5348075329A1087EBB689FCFC775304B09C6786A523F83E7BB90E26DE0E61FF7,TRUE,bootmgfw.efi
+7662d98a-0476-48dd-b532-8e6142d251ec,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",a168299b9ced4e289f438408b6a047b6,cd0498821da3074abf0b1c44819f1bd2f3a13355,90ea447ccfdcd9771de40de9721d0256d6d8a30d68963e82485c2e92b7eb5257,,,Microsoft Corporation,Boot Manager,e2a3feaa3ac65bd8ceec1f6430f81121,80257f616bfa48d64053b0198af7280152e8243f,8ed8aa03199de7d541ccbb3009a2b1ff575219662d8b23fba7fdff02d80abd29,TRUE,bootmgfw.efi
+34e61740-5c56-404a-b796-1db5337dd86e,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,EDE70AA6A98D8130019296CE64B5CCF634A997B26401C0E119B96BBF7ACE1C0C,,,,,,,DA3560FD0C32B54C83D4F2FF869003D2089369ACF2C89608F8AFA7436BFA4655,TRUE,34e61740-5c56-404a-b796-1db5337dd86e
+0cb9b7da-f228-4e4b-a07c-06346f0d2e47,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,459728935C400CBED125A0AA12D0E618CCB6F4FDE3194BB2D06A511DAA335350,,,,,,,B9B20E933E2B6C33C9FF088E224D802028F29A4CEBE50AB5D746027911A454FF,TRUE,0cb9b7da-f228-4e4b-a07c-06346f0d2e47
+3b905385-bf3a-4181-9c49-646bb5fb1e6d,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,65C4AAB0884825A8A2E4C114020E4FDB58A1D2B0CB68B7714A05D6CDE3F821D1,,,,,,,408B8B3DF5ABB043521A493525023175AB1261B1DE21064D6BF247CE142153B9,TRUE,3b905385-bf3a-4181-9c49-646bb5fb1e6d
+e91a68c8-807d-4b65-a86b-c51335730c55,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",abd377408acc02ee7f2f16320ee9b49a,b72252c1c92cac65c4a4637816b0a84428d16681,475552c7476ad45e42344eee8b30d44c264d200ac2468428aa86fc8795fb6e34,,,,,fb4d9da53892bb0152dcfd7a4a150fe0,a070bfbb64dc542d7b6b22de52d9b4d994b0d2f1,dbaf9e056d3d5b38b68553304abc88827ebc00f80cb9c7e197cdbc5822cd316c,TRUE,bootx64.efi
+2a2e7598-1bd6-4772-a189-6421ab29af37,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,6484A487192E0B44CBD30EB7B3D436A9150D5B5AD271974764366BDC4E8677BB,,,,,,,09F98AA90F85198C0D73F89BA77E87EC6F596C491350FB8F8BBA80A62FBB914B,TRUE,2a2e7598-1bd6-4772-a189-6421ab29af37
+57a68cb9-ec2e-4a8b-881b-62a8da44a03b,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,3E73CE2DF3D7B01132C2ED47BC7D1B28E421B0600F0B8D4DECF7F7C23E83EE1B,,,,,,,1DC8A3F59B23CCC411D46691FC9B5C35993BCA20E7E2299F1A95223B9F112E43,TRUE,bootmgfw.efi
+7c6d9a9a-0ec1-43b7-8e1f-053fb98e9fbf,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",a442859fd33fbf61ed0ea28bbf33bdbb,a1aee57f1fd4a6768950f74dfb2e2a97853d4733,c9f47991e981394076050cb8b5cddfcbf9fb01b6d7272b9079082e20e4875cc8,,,Microsoft Corporation,Boot Manager,9dc081d5f69234c2bbe8fbf881510703,99c709c98c1d9548ab82b298f47782597c767601,915009d1cf9d68b9e53064de82d4b70b58d2f014a03805cc406427d323d9fc35,TRUE,bootmgfw.efi
+a252e6fc-a0e5-46b7-ae78-c11ac44dfecc,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",3827b6fa1f4022001328be9d79e33b18,3b0ef33281ba05d9d9259b1fd44bf5d43e5187a4,3927727eb2435b28d2cf0ce1757e72ce3e92a86362b87120040c744c1c08bce9,,,Microsoft Corporation,Boot Manager,d9a85920d99763cc28d796c77094f958,932efcc1a062376a53c14b3fad8f6bf34b96524f,50871141459a21faba3dbbf63da5aac8863fa3d8a9891f182ed72e3a74b64fdc,TRUE,bootmgfw.efi
+dd78a9a0-255d-4856-b9be-76b08852303a,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",d984cf8612284adc59b3b73deccb777f,61ce3d65bef674357febe866d4e922373f809219,24558c1cb417b6387e2406c70ff13f5438506e8d7560dd7b226499c872c8076f,,,,,b1e4dc9ee87d701d9aabbb52211a9ba0,ba2a769531f2cb00b2ca9c089f1668c6851b382f,bb1dd16d530008636f232303a7a86f3dff969f848815c0574b12c2d787fec93f,TRUE,BOOTX64.EFI
+8d43face-8444-4bf2-ac71-c0213d06ef91,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,DA31FE4698AD3D0E30408927BE36C938BF52FA9CB8D46B12F84F5D5EC22DD1C6,,,,,,,495300790E6C9BF2510DABA59DB3D57E9D2B85D7D7640434EC75BAA3851C74E5,TRUE,8d43face-8444-4bf2-ac71-c0213d06ef91
+8e8db009-ddf8-4196-ac2a-99c9a0e6d9fb,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",9ea079774ed23df340ecc523ddf68045,34e4cbad02d8dd38e88bc3ab0b2dc47e91b9c02f,71083eb4f247ac78f52aa09f81054396a0dac1064e1191b5b56a43a6976c5c74,,,Microsoft Corporation,Boot Manager,6159052617b8251fa73b9137546992ca,d9196a975de3cb5f3fbed654aef1a7d87801fffc,cc202e8f2753ec75c9eeaac65c9d39eea6faed570664e930e3815976cd332d91,TRUE,bootx64.efi
+cab29561-a4b4-4cb1-b6c6-115700991af8,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",16e6180b7edfa353678a459079afa5db,a9874a4b39d64c5116a663883834c2e789b87f99,50484376441815f7f85aa294290a9b6072a6a9e8feae79447c5c4de855c5a3d3,,,,,df444af8d4fa4d4b0bf54cdd266ea4b6,358f886257db7011d5a38b1e1bc7908a302392d5,ad3be589c0474e97de5bb2bf33534948b76bb80376dfdc58b1fed767b5a15bfc,TRUE,BOOTx64.efi
+7191ca91-6b37-4c4f-821c-a2df6c16e91c,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,3E964DC8AAE03D464F3DEB556C4927075AA9F3A1998C66D65EFDE178F465D7B3,,,,,,,57AEAB53DB02CCD1E307AD3BE524EB507D0339BB2AAB3BC9B653088B7E790FCC,TRUE,bootia32.efi
+9a8ab464-2a24-4329-ba2f-e9eaeb2edb90,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,98799E6AD44F2AFF3D3D7B66E482B2F4DE4438F5752D932D12C97FF56FA1942B,,,,,,,E37FF3FC0EFF20BFC1C060A4BF56885E1EFD55A8E9CE3C5F4869444CACFFAD0B,TRUE,shim-0.9+1474479173.6c180c6-0ubuntu1/shim
+5ef6ea24-838e-4df6-b00d-3deb0ec3fa33,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,0692A9566F22F280715080EE24B8FF54ED7372A98BD4994670FCF862035281B5,,,,,,,4667BF250CD7C1A06B8474C613CDB1DF648A7F58736FBF57D05D6F755DAB67F4,TRUE,5ef6ea24-838e-4df6-b00d-3deb0ec3fa33
+1456951c-e037-4508-a34f-5a6ff0065521,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",89c04150c5f5b596236e04ccf5ef6a2f,7639a4d8974693df09e8cce6d1e3d0092fa03dcd,e50f1f1e9fb9198e5b094773d1d0068cc1cb1987d06583abaca20adc1f8932a9,,,,,803bade13dfb54c31a1096787d89ab74,1076e1a25c7fe4b65b48570300c506a0317c42bb,03f64a29948a88beffdb035e0b09a7370ccf0cd9ce6bcf8e640c2107318fab87,TRUE,shim.efi
+f15d8f48-cf83-4954-a1d2-030f6dfd40a3,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",fcc89caed202cfa0f9d16b9e1c27d970,6a5c3056057baea653d533429110deb3bd7ffec1,d0eb15fe822c6239a8bb2b42fbc035d0956c72ac6fbd1429c1ab7f7e348b8f94,,,,,14d423ad7ffd78c631ebcce6c78a6c8c,872f7f79da66889049503fc77a7d3fefd25a6f55,6a0e824654b7479152058cf738a378e629483874b6dbd67e0d8c3327b2fcac64,TRUE,bootx64.efi
+a1a3ef63-ac2d-4613-8918-5bcfd1fc3e40,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,9A395E7EAB9E7976B1C30EC651B05658D780897BEBAB8A664C6091742E592E7B,,,,,,,250AE0BA860D6D46894491D630D58B1CA008F695C92CE2084A295486F71F985B,TRUE,bootmgfw.efi
+e32b7c1e-14b0-4f29-9c62-d1664d26777d,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,52A4F27CCEDCC5405D8EC128BF99861865B2273DA18A9B958ABADEFF63DF5A18,,,,,,,3765D769C05BF98B427B3511903B2137E8A49B6F859D0AF159ED6A86786AA634,TRUE,e32b7c1e-14b0-4f29-9c62-d1664d26777d
+82bfbd61-4cd5-490f-853a-3486090e0d3e,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,61F2D843B99AC93FA2ED40A50E5C3F0EAD7C75894BB92C32DF33052804CFB77C,,,,,,,90AEC5C4995674A849C1D1384463F3B02B5AA625A5C320FC4FE7D9BB58A62398,TRUE,miniloader.efi
+469544ed-d70a-42d6-aca2-690d5ebecb4a,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,2B91C0C8C0F156ABC8F85274C1320C038AF0179FE4696260B1011D5361E50AEA,,,,,,,41CCE0FC467609CA368BEDBA45C292F2BE1B622FB9BE0473CF51E7A96EE65652,TRUE,469544ed-d70a-42d6-aca2-690d5ebecb4a
+2ca3cf24-b271-4a27-a228-ca91cab34b93,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",9a795b1affc7cb4650bbd99b9a2cd819,586bf5d3fb1fb21159338701e324d9d26b6aa0e4,0dd832075d552da3d29b1ef471fc23b47c0d54b9fd1541935b23f1c5813da08c,,,,,86e7e6f737ed657dda5423a10319d41c,450ccd6553c679f4d87bbf3507780efc17a466c4,c452ab846073df5ace25cca64d6b7a09d906308a1a65eb5240e3c4ebcaa9cc0c,TRUE,BOOTX64.EFI
+635f3ff1-ab0a-468c-b6a3-6a8aa39301d5,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",83e596b8944ed413e5bbc0c51c0b64c6,fab234f84e488343ea0f65072d8785217cabef40,165a5dcdea3a7de7cfae38298597445eba59282308c7243be50f568aa610f4f2,,,Microsoft Corporation,Boot Manager,576bde13122eaba63fa0734baecf5a48,cf7b3cc939f51462213b3b05b81fbc42ee05afd8,e2cf881cf07195454505047d74810ed79ae20dfd0f1593afbbf08270a486c038,TRUE,bootmgfw.efi
+e9402a67-21ec-4fdb-b0a3-7f1700f1ede7,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",670eb63cbc05c4a4fa62f3c63d5b5f0a,4c53e7cd05e537f0f730ed2b079200c7e1543a72,132d59d83c29be7351d35c44b846dfc3f37b3c62bc40eac6aec3fd68e7cfcfde,,,Microsoft Corporation,Boot Manager,40b3933716925a99d7457268b098c42e,f2ffc38ed784f8938830012818332db0e4bebfe3,4f94f40c6b4bac7bf219c73dafd0870879f1db10de6c8620f6f1333d7aa5455a,TRUE,bootia32.efi
+89393561-f676-4029-a1ca-88a4c4fa03b9,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,8536BA8D9039C5F91752BDC45A7AD2F91FDA2334363850DCEB38FD87DB7632E4,,,,,,,958C0DB651F4E4CCD062446263618C877910E08257EC6D9BCDD8BF1E33134FFB,TRUE,bootmgfw.efi
+8c855009-8e77-4446-acf1-17ce8b445b01,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",37d03ef09bf90e11e07eed536a7fed7e,97e4998bff2642bafef802b3d909e89f69b1046e,b7313be4901f1a80f84e4e8a6636f090e7125b97fc845d4454d5e4bef3d40ca7,,,Microsoft Corporation,Boot Manager,f1fe210387316d9b4c40f31214cea418,51d44ad13402af95119844f7da407090702e764e,5a47b0b11d2fd9cd39c627d1e6bf4afed9601aa15d6a5d84fb10f39755d2d323,TRUE,bootmgfw.efi
+c54ad511-bb85-42f4-ae87-e476854748b9,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,4B0C9083430D91770BBB629380DB3A2A89DC73BB8DF677725668F727A2C2147C,,,,,,,450EFFC827CA535A79D5C4FF3E1A3F614CA9126B3792F997D38791CA7399320C,TRUE,bootmgfw.efi
+b7f9ffcf-525f-427e-b3fd-72289f61ffd3,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,462F49B4FC9E4CE706D668042EB76F711B4292BAE2BE8DD5897182B316EF217D,,,,,,,C470161A06E6B452253A623536924979CDD11838E08D8E4DC86F763732E64B0B,TRUE,bootmgfw.efi
+d2c1c960-2c20-4647-ba66-d3c5d3385cff,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",1854d98bc963a9a82e0d9abef6bc3873,dfd1cc6207f892703292d88a29f587db858fc0eb,dd3ca7c4bf6698e7d72f6c2fb0eb59997336c294d604062ef495ee8e1f49931c,,,Microsoft Corporation,Boot Manager,1730c4cbe167c78763e0a6e4211a55a5,62e70e5fd08037f8e32f298c8d9614535afbb331,da9943277174960b0d7d3f0d656176f3723ed2f03a90518beb3c6c202b88cc14,TRUE,bootmgfw.efi
+058a1317-f391-4baf-86a8-31ea7b01d6e6,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",e8b4de749b80b47640ea86b06f56429f,d79557da8528c045a204a3abf3dcd26b7fb814f3,905c2df524e664759d55a6dad4b62b58220adc59fec3e852964efc2165b0fc0c,,,Microsoft Corporation,Boot Manager,aff88198eaa921bd4c804c7b39833ff4,8c5d802f57367e3f81b341095265c6dbf0774403,459457c48e1b450d8f22858ffb392fca78bb6f4da837862889ab798bdcbdf08f,TRUE,bootmgfw.efi
+568b07e2-3499-46e8-928a-843aff3217f5,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",9a3221899f456225679f8e54739100ac,19a0cfa98525d7ac0edc5b0770e5b1e5dcc4a992,fd69741dcd1bc0d9ab8a02c2a7ee8d466a58613562536aa8aab5ea260bbdf9c3,,,Microsoft Corporation,Boot Manager,d70a1a6c6f9861a0e59fdf7f22d78658,50343f4e379f1dfa6364a89d9075f5150ad481f6,7c09d8b90b72b7c2ccf1a413e335c2d1a25d75bb8541f9bc16b4c4e26bda6855,TRUE,bootmgfw.efi
+45ac4276-741b-4e22-92bd-bb97042ed4bb,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,0CCF098A0B3F109F35C763E69DFA54190365999A78707EF63863A812C1C07F9C,,,,,,,1F535987EA7386DF6BFE75F51EFD35E4D2DA4B002DCA2999C0CB4B767BAFAFFD,TRUE,bootmgfw.efi
+1387dafb-6dad-48b4-a186-98e52cac74b7,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",36218d733c0afdd2d6dce6f616335a2f,96787a55f640b630ba6277197dbdfd14ecf3b87d,0ed1b0fae1a6e705d1b116d08b7184e0a2ee2a0e6b0c372ce69b40e9ef34579f,,,,,4dcaca83effd9b0a6fd63f766d4ec969,bd9fc7d7672f8c70045b2fc6f9029064f1030763,5890fa227121c76d90ed9e63c87e3a6533eea0f6f0a1a23f1fc445139bc6bcdf,TRUE,HfiPcieGen3
+c10b8a2d-9bdd-46c5-bbdb-177f88c7794f,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,8CC2B48C79FBF5654B28B7BEEC51A3266E4CBB4FBE3A84F843EA0957683A1E93,,,,,,,F4DC5A40D2A9DBDAB210BAE0C508E053AE986C4DA42D68760A1655D6FBAEC051,TRUE,mboot-official_arm64.efi
+cd328e2d-3b59-4c94-a0e0-60b7f793db09,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,D6D10836B79E28ACE9E2BEC7EF9B67DC736ED6C1C8EA24D395DDAAF05B76CEBD,,,,,,,13DBA28447FDBE3C8A24FEE3EB88638CE1D8F97CD4925056C0AD0E91CA51237D,TRUE,bootmgfw.efi
+85443af0-4180-4b3e-978c-e3d8c8d35422,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",bf4168403960a0df177f58277f06250c,6a3777265403ea83fb91ab07988464303e66b172,669353cc31e65f896a755db94a045d9dc1b4a24baba14fce11d623bdfacec78c,,,Microsoft Corporation,Boot Manager,bc8921a85faf4205abd65c8b0263e795,b820221890353f2d702024c23c19cbf17ed25f20,5e67bf240b1d05f6f618908868a494c50a30ab255b06619fa28411eb260f674a,TRUE,bootmgfw.efi
+4e4ca92c-52eb-4289-a935-f6ec64b79e3a,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,DA9C62E148457AFB0629FAB0C2D58623F9AC35A9A95EF23388ECFE85451C60C0,,,,,,,326967C7FFC1B86DB8B32B0570E88A89CC1534CFCF300B98C077E473F9B18FA1,TRUE,bootmgfw.efi
+3cd9faa5-1675-4640-8304-86e162b60451,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",22f93e6ecea58e543fcffa73f5c466b3,0945ed2479004a84b2d743244ff7dacdb688aa9e,ff9f39869baafa17592820f7f5cf101b15a8423831abfa97c89cf193cdd98e89,,,,,a9a003cc7225b64519ee59289a90f3e2,dfc22f0bbe6a3ed81106a30d61010fd1510465cc,8aa509fb461c099a3c1b806d281a1e1275771eda0b0e3f7d95e0c11b3c1734eb,TRUE,Signed_13652009334930799/shimia32.efi
+c368c62d-85dc-4bc7-8302-09be91700a9f,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,7CEE7E91292E5591BA4597D312BCFE9C0EEB906B18B327B8983BA497F9921BF7,,,,,,,66AA13A0EDC219384D9C425D3927E6ED4A5D1940C5E7CD4DAC88F5770103F2F1,TRUE,c368c62d-85dc-4bc7-8302-09be91700a9f
+c045cb03-9cfb-4ef9-b058-6734090e1dda,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,34440CB45EB6EC2532EF89D6FCD7D3D9BC2A021677BEBC9D65C47A725A6845D4,,,,,,,8D93D60C691959651476E5DC464BE12A85FA5280B6F524D4A1C3FCC9D048CFAD,TRUE,c045cb03-9cfb-4ef9-b058-6734090e1dda
+bab3bdab-1013-4418-bb3c-2ec673c8b6f5,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,9F91A5AAC09BA6E514DC37A013A68589DD22C1F5A7A539F4138CBC8ABC0A45F4,,,,,,,57692FC2B80D809A3BE409B44475DDED7225C76FDD5FF09E4ED7D330A58733A5,TRUE,bootmgfw.efi
+d01601d7-2e46-4b78-801f-d260597e9b74,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",5692b49c53b4401e76a43c82d7d496de,6308e47e8133dfe6cf9532213c65b964acebe111,53af0ddbd3c4d33bd003403d8c9b41877e07770d3e789c781e5897858585e299,,,Microsoft Corporation,Boot Manager,a1f22c60755e8b4f85769168e7799133,0cedc7fa4d3c732832d1961814a6107a9e7aad91,b97915da9f05277fa5687f8c41132df69152517f2ba252d466395b40d4f2d155,TRUE,bootmgfw.efi
+9470ea71-b7e9-4e8e-ae73-a4b5fe32bc04,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",bc5372019b75e9e8257a83a86bd0b33d,99cd0326b914b5f6ea53cb2280d9a455bb68d70b,8310f47ba34eb1aca146a5bdb8b59138173e659fbeb57a4c89355d8c54930b6b,,,,,45e4a006c19fa21bbbec494e6d51c63c,ceca75b14c16bc19a9aafc883fcb081554f563e4,56b3da7259eb1bec44199a7ebf74c6fe912c8fe9bf4a20a7610c5e9bc0b601cd,TRUE,9470ea71-b7e9-4e8e-ae73-a4b5fe32bc04
+5b0c97fd-1a72-4f30-af67-1f398fef3675,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,37CAA54424C152D84DE63C288DF7CE27BA97B8671CF27DE4101066EEAE8BE90C,,,,,,,F3D38950A3CACF61C94DB9153576194E953B5785637159B3AA6F1E923220EAD4,TRUE,bootmgfw.efi
+120f5dbe-0a55-4b54-a42f-e51cb54f75c4,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,7294F03850C2084A287FAEFBA778592D9D01E5062DD2E980537E39FDBFE20316,,,,,,,7F964730CFB7B8CEA284E2E810212FF9B0EE18227F64427A095D6886493DB0C4,TRUE,bootmgfw.efi
+c4189bae-54f2-4fe5-8978-dc3e1ddc20ee,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,9E5773C34073B8473BD1EBC9D4D50780A7CDF9EB767750107D4B0F45BC8EABE8,,,,,,,78B4EDCAABC8D9093E20E217802CAEB4F09E23A3394C4ACC6E87E8F35395310F,TRUE,c4189bae-54f2-4fe5-8978-dc3e1ddc20ee
+48eb1fa0-a607-4967-8faf-20dc68913367,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,7D092A6101832F2CF3F9DE42C66A9948751B05D3D4005FB9C0E8BDF9B8DAEC6B,,,,,,,82ACBA48D5236CCFF7659AFC14594DEE902BD6082EF1A30A0B9B508628CF34F4,TRUE,48eb1fa0-a607-4967-8faf-20dc68913367
+163602d8-2ce1-4c1a-9101-568c50a6f887,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",c815c638cba6bdc82a6b4f72204ed252,d2e758288883a7b37a46b773ec0ff61c328e8bf7,64604ea91f31b815bd0219d56563b9c2d307fc6c71ecc38d498221e0e0e9c4ad,,,Microsoft Corporation,Boot Manager,0e937bbc24f9343c32c2641a3b728ea8,3c3db26f3be97e13953510a1615c3efd05f10aea,2992068e4f616f2d7253e9d58116a97f22923f4dc1b78a58be4499b982ecf270,TRUE,bootx64.efi
+3fd56670-7eb8-406e-af51-68998459de7d,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,894C9E5370DA9DF83426F92C42CFDC5D79CE004ADBD45A7663E9F5E9A6A198C6,,,,,,,E226D6F3A332238FEE8A42A8FD57E8B009725DB5F8DF4DC1CB54F17C6F47A9C7,TRUE,bootmgfw.efi
+e950e347-4bfd-44d7-b2c6-7dbbce0f2667,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,AA8DB86BE59A48E4C525DD468119BEBA1D836CE4293C76E4B736902D1AD62F27,,,,,,,C69D64A5B839E41BA16742527E17056A18CE3C276FD26E34901A1BC7D0E32219,TRUE,e950e347-4bfd-44d7-b2c6-7dbbce0f2667
+2bfaff34-8a6b-486e-a308-0484d2372727,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",c453084032024e3b2dcd648c9406e760,1316e2b5fb83b29acc00c5050799afb7ccd6b6e2,fb5eebcd4100593a1b2890267037b7701c83f32c284b99908ff1c34d5693bfc2,,,,,1886fd591b86756f2823f157d197be5f,b9d3918f7829cf8308e519448712a95d58eb6ed5,02e6216acaef6401401fa555ecbed940b1a5f2569aed92956137ae58482ef1b7,TRUE,BOOTX64.EFI
+7e14af6f-c8b8-4c15-a2ef-bc0a2b39e085,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,88B530624B67FAA0C0C1039618958F4DE983A997A6FF762BCCA82B8201194F28,,,,,,,6DBBEAD23E8C860CF8B47F74FBFCA5204DE3E28B881313BB1D1ECCDC4747934E,TRUE,7e14af6f-c8b8-4c15-a2ef-bc0a2b39e085
+7cb68e8b-c07d-4b76-9af0-0936553f516c,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",92f1d7fd78d0353c62e5dc8e81f558e2,a63dbf2c3b022c5d70c20e674ab8066a2b3290c7,06edb9f17a9007c8b6db6ee2fc240e88e238f06c7c983f987cd9be1b80010d04,,,,,e933dba3a6ab068b91601eb1828cec97,4b496c6b76d4ddafb0e2b3c0fb27f47639005f98,2679650fe341f2cf1ea883460b3556aaaf77a70d6b8dc484c9301d1b746cf7b5,TRUE,BOOTX64.efi
+24c0575d-dfa7-4f1b-8503-e136cf8fcf3a,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,B334937090AC1D2DB8FFFA7D6BB72F97FDE42712300524E2C89F0E7DCA5EF4D5,,,,,,,9141EA1A4E6BF1F4D72C28A1D0D124A928D5A7D36B14FC7E7E53EF442360FF99,TRUE,bootmgfw.efi
+90d2feb1-4600-4854-9a4e-fbf54b14c72a,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,1E75347868FC5FDDD501E1E2B56C7D511030513B0E9F45DC074DC562F11590E7,,,,,,,C9F9C03434997FBD0FBB698DAC556264EBE967F948A97978A0C32EF85F94B188,TRUE,bootmgfw.efi
+da54ae14-5e4d-4280-b91e-4b78d0df036a,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,31DCD37C53CEE49C1241978CB976230EFDA89A83C3E3DBC18EDA92099055026A,,,,,,,23FCD6BF3084CEE6A9F9885E5239230B0ADDE0C870589EE461551D1CA8F4E85B,TRUE,bootmgfw.efi
+a4e64b6f-16b8-43db-af2f-c77daf3f0ca9,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,D84AE3F1BB7B2F2C41B986E473AD424CF6F1D136B4E91AA5F73824737169D820,,,,,,,E39891F48BBCC593B8ED86CE82CE666FC1145B9FCBFD2B07BAD0A89BF4C7BFBF,TRUE,a4e64b6f-16b8-43db-af2f-c77daf3f0ca9
+a205120a-b99d-4e65-a96d-b8092539c1d7,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,0CE7F3FEC8BBB04E182027DD6800B7993E9F14EB579504DDECDD2F06294D7739,,,,,,,0C51D7906FC4931149765DA88682426B2CFE9E6AA4F27253EAB400111432E3A7,TRUE,BOOTX64.EFI
+61dad3bb-db5d-497c-8aca-74ae55991a3b,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",3560dd8322a15d0e23d3747e32a04ebc,5ecee585f6f31b380d65407f6b73dbaf03388624,7c6f0f7062aca9c286fb921917747c8b65ff4a69eb71102b90c1570b4c521fea,,,Microsoft Corporation,Boot Manager,6f065bbb5d76aa5fb79975c9480b9ee6,6dc5e016421e15ec84239bf6a643dabeed536cdc,03df4500273c43189296f09d734977c882a008fc056f43c309b9d2351f31792e,TRUE,bootmgfw.efi
+dbc9e79d-2655-4892-81fe-830383602432,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,E1DC3EF55626A4CF6DDC425A353208F309271B8A9FDBF8964082FB08DFB7A170,,,,,,,2B2298EAA26B9DC4A4558AE92E7BB0E4F85CF34BF848FDF636C0C11FBEC49897,TRUE,dbc9e79d-2655-4892-81fe-830383602432
+26ede8d7-1e62-43e2-97f4-710a4352d0ba,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,5C512E50028955AED91AF0317813C68B427A7F73A6497BDA82F4551BE1A04936,,,,,,,5C2AFE34BD8A7AEBBB439C251DFB6A424F00E535AC4DF61EC19745B6F10E893A,TRUE,centos-7.9-shim-20200726-shim64-bit.efi
+ca53fb23-c94b-436c-9066-079bd6480ae7,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,97C24B65A08878AEB0002FC577B717A950C0A20E60EBDFC569637EF57059A2BE,,,,,,,6730C911E6D91009420D202FB6F394568A06AA97E9F33F30C7E92AAA71332D68,TRUE,bootmgfw.efi
+bf8069da-0ffc-463d-b17c-3e0ee49d0585,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,5C39F0E5E0E7FA3BE05090813B13D161ACAF48494FDE6233B452C416D29CDDBE,,,,,,,C452AB846073DF5ACE25CCA64D6B7A09D906308A1A65EB5240E3C4EBCAA9CC0C,TRUE,bf8069da-0ffc-463d-b17c-3e0ee49d0585
+9a4cfe78-97aa-4d04-a049-9f0c2d3869c1,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,D8C26A5324CA74212B59B59BEF1BC33FB5B6946DCDDE84414C60A2E315EDE741,,,,,,,3AE76C45CA70E9180C1559981F42622DD251BCA1FBE6B901C52EC11673B03514,TRUE,9a4cfe78-97aa-4d04-a049-9f0c2d3869c1
+3939d676-6d9d-48b4-8be9-d7d7f3528c08,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,EDFFF0969567FF1C1867AA921EAA5CF4C65D20F0511BA7EE7328F7B67238DF53,,,,,,,C127F0EEFC2E451989D88E4D1DA8A3B08CA9D5884987A6157E04E9A71C01ADFC,TRUE,3939d676-6d9d-48b4-8be9-d7d7f3528c08
+a434e53e-5631-4181-bd2e-47c546370f7b,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",7c2bf377d0edb86f010d202d48024145,5dd4309442a74a780e3e099f0625b1eed2e54c25,ec89ddd37880430cd5242f5f15d13f4cf699f50dbe04643e5b70093631608204,,,Microsoft Corporation,Boot Manager,6d00124e9f1f50bf046eb6e5151c9e97,2121406a967bcc56cfb20b53b60f255d950862d5,f51bc0b8fce1bae71b76cb3ade28b712669d4e938fd37c9f5872493acc25fae1,TRUE,bootmgfw.efi
+dba882ff-03d1-4cf3-9e9d-9358d6416d79,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,4759E0891A636E1A3D27472C48AF55F27BF5E3CCF474141FEFBBA2AA124AC410,,,,,,,D417C004525C7BB57523836278CEE120FD66147983BA738AAC011E24BE75E6E2,TRUE,bootmgfw.efi
+cb5a22b9-4471-44a3-9783-c27df207f95a,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,B1EC3A20DD620668852C057FD33023CB945D35122C079F13A59A73F8A4E4FC12,,,,,,,264CBC5765718A0BCCB0F79C0FDD133A898203FB6F4F2052CB0647FBF6000ED0,TRUE,bootmgfw.efi
+40f5cc74-badf-47d0-8fd7-021190a05953,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,A7BF87F519397CA73C79AB94079E0E8218661C149713A8A286DBF1079E57B4BE,,,,,,,A5BCFC748DA415BD7F00B669E1237C9898A6D03517CC80B3626F0BE326046B28,TRUE,bootmgfw.efi
+164bcf0f-91a1-4754-9c4d-f2c1b90aea06,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,9C904F10520295D070DB9CF381101512946AB832C2BD92D4E92D42B934F40DC3,,,,,,,1D8B58C1FDB8DA8B33CCEE1E5F973AF734D90EF317E33F5DB1573C2BA088A80C,TRUE,164bcf0f-91a1-4754-9c4d-f2c1b90aea06
+b429b35f-a9c3-4de9-a7be-da2b2c688a02,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,02FF707BE8808663B2CC33286630839DD7B14AC8E2340F4661870B18A9621D9D,,,,,,,B420509D0D69B294633FD7AE2C36B2B549D45A6A863EF16843A1116A11127F56,TRUE,bootmgfw.efi
+7b45ea3e-38d4-4bac-aac7-54806c6ffb28,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,3E5206C60B696D3B81696DF457D74881F0188ADFD75404A4C0AA627688975671,,,,,,,3E1A6021B3C6066E94F7F06AD7B29E35B1BD9EE496827A290EFB9BE7A27C5D63,TRUE,bootmgfw.efi
+a74084e3-94b3-4674-99c8-e314f7f6241f,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,957D8826BEE05DFEA66994C237E61BD70CC0115CC176E1D931F1D892C6C16814,,,,,,,367A31E5838831AD2C074647886A6CDFF217E6B1BA910BFF85DC7A87AE9B5E98,TRUE,a74084e3-94b3-4674-99c8-e314f7f6241f
+cef9f132-2635-47a6-bed7-6011eb7f04ca,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",0008d969a43a2b94edd849cdee6ae3c9,d58b60ac3b5fdd3d52a9bc8da3e73c2a13ad36f6,3f8f266488f3b888eb77b8df43582fa8124366b7d0670ed78926410f9c9f411f,,,,,d0a9c315f3180e44d8c7a202276041a7,6d3071da0d10845d4c297c11e0f71dc557981cd0,d8d4e6ddf6e42d74a6a536ea62fd1217e4290b145c9e5c3695a31b42efb5f5a4,TRUE,bootx64.efi
+4e70304f-ec00-41a5-b542-69701b5df29b,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,A6E8C6906E4845A30A036FB669BA82146E334908706778AC569DF45CBF8637F7,,,,,,,8806CF0C7BD5DF7E01D120F56734113BE916E183755577BD48026C25DB268680,TRUE,bootx64.efi
+55b45543-5130-4632-b2a9-12f11c8da501,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,BBD53435E3881C13F6EF3D7C17DDE9BCCF2BB2D95D303DC4623CD1AA8F51EF23,,,,,,,781764102188A8B4B173D4A8F5EC94D828647156097F99357A581E624B377509,TRUE,55b45543-5130-4632-b2a9-12f11c8da501
+b3a8852a-b702-419a-9d1c-4b371a130474,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,5613DD1553044BEF74610BC012D676375588421FF0000B69DCF62D1081451ECE,,,,,,,0928F0408BF725E61D67D87138A8EEBC52962D2847F16E3587163B160E41B6AD,TRUE,b3a8852a-b702-419a-9d1c-4b371a130474
+2cb09869-230c-4114-a4ec-a744b3181282,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",390218e8b12b9b5a8985baf49e163930,d8f34bcb62883019182a69e25f0b71caa3fcabdc,0e99607b20d537497169c506c6893243d3f1bd5960505c1566bd97c0a741adfb,,,,,418f5f26299f7eb90d5659caff5388a3,d076bcca3841b8c400b4ae3317ea65de33782094,9f1863ed5717c394b42ef10a6607b144a65ba11fb6579df94b8eb2f0c4cd60c1,TRUE,BOOTX64.EFI
+04cb75f3-e10f-4f9c-9f8f-97d4a310922c,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,0CCD31ED42FF79E74FBA9C064F59F698E3AE9F9E690BE296EA63936E81982000,,,,,,,E36DFC719D2114C2E39AEA88849E2845AB326F6F7FE74E0E539B7E54D81F3631,TRUE,04cb75f3-e10f-4f9c-9f8f-97d4a310922c
+536cb2d9-c5ae-4fbc-90af-4502d0f6c9c3,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,0CA03AD1A65AFE81EC23E2B20E05D80C41AAEB5D6D5F98E2D0C5661F46E0CE9F,,,,,,,47FF1B63B140B6FC04ED79131331E651DA5B2E2F170F5DAEF4153DC2FBC532B1,TRUE,536cb2d9-c5ae-4fbc-90af-4502d0f6c9c3
+8041563b-fe86-4183-9409-a479ef4f9b46,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,5E9D231F7BC2F98E9CBFBE65DA29F7B663A1E84FEE090250BD0976D65DB3FC0A,,,,,,,F5D396FC5AD8B7EAC22652129D56449DC30B6965CE3E41F5D76590E3B1ECFE62,TRUE,cent-8.3-20200730-shimia32.efi
+0c015961-2a7d-4fc2-99ca-5cfccf2de27f,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,F50D0AAA4875B0B609D0F796AACB77D582E0246D3FC544F76ADB73B67A156626,,,,,,,4A9B1C438BC8F114BFAA82F5D533DA31CC610C276711422C74A167B8AEED7C82,TRUE,bootarm.efi
+b3ceecb6-6bb6-43fa-9ab3-8ba2d6647443,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",d407a4d3a9887218394aa73e94ffbde5,d483cd3de769ee4a2bd69c498501e7764656fb75,9d61099de8327efeff7e4aea81d9f3396a2218e6b22e15d05032a765897c0eba,,,,,2ccccbe8e79cfaa23784d56e0edf946f,4dc601eb63e1e8d30e7ed4eede0a757630e66dc5,b3e506340fbf6b5786973393079f24b66ba46507e35e911db0362a2acde97049,TRUE,shim.efi
+af34038a-8535-46ac-8f63-bdf18bb89563,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,04A779863E698705914958CFCF521450B8D2C9AE321DFE36A2DFDA00AE75ADC1,,,,,,,1D5C15CED73845B7E968BF3ACE52C5C660AA2DA6DDEFF2CE6445A04B885A0F12,TRUE,af34038a-8535-46ac-8f63-bdf18bb89563
+44560d47-de27-4691-bee4-6306bc160643,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,7391D51035BE75620EE4F0F597DF65F54D3518A7CFB74276D7A778AAF7B39477,,,,,,,8810B37003E7CDDA026663968AA9E1B9CCCC96EED98528CF5A975BDE7B8084B7,TRUE,bootarm.efi
+de853203-30c9-4dc4-a050-6812dc4e0113,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,BA8D25B9FA843DA5A70D38A5AA96549F2166E2F0B4C1C007AF8A07D07E98A528,,,,,,,996C1D55955DFB3698869BDC2A700E6BCC762468716B5CBDA7295CF98841220A,TRUE,bootmgfw.efi
+160959a3-8cac-43f9-a0d1-1c108375fb95,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,DBEEA13BD8FC4D613501D8CF564A129A541AEE6FB5AB82CB4A5F448B52FD1C52,,,,,,,266C1429C8DC389481B3814BC3AF8723DB28EECEB0BB026BBBEDA0CC41D36BC3,TRUE,bootmgfw.efi
+09476ffd-a0fd-4510-9e36-a20727c16b8c,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,A97E2E39DA89F16E0AFB9CF3A213205ED00BF2200A573812B5C5F56FDB8B2402,,,,,,,5AAFC9F5F98DB75F8519D8652924932939760F00DF8827FA2A6E36DB265F21F8,TRUE,bootmgfw.efi
+b8cfe531-3969-4203-a575-fec35e4880fd,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,D2BF5E584EA2F3844B27CEF320636D1A2CD6BFB023ED65110FF6D0EF09292114,,,,,,,F2A74464235248EA2A41EA0D0256E9CDD24BB6B3E2A6F2FC7E0AADC86EC56CA1,TRUE,bootmgfw.efi
+1b134b19-47f4-4bfd-af37-40c05933168f,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",f383b5c1f0cb8806742c8df990bc7803,c1f26b124fcfb2c73ec9c9cfafe3fcfbc269d4e7,8e8addb29426d845a0101c2c1f26c2e7fe8c78128ab04f16cfcb4e06461b0101,,,,,cba477486346b0fad728f78e3542e00e,cecc72f2d1a431149d9bc47f8e21b655e980e9f2,804e354c6368bb27a90fae8e498a57052b293418259a019c4f53a2007254490f,TRUE,grubnetx64.efi
+c818cbe0-bc64-4557-a266-570214ebaaa8,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,57B017C3A6AC4676B1852E407297158D1D471373DC299CF557832D9E3F13577A,,,,,,,8055EDEEB18561927DD5956BE9070C4503FEC783AA96F166F5F93FDBC3C2AB43,TRUE,bootmgfw.efi
+d880c342-2996-430a-b850-fb372cecbef7,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,C681A40CEB9F33F435A44614FB7E0D34007F1C67B83E8C907506414950CC45EB,,,,,,,245E9B81342E45E1BAF4F8D830D18EA7FAE9FDFF05497290EA6442C4EF0FFA57,TRUE,bootmgfw.efi
+e638d650-dd39-49a9-a737-b02670064e45,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",9bdc83ad343e8745e1f3d55c36cf2df6,095b16e4a405e6d6dbdfc1475c941c64201d41b5,84e680f95cd31db85663a5482a68778dd236503d88e8a6d8e3c4a6c9ba201102,,,,,2906120c5459cec104e70135cc2c7ffb,e0a77a7cdefc31ecba261fcd6181b97efce9cc49,273d4432af53f07f8fb2013bb13d70bd46ea49c6c1c9de6c631ae4d75c98baf0,TRUE,shim64-bit.efi
+99b952f7-5438-417b-9dab-c318bdcd75e6,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,B6C36B2B18A3E73EA007173F8669D9A9A861FDDF27C3E3C0C3F1315E2AE5B43F,,,,,,,61CEC4A377BF5902C0FEAEE37034BF97D5BC6E0615E23A1CDFBAE6E3F5FB3CFD,TRUE,99b952f7-5438-417b-9dab-c318bdcd75e6
+c348343b-faea-4c60-a0bd-c140a51ca9f0,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,4A62256316FBC805231420BAA4668B26023AE08B1BC7203A71C28905D19C817A,,,,,,,9DEBCA159F7892D56C94614C469CF37C8DA035683B1251FC4E6EC0EF2EEE720E,TRUE,bootmgfw.efi
+663a9b38-509f-4a27-b2b8-13801ce4ee89,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,3E8EE29691F1F22F5B46C301EDFE411821D466E7A39672A416E387060A0EEFE0,,,,,,,B2BEAECAC1BDE409F82933D80FA3BF5FA0D1FF8D1F97E5260BB25C0FBBA35CA7,TRUE,bootmgfw.efi
+2b96f3c6-afdb-4da2-84d4-601c9a71b2a8,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",69a56b18be5865ccda9ab3a5bb4987ab,ec708522ed126c2bc6b8e3306c8231351927e369,a9f6c38c2608d6f36f246e74a9fd17e915c89e54eafa2281b8ace86133df22b3,,,,,93d2db760e57e03fd6e20cc55dc4aa46,5468b9ca48c3f67380a51e4a91732fb0792eb40d,adcc0b6fd6dc5911bf42f036c033fc3e43f07a8312e91d0d8d32793b62940c7e,TRUE,BOOTia32.efi
+77a4c1f2-a194-4778-8074-4ba1d052129f,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",b93d4a486013424efe0fb34668b50b85,71ff189bcbb7e43d0793a0efb827f7225fb122b0,4f3e97e36ec05236dc378c544310a9685d57409b87020bee731d7ddbf90987c6,,,Microsoft Corporation,Boot Manager,26019df09c3d207b9be1a2f395b8645a,db3344e8cb837776d854dc6adbfa5473a19bd611,b67db8d53c925febadafce4356206c85f73e22456eae4ed6ee77f6a9e11a078c,TRUE,bootmgfw.efi
+29a5f4df-eaf4-468f-94e1-da9ba1b1c20a,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,BC5D2B2C7E7CB051D084484259095B2868CAEC001C09A6FD33302B0AA0DFA7E2,,,,,,,1BCF1611E0CC92C9D46D2A51C7ECF6EC63C562EF759324A1D9151D508A16B7B3,TRUE,bootarm.efi
+66314d3b-bec0-4042-94f3-2744b5a337ee,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",e7ae8ab50eae0f2730780d6e87a165cc,339702656fbb6e001e9a283dbd54567323f0332f,88582f3cae30afd77990944709ac4e272d68cdc009d9c3ff6f7c2e19e74f5975,,,Microsoft Corporation,Boot Manager,61dcd3b5b1b343f78cdba79267151107,f62b5d4321be185905a65037dfcdeb277a4f6169,490c927242cc6227ca439a7e9aa9d771ad4d1686eede1f331cbb6c69e9be746e,TRUE,bootmgfw.efi
+32eed29e-9d32-4120-8a43-02c7dfc4ae22,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",dbed1f7ed9e19e53bfc7f43122ce3d83,765ce680a932d9f36a6b09c2191c9e2cab1a89cd,c6b0d030bb3e54294742b3914ae76c949e52a065abb28d08054fdf90d7eed628,,,Microsoft Corporation,Boot Manager,35434d7522f9aabb654847d66da05599,638291271b5b95b647a7ee324dddc79bec196616,1eaed62c4abcb2524643e1723f6aadcc31a74af4d2285d3b13880cc44c22dec5,TRUE,bootmgfw.efi
+72b28839-6c76-40b4-b8ec-6582be7d81eb,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,F69D87F5BC30026B00110DADD0264311D15DECE6B67F046506755284AF5EC002,,,,,,,05D87E15713454616F5B0ED7849AB5C1712AB84F02349478EC2A38F970C01489,TRUE,72b28839-6c76-40b4-b8ec-6582be7d81eb
+2a9c12a2-bc01-4af2-bb23-a5f1fcba5bdc,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,B15095CBB09505C8354657EF7DF0FA4046F5F9DC74B26EF12A7D83E82A718322,,,,,,,C1547CF902570207A9694B6B8E353FE41419DB6A3802221DDF10FB8F86947804,TRUE,bootmgfw.efi
+e1e05cba-138a-4879-84c6-0ab872d03ea5,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",aad10724a4a2b676a69459a61124efec,e41e22000179036196670a70b71dc199f503f803,25933d1597ead1c390abc59433aec7c8f955c588551024c88c6388afbc84ed40,,,Microsoft Corporation,Boot Manager,34dc51ef7732132306a90266b0dcaf95,4f92bc4253c99fb31787f7b1501b0f3af801534a,0328f7dd12b552efa7a9e083730333b85f3f4e83d39387fc531863b422f75cc8,TRUE,bootmgfw.efi
+52a629bd-deb4-4e92-aa7c-3e4c301a086a,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",ec46eab41a4c2ffd8c352d6e0dea430b,5b65a8b1427f80e9c997bbad4e66dd36742314f7,e0df7ce01e42a61228f4005fcdb9c42675ff7280a0be9ec1c32ad9d5e0493f10,,,Microsoft Corporation,Boot Manager,00a62b0feb53c1c76e1e5246aab69123,4654356766b9e062ffd65fd26bf3d0916430881c,d87817f76309b1e420547808cb573aea0c8e7de14123793a42388582184286b7,TRUE,bootmgfw.efi
+5f398d53-d42c-4c4c-acc2-b3766bf08b97,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",4a7dcdd069fcdf8d7319ea5e135403fb,f48de3320923666bd1a9690f993a6d83ed420c24,0ac2943abf5ef953b939247b74331fb2c437e405a81dd5569d9cff1d6183d53a,,,,,5b234f54fbe2396c8248e75ee4f691d2,ba379da7ab2c2c99c24e004f4357da5cb6acaa6d,e7681f153121ea1e67f74bbcb0cdc5e502702c1b8cc55fb65d702dfba948b5f4,TRUE,gcdx64.efi
+db9487ab-4dc1-4c3d-a04a-70696d63bcc4,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,24357D13D3CFC29A7E83D86A6BB53FC932461B7D0A653701188D7B427C704FB1,,,,,,,D6EE8DB782E36CAFFB4D9F8207900487DE930AABCC1D196FA455FBFD6F37273D,TRUE,rhel-7.9-20200730-shim64-bit.efi
+2f495b21-1d43-43c5-8770-c221121a2e6a,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,6FDB5AB3815A499948DF5ED732EE275FA44CE8313287A33B2875B2A2B1D60021,,,,,,,B7EA2FBD3FEEDA309912B2767BA80DD037813E80FED17CDA79EF7F62B6D1953B,TRUE,bootia32.efi
+063ad364-8db5-4bb6-a731-799b970cf900,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,96DD3FFBAB73A9DAA0CA93C34C4EDA5BD9C8AEEB0480C1A3BD93131F44CA9A29,,,,,,,FFF421A9DCD3EF38AD585E8BACA408AC2E4CDBDFA679900EC17089624E310ADA,TRUE,rhel-8.3-shim-20200726-shimia32.efi
+a24fcdef-7393-4141-ae9a-f97fce196c35,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,98A4F01BD9D8A039C669C2AF9082A0EEFBCEABEA4C739E05A1D0C59C5D851AD1,,,,,,,71B601EE3746DA7177726DB84F5B417C9721583D2D88AD857BF368A54FF76BFA,TRUE,bootmgfw.efi
+b1d65631-7072-4168-b25a-5e18d41b3410,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",a27c33dada320aff0672ce32f953ffbc,412391ed50bdc33f24da222c7d79c00dcafbaddb,9be93e365a8240a03b05db26684b708b46d7585be325a3e22170cd5b324e0cb0,,,,,1d9a09ad4a977af7eb8359638d016fbf,70673742c167b615118ed8692cc0a100427c3f46,a8ddf4d0f6a7056f55b464cc79a986cce24541961263c216bedc19a7c4ca2296,TRUE,shim-13-0ubuntu2/shim64-bit.efi
+94c6901b-e217-41cf-a4c7-b62763759d3e,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,A8FAD7CD0CC1DC152AE0880C21D91F6270FDB410D60E1129963AFCD3DF5841F1,,,,,,,839894ED391B7C88E995F845CA152F65BF881850D768E3EF3880838B52846A74,TRUE,bootmgfw.efi
+59605f2c-5575-464b-aacc-af09e949f153,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,BA0610793FAA746150C0FD5689158B01DEEEA7320E2F14B31EE9AF4F2C4D1587,,,,,,,32AD3296829BC46DCFAC5EDDCB9DBF2C1EED5C11F83B2210CF9C6E60C798D4A7,TRUE,59605f2c-5575-464b-aacc-af09e949f153
+b2be4369-0672-4a82-96df-ee4d208d3352,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,79631821A585BFC9A9A5D2D92D37714EFD84A3D856284A0897654461EC1C137D,,,,,,,54061FF50D91296F2F44D8B338AEEDFBBE86DF49DB5DE8A45191AAA931F5BCF6,TRUE,bootmgfw.efi
+59b5e207-bca6-4425-b392-2fd0ed44935e,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,610D0A80FD4E876EAD581903B33C96ECC4B8BD7115FC9DF5579B3A25416FDAEF,,,,,,,9BAF4F76D76BF5D6A897BFBD5F429BA14D04E08B48C3EE8D76930A828FFF3891,TRUE,59b5e207-bca6-4425-b392-2fd0ed44935e
+d1e51f20-1939-4b7c-8875-2458c9e418d9,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,FD1CD4D4A1AC691E7A0AF14C3DFB17DAF3F2E6A2B286C9E233070979EC36BB6F,,,,,,,270C84B29D86F16312B06AAAE4EBB8DFF8DE7D080D825B8839FF1766274EFF47,TRUE,d1e51f20-1939-4b7c-8875-2458c9e418d9
+18b807f0-bafd-4f25-8f7d-e2ff15fb5691,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",c86257e19730c49e2abfbdf19e322c49,6a9e3957a060061c09a674ed338df34af8f23540,f88e92940985413acd440daa20c08df99c54613636826d9d95b898d39c44b19b,,,,,24dca2244a6220a9bb1962697f8aa2f0,2688b0ed81c02678e9884b32b6ef0fd603930cd7,148fe18f715a9fcfe1a444ce0fff7f85869eb422330dc04b314c0f295d6da79e,TRUE,bootmgfw.efi
+c8bbda28-7392-4588-a899-755c58de432b,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",8712d45e1ae024cb45067ad5918e12da,a6aa33d40dacfcc964b01a5c18d26829d362fbce,702a10fa1541869f455143ed00425e4e9b2d533c3b639259bde6aac97eca15ed,,,,,15d38ac115b29438f9f82509f78c340a,c017bdf23c9fae3f7c66a28aaefa4ce95d174a71,1db183cf5655b2dd0ce9508273b339146c3b7dcdec0d0ac3c180c953083faf18,TRUE,shim-0.4-0ubuntu4/shim64-bit.efi
+faa5ce45-c815-4eec-a757-84e1b181afcf,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,EBF3E0F060E9ECA943F49444CC0DBF6CBE1AEC2C20AE10DFB9E757335AA26ADD,,,,,,,3E828EF5E880FE62B33D36B78F2235F1A314153899AC80469597297B9A9DD22D,TRUE,Signed_13652009334930799/shimaa64.efi
+077ccbb7-5e3d-455d-abbf-317e3ee73abd,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,DB67C1601CC3B3313B9F6E8F12E76627E7BC6F3936BD8147FCAFAF5FB6556966,,,,,,,A5E476C4BA2ED8EF8C30F247F3E13AFA5C7E3A5A952E4B8325C22F33F7F23621,TRUE,bootmgfw.efi
+8e051211-3998-46bf-abf0-cfba6699c4f1,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,07058C9BBCCB99D58FC93EBE2C007CFE28E1BF74E51954584AA3D3CA06689FBA,,,,,,,CF13A243C1CD2E3C8CEB7E70100387CECBFB830525BBF9D0B70C79ADF3E84128,TRUE,8e051211-3998-46bf-abf0-cfba6699c4f1
+b262ea41-bb3c-4682-9a8d-a4e52e495c6c,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",7f5843d48a960315b047e5231470e1b6,a9f1a7c49b57694d6f44de42e7675ccf07e0a57e,81199ecb7a384d04f4e0f5541af731ca6ab0a04f1e2d692b4c386e0f02f15009,,,Microsoft Corporation,Boot Manager,9ac88694e8ed9aee8005b00700994fd1,f1fcc53669caf87c89c1acec550dc9b989d5f4a8,7a0294ba07a2aee3648afc0daf2efd526a5b76349ec906f819c03bc217257638,TRUE,bootmgfw.efi
+a9874948-be3c-49ba-b6ca-9ff18f01aa9e,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,9E1E22CBF19E9A483E6D57345959A3F8862C3C98E2A825EB995819F0CF210F48,,,,,,,1364B7B94AB2A93E79D297EBF6CE0A30F7997E5929E408EF0D3B5D54C64E7B90,TRUE,bootmgfw.efi
+ae5b655b-a592-4d17-bce2-99ef497e846c,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",5917ac93685b816492c5476071db3871,f039244623179184ac63f73797aee7f926f2132e,6e79e3d0580d244c2fc2179a4f08cb80f945ad33d8c4c325de4e35e0d41584c5,,,,,b6736f2d357c4f0b8d557c3c0c39fb54,4917df76db99a277efdb57da560e145ca3d32d35,e7c20b3ab481ec885501eca5293781d84b5a1ac24f88266b5270e7ecb4aa2538,TRUE,ae5b655b-a592-4d17-bce2-99ef497e846c
+d0f8d27f-26e3-4500-bcb8-dab29c667c29,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,0742A120E871BBB67D6947D05E9301CDACBCCB4AF650464F996B40352CA9699B,,,,,,,400AC66D59B7B094A9E30B01A6BD013AFF1D30570F83E7592F421DBE5FF4BA8F,TRUE,d0f8d27f-26e3-4500-bcb8-dab29c667c29
+4002b7f5-487f-4822-a1bd-6fbf1167f00a,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,3142879893B677C1B25C92F9CF1DF3F90B209509992D52E9C64C3371296A9A08,,,,,,,4F93ED05AD7E20BDDE6241D24B196D6334C8C4010D92757E4868FF4BBD6A0F98,TRUE,bootarm.efi
+c2d12b91-7e1e-403c-8d76-9664229a68c0,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,101EC6206BC939A389713775B3BDB405E91252FAD75509C54FA1DBBE822F4596,,,,,,,93F5233E9970A7DB1E4C9AA2DE2404636728E7C66C03F2BBE74B18B20A93BA96,TRUE,bootmgfw.efi
+46629c02-f2d8-440a-bc46-d67ad73ea772,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,3141C6EF9FCE61084D16F0659A9596B0156F24D6F4B03837C4B7543CFB378D61,,,,,,,147730B42F11FE493FE902B6251E97CD2B6F34D36AF59330F11D02A42F940D07,TRUE,46629c02-f2d8-440a-bc46-d67ad73ea772
+d22cf9cb-63e3-4445-8af3-abd3537282d0,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,884A2EC5FFBB42E948401E425123DCF2557664E77B3B7474A728069FDECD46ED,,,,,,,1788D84AA61EDE6F2E96CFC900AD1CAB1C5BE86537F27212E8C291D6ADE3B1E9,TRUE,bootx64.efi
+aa9b6b05-0b51-423e-b4f7-39cb30cbc987,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",007e746f6aeff8bcb4479e6e49236260,3971fa916c03c91a66e72c58ad766724b6a5c219,62288f1f5f2f8529292eb45c2ae2a33d1057a3dec12164958e76ded36fbe712b,,,Microsoft Corporation,Boot Manager,9875bf0884ed2f18a32cefd749c60406,ecdde500ab2b06dd0c870c1f64d783f2cbd095dd,cef75d1da8e991ac96d36f8a14562849207f9dd50fc63028ba83277d5c27d00b,TRUE,bootmgfw.efi
+84dbe789-ccc2-4988-a6f0-b4c74b74e133,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",86f6426a9b47dc73eb8c8bafbb46799f,c730aa1c864f3b802de8d123b5b883dc9b2ce81b,00550ccee4edfefd7b7fb54864d0aa5df059885e9e79ff80d4fb134b4487c05d,,,Microsoft Corporation,Boot Manager,f0056ccaf2bb46ff7e936a2e371f94b7,56b864169cb1f986f5103c248d6e83caab52154c,065d94b9ea00397a2addb747e1e0978e4de6bf175339778fb9b0760fec3d3b61,TRUE,bootmgfw.efi
+52f8c789-bc20-45cd-a1b6-8a564b18fff6,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",6d83b980fd7541fbe793a891b95d5621,224b166130e25c00ac9a6c33d7816acc6b98cde5,d57f40a0e9018765cd79393a0d57d8e6d6d880d93b95fa57cedbda5a0b4a1ae3,,,,,5557985ad6236a2e6f4dc5efcb052bd7,36f2525fb6ae3fed1191d10ae9b4a524fe5914e1,6efefe0b5b01478b7b944c10d3a8aca2cca4208888e2059f8a06cb5824d7bab0,TRUE,BOOTX64.EFI
+48d8feab-a988-4578-a65e-c6ba5f43ffac,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,ABF6F968CF9ACDDC04BA5F287F857551CC9D3237CE402D527279930AB5F84894,,,,,,,77CDCFC9644F8F80FF407CDE316AC235DDD1ADA9C3B6A5AA9544DB2D64B79FED,TRUE,bootmgfw.efi
+54a6f135-0fba-459b-8749-4a0764d690c1,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,8D76482F549D66048611DE6C4E67289E3B0BF051130B546E9A4B98B8DE0C4EA8,,,,,,,0A3C2072EF4FBDBF045E1876E855BB8AD5DD0809F66AD1442239A7D856AD908E,TRUE,bootmgfw.efi
+a950cc79-4054-4d02-bd8d-3de2165a3721,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,169D0AC3DA1DDA382812F7F221B8C9CD55961A05D876E3D812641313297848BA,,,,,,,992820E6EC8C41DAAE4BD8AB48F58268E943A670D35CA5E2BDCD3E7C4C94A072,TRUE,a950cc79-4054-4d02-bd8d-3de2165a3721
+eba694e7-6b97-4fd7-8e20-e26392cad8e7,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,07463549E9B992F78E7E64BD24BCA93754EF3674F5F5D76C4D44F462060DF0B9,,,,,,,86E9384C41F9339D9B0F80B48055D02BE5FF908860F2CEF63359E0D8B7937A27,TRUE,bootarm.efi
+76afa72a-2b55-4649-9fc2-3dbdc27456e6,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,5AA8E7418AE78250745BE3ACFC2B8D1FC1DD4D1DEFB54F19A508BD8247CC958F,,,,,,,AF93D5A2238F01D595A1BC2092F0AB29A550B2B96BDE7356EBF64D8F04234958,TRUE,bootarm.efi
+b59f1e98-72fb-4ccf-a651-bf9318f14150,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",7661abbf92a68466a3562ec887365e6a,ccdc96497a3d4cb4a616939fbf102e5faa787a9f,4b2bd93b32de4be7235c95c97af98e12bed5f0602b7b428700f9a1348cb2f731,,,,,a130bc7f90388e8f9d885f55fc7a8b8e,b7f9b5a096cd0d524da6296ace355e268cc01a9d,0fa3a29ad05130d7fe5bf4d2596563cded1d874096aacc181069932a2e49519a,TRUE,bootx64.efi
+fd70f49d-4efd-4ebb-a889-5dbbcebe33a0,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,8C3A26B5831FF45BC3BCA44C2815951E2DA489A91BBCD295F12DFDBCED9958B9,,,,,,,398995770D21E9F66B90D69D1EDE16C9E58C0634B2F7D26B1F22501DD93FDAE5,TRUE,centos-7.9-shim-20200726-shimia32.efi
+a544e544-0e7e-4fcc-9195-e10564ba5674,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,3D3434BC5A18F072D4CF59D5651F9CE05B61B6FC3C21EBBCF371777AA1E1E1D5,,,,,,,7F49CCB309323B1C7AB11C93C955B8C744F0A2B75C311F495E18906070500027,TRUE,a544e544-0e7e-4fcc-9195-e10564ba5674
+3a74fd6f-8747-4f47-b44e-fa10af3da555,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,9EA346FCFE6DB7F3140DA8FFD5738F6CF97D6014DA61033B32049CB17696B372,,,,,,,EED7E0EFF2ED559E2A79EE361F9962AF3B1E999131E30BB7FD07546FAE0A7267,TRUE,3a74fd6f-8747-4f47-b44e-fa10af3da555
+dd1e593d-19e6-4e29-8d3f-5b85a21bf35b,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,940A66FBDCB9A3BE16FC8FF56DB63CBFFD7283F15ECF7E50BD9BBAC7EAD303F0,,,,,,,FD4591ADD2E5B0664363720C71492982D5B223A141A6248246CD2381F67E926C,TRUE,bootmgfw.efi
+7550a473-863a-43f8-aad7-fff5be3977f0,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,4640438E0AAEEE87664C893198B41AA03BBF3214E181AAC4E2DE81A5400D2C27,,,,,,,199F3CF990816D710F556722CA068597C4341B7F346642339839AE30495309D0,TRUE,bootmgfw.efi
+eff3ed05-f849-4ea0-9f4f-1af40e48c368,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",1feeb7cf14b7809b43c9044ff910afd2,5a9676753387c0f2b6bf9bae87605b78667df8f1,45ec69179be0f20088f10be909fc8b6104f85607db0a556482fee9384eb4d52b,,,,,e5569162d84d9553c5cb32345e717a9e,64a3960e247176d3389e64a2a61a3be0782dde88,e6ed1aaa082e63c15be118462ad2d14cee3bd9cdd81db5c8801b33ade2183d50,TRUE,shim-0.8-0ubuntu2/shim64-bit.efi
+fec3976c-cd0e-4929-a01d-23c584cf7e00,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",a1a05331029aa3aa0fd396897cb46e8a,5e8fe0458328bfeacd491e1c74857c526f444596,0e5eb8d0bebf089a974bc0ca85d33d73f9a0bf72ed2a5e3a62a0387b51d509ce,,,,,fb9005cf320ed99d82d5b6a98988c576,f4bc99b43ab88f15d2803b5a9de898223a380563,68ee4632c7be1c66c83e89dd93eaee1294159abf45b4c2c72d7dc7499aa2a043,TRUE,bootx64.efi
+c2ba98da-826c-45bb-bb56-09db34e78fe0,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",cefe4b51ab58c74a20f0302fca66bd03,e230f2632b21bdb523d214032f979104df1ee867,88c2eac45b9480cc7e423558ba1b90097e8f12dbf98f4628c7a574c6371c6030,,,Microsoft Corporation,Boot Manager,47f4be47cd0365cc9f8a6c802f5a3192,01cf7cf98149854f741a31f3a6d8071ad80ea347,a22471b1d04c11ca895e8c078c221718c96c40309d64cf84144759ca7dfbd0d0,TRUE,bootmgfw.efi
+0bbd943d-7d16-4fe7-ac8b-f9d12daba1f4,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,26A8EBB3EF412AA70D4AB4486EBEE8DB42656AE7F2EC868FA95FA656090F01BE,,,,,,,B52531C84351EB695A8AFF0B7A5BDF93972CDEDFAF4067745425D75E21CD0CBB,TRUE,0bbd943d-7d16-4fe7-ac8b-f9d12daba1f4
+d50e4193-70d2-4807-9bc9-671894e82df9,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",7de3ac2823e2f7c241f2b181a8417647,c3c4d0ccdc07c03c20f133f9f65f6f12accea87a,c7d9dab91b726dea5abaa893d8f60bd4795f489894044dc56a9d3aad9cc49740,,,,,7f6637b50f8043e83815eff4f6f6425c,9519b7ba40ba48be3ef06c3b4c09169824e35bb9,7f3bdd2e92ae417b2143cc993c7fe48d9363ffa65c9cc461b6a407a779998174,TRUE,BOOTIA32.EFI
+ff057f2b-0bc9-4318-a017-66307880a7c6,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",28196e29d41524919202b6bd1e38f35c,ed2c4554266084506d2e514797b3dfc86a50118a,f4c53c0b054413691ba25a2d162bcde9c9e35b5e706272f70bff96ed5c05a7b8,,,Microsoft Corporation,Boot Manager,4d7e341b788c22d2ffd0a6e8d7c27190,2ab7a9fc3312a502e9178fe76930d65d07480b31,21554d1f3bf9f52d3cd297d27df56215c0fd08a0bf673868f3d8c6c064dc5609,TRUE,bootmgfw.efi
+146ba6ae-683a-4c91-b076-c267a77bbd47,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,FE924700AC79DC4689ADD5F7C6761E0D60E665A65F9572B43915010881B0BFBC,,,,,,,2B7A7A4DAFC35E49D03CBE7118E6BA4582401E1776B9C18A2597725B05A605F1,TRUE,rhel-7.9-20200909-shimia32.efi
+2d78b89b-4a5d-4d38-8c20-2baf76df8699,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,83B1D2B20830EE199D8845C999D4680B1B2B6D9C1F424DD13826DA3FA7F7139E,,,,,,,386D695CDF2D4576E01BCACCF5E49E78DA51AF9955C0B8FA7606373B007994B3,TRUE,2d78b89b-4a5d-4d38-8c20-2baf76df8699
+33ce2528-8820-4680-bc5d-b48fcc1f9d2d,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",53663cb5fea6bde711171523a2206e45,b0adec5a51e018cc50ef0497126ef4a8d9fd037c,899afe09e356003605b30dc209a5ba4ef6910baef23fac268bcac6db3cfee98d,,,,,925441e09c4b9c8e30a467a29c16ee49,7a26f6d09fcc80e5be03b7a6e5f8fe2a3652f29f,894d7839368f3298cc915ae8742ef330d7a26699f459478cf22c2b6bb2850166,TRUE,BOOTX64.EFI
+518b78e7-eeb3-43b0-a377-acfa0e831ce0,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,5875DB0835E08A9189F23833B21774FDD1C4C3BD4C5D3459471A49B85CFFD1E1,,,,,,,5D1E9ACBBB4A7D024B6852DF025970E2CED66FF622EE019CD0ED7FD841CCAD02,TRUE,518b78e7-eeb3-43b0-a377-acfa0e831ce0
+b42db55a-4520-493a-81ec-42002887ea96,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",7f0de7a661590f1c33de0b80676e8827,003454b835a5ee7ee200f9cb4e68b071e2b8e69b,d1af02fca7522c8d27e053544b3b653ff2daffcae9c420e460235dacab53f7cd,,,Microsoft Corporation,Boot Manager,caa781731a9d13ac418d97ec2cccb8f1,7ac2da2861fe7b90862a27b63629d8a9ee58d97d,7fddfe06c44dc4302da54577353c18fdbe11b41cb3e6064ec1c116ee102fe080,TRUE,bootmgfw.efi
+5cab3a24-4bf3-427a-887e-92ec2ed8f1a7,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",cd78242cb85f016a3ea62002c8f07c0d,1df5dc38345eee82fcb606f8c5140c619f187946,4628ec2698cfbca38d3bb4872df8e65a370ed4591e3fbd613a28b394942b8976,,,Microsoft Corporation,Boot Manager,7f11c44bb3fd9f28c453ed0545ce1fd2,e5e7294536819a91f69d03c57425ad2576a1055d,74b39c206dc8a11cd196d5998d2996b6ad477d72eaf86e19a3dc14ec0eab0f1e,TRUE,bootmgfw.efi
+0cbcf08b-1870-478c-bb85-8d12308ec1c2,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,90AA7C82344C06E7657FA919AD2B7395A07F8A1ECA8C159029569BD4467CC7B2,,,,,,,C32E05EEF54D7EAA0DD89FE0F4D1A8D97671FB456F6299047C3192C3E3724BCA,TRUE,bootarm.efi
+3645f533-8562-4958-aaa3-7e5924aadd8e,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,A7094801F966FC5C253DBD17066AF5BBCB3AF5E281D0A4DAB24E30C7A4B0FB12,,,,,,,3BE8E7EB348D35C1928F19C769846788991641D1F6CF09514CA10269934F7359,TRUE,3645f533-8562-4958-aaa3-7e5924aadd8e
+b6967d5b-ea2b-4a4b-b24c-63a8eb8dedcd,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,8E5609A57BD66CC153EC2AC60CC10C2E641334C26EA5068C1FD8373A503EF1D7,,,,,,,CC7396D1C306ADFCE49E70D7DAF32D093A8F2FEBE2AC0576BA853770E11B3EF2,TRUE,bootmgfw.efi
+add3eacb-c3b2-4adc-ba76-49ddb1af2ae3,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,FCCC2A01967926437DC0F5F49C6ACEED4DC67EBD7E99169023B5F89A7264CB98,,,,,,,EE83A566496109A74F6AC6E410DF00BB29A290E0021516AE3B8A23288E7E2E72,TRUE,add3eacb-c3b2-4adc-ba76-49ddb1af2ae3
+bcd750be-01b1-4b34-b7a5-065af773d063,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,65FFA344151D7347ABD0DEB599086063A503FB6419BE9E4358851F6B6AE96749,,,,,,,A7B788A7849607348C0DE9041989F7D67EC302F0CE8D7FDE5E434801F012B5B1,TRUE,bootmgfw.efi
+2eba3138-0822-49f5-abb8-ea5cae849369,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",bad97e7203aec2bd026403a7f70688b9,cd3f23904459410ad9f11b26faff47ac28fa5f04,df216fa3f13f8f7472c9586da4d0a7cd11cd60a041f486a611a4667f1c3d2cc6,,,Microsoft Corporation,Boot Manager,29cf71c7b7ff3b63a229ec82bfc2708f,65bb31b71a030a3fe93ba4d64e4ae0cedabbfbcf,d5bc11fb619bfced64249b930c785ead5fca3927f0ce3c5efd3f1d9af04b37bf,TRUE,bootmgfw.efi
+0072a990-7f8a-484c-8727-bd0912dd2ce6,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,DF01F567CF2C2A7B872EB750F12EC534B6F207E760D1ACA6795DB7CB12CFD92D,,,,,,,E6236DC1EE074C077C7A1C9B3965947430847BE125F7AEB71D91A128133AEA7F,TRUE,shim64-bit.efi
+ae22fd08-2ecd-43b7-a5c7-3b857e0e3b71,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,20E870697471F16EAC55A9658212F83A7E443CDB3844C7D1901B4D4271828F7D,,,,,,,1F179186EFDF5EF2DE018245BA0EAE8134868601BA0D35FF3D9865C1537CED93,TRUE,ae22fd08-2ecd-43b7-a5c7-3b857e0e3b71
+0acd4573-d0e2-4f57-8c94-3d6e57a391e7,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,3C6318DC79E5CE66F7DCCC71DF01C4E4ACC53F14D978011A29033D59D43D9233,,,,,,,62B79FB4A04052FCB498A97F22A3567642D4BC47D1C2FF9A06311C8C6148E907,TRUE,shimaa64.efi
+34cf714a-cbf0-4339-afb8-bae3643a4075,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,AA38D5E097A9853A25A1DAA838ED83BC43569DB871FDF24888512A434024A866,,,,,,,FE0E58846C40717FEDE6A1E0D6A0546CBF8B8CF0B82258FC16D05BAB58107D34,TRUE,bootmgfw.efi
+4750d526-693a-4831-991f-4ace2cbe92ad,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,D764AC6251FD2641EEBBFBF7A5A95E212DF5997875990D90562CA65D5D966BAE,,,,,,,0D85DAAA481B1BE84320E12B5078794DA29628ACB43B69C8909D291BB995CA72,TRUE,4750d526-693a-4831-991f-4ace2cbe92ad
+46e2d5a7-6b08-4c8f-b90a-dac8418621e2,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",087617bd4578c903f0a66bd157217f0f,1128abbba4480920fc7a0a772239cd1d132a1910,b65fe0af8297168749dc235340cba7c08cf6b956fdd25fc2c9f16d20da536713,,,Microsoft Corporation,Boot Manager,f9dc5d54b477c66ca23b879546b650b7,6f16c59cb8e6b3febb9e73702914f06475dff19a,c3297e35c3a9efc4c051706aab77d29a26e62d9a38de256dffeb77a0eec8666a,TRUE,bootmgfw.efi
+9091dbdc-0263-43e1-a886-3c18c6532dd3,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,5DB10187E0E8BB8D2FF649810E03F80FB6873370F3AB1F013811B8E9670F3863,,,,,,,DDA0121DCF167DB1E2622D10F454701837AC6AF304A03EC06B3027904988C56B,TRUE,cent-7.9-20200730-shim64-bit.efi
+fcbb1d82-1e57-4ca2-8679-e366cd7cb4e8,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,355B0240DD31FAD0ED13D77B7F880F8EBB32BCC72F9667BECBA3263E099DF378,,,,,,,21F27D89F2E77DEE7CD4336E3A3ADE362A2AAE9FB2EFE2079491A518F3D51FED,TRUE,bootmgfw.efi
+2e3641bb-5bd7-42d3-8353-481b4593c641,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",89805fbe6421f1d03023514f8fd7215d,f41fb5b7aaf48c05faed3e6622d2e2e70c95d2b7,561d28e0888cdb0a8fce41754742aa8eb1bf5c8dd4eacbf9af0f40e0d36013c2,,,,,2fb83ba40e7c8d9019f48dfa8269bdb8,775705904e0748bc6210e1869f20765a2f1b027b,e24b315a551671483d8b9073b32de11b4de1eb2eab211afd2d9c319ff55e08d0,TRUE,bootx64.efi
+cb08669d-8b82-45b7-8fc7-ea815f96e336,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,BD6E8218BAF3A86090201D6A118858CFA5F63AA2732CC880DADF39A1609F12E3,,,,,,,1DA53F3A2C7C41C93099737266B5619FF616A433FB3B870234622D7AAFAB9A7A,TRUE,bootmgfw.efi
+9b6deeaf-b8bb-4f8e-a8b6-d174312fcb7f,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,2CAD0B454397089723959FAAFC2DB5388C50DFD5C02319703BABA6F03654561C,,,,,,,172FA584B4EEA5A5D4104FB0AC30EDE032CCD31CD2675D7003D79A2CD0C243E6,TRUE,rhel-7.9-20200730-shimia32.efi
+60383f5c-6dcc-4df4-aad0-510733820a1b,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",69b63c494c676d3a1013a775b18568e8,09c724498ed275fb4a76f04700f5b2d39413405f,953a7719b50073e701730fcff79b2fee7054c72c54d1f0b0f2571d3ce7fdb925,,,,,752f28cd2893f6dc4e568c9a15f6b456,22cbe49e2494a44bf823958840b6e1291ffe6d11,3e333de87d211247b2ab00093cab48f6069d718afd29e9917a3d5f60e87557b6,TRUE,BOOTIA32.EFI
+d90f0a0a-e161-4ebb-a2e3-5dbaa75cfaaf,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,C4081B588CA3FC9965C2D04A0E8CCA3E0016566CC8A84FEB78CBF63A4ED72EED,,,,,,,5A184E740657E218D635168286F0F70BB5672E4EDB78717550C70686C232EA5B,TRUE,bootmgfw.efi
+66d407b1-5e65-4314-89c3-cc6dd5c10d59,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,EBB480F63BB81A4C88F42E97A1B40DAB2EBB926A358EACC1C52A5DB88A2BC6CA,,,,,,,28CE0DAD50730900C5D18CC58D5255293452CA37D764868C16EAA9EAF6BD7C83,TRUE,bootmgfw.efi
+d20a9d4f-d336-4400-b839-d2334be05e06,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",8273287f52ffff4624121d2926ef9df4,69b368ef62566f9b06db68ab91c736f98d0749b9,599a102b6445fa88392b8c85a31d80ece950624219d846affbfb7131d4bf550b,,,,,9d017c87755ffc16175ff7fa5dcbb175,47263679db883d7ad9adbc93d6a1fbf8095f0133,af79b14064601bc0987d4747af1e914a228c05d622ceda03b7a4f67014fee767,TRUE,Signed_14173467011297444/shim64-bit.efi
+e7f84927-3fb4-41c9-b2fc-e87985cfbcc3,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,94F92895ED36D4EA45B0942E755640420AF5CA3B8E3EA855FC6A39C9A3661666,,,,,,,AF3BBF0C275BDD5EBD8A87F00263847485572F8A983DEF0EAE9895CD93D7FFC3,TRUE,bootarm.efi
+fecfe761-f926-4a24-bb10-bf4b8d96750d,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",f2c580ccd60898d4aa2676249d67c171,85fa4266743ebb0262b8c1da8b01d1f26e630404,e6cb6a3dcbd85954e5123759461198af67658aa425a6186ffc9b57b772f9158f,,,,,efca75864e4fa65df7ccf2a5c124a3c5,ad9a72bdb69a17abe85d948e6bbbb89141da2543,0ce02100f67c7ef85f4eed368f02bf7092380a3c23ca91fd7f19430d94b00c19,TRUE,BOOTX64.EFI
+696a399a-9f49-485d-9753-63edd677f144,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,944E6F803D3E1B0C1AA767B14B0F4D960A45F80F0A0A459253CA65147E947F72,,,,,,,99B2BD1FCF17B52C64E8506B97FA10CF8B6397C9D05D8D543F86893B210DBA62,TRUE,bootmgfw.efi
+32544796-1bfd-476b-a4f6-8fccc5a593a3,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",f66d8bc26d38b7faaa1fbd4c4fdda3ff,7098af963c0223858f2fa56cc226ee27048f35d3,e443176d6a0621e65cadde51f4019ec7fb25e91fa87cbb6cbaf09d94e9e49918,,,Microsoft Corporation,Boot Manager,8cbc20535be05799179c23fb8354b9d3,458cad1c4b11da8201ca12a6ed0f50ec81261e1e,61535caa144761fc48cc9d7a835dfaf020b569edfc7fa628f983d58a3ac25f2a,TRUE,bootmgfw.efi
+f57db2b6-025f-43fe-af3a-c50cc2bc1aec,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,2AEC3E859816EFA89AF844D6DD8CCAEA345A851CB23006D3C2928081352BEB25,,,,,,,91971C1497BF8E5BC68439ACC48D63EBB8FAABFD764DCBE82F3BA977CAC8CF6A,TRUE,f57db2b6-025f-43fe-af3a-c50cc2bc1aec
+d159a67f-5512-4922-bc1e-5c675a73d0cb,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",d0be4e86a7eaa87c849e3e137c3471dd,1ed0450060202cea44d69a503da1b33004a963dc,df4e1cf6eaf602f99849ddb6802bd91fb13cd5c3f9fb420250d8a3d750642efa,,,,,69843fea4e1051a4614a17f5bc8daf97,84958a487eb9b1c6d55883e3c32361132c1fe214,3ece27cbb3ec4438cce523b927c4f05fdc5c593a3766db984c5e437a3ff6a16b,TRUE,BOOTX64.EFI
+e06e3faf-46e8-4902-9bd7-69b462d292d2,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,3EBB964E2D24C5D0F2E07972A9F143B73161344790E960463BF9C229000848C1,,,,,,,B4938ED2FF001B73EF31E5BBBEBE1D6DBB7D9888A9FBE5251A52A5ED016652CF,TRUE,bootmgfw.efi
+29bd7324-d53f-4143-acc6-d03d0e4e3aa1,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,9EABEA9AE699526AD519782DA21718DA7190490AA3436BBBD80269D4A4CC37C5,,,,,,,BDD01126E9D85710D3FE75AF1CC1702A29F081B4F6FDF6A2B2135C0297A9CEC5,TRUE,29bd7324-d53f-4143-acc6-d03d0e4e3aa1
+887e3ac7-c597-4327-86cc-29936e2f8cdb,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,2F1DAE62EA074FD06DBBF620009CB3E65988D15431A061EAAB4D7ED1A97A3689,,,,,,,D14EE5616DC8EC74D695AF08DACC78BBEFAFA7A97A5CFEAB9B961E86CE9EDD37,TRUE,887e3ac7-c597-4327-86cc-29936e2f8cdb
+2856fed8-45ba-4ef2-8904-8d9c9ecc6cb4,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,E28C1F6E413330EA1DE56643F344702D2962988ED72AC49DC7B33B51B2238537,,,,,,,9EBDA9554AD5BB9E3D5CE700F7C86D4F5B0D782BF1DBF30A6A7234749A5DD517,TRUE,bootmgfw.efi
+c900de9c-b4b1-40b1-b106-db0845396462,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,C2405153F56A12F727853FD55BC9C99B81937B42A1A0BC585310DA45D35A3FAD,,,,,,,A608A87F51BDF7532B4B80FA95EADFDF1BF8B0CBB58A7D3939C9F11C12E71C85,TRUE,rhel-7.9-20200909-shim64-bit.efi
+b089a9fd-d664-400b-b66c-158cd1848428,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,D4D97AEAB61079D3EB0E55794504991DD1BEB0F200315718FFE44BAE89F8F330,,,,,,,81A8B2C9751AEB1FABA7DBDE5EE9691DC0EAEE2A31C38B1491A8146756A6B770,TRUE,b089a9fd-d664-400b-b66c-158cd1848428
+0dc82e15-40ab-4a65-bfbe-9c8925d3cdbb,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,8DEB88A2435270BD24328760FA6FB5C77BCD5C47F7A0109F15300D644CB9A228,,,,,,,DBB424CB8AD35EE68546092645C4689D6027A97FEDF3C5AF842B9572F1276997,TRUE,bootmgfw.efi
+3f6b5528-2fd7-427f-967e-e89cd9e77182,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,540CABD0862F121CE200DCEBB6C9D3B209B266F0CD413CEA2385886F965E5062,,,,,,,D860D3DC4D9A412E8FE8036100BDA7637B57A0168CA811781ED4A00815A97E0C,TRUE,bootmgfw.efi
+365019a1-7820-4c83-a483-15dfd2ca466c,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,FE09433ECE56EFB74EDFFB10BB4E2C05EF9FA3C37C5E60BD5E87FBDEEAB3EB40,,,,,,,288878F12E8B9C6CCBF601C73D5F4E985CAC0FF3FCB0C24E4414912B3EB91F15,TRUE,rhel-8.3-20200730-shim64-bit.efi
+3175132e-f5d7-4d88-b395-ca30351f8c69,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",45a7c3cf799b58b886c0b4c7f6f71d32,52cad42539bc3f27a103e4a9bc0fd51a1b51a265,55a5bb13e3a985e0ab011e69b41704319de0843f9254cf91ed2964c13af345fe,,,Microsoft Corporation,Boot Manager,439f829f38523f2c1e9995474cab6030,71d6ef211cc60fe99eb7f949640dabd36759b36a,a6f13f3bb8132d248591f6762ced6d3a55efd8812db9730449e267cb6447145b,TRUE,bootia32.efi
+e84c007a-a263-4bea-ad23-e46447001e91,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,44FD1F90799B852B3BED642DE300BCF9EF6CA81036CD5588C24D5B8E00D4B9D1,,,,,,,540801DD345DC1C33EF431B35BF4C0E68BD319B577B9ABE1A9CFF1CBC39F548F,TRUE,e84c007a-a263-4bea-ad23-e46447001e91
+298f4996-3321-455a-bce2-919c3a73da65,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,7AFFFCAF48E9289AA0C44566C53EC0A311BF3E2ABF351E0122C685FD568D97B1,,,,,,,7836465BDFFAE768EFAEDCBAA8B5787BAF51B2792A020E80E341A3F824FF82CA,TRUE,bootmgfw.efi
+9d219a02-b011-4466-8b2c-6fd725593454,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,4155DCEAAF889DE79ADB9B2130F1CF23AADD24080C2B2C1EC5F4C359C52A8D7D,,,,,,,7C7372A60D71E04879B8930C164944D96D3753E0A2924A31231D1D5FB97882F2,TRUE,bootmgfw.efi
+47601d49-9a7e-4402-b5e3-69bc03788afc,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,AA4931B170DA278A4A954FEB76CBF7310B657AB9232D1C7A4B6EB628D8A98073,,,,,,,C999EB66393506C8149C35C8A8CE87671895D65167E4B0140B54DA72A92D7C88,TRUE,bootmgfw.efi
+58c24252-f076-486b-90fb-5a1c7b922efa,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,C334B9CA48819E7E408A3A3418879978828AA302BAA3ED86DE64D8AE5ACA0EAB,,,,,,,AB311E737112E4D34ABF545836BC671637663E93738CEFA37405214CE8C92A58,TRUE,bootmgfw.efi
+bbc2661b-25de-4c4b-ac84-367115d44e8c,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,5E189C9D2633F0AC10ECB763A150568925884E29ED684050194D87B883B68B34,,,,,,,7803F12E7E1B7063502EB8E223A9013E2B61125A888B74D61465B51DE53276BA,TRUE,bootarm.efi
+2b807893-889b-4dd8-99be-ff17aecfb58e,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,73DD7327621AA77D919473F71D3175EFA40F174D3C16060C079CEF169CC51363,,,,,,,7D0B74AE42DF73A0C2C9CA64F6C83813D3D6A5C4B02BC47F566CEDD5682C691A,TRUE,bootarm.efi
+9b9f7199-24ed-4372-8247-e420ab0b7937,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,4E00B1C1CC2BFCB1FF2FDB4184D13CEA5A2617BACC3623C3DF52C50158065E73,,,,,,,49465D4AD701642C7BCB5EF30A0807A3CD438AB42BF8D62D68038C3FCBBE8605,TRUE,bootia32.efi
+a77872f7-4890-473d-887f-bfd93f46641d,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",6514d19c16df6d0d9cf75bba91350dcc,c3f69560b62f619f851df687c0adb2fa35cc0160,3bc9ed257486b68fac5899eaa19732a1340d06c8baf4b0ff53c7f5c052e6470f,,,Microsoft Corporation,Boot Manager,f5eca8462be6c481c75ec3955b47c4f8,45e97d3cfb90ad162fa8f5a14ad8e5b4710a748a,f74947590a87a005023e9ef89cdf0c38d8d582ca4173f8201cebc443ef796790,TRUE,bootmgfw.efi
+530ab1a9-d9a6-4f01-986a-5b69c99400b4,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,51BD59697B4E1DF61DF32AD57CEBE394BE54E3E9DBFEB8DC00A3A176D13A5767,,,,,,,284153E7D04A9F187E5C3DBFE17B2672AD2FBDD119F27BEC789417B7919853EC,TRUE,shim.efi
+dfa9cb92-1691-442f-96df-9692e4ab29c4,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",3aaa631aa80579a7ec4606f002de3436,293ba261a22d2b62ac580140be62676856d48527,d038eec123e1e13ab3ad27534de697c9779e9c27c62575f06771f80d3cbb7148,,,Microsoft Corporation,Boot Manager,13c9c74d08c33a6231d859bb35a060bf,833319ae7ee8fd2da9705d51d32ef1a6fd22e2fd,6f53cd5bf434b19b4e14ca127c596752079d989fcc98bb7d7cf3155619ec347d,TRUE,bootmgfw.efi
+24b32147-9b69-40e3-a166-b0c457b3c371,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,3F8091F700DA0DD082C6C06D0D3B68DB8D51FBE03198BBD6E4FA0D4A9EACA522,,,,,,,2F9A8EB6C8E18E7E118AFE9B51E233D88EC76C0EA256FF1F2A842B3A0EA9F466,TRUE,24b32147-9b69-40e3-a166-b0c457b3c371
+bc584a7b-f352-4e0a-b86e-7954c4b63d2e,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,FA07B984FB6FDD32DB497C55225E614759BFEB7093BE1F02AB2E30BE1869B2E7,,,,,,,91721AA76266B5BB2F8009F1188510A36E54AFD56E967387EA7D0B114D782089,TRUE,shim-0.4-0ubuntu3/shim64-bit.efi
+1ca07dec-812e-46a2-ada4-141584aa0c12,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,6E5D8278A7A4A58DBBA2F5D01B09B9DE4BB20ACD2DD4890846C8125A65136BF8,,,,,,,6873D2F61C29BD52E954EEFF5977AA8367439997811A62FF212C948133C68D97,TRUE,1ca07dec-812e-46a2-ada4-141584aa0c12
+fbb59470-8b0e-4ad8-8692-e8a3e1c4df8c,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",d55f2dc318b152d9d722021bf8376658,6b4d5fb92240528828725c87f1c2f7de1aa7e7f5,f8e2a41c0444d7da76fc1682f3eb7e2a90140e1b68b413f4426bac357cbe14bb,,,,,94dfb76b94c30266578ce327901ec791,909d4c9217388c496ccadd8e1ed5aa58766a60bd,f1863ec8b7f43f94ad14fb0b8b4a69497a8c65ecbc2a55e0bb420e772b8cdc91,TRUE,BOOTX64.EFI
+2b61baf4-c396-4e1b-b487-87c1ebf4b17a,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",c3f1acb15ea4dd4002d43c5941d1a64e,31a862d073e46ffc608cfc93ffc8e18c38dfed8f,3d23947c39680b9fcf22b092b97c9d38edcc02f7ad13d3a925d1ee0b62797e73,,,,,379f249742bb47ea2d7cec2b9d3fb1b7,b678307ce3a2c6d5a2f988e7ec068590edbf1c50,7eac80a915c84cd4afec638904d94eb168a8557951a4d539b0713028552b6b8c,TRUE,grubx64.efi
+9ae39650-46fc-402d-a4dc-569ce8411039,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",e2be3deb5a33615e127a7b2930bb544a,608df8090d9d8b9aa3ef02b395415edb65d9be6d,7b5dfe4f9e4ee68e3cdd9c91bcae26db334d49ae4c1f9525cecd834de48df110,,,,,fcc5a83e211d451fcb6f8082cc598ea0,20ad14d6ff96fc1dde5df105e0b71cebc77f5b48,e051b788ecbaeda53046c70e6af6058f95222c046157b8c4c1b9c2cfc65f46e5,TRUE,bootx64.efi
+dabe9a66-0446-43a1-b9bc-fe279702a5ab,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",24a7545dc37bc7d366b05c68752af476,63006031749d3e2d445fd952c8da201181b90593,6b6e59284750fc0e6fac4d6c2a46100e9b0dde54e000b7327edd4a4dced9e9a0,,,,,5ebf16973c90bb7a23fb44504d80f390,ccb632ec30624e6860fe361920b83d1739d9db1a,4b8668a5d465bcdd9000aa8dfcff42044fcbd0aece32fc7011a83e9160e89f09,TRUE,bootx64.efi
+71999c6f-6195-4944-ad16-105579c98549,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,50A8B3CD4F80C8C27FA47242869FDE8B6B7709A8AD1AF0EF0A726D20623007D8,,,,,,,CB6722995D4821AEAA9871C1B9782A02ED2F3D2BC6C1AAFD3E6B7673A210A8FB,TRUE,bootmgfw.efi
+5efb08ce-213c-49be-8c2b-0ae849f64b3c,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",077432d8b1ae0ceea719297360357320,d537e7c393d18329197e079601678b9b476247d3,4e371dd0448f1de869ee087b59ff88d11865463715272bcc6c29b0d5e21dbd82,,,,,9e12eb37ae8b46c4010ec3e1b7201f21,90a6b60c5051a3b00d779c03ac1e07f5df376347,f277af4f9bdc918ae89fa35cc1b34e34984c04ae9765322c3cb049574d36509c,TRUE,bootx64.efi
+1457ea3c-21cc-46d1-adf3-606e98b3938b,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,97BB9FD717C396231E86ECBE5A760D56DBACF4AE8E963D16D724591E45919B65,,,,,,,CC8EEC6EB9212CBF897A5ACE7E8ABEECE1079F1A6DEF0A789591CB1547F1F084,TRUE,1457ea3c-21cc-46d1-adf3-606e98b3938b
+025ed4ef-d8c6-492b-927f-a1eb484d7b89,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,D0A3923ED57307BBDDA1ECF0FF1C40F478DD6F439F80A072508C3551520CD52C,,,,,,,812EB0FA2DF13A889549729CADBF1720B68F6C9E21955741B72802590AF1B5CA,TRUE,bootmgfw.efi
+e12666fa-d6b3-449e-b3c3-18cf7a3d5b69,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,764D5B7F15EF539E0C8685DF62AB7CC7DBA3FCA50A08A8F7643D108A0A7FF757,,,,,,,815D98AEE498CF27FD6648C7E02CFC0A4A88AA73237CBB2352FE38384A72683D,TRUE,bootmgfw.efi
+e4cbfa0b-8b40-4ac9-b390-a566dbddd873,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,2B7A243AC2248C630A51D73889E4BAA33DA94BD58D63E364A5FEF1A0998B4F5E,,,,,,,70A1450AF2AD395569AD0AFEB1D9C125324EE90AEC39C258880134D4892D51AB,TRUE,e4cbfa0b-8b40-4ac9-b390-a566dbddd873
+b3f78afd-8a4f-444e-8561-b32a5d6015f1,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,C8AA71C72318CA43CBA4302FBAD12B474E7E4ED1B0EDA8A48CD71343A32FF155,,,,,,,CB95A4D2E0E02A5B56D059C9F223C2326753EA8C44D2E3FA6C4486629BE387A9,TRUE,bootx64.efi
+0d33abea-51fd-4453-a8a3-150328e8ce21,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,A121947909D35BB042F0049D18E4EE2B27941E10D14E4D6B1C11945CA79992E6,,,,,,,9ED33F0FBC180BC032F8909CA2C4AB3418EDC33A45A50D2521A3B5876AA3EA2C,TRUE,0d33abea-51fd-4453-a8a3-150328e8ce21
+73af3c3c-dce6-48b2-bebf-ea167cbaef2a,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,A2BE1EB17E12E0A66A87342C9D1CFD4D7DB81504A16B4FCB32F15C6BAA3F589D,,,,,,,E6856F137F79992DC94FA2F43297EC32D2D9A76F7BE66114C6A13EFC3BCDF5C8,TRUE,73af3c3c-dce6-48b2-bebf-ea167cbaef2a
+329800cf-dad0-4ca8-bdc9-6ec18ff01421,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",c748cde9827385f9832a4f0ab1f02550,6436ae30f3f189f70f9043d91ede90058fbeb00a,338b89190177e950151a198823fd9d5f4ea25c1faf73e56ca5d9cf69d373fd66,,,,,eff2e129dcbf0ddc1e70c9ae8b5d0c6f,c5997af577c074aac5cf0fb290f24bec27618d73,835881f2a5572d7059b5c8635018552892e945626f115fc9ca07acf7bde857a4,TRUE,BOOTX64.EFI
+4d2c43e5-7a66-4890-93c7-3f9ce734f78e,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",22534ca115844f647fd2698572201490,7a21dd6f0289ca16c6f2a46cd37a965721f07518,24d6b301a1268ba8b373275981538855205eb0115609800f2b5b95377483b108,,,,,757b01c0eb9ed075c6e93d2fac4b0e4e,948d8090a1f360db50a84f3cab750f95d76044b6,5b248e913d71853d3da5aedd8d9a4bc57a917126573817fb5fcb2d86a2f1c886,TRUE,bootx64.efi
+293680d1-928e-47e7-b45b-421122787ad8,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,66CC4EE53DAE4DD746AE6D8B58B858DDDF1634A498D5EF41F50264E6F948F526,,,,,,,C05B9250BDA8E86B6E5C6A8C584F0F61B4A3D243689965B5A955A2CB198D1E99,TRUE,bootmgfw.efi
+a1062c3c-45c5-4c75-bbd2-d744c8e3fcb8,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,A1DD22421CC934E050572520A026985AE8C5FC5AD73816510713F1E1D4DFF575,,,,,,,01E2DA8EC5A6929DDBBBEB2E9807586FACDDCA6A7EF62BFEBB581BDC2D7274D6,TRUE,rhel-8.3-20200730-shimia32.efi
+d0acb6e2-2647-424d-b438-eff9f1b605fd,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,1B9A8D23FFC211EFF6F12D17037EB076EA46562DEC937F44CC49D4AF1C119BA0,,,,,,,1B9A8D23FFC211EFF6F12D17037EB076EA46562DEC937F44CC49D4AF1C119BA0,TRUE,bootmgfw.efi
+837d8bdc-6458-4eba-87cf-c82a32d1eca6,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,106E99968A816752C4A0F5DF6AEACC0400C688DE35832798029040CDB41E1F09,,,,,,,F254087746FDB5D9D9EAE6DF458485752BEB0FCF295C36D273511B45F7480287,TRUE,bootx64.efi
+0e0c1a30-7f00-408c-94fc-b8679bfe90ee,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",87ae10260e4ba99762c952c6b1781476,d8282df774ac784f175e5954d46864fd06c28bc3,b06dc8f3de1e7e5a53dc7ad0f8028f78a843df54884b4a92bcec21071f0e649b,,,,,543a59e6a502706a4a6210c7b7f22033,70b0cb8fdadfc2cfe995adfa594d282e7ffcaa41,7bc9cb5463ce0f011fb5085eb8ba77d1acd283c43f4a57603cc113f22cebc579,TRUE,bootx64.efi
+97efcb29-1524-4142-923b-4395a39fe3ee,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,C31524CF5814D19C11611A5E5C27B2071DCB76B7EC6DC2DEC93FF9DE5CE656DE,,,,,,,4185821F6DAB5BA8347B78A22B5F9A0A7570CA5C93A74D478A793D83BAC49805,TRUE,97efcb29-1524-4142-923b-4395a39fe3ee
+c1e70cfa-8b21-4b51-8b94-9a06bb4b5550,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,608854C2B7A26B00A3970757C2FA176B361F74FE094F7CFA482C439071279548,,,,,,,06EB5BADD26E4FAE65F9A42358DEEF7C18E52CC05FBB7FC76776E69D1B982A14,TRUE,c1e70cfa-8b21-4b51-8b94-9a06bb4b5550
+64508479-d4fc-4415-b202-d787a4d094e6,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,0EF0AD66BA9A0C4E4815BFD072FE7E281DC382D8DE08A4529DF3FF997B19E705,,,,,,,F4D8EAD6C325030538D10EBB39F0EFDC2F553794C14A5E45F9555C335925D9D3,TRUE,bootmgfw.efi
+4feb177a-ce68-4853-9874-5b834a0b9cb6,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,3898A72298BBF39E2E9B268DA9661B47B6AC5C160518089E27BF8DF25B77D584,,,,,,,BDD4086C019F5D388453C6D93475D39A576572BAFF75612C321B46A35A5329B1,TRUE,shim64-bit.efi
+5abbd1d8-5850-4e54-9375-6a9639a8db58,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,77F55C6E07D808021F9E66017605D8B2DED6C55944693641902C4CE821E37878,,,,,,,80B4D96931BF0D02FD91A61E19D14F1DA452E66DB2408CA8604D411F92659F0A,TRUE,5abbd1d8-5850-4e54-9375-6a9639a8db58
+3b5b838e-359b-483e-94e9-a1c1ed3077d6,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,258C72394A0D163E9196A16682D3881E6CB24171EDA78FE026CC9CA9BEBFF22E,,,,,,,40D6CAE02973789080CF4C3A9AD11B5A0A4D8BBA4438AB96E276CC784454DEE7,TRUE,rhel-8.3-20200917-shim64-bit.efi
+61d9e3c8-8cc0-4c53-b886-e6e2e676f475,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,AA909ADBB83E05F92BA2E1144C6A33CB320A760409E1015B00A9EED666063510,,,,,,,4EE45A217B38A8C13777DF0860F1255E52BAF3CF9D075373E31AD7E2C85E2CDB,TRUE,61d9e3c8-8cc0-4c53-b886-e6e2e676f475
+0ecce400-dd9c-4291-9502-c8682a4474a4,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,891C44B16ABB7063144BBEF23BC35609FD14BB3FCD8ADFD1E804526AF344EBD4,,,,,,,9F136F152A21885D574519554C7B64C15F014E413CDE6AD160F2091EBA9E6424,TRUE,bootmgfw.efi
+b7909152-9a87-4045-9aca-ae18890b2b71,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,41607556B9A25F6F3AB73331589519553F83D2CB3629FB3E729303898D173023,,,,,,,3B7696DF627ADE30BB15BDC5CE3F3C27240C973353E8551E7B036C90D01280C9,TRUE,bootmgfw.efi
+989b4dda-91c9-4903-9027-6ff3e74738b2,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,87150D354E809EE266FC005B1DECA64F70A72B9505AD79062D337EEF012CA896,,,,,,,DAF87006F2653909E39A52B7ECB234484E7AC84AC21EB59354C1BAFCDDF08D9C,TRUE,bootarm.efi
+aa7f07a3-cedd-4752-b1fd-0e8043dd54e6,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,7C783057C245A34DFF5A9497C3CD4181FC80D06439884E12AD5D67A4F5266CD6,,,,,,,97A8C5BA11D61FEFBB5D6A05DA4E15BA472DC4C6CD4972FC1A035DE321342FE4,TRUE,aa7f07a3-cedd-4752-b1fd-0e8043dd54e6
+3598ca7a-27b3-4c09-aaca-cb5108eca19f,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,1B455F745A6397C1B4FDFA43E634462EE1414DB21EF5A3391142B0F988F31FFE,,,,,,,39ABED2935891EEF96E2B733BBC6951DAFAD1A4C6B500D2D9B28C358355A6AB8,TRUE,bootmgfw.efi
+865cadf5-d63e-438b-a8e9-44591fb69d2a,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",f512804db694f319cf51306dd2c2c618,d1bfb94ce4288f7f4e3f27ef22618991485e06ec,3f28c4f2fb32c10e5faed1debf7db6ae8c821bf286ffdb57a5b31fce0730e111,,,Microsoft Corporation,Boot Manager,3c5fa521303c8b5564f3c2ce44596d69,599dbc2acbec93f50c653471403aab7be0b978d1,736afb5df29ec9c88532be9c620ef80901bf23e72f2d3488b757aff17e734ace,TRUE,bootmgfw.efi
+2b66ad2e-41d5-498c-bd23-2c88e3a74ccd,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,6DB28A61DEE4A1209B94F5C984C44D9674F69EE700373FD7BF1A3CBDAAB83FA0,,,,,,,FFD7688E7D2B8C3C3140B415E728BBE7663C54E23BD288FF2CF4617835088F39,TRUE,bootmgfw.efi
+3cddc9bb-dc68-4cd7-aee9-227b47b47966,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,413782A6CEE2CFF718F87A737CD989E2A6067E67212B575AD8A7D80B1A62F206,,,,,,,9414F5FA5853978C07FC6BB17A1CA9460FE443FFCA021FA52C8672A94460F44F,TRUE,bootmgfw.efi
+9f95756f-dfcf-48ae-9c0c-8d99f4894e28,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",8000831e91c318757fa911d4c879dc02,d88ac2154cd473d25c41be40bcca918158badf94,59e4fa86b1c3bb7df3cdb79a17ec36af9ad12e153172f6d8e662fcfb9dbb37d5,,,Microsoft Corporation,Boot Manager,2298078eaeda24a91219936dfb897e5b,23760cf7521a929e9bfcaa5591ad186a18f91f87,ce65c29521cd8498fad962e5f70d55c5044366ec09c761a60cc7c4a2001776a4,TRUE,bootmgfw.efi
+d1d2f3cc-064e-455c-af50-3bd0d46a06f2,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",d6604f3caaa504ff3aedbade7d87fb97,a8dc3e14fb4ad8d264fdaba4ccbc89d64ee4791d,f025a519dccf1df41951c22c6dc5cafa61e21b117e174b4983b45ccc22c6375f,,,Microsoft Corporation,Boot Manager,889829fb843f0a94ac85fd363af55729,7064b8e79beeb6e7443033f51a17d7973ea424a2,7f292bce8dc97b601ef1ea72bdf7d96a12a87782bb1b1c547f85c55c7b3ff035,TRUE,bootmgfw.efi
+85ef0c80-cca4-48f1-8ace-0ab2fda03b79,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",1c9670b5add3e4d6aa442a53427f422a,11ddf040e749c8362e91c58fd17cb9c7aea4be91,c3d65e174d47d3772cb431ea599bba76b8670bfaa51081895796432e2ef6461f,,,,,431612322a95c76c8bbfb190f00aa9cc,e0b9eb89abfb711dc3600589fcdceafb74ecaaed,c55be4a2a6ac574a9d46f1e1c54cac29d29dcd7b9040389e7157bb32c4591c4c,TRUE,shdloader.efi
+4e6a6f59-083f-4829-baa5-0c388a9a7634,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,5ED5BD6952F8E520D74AA3001BC587493AFB6D628C0A3BF80875676C63F07B75,,,,,,,6078C0FA37D9D35DADAC7AD90E90A3A95C44985A3D305BD22A5D838ED45491EE,TRUE,bootmgfw.efi
+d8aa2211-8d13-4e4e-88af-60ff17efd3cc,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,407326C7F1C837A861EE8D187170C779A9B6A25B0736761645D7E549EBFA17C2,,,,,,,DF91AC85A94FCD0CFB8155BD7CBEFAAC14B8C5EE7397FE2CC85984459E2EA14E,TRUE,d8aa2211-8d13-4e4e-88af-60ff17efd3cc
+4936b474-694a-4b6d-b023-1c868be1b2ff,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,FDD173678810D9F9F887B428EB260CF42C837EACC41A11E89C08131E262E2C01,,,,,,,5E2BB7BC8B16E0B9DDFF75606668E69D76AF1219C17180EF0A5B9B383F00B995,TRUE,bootmgfw.efi
+ac6f3137-42fd-46e6-8cfb-a22a6785d529,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",1ee7ccaae6df60e3e850ae6c4a3b7478,810d7ecef2570772d2b70facfec1a6028e4bd611,566ae5fb2f355b2c03ecbbab4770e92856b0d1c3d659fe0c11263f1a5f8d7086,,,Microsoft Corporation,Boot Manager,de6894cde22aaa436aca77368eda64f9,da4574fc375ca85005e13c0210a0ed8397b51121,6ce1f2986f0c46683ba07d296d0a84448ecf76c69db183fe29c36eed8f8e8f2f,TRUE,bootmgfw.efi
+88e2e7f2-0a89-4a66-9f99-1a73ca3a061c,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,DD32DCC6A6E054F4FB518B3F26EE9F41D338AB5EAFFF83F3682E34728EAAECEA,,,,,,,21258FA3877177AC480CB571134BEE7BA1531DDD1274217DFF71BCD618F6C3D5,TRUE,bootmgfw.efi
+357e4bd3-4bc9-4b94-81a1-3833515e2d4e,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,9A59A2B53C8BBD2E536EADE26F26F3EE61129AB027812922B52C572364465E8C,,,,,,,7FC7196EBBFA0D7947DE66F37158DF23821F156F724FC3CC906F16E8EBFA3E9F,TRUE,bootmgfw.efi
+ddecc35f-2233-4894-86d8-69e6e473943e,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",ece26d0686590a1ae0f950a412ed1a10,15634f8fd748f28e29e4b77ce899a6d561576240,52febd655c84f4557de0ca35a236d468c03fa3bd0f51f54c31b37db29673da3f,,,,,2e2ee7180f421c97f27615cef8531dab,2375db1ba66ae1873c8f31b76f305ec8bfcbf3c2,c4ebdc43048c43f5f11c59ead051a3585a07fafce985cfed8b27b73a5492f9b2,TRUE,bootia32.efi
+3cf4dc5f-5fc3-4a44-b069-bced755a5e5d,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,C990C8BF9D0C8E5A50CAF28C9FF6E8EA1949C5DD6AAAC5AB08B3A77CC0D5F011,,,,,,,1C19A5A240A361131DCC5EC25363DA6E79C7D55B3C79C0976C947F1D04A38AAA,TRUE,bootmgfw.efi
+fa8ffd8e-ef04-4510-bf93-34fe1fadc156,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,E21231BE8A60E9FE94AD0D2202ED01C36E4AFC731A30659B8AC44C22B7377FBD,,,,,,,1510988D3DCCE120F22696A9E87B02E7FAD6367EF4AE8BFD54CDB528A5C48E99,TRUE,bootmgfw.efi
+51f20c00-6e15-4b45-852a-8f62e6f55436,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,DD33B966BE5F3882EED189E583AA4CA4D28E74B356DDEFFA164234DD7E89ABCA,,,,,,,23142E14424FB3FF4EFC75D00B63867727841ABA5005149070EE2417DF8AB799,TRUE,shim-0~20120906.bcd0a4e8-0ubuntu4/shim64-bit.efi
+c2c1c3d4-441d-4ce1-92c9-094411b3bf09,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,E299D3CA4A5A6579E863DD54488B6E804E47B20B75B7E71DC64B47F6403386B5,,,,,,,BFCAA41445F20B54AEA650D03D7C39B77CD82A7A14824DC55AA587C4C0F742A3,TRUE,bootmgfw.efi
+7ca92d66-191e-469f-8320-a1f67a1eaa64,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,AB66D5C1C320900FC15984D7E1D44331411F2339DA9376F3E9BC2A4CB9B06014,,,,,,,DB1E5C6152A28D3EB6B1AFEAAD4974F3654AC6FBBE769D870ABB74EDE632B9E5,TRUE,bootmgfw.efi
+4814d421-23eb-4222-8cc1-aab6645981fb,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,103FE82E5F090184D8DB7A48801D1E503E3C6FC0726783E9A49A84F9FFD4C78A,,,,,,,9783B5EE4492E9E891C655F1F48035959DAD453C0E623AF0FE7BF2C0A57885E3,TRUE,4814d421-23eb-4222-8cc1-aab6645981fb
+3dfbbf26-7e19-4d38-9b5a-6e332ba5fc34,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,DA649429AA5899D242782ED21EC332A217C3D530296FC9D7A0E3F1F694EB7FE1,,,,,,,CB994B400590B66CBF55FC663555CAF0D4F1CE267464D0452C2361E05EE1CD50,TRUE,cent-8.3-20200730-shim64-bit.efi
+bca306da-15be-48c3-8a55-3165085410b9,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,AC390194D59EC41A1A01BD96417CFE79E833CD6BBCA820B5FCB35CC3FE99653B,,,,,,,731A31CC36C5A7D7445F9644CE4E850E99CC7962EF6E2DE98721447A1438D805,TRUE,bootarm.efi
+78f886c7-28cd-4686-ac8f-ee82f3e0fbcb,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,A95666BFAF48FD9C4CAF2F3ED4EB593145C48BD3C93E4B00638088CE7EE962CF,,,,,,,D89A11D16C488DD4FBBC541D4B07FAF8670D660994488FE54B1FBFF2704E4288,TRUE,78f886c7-28cd-4686-ac8f-ee82f3e0fbcb
+c8440951-fa74-42e2-bee5-4a70db2dec53,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",958ceee3668f4eff01fb29d03518b49e,0213406b236ee5c1f1e4fbf0101d24cc10ab7e24,fe26e6c2bc5ac4357e6657624180ca1e946d6dabe79cdb098d7b8b4e440851aa,,,Microsoft Corporation,Boot Manager,450c5929a254f83c3fcfa056b9ecb5f9,3f62302d8c036c7d2d4ae6a47fc8439028871808,84d75f7a8913d66db946eaf1480eaddec3063d27a6f625f040b406718abcac44,TRUE,bootmgfw.efi
+07ce0c22-0e7a-4f68-91e2-61a9d9cd566f,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,6A86152DF323185DCD535369C94B9226FEB6AAB4479C00A4A916B4E82E4A85FE,,,,,,,65F3C0A01B8402D362B9722E98F75E5E991E6C186E934F7B2B2E6BE6DEC800EC,TRUE,07ce0c22-0e7a-4f68-91e2-61a9d9cd566f
+5a1e393f-1595-4e4e-993e-7097a184ce42,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,8DA046540148E1E146DE2F96C7D860962ED059A923E9685E868DC4C6065684AA,,,,,,,3FE9F8D11EDCA3FC1899100484DE4CC2C626ABB38B73985A441B7C3A0D39CA54,TRUE,bootmgfw.efi
+dbbed756-4f18-430e-9a68-6f0054091fa3,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,573D0A8D59DC7FDB0BE784ABE9B51DA9183848B613FF4C96B143D286043B4E43,,,,,,,EA9C72C1CE865E6044ABFF576FD712D4DF3F5114318753EFCFEFED70EE586884,TRUE,bootmgfw.efi
+9308b260-6695-43ee-bddb-a90f20e035f1,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",77fefa9f6ac9273ee5edb4d19e87d348,e609f8ddc446dc27a2aec3577e2b7869126662c0,03c8c9956938147bcc81a19e580ca8b5214e82829ec0494c22b0f59013ca22b2,,,,,c62cb9b4d87523ac468bd048647eabec,57916473f391f8b25aa2497acf5c58d2eb304e2b,38909daf2fe29bbfe22303939d3904f38dca48b7f2a41f28f34de564a0242781,TRUE,BOOTIA32.EFI
+f907fd87-1f8a-4a91-8ed1-e74bf106b15c,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,B40F5FF7030848DB736573E06A1A1C5BF49F119E66DD0BA7E48E2651E2CE7059,,,,,,,9DD2DCB72F5E741627F2E9E03AB18503A3403CF6A904A479A4DB05D97E2250A9,TRUE,f907fd87-1f8a-4a91-8ed1-e74bf106b15c
+73fcc470-7c81-4385-8c78-933467e404cf,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,35F731A87345B78EAC85100D339ED77CE83B7DF6151B401B446A79D9FEBCD36D,,,,,,,DE7F766E4454DA118A6C42BEE476C4BB66F660BFDB88DB572C4621C43EC1836E,TRUE,bootmgfw.efi
+cc89429d-d9b6-412c-8083-4879ab57f589,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,98721004CFF6B89B3E5A9267D29250710E6A6C8AFAE06EEF29F92745CD70E079,,,,,,,EF87BE89A413657DE8721498552CF9E0F3C1F71BC62DFA63B9F25BBC66E86494,TRUE,rhel-8.3-shim-20200726-shim64-bit.efi
+9164d869-3953-40eb-91e4-26a837e3aacc,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",c6697cdbcf51cc54053438e644243327,056c3b1ab4f9b248ffc5285f299a2653839357f2,1eadf7bf5fde916884a4beb82dd68ba50be05413f00aae8571190a2eaa462640,,,Microsoft Corporation,Boot Manager,e518520c0709c922714f016a9ec3d893,3ef1fcd520f386618b77de8759b40d169b042708,05729029ef940c5e6ee96b3b1253c08783c01329bce2e9951bc22a09223fc15c,TRUE,bootmgfw.efi
+30e370b5-bc05-4b98-96d1-8e71f41083fe,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,EE721020DB7794DE74F59992A2C6B4DCA5B9FD584BBCBDEF96930B9A7132BE1C,,,,,,,311A2AC55B50C09B30B3CC93B994A119153EEEAC54EF892FC447BBBD96101AA1,TRUE,30e370b5-bc05-4b98-96d1-8e71f41083fe
+cf486d6a-cb41-4d0b-9258-81a14e76f719,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,89C7492FAA5DFEFFE4F126764CD556A82B53520404636BD50C32405346959016,,,,,,,4B59C6D8E94428C4CBDB0F306FED75B099EA349431F001AA819C3BD0D1600812,TRUE,bootmgfw.efi
+2297fba2-2316-41a2-93f7-20ea8c9f6b98,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,2674036BC5EE2446739FBBBE21F8480DA23AD5E98A6768754B4C9B9FC37EF2E2,,,,,,,A1A59CC2784246AD693B1DF151454642324E89C898566A59906891F48089ECE9,TRUE,bootaa64.efi
+cc19dcf6-f6e2-4820-8df0-73abc96a95d8,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,4CADDFE7EB99A666652EBDA685A542612C851C732801AA5B15AB39E826D7C1D7,,,,,,,706B8A820652212D3A5F57303C9CB2B80B9E79DCF2621F29318AF2346419EDFA,TRUE,bootarm.efi
+9ad7a737-68be-4ce9-9595-30623e887396,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",6c1910730f135cbd5a78e3a48520e647,1d5beb0bd494d324fa663da050cc61e8f7f2ce92,77e2945b3a2b0d14e9943f90ddd7bb87dde9cc5d8be09f9693e9f4166769363d,,,Microsoft Corporation,Boot Manager,c44756dff66637b44b1180df93fecc70,502c5761b07eef8e5b1b90cd8465a36a115e339b,6582dccb8b305efe0bbbafdcc7d295a6a8bf1df0397e1a8ac736e9098a2a64c0,TRUE,bootmgfw.efi
+4c768cdf-df02-45b1-9342-63389224b997,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,593148805FC70C5FBE0299A185DD367DF00A8E7AA95242C90C6567A73C1CD259,,,,,,,7B94F0505F37B19B432ABA08BE2E3E003038C02CEB531E169D460DB60C351649,TRUE,bootmgfw.efi
+163d69a7-be4d-47bf-ba9b-ad2e76271175,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,73ED112C5EE295BA56BEA8679E062EE22A5E01B23438A7B8F459AF8F61A93BF4,,,,,,,FDBE6C45F2414421562D812EB67C5FA0CFD0D40AFE2CF0CDDC5E09054ACB4FE5,TRUE,bootmgfw.efi
+90e05866-5975-498c-bab9-1a71dd286011,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,6AE5984A47CCE9129498E534DB84F0FD33FE9AEE2860462414416282EB0CF34A,,,,,,,DF02AAB48387A9E1D4C65228089CB6ABE196C8F4B396C7E4BBC395DE136977F6,TRUE,90e05866-5975-498c-bab9-1a71dd286011
+990b3c53-97bc-4fd8-a212-e60c6fda898c,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,B97D5B2A7A9E582652CB9A9BDE1BB68EB631C2329168A996BD19CDD1499408BA,,,,,,,1F8A0E13AADE0885A06B5D822BB21D8111664C37691F0D256EBA840277511BCA,TRUE,bootia32.efi
+73fc4a00-2d2f-46c4-a597-bd0cc015dfdc,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,690B765C38BE3FBA65B829677D98A67943F92E24E9860EE2A13273F5932B8A0A,,,,,,,BEF7663BE5EA4DBFD8686E24701E036F4C03FB7FCD67A6C566ED94CE09C44470,TRUE,73fc4a00-2d2f-46c4-a597-bd0cc015dfdc
+8ceef305-f81d-4d24-bb34-2adf41c5b779,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,6A412612692B81C56395EDBC4E4CB189478D15BD7474A01829ECF867C71ED871,,,,,,,BF550C6F826C96461552E665F53A4F275A14838FD64CCF773D194B78CE33E907,TRUE,bootia32.efi
+58907c65-5be5-4821-9c87-8d27b5a8840d,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,376E727A97432EE289CE9485988E24C0E20321DDC45443D7916D20D9C8824883,,,,,,,17C2B5B96693CDC2951C89DDE641D14716063F5FC8795CEBC635378B73044E8B,TRUE,bootmgfw.efi
+b842b745-24ab-4f75-a302-5d4c4bf0101b,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,C33397B499368E23DDA3FD5B9CC989647442F279EE6F80B53C620721C958346D,,,,,,,C2469759C1947E14F4B65F72A9F5B3AF8B6F6E727B68BB0D91385CBF42176A8A,TRUE,b842b745-24ab-4f75-a302-5d4c4bf0101b
+f651508a-842a-4af6-b332-559fc9897806,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,9CD99CEFF9B7496E7B6720AF4C561668D6993376EC18593E3F54B1540E5B31A0,,,,,,,D069A07B5ACDE004FE7286558041F1F123DD88BB1395E5E453F62F48EF37D199,TRUE,bootmgfw.efi
+ad4ed491-2e8d-4c16-9bad-4352f1ce2f67,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,339E7E433DA8002B9FFB9EEB3C768742A93953509FC02BCAF95254228914067F,,,,,,,C875AE8A8DB5441A577172869A4EC6E71DACE7A875F42A2FBBA4B52F293499DE,TRUE,bootmgfw.efi
+38e6bed7-1db9-4c15-8358-040edb77a39c,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,E438149CA86CF5F2FDD1318BF0D6C301593EA74B06940E031964F34561255BC8,,,,,,,6B54497FF9915A6977428BDF8F45B116D874C4F8A836B5BDFC373D05F4C0EF87,TRUE,bootx64.efi
+35c8a2f7-287d-4251-a949-d1ad45040784,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",0887bbb1fff22018d425b56dfb642db7,db9c3757f8f341bd6be92611fbbfb3ca8bc80d6f,e352109145416e3b61dcf5e09492d24410828121e7d74c08ce0d3157b45a0831,,,,,93858168a4a5a02e0446ee0c003ecdf1,096dbcb4f3baa2a21cd0e267052430ccd175593a,badff5e4f0fea711701ca8fb22e4c43821e31e210cf52d1d4f74dd50f1d039bc,TRUE,BOOTx64.EFI
+3e375fd6-edc4-48ff-801e-cf5d4fef7d2e,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,10914C967939CA831D9D39B87332A6E8882FE99901DC0E4DE4931CA5A065B9FF,,,,,,,1142A0CC7C9004DFF64C5948484D6A7EC3514E176F5CA6BDEED7A093940B93CC,TRUE,shim64-bit.efi
+a8267643-bd8f-42e9-851a-86b986973758,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,AD1A9C1667E89214EE947D6B40D61BFFB7EA942ABCCE85319520CC3DE301FA1B,,,,,,,8EC2540CEDDD592E616AF4386DA9EAF76855EF0A792E26FC149B32E951D76C85,TRUE,a8267643-bd8f-42e9-851a-86b986973758
+a7bf3e37-f600-48ff-82d4-4f1e82c199d2,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,2D07ABD75C154055A858D4461A1B1B76D763E9ED294E2E10244C20601E072A29,,,,,,,DDF3E4261419944F7C2F8B92F6D14C35060B4F94818CC4183F0C072706DEF726,TRUE,cent-7.9-20200730-shimia32.efi
+bbd79406-168c-449a-8206-9927288fefd4,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,F64F70D1D3AD35BEC25526472C51765BEB40AAF72CA8EC1242E046F62C18C11E,,,,,,,B3EAFDEB6E2809BD72730E4FC7896B9D94543CA360E9629B63C039FF91274BEB,TRUE,bootmgfw.efi
+4885e5bd-31eb-4f63-af7f-efff02e753ee,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,53E9CF33ED9379862E5A5424E0C3FBE6D81D0D622368F773C81658F408A642E3,,,,,,,92F858F6A02BD2014618B05D7759E34E7781B15C34C8814BA4C930B320F8DB09,TRUE,bootmgfw.efi
+c7f3ce1c-9b48-4d6e-b769-4a2869e09bb4,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,642296E7342D651FE2FE547C1F08329777CCD44DC4F11C75FEC1F037A9B4B9B4,,,,,,,F02174BB75BC774DF2D7A63A0B0F7A040C9907399F97F642743DA97DF30104C7,TRUE,bootmgfw.efi
+64c9ea42-80a1-425d-ae59-d9ee4eadf4ba,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,BDD96B78F3AA4B123851342995451880CB2498E785ED12E48CEB36F1A3F49B2B,,,,,,,A924D3CAD6DA42B7399B96A095A06F18F6B1ABA5B873B0D5F3A0EE2173B48B6C,TRUE,BOOTX64.EFI
+a7cc38fb-91b2-4e2c-a0a9-2a6051c31cb5,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,E785D139C9F008F9135EDFAD44492D11D09B83373ABE74AD45B7CADD25EBB464,,,,,,,8A03960BDEA6A4953AC50A2BBF9317BE228C2EBBC299E1E90CC7C6EB18F43B94,TRUE,bootmgfw.efi
+e314abb1-31d1-460f-9df0-f437263d9e71,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",c2d60556e72219f9d4dd063a6843aa37,83720b7f32ce09df641395f39a86bc48b3e8a9b8,d809eddc88a14239e8a069fa71f81f3e4af4dc293f7575d71d597c80f8767816,,,,,50588d1cf5701594eefb3eb90f401614,8a6738664c7dd6a99dbbd32c0c43432e9f88c85a,9d00ae4cd47a41c783dc48f342c076c2c16f3413f4d2df50d181ca3bb5ad859d,TRUE,bootx64.efi
+81ea3a10-a003-4839-ae9f-52cb700d38d4,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,889337B0F67FFBDDD260CEE774DFA332DBB4EAE7D11333B2DDBAD7CA7FA773A2,,,,,,,FABC379DF395E6F52472B44FA5082F9F0E0DA480F05198C66814B7055B03F446,TRUE,shim-0.9+1465500757.14a5905-0ubuntu1/shim64-bit.efi
+495a811b-db1c-41f6-88db-36688933fcec,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,DF224EF3B05794CBCE084C11BAAF3D85F380A5213D9097E400D9FA42FC412933,,,,,,,CB340011AFEB0D74C4A588B36EBAA441961608E8D2FA80DCA8C13872C850796B,TRUE,495a811b-db1c-41f6-88db-36688933fcec
+2a4a532a-848c-4ca5-a910-357daefe32e7,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",9671f8d6de959b9d084f2a67f6dfadf3,f7df1f4af46adceea20652bc796d86b47d9eeb6c,3c430c719c9053a74d74dcc5e52b40d10f109db1dc9458a05a7a413b86a93467,,,,,e04975ca0b4139e160f03ab301fe80b6,8b736cf22a54133d32665bed98eedf76755e0b10,4cd73702d6b209ea8d57657ac4603c8127134d01973d84018af7c68335751ad9,TRUE,shim-0.9+1474479173.6c180c6-1ubuntu1/shim64-bit.efi
+60aaedd4-4eb0-485b-a534-82645695a185,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,A0946E9C77C27E5E9D19BCEEFE4DC147F97BF1CA7FE12F15280D390BA7A0D67A,,,,,,,4A4873A319A3A3DE35EA325771DFFCBB31EC14550A4E029CF0FEB9CD686B8C92,TRUE,bootmgfw.efi
+e9785a5c-1caf-4577-85fa-9a2eadc9bfe9,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,D389EDE1F84051086D30B8C2CFC362797B129854DF1313CA474F83A143F55D11,,,,,,,788383A4C733BB87D2BF51673DC73E92DF15AB7D51DC715627AE77686D8D23BC,TRUE,e9785a5c-1caf-4577-85fa-9a2eadc9bfe9
+b03177a4-54ec-4449-b30d-f197e75b8b3e,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",eaaa74b1ac8f59f8610a8e898de54cf6,82d315d856cf1a43ff8d22192638c8f416be591f,aa6f27b8b2ca5826f497362042c003b5e1d7ca22383d82730fbc5c45e048d839,,,,,1adb4d9d5d5c38a654581d03699efb51,120f24f0e7bfbbe0e0419060b1489921d9fd3fe5,56fb79aab26ee9d0e0ca372fb86a8bb459acbc505d0ab35e6a632a3d5f88dcb3,TRUE,bootia32.efi
+ac90e9e0-2035-46a5-b3fc-f0670e6d0ddd,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,2B2025F4C880166D94222A95A88FF0A525C361D7B2C8A886B4E4CE6FBDD6520D,,,,,,,A0107A564E93989C57044FD18AA85BEB1258101AC3D9F6E10BF12C1C6573BC2B,TRUE,bootmgfw.efi
+ec0d55b6-d46c-4f5e-b467-1a8fe09e64d2,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,FB03DB013F31A9AA909B77CF510CD129B9E857A93E37BF9ABB91A79EB296C758,,,,,,,0C0C78837FA767EB045B8199E1E20AD666F90928DAEEB8F5E5253D8E7877FCB4,TRUE,bootmgfw.efi
+fbf92874-0ee4-4c8e-9dc5-ab73b6bb4010,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,1A9DDD9AF383AD81787CD7C6A6DC8C8AA86CD995157C32AD476B60D2C494F7FA,,,,,,,06C670F8572BF89ABAE13D14D81FFE80D5550F696862B1AB386E4D8C56B02016,TRUE,centos-8.3-shim-20200726-shimia32.efi
+2e84c348-bc0b-46e8-aad0-77b20e8c534e,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",c1feed742caf34c142f70956e0c1259b,0e2909e38cccf18e7e44be9c12d9a4856a38b512,e35cc798f138406bdc5e793574f62fe3be4c7dd6424aa6825e6ec7b2a345b591,,,Microsoft Corporation,Boot Manager,041babadd6d890113ca977dc8c8783b0,a19c725dbf32822ebedb4b356cff0eb02d6d9c8e,586898c60cff539b76d23dbf2c92e4105f6a7549e13f53d293708b793ca90d2d,TRUE,bootmgfw.efi
+9e382fdf-568a-4b81-b4ce-58c25f3b2d80,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,CB5C370B7BDC87A2153425852F477916BA3B13E4C62EA419AD93DBDD34780BEC,,,,,,,9A22818E84CA5CDEC6F7FDF0A10B9FF230A53A5C18F4E9179C90A3FD268CD622,TRUE,bootmgfw.efi
+13ef8a27-3274-4d3d-831f-36b30bc88627,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,F2F2F729FC1B94C3B3AD210E0664FAE3351D0D7541581FE2C6DC7B087BE2B16C,,,,,,,C2CC91555617171A7D8AF57DEE529B443A41A1FAD3D4032DBDB814DAD6C2688E,TRUE,bootia32.efi
+dc63ce55-4d4d-40f7-996d-6fc85f01443f,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,76AC59211DF73F8BC0F1369CE290BFF57AD705CD1EB3B402D19E12FE5FFBD6D6,,,,,,,8FDB0851B7639B3293019BF0A8DBD6B7DD57910AC0CC0224852C3381880F2A45,TRUE,bootmgfw.efi
+2682f970-000c-406a-bf2e-fa4c1ac8bbeb,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,B28C498A7CD61006A32A9EEF404AED4349CA68DC6F2240833BA4EC745D37A1DA,,,,,,,E6C63C984BC754736376564A8F9AB1B7885B9AC2F49F1EC6E4053049D26F78F9,TRUE,bootmgfw.efi
+5891ca2a-61e6-4938-942b-bfcc61dcb929,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,CD4A508F248776D8679ECEDB7BB1AF1752C23FDF66284522B4B36F242471B72C,,,,,,,0021B5B11CEB03402D618134800A36C54E1C4328AD389D50B40EACC1E881DCB5,TRUE,bootarm.efi
+7cd28475-a974-4b4b-becd-b57b605d2b9e,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",aa8eae148f6ac90c370eb50c88b974e1,2f8b409981580582bfe5fd5e36f8d3e23c061966,a120f42de7b5bfcb55c40afc857b6baf4d1ac60725500c27a5b2942bda970ccf,,,,,831541e64bf58f95339e2e1fbc08b9a8,78d90cb632f7b98b3c39ef79f5a8079654b27e5b,f1b4f6513b0d544a688d13adc291efa8c59f420ca5dcb23e0b5a06fa7e0d083d,TRUE,BOOTX64.EFI
+cb2d5dcd-595c-40d2-a14f-9b80d0fefc7e,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",3f5b9c90792efc13debd32233440ad32,23b7889abdb236c8cd871733ba2ea7f91d543b99,537b428a0ad622765010c4405c1603ff464fcbb24ae4c2fbf559a10b8ea4593d,,,,,d06af20d9fe41bce9fdcc0e3ce175987,c242ab25b79c1910f451b87f5499802df249e301,0dc24c75eb1aef56b9f13ab9de60e2eca1c4510034e290bbb36cf60a549b234c,TRUE,BOOTX64.EFI
+3b7197b1-fac3-4680-b8a4-b91cc56d984b,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,E012F7C26EC6DE9D336AF7843DE0A4278D6191FA7989DDCAC40A978FD927BB6C,,,,,,,0A620707ACF23A4E6CDC357A1499E14852B605D9EB6186422F57D458E627D6C0,TRUE,bootmgfw.efi
+40519b35-c303-4cb2-aa20-c08545506e08,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",c77a847cc9c46de840d61ec8e3453f29,cba6f1df00f5220288d92686d84ae7e10c950c32,a80b37c9749d6f2c2fdf64922a3142eb0fd63c72fd2989d7e75dcb4be367299a,,,,,b857ca99527ef8704d481f4901948705,e4e5ede245103cde830e02c847c59abeeea32025,a8a3300e33a0a2692839ccba84803c5e742d12501b6d58c46eb87f32017f2cff,TRUE,Signed_14173467011297444/shimia32.efi
+064e9fe7-c5dc-4858-9006-e9b1e0e3001b,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,AECD34387179AFF5CE02103679312CDEB1DA835015A8548FCE93765E7219612E,,,,,,,F2A16D35B554694187A70D40CA682959F4F35C2CE0EAB8FD64F7AC2AB9F5C24A,TRUE,064e9fe7-c5dc-4858-9006-e9b1e0e3001b
+84fbccc2-01e7-4a24-adbd-a1d3ca0acc50,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,574695D73FF3813C780728858B4A6D2CE6D24B41308B23281E438B66A60E4424,,,,,,,35C16AA2BB4DADF5028F4801185CD368B922C6CF7651CB7FEF30DFB95920FB99,TRUE,bootmgfw.efi
+ad6add2d-fe39-4ffb-b31d-7dffaf3ef28c,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,CF61636CEFDF20CF4B35382124800E047F5886952888BD41D1B8426BF34D2D29,,,,,,,BB44FD8CD04ABC3B54E5CCEA97EF81E70FD3933C34288D8B86F6ECB4F3ED1FDE,TRUE,bootmgfw.efi
+ac900b72-efdd-4779-9a1f-401949c3446f,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,F4F5C82CD7BFA5294F973385F7F2FBCAF3AFD3748952B06692C085792BE146F7,,,,,,,AD16DE1E2BA27196395124683B80EFC186EE7E51D434F8FF67D973F46E8E602F,TRUE,bootmgfw.efi
+0c3bd8f7-9926-4763-98d1-7eaf036f7bf1,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,513310D70C03096167B915705C9F0CF34B2B62AC317AA3F89FA5CC385D74DB54,,,,,,,22C3867606A625048E1D9D5230F07FAE41E70BD08EA978BDB37563C0EDD9DA03,TRUE,bootmgfw.efi
+191557da-f224-48bb-b027-94534c5637ae,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,34F107AD8F982B591FB92BCC193BFCDBFF916C720BC69D96A0E9BD22CBA1E84C,,,,,,,800423CEB7E4759621A62C729BABC81F53259D95F76457224AD601542B7B26D4,TRUE,bootmgfw.efi
+8afa8fb8-bd3a-4033-9f71-3d1e574708ce,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",e297beb49756fef9d2bcad4b860426b3,1c1007b55a1e5c1ca49b0b6673fd83b0ae9a9dc3,62c6affbee1ba9a0435562db6e092a5018effeed0bd0f1d0494f34ce6cd403e9,,,,,ac8a7a2580ddb3d88ca49856664d6824,9c07457b464050230ec5376b0601e06c8cf3faaa,89f3d1f6e485c334cd059d0995e3cdfdc00571b1849854847a44dc5548e2dcfb,TRUE,BOOTX64.EFI
+d40485d2-4fea-4d92-99e9-e1531fe4d33a,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,1275826206FEF9AA0A48A60BBC15300B3201F76F45E3CCE3FD0064DE2FC7CC5F,,,,,,,DCCC3CE1C00EE4B0B10487D372A0FA47F5C26F57A359BE7B27801E144EACBAC4,TRUE,d40485d2-4fea-4d92-99e9-e1531fe4d33a
+9517d1f7-d485-4c7e-95b9-bdf297b342e1,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,BA44BD2BB872DD6C6A8687F65CC138585A963473203D6F3F64770E5365812630,,,,,,,47FF1B63B140B6FC04ED79131331E651DA5B2E2F170F5DAEF4153DC2FBC532B1,TRUE,9517d1f7-d485-4c7e-95b9-bdf297b342e1
+22532a2a-950a-425c-b1c7-ae8f8e4faa5b,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,1CC3D6DA3017F0F1422D1B8115622EDEF65FBC497487234D17F4D356670F28EB,,,,,,,1F16078CCE009DF62EDB9E7170E66CAAE670BCE71B8F92D38280C56AA372031D,TRUE,22532a2a-950a-425c-b1c7-ae8f8e4faa5b
+f65396ab-3920-4a6d-9bf0-fbbf62d52999,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,6A3C1124A642244F23685B68D2E5A0AE036651AA401DE70B3912EFD044B62222,,,,,,,08BB2289E9E91B4D20FF3F1562516AB07E979B2C6CEFE2AB70C6DFC1199F8DA5,TRUE,f65396ab-3920-4a6d-9bf0-fbbf62d52999
+8a6aa8d7-205b-4747-aa92-8b526be3b7d2,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,29DA5912698EE1928C239D394EF95A4BEEF0DC59262B6BFFEC24FA205C4B8A10,,,,,,,45876B4DD861D45B3A94800774027A5DB45A48B2A729410908B6412F8A87E95D,TRUE,8a6aa8d7-205b-4747-aa92-8b526be3b7d2
+6e1223b2-5193-4ba9-b9b5-b09c45dd4286,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,D662EF94388DB203CE52DF9902D77E9E5EFB25A202B5B096351D604FD3E63080,,,,,,,4F0214FCE4FA8897D0C80A46D6DAB4124726D136FC2492EFD01BFEDFA3887A9C,TRUE,centos-8.3-shim-20200726-shim64-bit.efi
+aa0019cf-ba6c-4a6b-8ea9-3e4494562744,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",f3c14ba5c3670afacd47f0574922b98f,a4ede25f03e0ce65fa4a840c454c73019275d8de,5052ce3b96db73a909bf0e54355e357f8ab7284fa48f9b21c85efedbb886c100,,,Microsoft Corporation,Boot Manager,aa60f3f1fa0e30a28c2b0bd0ee4fc806,55c991c8563ae11352ae9d0c24644853fceac18a,54c7d9c28672a1306e43ed7feed38b295f8eec279251f996fa293f68fc6cfb12,TRUE,bootmgfw.efi
+670b1089-ea21-40d1-ac0a-1dc0adeb7b05,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,30A947ED2F95D0E7F2746F3A4F3C458FC64554295BA5B4C302FE0EE4F8027C0C,,,,,,,D9668AB52785086786C134B5E4BDDBF72452813B6973229AB92AA1A54D201BF5,TRUE,670b1089-ea21-40d1-ac0a-1dc0adeb7b05
+a3bbd629-976b-4804-b5ea-2e62ee592092,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",ca747f0a7e1bcbc51cf4f9cd2a17f9a5,41686992e3e8fc975674d5134909975b66b54a38,777adc7e8a3e1422b3fc9c10ce31e996c057fe801a5292f0902bd5c5365e7287,,,,,370b63db6afc64b05feadcbffb223da4,e9449d88a4154e0d1bfda7986c089f743b00e9ed,95049f0e4137c790b0d2767195e56f73807d123adcf8f6e7bf2d4d991d305f89,TRUE,bootx64.efi
+285c0ef5-dd8b-4c50-af8f-6ed20f233294,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,FC40897F668AA86E5279CA8FEB62873A06A569742967E0F243F51ED56BDB53CD,,,,,,,4380A43A7B0BE1ACE54A65B3E25ED35F340D6906365821AF139941D5D6E1EA1B,TRUE,bootarm.efi
+0c0db73b-9d53-4fa1-93fe-cab2b3cabf9f,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,918871DEC65B4D8A8D0E29B221351DFEA3A1D9212A4E0D7EE692CC1696E9AFC6,,,,,,,CA65A9B2915D9A055A407BC0698936349A04E3DB691E178419FBA701AAD8DE55,TRUE,mboot-official_em64t.efi
+ddacf4b0-e6e4-4546-b3bc-f196645266b1,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,39CEDF83BD3417A90588795CDE2BD6BAF7089997FDDB588E552952C179958D84,,,,,,,47F7A5F3821286A9C677F66CFE2A84D5CA94CB6FC1EBE8E1986E91EDD58CBE33,TRUE,bootmgfw.efi
+bcda745b-c931-494a-bf26-4dfd7c824ee9,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,A09DBE91C9743163A3DC26BB7E51398C751DF7140D5DA4DD6D43B1915FA906EC,,,,,,,324CBE75EF34E09A98C71B186F535F9091A1FF257BEA93DFEAF199EB352CA0F6,TRUE,bootmgfw.efi
+ce737ee6-e949-44cb-badf-3f1d775d4832,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,10368826DC89AF42B4AD7E69A9E1F4DA9486DD645C088F445998E8DCA18EB0D4,,,,,,,6DEAD13257DFC3CCC6A4B37016BA91755FE9E0EC1F415030942E5ABC47F07C88,TRUE,ce737ee6-e949-44cb-badf-3f1d775d4832
+1ab3d6b3-7bd1-477e-8127-a2be4b9a7636,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",9618221803e2befd17607ef2d957442f,1581d6767a70eb0bf596b82592440346eb00cefb,990a4dd8c86392421d680fa039af4e88d1ebdc97f61a73f8347d6b314fe8cd51,,,Microsoft Corporation,Boot Manager,f9c6e874f1efcfe3a046acceb16d86dc,4ef60851f60fb3c04c48a99e582bd5d868e91d75,e8818666b7e014b6e4820afaa84d5a84fa42cb5d2663c848d358b2913274ba21,TRUE,bootx64.efi
+f4e945a8-aa6f-48dc-822c-ff44ce513b70,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,561EEF7131FFB079F75F6EC3E5738354A3C0EEB204863E7A4018B6409B7D26D0,,,,,,,D4241190CD5A369D8C344C660E24F3027FB8E7064FAB33770E93FA765FFB152E,TRUE,shim-0~20120906.bcd0a4e8-0ubuntu3/shim64-bit.efi
+fb78c0ab-b76a-47b5-b7ef-d64bf38611b4,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,5C39F0E5E0E7FA3BE05090813B13D161ACAF48494FDE6233B452C416D29CDDBE,,,,,,,5C39F0E5E0E7FA3BE05090813B13D161ACAF48494FDE6233B452C416D29CDDBE,TRUE,fb78c0ab-b76a-47b5-b7ef-d64bf38611b4
+312c2d35-25a3-454a-a458-a797350273b1,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,AEFCF3C2010344775B306EFA5FA4A9B7630AA95DA5B59C4E96A2524302B51E50,,,,,,,F330F23C09772A64E1478A19CE003FABCA4F52A9431A8C6803019AD532D7DDC8,TRUE,bootmgfw.efi
+d964e229-7407-4292-88b5-505f8be99d2f,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,17F186C88052B988B4C9B62F8D7F55023AC317C82324DD5A958D05B8A1246F77,,,,,,,9E0D9074F146461F9ACEE7D27F2C7DD8BEE73EB62AC62CF87F03BEE0C4516528,TRUE,d964e229-7407-4292-88b5-505f8be99d2f
+28fb8eaa-e498-44f7-8f1f-1dcf1dad47d7,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,0E0D94096278CEDCF333D4902F64ADE7815ED4000A1F6EA45EB93D2DBE18E496,,,,,,,22B5A88D79B8146598613B3701B0D2AD3E1D2BC215D3A613A30356953239485C,TRUE,bootarm.efi
+cef00ef9-665c-48ed-9b4c-d383d2846e05,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,494A55C84A5A244292DB7F678D4574C7CC6E58D522F0BE270D68B0F1A41E19D3,,,,,,,7AB5FF84B7B80A432366E3BBCC198ED382C9FD592CD5DD210138D2F9297CC1F6,TRUE,bootarm.efi
+1a268d88-47d0-4204-ade4-ed6e4ef6028e,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,B510C9A79CB6CE1BC37912839AF57B453CC4A77C3D5DCC9935F8CCFF7C81F9FE,,,,,,,D79651AA3A0491D33B7979F5B41936F8ACEFBA99BBA10E05FD6F54E2859CC589,TRUE,bootia32.efi
+e0432a67-4ec8-4281-b4c1-a800e1b615be,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,84897E4405319DAB2822D63147F3DA90AC2A436A7D24EC5DD91B277AB6528FAB,,,,,,,6A16ADA3FE0C5468F0A43FB2F597A42F3DA3218C88EE819BF799110CF7A79B6C,TRUE,bootia32.efi
+33559284-bca8-4af2-917e-d209ee8d15c5,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,A37FF7C979ED0E58633D61D00CDFF45A2488E86C740240C77834C8C8C651CB19,,,,,,,8CB4FDAE88F4F492AC6C87716602366DF1AC84224B85AB2D3949F5AEE79CEFEB,TRUE,bootmgfw.efi
+04eaf4b4-a618-4d2c-8eb1-1e0065c05212,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,EA4EEC2975E4EAED0C5EE6C25C887FC8C7A0298FB613852DEC200DACD2485FD3,,,,,,,A983E73E57BDF014C9A29331290EE87DF37F97C81DBCC43C6C933FE2209C0BD5,TRUE,bootmgfw.efi
+454bb2af-6ee7-483d-8a15-73f2fec386ba,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,1B9401C47B0837F1FA315F2F29F304ED360B5B2E2843141367562B60EDB1CCA9,,,,,,,2116183BBAB5D6964C001C931A09ECA1DC0FD6651A61BE4A8A9548DC476B90B1,TRUE,bootmgfw.efi
+bfdc85a7-3cc9-4d18-b798-0fd82f9c5e85,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,78D6FDE56994BCF26964ED51DF446165DAD66BCB0BC6792B9EDD2850F19DEA4F,,,,,,,64CCC886EB99C30AA808E5CA9BD371577BAF9D3FA0E450118464F514B47A028A,TRUE,bootmgfw.efi
+aeb357f2-c2cb-42f1-a37c-3f0a2a355346,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",7f0de7a661590f1c33de0b80676e8827,003454b835a5ee7ee200f9cb4e68b071e2b8e69b,d1af02fca7522c8d27e053544b3b653ff2daffcae9c420e460235dacab53f7cd,,,Microsoft Corporation,Boot Manager,caa781731a9d13ac418d97ec2cccb8f1,7ac2da2861fe7b90862a27b63629d8a9ee58d97d,7fddfe06c44dc4302da54577353c18fdbe11b41cb3e6064ec1c116ee102fe080,TRUE,bootmgfw.efi
+2d38a9bc-5c3e-4871-9e74-a1181a10764d,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",a1b9b882d3990b8465c7010a406ecd99,58d47e6513a61b42d4c1c2a9150cf9fd051ec435,754952ff4187789c0269982d056f6a863409963f46d870c0a8d054e0fe69857b,,,,,c5fe8d0376e90b44fd565015cd7e82c9,a69b510efc63da996aa74d11e49b6748141d2803,903d0d76ada77672c60a4d63be5f6e1b8f247cea9e7d32b6cb26e1a82815d09d,TRUE,Signed_14173467011297444/shimaa64.efi
+6a65ed03-95af-404a-8ac0-95fa8ac8eb99,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,0CF738DD9BEA4F3BA350C805AE7A59076147080BC46F1D6D6C994382E77F8486,,,,,,,E7D9BDBCC68B5BED590C29B72DCA2B96779B8B68B12A47DED074B8F1B32F8FBE,TRUE,bootmgfw.efi
+af2bf5be-c938-4852-a9b2-14ecff96c414,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,D19F5CAC6AA761C1F66C71B9B7A2D44DFF216B97BE10F66180F5E4EF084C9811,,,,,,,13A1F37BEDFB5417B6B737E2A3816C8FD587D74D836914B2B2EDC9FD6CA30E58,TRUE,bootx64.efi
+ccef0d61-ad41-4f54-8ce1-9197ccf0e44d,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,3AE3DA82C39C6BEEFD251265370D57D5BFC67181662736C62F2E6F687409C81B,,,,,,,72C26F827CEB92989798961BC6AE748D141E05D3EBCFB65D9041B266C920BE82,TRUE,ccef0d61-ad41-4f54-8ce1-9197ccf0e44d
+a34d1cd4-ad9d-4dda-8e4e-ac86e42a6d92,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,331A6D1D07B7A19AB36312AB8303C9FA5B5D2628B6EF5C593846B6F4B824059F,,,,,,,DF6EC4F50BE2A4B7657F0397BED483BE143A18883615800A65A64B7E84D9B858,TRUE,bootmgfw.efi
+c8069469-51c7-44c5-8032-1d2fde34f8d3,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,D76281DD69E992EFB55604A1B4E6171E552F3B7E1411D75368F98EF91ED69E21,,,,,,,48CDB31A16D891124BE77490FBC2AD13CB355A18CB0007258CA4BCEA44F288EF,TRUE,bootmgfw.efi
+463dc6a9-273b-448d-b189-ec577fc29317,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,C2B1E1BB8F016D310FEA7225EEF9DC6B6F0E33E5C9DD74E9F24835DF6287296E,,,,,,,E9C71B7CD5A4DF0BA48D2CA48E6C468E657257F73F66017DE45E18EE746ED7D5,TRUE,bootmgfw.efi
+43311ee4-a044-4086-9a53-ae01c3ef7f4f,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",8d9e858d7fc95bfcc3690f3bddfac320,0d0e3c0e73f5561985e6a004d8d160be88d64ee7,0b753bd95ae643b2543f501533ca54db34ddc9d20f336358067a7069240a6214,,,Microsoft Corporation,Boot Manager,2da35b95ebf3903dcaf2ec18fcd2c975,9006b56e7af152fae72c7095cf9155515a1c5a97,f8f38c4febe9d8e45e71a459c5bff171755c348d5f619f3c6ef30a3f8fd02bd1,TRUE,bootx64.efi
+cc522d44-5de1-43fd-8d62-29b630f45f98,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",c9d595c35045f8b200f9d3142cb3d683,eabc1fcab7ce92c8dc667046c46a82ad0b2d8907,545c8c806d6a8b2ab307bf7ff5dff05dd86cfc431d3920692e15e7928ac98eed,,,Microsoft Corporation,Boot Manager,f2a111697ab3f412ae7be6354d3c63fd,47e31958625236b685c3d33cbc22fa0d9f8e3414,3b30c3e6a923cbb7cf65b539025f12b1c810d74480f25cbfcb9a7bfd633f06ed,TRUE,bootmgfw.efi
+1d193967-c24f-46c5-83ae-4bf1d5ea80ca,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,9C4A74D11888FA41A0341EE6F0B75DB69C34827851755F46506A6C0ED96CEC8D,,,,,,,23A0F1DE04EF678E621A449040CF519DDC3679FE54C9E2E0897DFE2C80D3DC26,TRUE,bootmgfw.efi
+70316201-97eb-4739-a72b-abdcd208e20b,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,EFA5CA12CFC70DEA81EB71088B4BDBD44D5B45A8F8D81B7DB243D6A03A7F11C4,,,,,,,5EB2C76843B253ACBCECBB84767697128F000C18358C78C5BAF135A5996C037F,TRUE,bootmgfw.efi
+f901491e-f41b-4b77-8f9f-f9e5a6f03c8c,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",9c9e2e8f49820dbed91f5cae846bbadb,afc56df60e5ea5a55a1e21f76562d073a56ec46b,8844d9b3aea1568a7ff298e6dc12564c422dafae6510db377454ca6072861dde,,,,,75a7ca7cd2451ad3190c71a38c41ca02,a60d97d18e48c13e38723508639f0600aa6888f9,5bfe928eec15454be29504e8f592a4ce5908afe3284b9eeeb259b25145eea2ab,TRUE,shim-15+1533136590.3beb971-0ubuntu1/shim64-bit.efi
+224dff2d-8d29-4951-b7b7-4a0cd2c18dbc,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,7429F9578205C654FC25D2FBE8B6F27D8082E049A962982EB70F55DCA02BE882,,,,,,,7F9602C123A090BB0C4C3B69662BC52D675A0A4ED444D1C1E0E26C2B0DC3760B,TRUE,bootmgfw.efi
+bf3c5a6b-8fac-470b-a458-c84e7fed7dc7,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,BAE97EFC507382C0BDF7B1E74DBC38C0E31BF65186B7989CD9C7AF29DA27F656,,,,,,,3A4F74BEAFAE2B9383AD8215D233A6CF3D057FB3C7E213E897BEEF4255FAEE9D,TRUE,bf3c5a6b-8fac-470b-a458-c84e7fed7dc7
+cfec0cca-c6b7-4327-a2d8-7dca0515e161,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,C1136125F38F6B76285AE4F1A0068F49819CBB5B57F6AB85960640F93FEC21BD,,,,,,,36B7CDB6564C58CB54895B6D2C73F88D2908BCBD693BFD253945BD31E3EE81BC,TRUE,bootmgfw.efi
+c632b521-0428-4bcd-b37c-3cbd25eccc0e,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,E33E9D1B1D5ADE1934AC7BD39F0BA4CEAC9459A7E2AABB8D204354D4C8652E6E,,,,,,,F48E6DD8718E953B60A24F2CBEA60A9521DEAE67DB25425B7D3ACE3C517DD9B7,TRUE,c632b521-0428-4bcd-b37c-3cbd25eccc0e
+d457a885-6677-4118-9cf3-05bfc65e1fde,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,E3946218D523E5D20C99A9A5BB22303DDCEF958DE2A978E01AF2F46D2D7A4DDD,,,,,,,B149B29E8211E24827FBE0168D30CB2619CD3365BD6F8173E7A731C5F702DCD9,TRUE,bootmgfw.efi
+7c5fa8fd-40fd-437f-a2cd-e21aaa43336f,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,176693F4060E5330AE384BBB5470A0F3C936EC725DAABA81D5DB2B820141D282,,,,,,,633F9806BC96A831CC2C8D521D71E9EBD02180DABA1A50978EF6B72E5034E9EF,TRUE,bootmgfw.efi
+a93c81ef-3f87-43cd-8d09-67e57167689c,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,C1D93E3D7F580616051BC1456083F6DCC80DB4642E7AA2909041E86F8209583C,,,,,,,825ACCE0634B91818F57CE96B8314ECEE7373BD20DA77FB08B9B96D66EB65145,TRUE,bootmgfw.efi
+9d795efb-5f1e-4db5-920d-97de9ba77753,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",c73ed000259378b96a9c57c588fc6ef0,66fe7992ab4da8a44c7b06a0b958faa9a293014b,a1111555bfde8807746c8af73deceb4bdadc52dee87004e2ad7239c038687985,,,,,2edaa19d0ac13a692d90ab976522966f,8aeae94deaffa792e788dbd6bdd27629f17e3f9d,992d359aa7a5f789d268b94c11b9485a6b1ce64362b0edb4441ccc187c39647b,TRUE,sbs.efi
+4f434341-9305-4574-9289-5bd1370108c7,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,854AD42E44FBE19122072E177080C2AA9F729BFDE223FA6EA98BE1490BB9A4C0,,,,,,,399F9DA6CF5A87839637B55F62BB2CC6A93FA5AF7FE7AD76B4AF0FB320C98127,TRUE,bootmgfw.efi
+116c526f-a50d-4f84-b577-d52dbbde526b,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,46BA7E327D359A9B108CAFBBF2D7B6B32AA6767C2A3A472B4FFE2587FE376977,,,,,,,0B4908AD33CB2F7E87D3108B74364C5C42FA597807EEAC98DE5EC63F5896CE34,TRUE,bootmgfw.efi
+897f5834-55db-41fc-a4ca-9d880ca00ec7,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,FB2F396A01911260D4035CCABF36DB99081DA3F8D98BB40549D7D5E93CE4EAA2,,,,,,,ABEE522892FA10B22208B4D1540184617BC9875C9E03E5353B4FF476577D918B,TRUE,bootmgfw.efi
+c7e48901-5dda-4d9a-b064-9ec8e51efc06,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,0876FD237955DB876744D5AEFBBF0DB3771AA2603233E123B39F4E772FC3B457,,,,,,,6CFDDB6203F254D38A5BCDD4173D51647A487CA70AB21326ACA0A03BB3D2BAC0,TRUE,bootmgfw.efi
+934f9364-3471-415f-a502-036969a78958,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,F51C64E1690E8FADAE2C55EDE85377D6680C337DABCFC01FF6CF37D8D87892BA,,,,,,,0E44212BADF40D6B8DE3311E632045370588E0B23B7A480EB5DC10DB65D1B4B3,TRUE,bootmgfw.efi
+465c1250-966d-4d32-b168-3b2c614e17f2,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",1bdc36814a6f20464e94616f0d98a521,093660339cf8e3fc1d8a80855e4f3a72e9a92f30,17864e719e9c61d84e29a3cedf2b63aeaecfc10867211efc3077dd216b0a4965,,,,,2f0397316df4c2f34530fa28716256ae,0c4ed758c59239c84740373a3a1da56d5d4b400b,dd8f3f048db46f3983348d35cd77d121f56d856cf33234857073e25a7f450b2c,TRUE,shim-0.7-0ubuntu4/shim64-bit.efi
+8b88b928-4717-4a30-832e-dcb3bb15b7a3,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",b1aea18419d0643fb2e4d8f6da2ae461,3085f38227977dce8dac3b29c92b0103e5b5eae8,56f9e50da4817b1de9d9291eb5f2bc63703ca3e6f4a8571bde28cf756e2c80ba,,,,,40b8a117af84ea3225963daf421eccb3,99823dd47cfe71774cb0fcc687fa1da921b6240b,bd882355bf6813cf88ec0b83b6133691100f480381ac06531c3d5909cf1fb626,TRUE,bootia32.efi
+c8d926b0-b5a4-4960-b951-1f4cfffd940e,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",09287aecf07aa294ed7f76f2234270a9,f4de49ab09ad1d3e18ba4eeef481d91cd67a4860,860c16809e3941bebedff0bde99c32aa77379c0be1f6b174d20038a02162d3d5,,,Microsoft Corporation,Boot Manager,2493adfef4cb684c76b9697cf414c95b,d05a293ae6ba3f9d4f03da5027807f2182be4c22,ee0a54e2dd9848d7a209d2c945449a0bac9a46c45e5e033c6982d2924839ac74,TRUE,bootmgfw.efi
+a6597859-17b0-44f9-b8d8-493a0ff20ed9,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,E23336EB1176965193B9733A01F8B7329DFF26D191EF427DC06ED89DD439C615,,,,,,,9E08464CEF9931473C384DB77278997AE92D50368C8D2B9D6AEA6E3323A2BBE7,TRUE,bootmgfw.efi
+0e305520-6001-4144-893d-b4c38ea47886,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,52D826CF8F6A0095938F7069B5F5DA22C16AE037D757BF9115AA84920BCE4EBF,,,,,,,1FB619FE1504EF78C8BF59294B16C6D9BF1DA741FB582DE125B6A044F6961C57,TRUE,bootmgfw.efi
+ce34babf-0f03-4d6d-969d-e063648d5dfe,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,7B40290ADE5BA3316AFC08748CFAB5AE79FB30BB8B5972766D670C3887E3D294,,,,,,,F5E892DD6EC4C2DEFA4A495C09219B621379B64DA3D1B2E34ADF4B5F1102BD39,TRUE,shim-opensuse.efi
+05a8e372-5b24-4953-8d25-d6560076f4f4,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,4BB0A426CA2A23E05B62A3008009AAD7F184F3D24DBD65E9AA81DE341BC5326F,,,,,,,C21614E207B1991D3D6DF842009718652D241A8D926E221B85D069F1615E27A2,TRUE,bootmgfw.efi
+66da17c5-7c1b-43c3-8520-4d3efea91899,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",5624304dd2172b7edb81741a5e7d2d06,5ebb525eefc7d35d664bf29bf8fbff40832dcefb,0e93c368f8177bc0fe1a09d79b897a94286f3c374a18a40522c3358cb627d7e2,,,Microsoft Corporation,Boot Manager,a0455533de7422bc348d8c282d26254d,f8f7d3c1f985120b648ab2d7daedeb98ed618189,16598ee39b716ed9e4765a44abf86906c9b25c25abf631cc78ece6f7211b0365,TRUE,bootmgfw.efi
+d569f749-c5fe-42ff-b6f9-8966a14d06af,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",9caa5988ee5678dad93374ef1f4fd184,7b09d0dd2b0e37d91ee548a205ba53f8d5b02c7b,79baff384ed507030cbe328a3d6c04d13e77932f08d387f76cf2422fb3b2588b,,,Microsoft Corporation,Boot Manager,a60e4ec04f4225b91e5ba2c607fd84da,164e0544942fc32310285c8e8602244194c860b2,fc736034ebab004776581ce9a6c112106dfddfabb315b1f0a4d0842d67308429,TRUE,bootmgfw.efi
+312efde5-1d57-4845-860d-cecb9a1af677,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,0EC7C340AE2DAA6D5F7B261BB64A5E7E2351073FC5B893E07D03595DEE28F544,,,,,,,26ACA3C927095772FA26A4D63680597130AD161EEE8CBCE34B59E10C6167E92A,TRUE,bootarm.efi
+4d31cfeb-3005-497a-b566-7062066398ab,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",02e7a063eae0c4b80a6793fd63bac013,c7a420758542a22c9db7c9f75a4709ac53ec8da2,9da10b25786d8db0167fd66c051f7e2655781bb561b99584312b439a32be4c32,,,Microsoft Corporation,Boot Manager,cb9d3c514e9a2a200235c093312630ca,3779679707ac8e825d6195b8106efe77ce33bfc8,ce8c44e185faaa03959cf23229607854ef7e316ed0773d66d7be5e0a48061de5,TRUE,bootmgfw.efi
+23d2d4cc-fb8c-43d8-b736-ae5c4fc3cd96,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,C1B24EBFE119C27A2E5EDD4267EEF37B2CD14FBBD8688DE27E08AF89996DB468,,,,,,,691BA3414E78622581BC519BAF0BCB16FB262D3ABBD8639F3E0ECA2A29F99406,TRUE,bootmgfw.efi
+275664b6-bb50-43c5-9d04-b100ea9fe56b,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",a7077726554ee791e5a4b6e20ba8d557,6d3c3476f38f447586c8fc347dd545ebf3b83a15,3fda721bc5007eab23af6e0c56a6942a7925a858f0d801fbb21011ccf758893b,,,Microsoft Corporation,Boot Manager,0a0000705bbb68e7e712da6d3e638b2c,af2f6de1a213564cfcef1588b157a5ea52ee54da,f1cad3ac005b57d6e22ea57b9ebe1ee9e5052bdda499f5f2c1364317de87a794,TRUE,bootmgfw.efi
+67ae7723-5130-48c6-b24b-22a876c9c2c0,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,C58ABF55F773FEE60CDB21D01D02229C4A3FEEB29F5D904CEB3106BC4B435EE7,,,,,,,339C2BCF0445BAA7345A02CDE505E172D24CC9CEA29A92EBEE3F3901693FD2C8,TRUE,shim-15+1533136590.3beb971-0ubuntu1/shimaa64.efi
+6ea89297-74dd-4581-b268-475a282c9592,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,9C1812CF5B1D61DC08BD6683D143511BCB5B14798116D1D2714963CD468933FF,,,,,,,92185C264285741FA7F198CAD8F307C60891AD932D9E3C2A08D92546FF7099ED,TRUE,bootmgfw.efi
+87813fcd-6a01-4452-b54c-0dc24402bbfe,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,23EBFBC7BC286CEFC68B4920784B926EC28D7965815238325FBD17892177D6F3,,,,,,,340DA32B58331C8E2B561BAF300CA9DFD6B91CD2270EE0E2A34958B1C6259E85,TRUE,87813fcd-6a01-4452-b54c-0dc24402bbfe
+2e98c935-fda6-4fc9-b635-47a7d9157a02,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,B6F807D4488F132AB873DCDE8EDAD2875961895E503F263B86BA34958A290618,,,,,,,A48B5E31477DA248680A8935D1E5E630E6FDE22277F9635DA7D6F7F9AA17E34A,TRUE,shim-15+1552672080.a4a1fbe-0ubuntu1/shimaa64.efi
+79c58c75-492b-46fc-9788-59514261788a,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,E1A44BDE59714FE31A77476FCF73CFB784105333F05755D8F1C05EDE4056D4C6,,,,,,,E637002526221BC32E477455B12F864F20B27C44679A2E78E5C56DA1FFCE8B41,TRUE,bootmgfw.efi
+47020b30-de49-4937-9908-9d72b3d153d5,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,B76C5689D45E7F40F8D78468D4484074167563CB06368CBB9CB4DBED65E1192A,,,,,,,631F0857B41845362C90C6980B4B10C4B628E23DBE24B6E96C128AE3DCB0D5AC,TRUE,BOOTX64.EFI
+27ce9422-3805-4231-8142-aa0976d3686a,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,EEC3E281A5545CAF11EC02BB0DF159DA19698E639CBA0190A0AEC9AB09296BEB,,,,,,,A4D978B7C4BDA15435D508F8B9592EC2A5ADFB12EA7BAD146A35ECB53094642F,TRUE,bootx64.efi
+42952e7b-6913-40b6-bc44-5eacd9c673a7,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,CE7A0A3D718747C7263D099FD1477E363ECFE75BD2F639EE47AC1271EC229D80,,,,,,,E060DA09561AE00DCFB1769D6E8E846868A1E99A54B14AA5D0689F2840CEC6DF,TRUE,shim-15+1552672080.a4a1fbe-0ubuntu1/shim64-bit.efi
+cc9c7842-484d-4427-9ed5-75073efdad17,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,8A73B6E52B27695C72D4776C0BCFA54D30C1340D534D5EEFF8D890377CDFDFAA,,,,,,,362ED31D20B1E00392281231A96F0A0ACFDE02618953E695C9EF2EB0BAC37550,TRUE,cc9c7842-484d-4427-9ed5-75073efdad17
+841c43d9-b7a0-40a7-ae7c-fc1affb759af,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,439983268FC8238CB2DC187B033904DBD682929852D846FB69A22DDA1561A422,,,,,,,57E6913AFACC5222BD76CDAF31F8ED88895464255374EF097A82D7F59AD39596,TRUE,841c43d9-b7a0-40a7-ae7c-fc1affb759af
+7cefffba-3701-43ff-96a7-7a66f008805e,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,C443B4E3083BDBF2296A5E0986022520535C01ECC6CA3E0F0F83F3B683672368,,,,,,,50F93402B66127D87B947067E9689DF5B2B36B253833FFE1E6CECA685FAE2D85,TRUE,bootia32.efi
+7489f724-a3b3-435d-b34e-9ca0a94c6ceb,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,707BEEAE9B9CBF0D56AEE48AE398F127D3B52FD37D25B95C561CDA1DB5233C50,,,,,,,9C259FCB301D5FC7397ED5759963E0EF6B36E42057FD73046E6BD08B149F751C,TRUE,7489f724-a3b3-435d-b34e-9ca0a94c6ceb
+94e35789-58de-436e-b04a-8a7b7ded8347,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,12A9833615CAABCF4F732C8BB088C83EC18C286EEF2332CB11F18529B676BD38,,,,,,,2B1B9ECCF585B11C5122651D7B94534BB131AA7C874E2262038B85DB3EE83E4D,TRUE,bootmgfw.efi
+5cb571f7-050a-40db-a196-9ad7cd8afed6,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,079A26143F5CD9862331F7C1850FFCF2D6E081FCFA8617F6FFA94FA212834DD1,,,,,,,E808A337ED6911EF561C27CABACABF4EA6D6E20FB70F5413B121AC251ABCC10C,TRUE,bootmgfw.efi
+34da0cf6-14d0-43a7-8e56-ea63c3b0c1bd,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,A7CEA30E7B024C8710F9AE5C1302545CEEAF23B8DEBE362FB26562ACDD807325,,,,,,,D465D63B0384F16A1610B0A86C5D73B36A33709828DE8FE26DBAC6DC6EFA007D,TRUE,bootaa64.efi
+57f3ded8-3e38-4146-88ad-92ae83c627d5,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,85C838E95601A4B1CFA64600FC4A16330CB50D575FB2E89ECAA08D6B12B50CDF,,,,,,,C0530BADC4D066D5C4B8B955023E9EFA7FB9337ECB7E1298E7CBA172D8680485,TRUE,bootmgfw.efi
+3a20e152-907d-41c3-8ae7-14c2a23e4880,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,299E3B66B0283E23793E03FBA6B795A2C6B6034864B6D571449945EBA0D90A20,,,,,,,3E3926F0B8A15AD5A14167BB647A843C3D4321E35DBC44DCE8C837417F2D28B0,TRUE,3a20e152-907d-41c3-8ae7-14c2a23e4880
+98b2c48c-eaa0-48d4-bcbd-4090cffd2fed,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,575D4DF1AFBDD514A6D293234F4493736200E657D0EB9C618CBE18B3AE8EBB3E,,,,,,,F558E04EF99B39A1012E8BC2685728D983C682CF5E6F7E4D335A660283D7C666,TRUE,bootmgfw.efi
+cede5464-786a-4472-9b83-cbf540f90d1e,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,E9F55F39797D7ADAA99F2FE4138D413A10539C9663976B055A705A76C6A916D4,,,,,,,D455A3C084DF64CF66DC1D2BAB352C74AAF66035058DF1143EFBDD4298AA4527,TRUE,bootmgfw.efi
+347957db-bbbc-4322-a736-366891a369d0,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,F736ABAB18FA867218E4FBFEAA8A452C3B55F2981CC7E27E6CAF1FD9181EF294,,,,,,,A9CE2969A83982F80B6B2685568A7D6F8E58BCB5FABAA2F8168092175518A0C9,TRUE,bootmgfw.efi
+e2313b7a-714a-4e2c-a692-4259f9bc3b0c,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,C190FBE65C28E7DBCA5AAE188C368CAB9A43ADB7F3B010843086D6DA77C3A6E5,,,,,,,B344D2F33E30A25EB927E4C1A419D019ACCFA8249A5CE622B8E7C7D8D5807A00,TRUE,bootmgfw.efi
+b1ed132f-d99d-4616-9fa6-56b6e8e814f6,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",7e05f116825f8e60072443b813e6192e,c9bda70cc887ceb1c4552319df909c8bca331b58,09f2e41661cbbd714d22986fbb36a2b5764a5544c85f9875d227f6a26e1c8c8b,,,,,1e31b54463f12e9af1098295a74b4866,7bc2c8f3a922fda1f6b16dd09425006a4715f7ee,66d0803e2550d9e790829ae1b5f81547cc9bfbe69b51817068ecb5dabb7a89fc,TRUE,Bootx64.efi
+68bce846-d710-4c06-a74c-bdf24a87157b,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",11ca417bc767273a9de7b1355cb2908e,8de2b54c1204ea7491174a94c1a283695952155b,0b16ad93ee38243d72ff0acd790107767b6d7d3563a4ba8edb7a23eec5c8d531,,,Microsoft Corporation,Boot Manager,8bbbe505bcaf280a57c1bbd361585c0d,df47daa733f498b29d1b3daf28724cc400710a63,2b21029fa033526d1dcd9e87ad8893f9b5a08987c3271b8a86716865de53d958,TRUE,bootmgfw.efi
+cc55f472-e9c9-493c-bf44-98d528441570,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",9c77b23f662f4c5cf1da2ec62ba6fd2c,0f6c22e7f48505d3c4cf28edf541e69a72f4cfed,5f3952cba19c9f225aae8b57e57c7e20505ac617aeca845a8b5cde4994405c92,,,Microsoft Corporation,Boot Manager,eed20fa5bc02fa6f0c7e5082c633e31e,01419f5ba84d07eaf079e2c69e8655471028081c,9335c9dd7001a2ec4e322ab6a2d11e6c4cd4ef1644c00d6314b7ba5a26f9eb7d,TRUE,bootmgfw.efi
+3c5c1c32-6c09-4fea-863a-2e5cb48bb099,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",ffa0df6d1cb927f4cde2741d63c7125b,a2c8bf15abcb90da814748bb150d66f842f23a38,98acba206e9f3843a4a7e07c66ead4366fbe7976653b65ed0c311d4efae878ab,,,,,e599f74cf93986aafae680c20c7b3723,36a6e60b2512bfd940eadb7ff3fdba23fa970a8c,9fa4d5023fd43ecaff4200ba7e8d4353259d2b7e5e72b5096eff8027d66d1043,TRUE,HfiPcieGen3
+4a9f5a2f-87ca-4a7e-9a16-15d7e8a44c14,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",e2f5112aec3a2bdc5f267c18f8a6c071,513e0049089f66a29eb06adef56eb24f1689c24d,c643c3cc182443893728101f5303aaa05b08ec8616310546edc903635c692b5e,,,Microsoft Corporation,Boot Manager,a114f82ee953917e2718ad7f4765ab20,5c145f3f55a53c1db47c568cd76eff5b0092e95b,f0b3d0d4c5457880e2d9b7728eb64bd288b5d4a26ec883f3c0941d8af29d9466,TRUE,bootmgfw.efi
+1f6808e6-5b11-4cb3-b2d7-427ea75c1f9e,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",cd3a08a351a1e5286fdabeb5bbf371e7,55f93fee3283aa27b1d8b20d1d4d85b770e923aa,2df05c41acc56d0f4c9371da62ec6cb311c9afb84b4a4d8c3738583ccc874d38,,,,,19a8ebfdc4acec4f18411de1412ef702,e91507cdff068f305c149e89d25038e3a665e461,c805603c4fa038776e42f263c604b49d96840322e1922d5606a9b0bbb5bffe6f,TRUE,BOOTX64.EFI
+0486fe15-0d77-4c66-9918-1278ef014f72,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",c831903e223d70526791119b52eaa4df,43e01a095fe196f5f7f0f6aa4f33d79803d1fe43,86e5b25aa8072895e72e3d5f4beaccc1488a434fb10babe17fb9010da4ed93bc,,,Microsoft Corporation,Boot Manager,4755a94a9c24a396102236124cd43c7f,e7efd492f1248e8eb94f4ee629365328cc7c7822,07b6d3aa86d0a8d5f46bdd5886d8f20fa2dd9377898d1139bd74b41f5e7ae44b,TRUE,bootmgfw.efi
+63cf9ba5-5aec-4ed7-9f58-97d1eff8aa0f,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,1BABF3FB76AE149CCB95B8E33B193CE7408B7134E0A5CC8CE1E884BCD01DFCF2,,,,,,,0A75EA0B1D70EAA4D3F374246DB54FC7B43E7F596A353309B9C36B4FD975725E,TRUE,bootx64.efi
+7ad06c0c-5595-41e6-8049-b051fa3e931b,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,7B9D76B66E9E3503682EB5B6CCC8F70B8B5082F140252A7F6127AD9764D8F297,,,,,,,D472D0DCBA3F5DD61BE3931244717BF2230BABD30E9E2F6B2880BFCDC8FD6665,TRUE,shimia32.efi
+513ff7cf-418a-4405-9020-8044f5ce24cd,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,4489FA289C24EC5745E69F476FEBB3FA0103501D95349E795BE481E678429DDE,,,,,,,E11BDBFBAC4736918C497798D6ED018F529726A6B1894BE0658D1B9519538B22,TRUE,bootmgfw.efi
+aa02b41c-fdba-4a15-8cd0-721c8ce19b68,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",77164588c1c1207395ca4a64dca19f85,b1d0f26d6c2ada8828889a9208529ce96b6312e4,1e918f170a796b4b0b1400bb9bdae75be1cf86705c2d0fc8fb9dd0c5016b933b,,,,,cf53d0ab33dfb190f34ec0b12fcd54d6,fb0b0ee77baf7de4e8072a79bd48406c63a0bc7c,e9d873cbcede3634e0a4b3644b51e1c8a0a048272992c738513ebc96cd3e3360,TRUE,esdiags.efi
+3f2c9d56-984f-41b4-a2b2-49bf97e6ef71,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,C2BC0ADF3826972A0F8EF7E63C008C52D68215CCAE493CCEF14C3D3F4F67BDD0,,,,,,,B632A6286C6FAA6643EC34311E0B9710A3508FC952E9A04263C33179E32814F8,TRUE,bootmgfw.efi
+4f2db5df-2730-4e9e-aa70-51029d2540d1,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,55A3628537C4FBDA0FA7D27001EB2DFCDC515D8A48649715A31E1D0065A7DA35,,,,,,,2DCF8E8D817023D1E8E1451A3D68D6EC30D9BED94CBCB87F19DDC1CC0116AC1A,TRUE,4f2db5df-2730-4e9e-aa70-51029d2540d1
+46a49cc4-2dcb-4c79-b1d1-2c49f6df0af0,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",658f77c25877b5ceb68bc7e046d37ec3,8276fccfe7c6ec83b5340aedcb77fb1e24cb1c4d,d92b8ac828b827e4e5b9e9aeb02676783cdb1884f42194823769ccf033a7b9c5,,,,,6178f6bbcb3eea01cc915b8a348a3637,cc3d816d02da15fb70878fa6590b69c9f23f8441,8e53efdc15f852cee5a6e92931bc42e6163cd30ff649cca7e87252c3a459960b,TRUE,bootx64.efi
+2281377f-96d2-494e-91d6-86e4f2c78198,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",65e619f026af74b9c47c2cc77346ec40,9bf8d8b915968c37fb4b491f67e567d709d2a026,fef56f20ef6e5065ed0fde1d85fd19f1f07212403489fd1e2b63aa41f5dc600b,,,Microsoft Corporation,Boot Manager,866e67751c0a6b90c631d03793a348bc,2565b9e7e5552c7a3340f5ad2c6faab6ea42bd27,ce1af9fcce6ad19c00d8236b23b03cf83c593c6184a08266e58fe95c6caa4d13,TRUE,bootmgfw.efi
+2ca2a15a-a3ca-44f8-a400-6ad9d6c119ce,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",28e6701303a90a81dea61addc9d06329,00745e4a83900338ec53b231a602eb76ce3fa889,2f871712447dde7c3552f5aa90a2292821c6f32d92788e00dee8566f8d4de209,,,,,376edf47c4a984324ea56fba394cc047,ec85b380b74232b3a564125db01bfe11ff646040,98cc8b91fec5252f62e81843d9d5d8ac2a2f253aa38152b3236a5092200ed290,TRUE,bootia32.efi
+7480e25e-d4dd-4e39-b652-33861111c011,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,55C6D083A4E3BE8FF842A5D39EF6F0C82D3DD29FE377C7AEA920C7B419F660D8,,,,,,,3153B3E305575439914605D976CF6EAD5A500E54D0B6ABCDAAFCCED1BC47E04F,TRUE,bootmgfw.efi
+854018eb-0eb9-4c45-8c0c-edb859445cb9,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",87e606dee08705c7ac75737a83a6e063,56ebc1fe5d75203a8fd8669eb86d80cda4c13d91,6a6f1c13eefcba07c0fc8aa0b70ab6fe2bc709a9eaf83090b735fec8e0dd576b,,,,,be4303f658c8f9c5541a6bdac9dc2c2d,faa088677fbfb6eb7266526835f878855ee767d6,cf3f7c24af6d46e133bb6a936902a47413394b2a8addc63a8890c75eb7c3a6c7,TRUE,BOOTIA32.EFI
+a2e0c2d5-a9f3-43f2-83f0-41235cae223d,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,DEF0CE090F4C6B203C317558D43D015427311475231E8CE9B2E00AC0C18D3922,,,,,,,2629AE14B467DA5DF8E9EB6F1ADC1A9F50A78DBC3C246271C8530D0D35997A4C,TRUE,rhel-7.9-shim-20200726-shimia32.efi
+f922e65f-baea-45c6-bdfa-0b6ab679bda8,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",2eb1ef37d6d0425c505df369802d5d54,8568540072aa5aead8d761d4baa459e4f9a222b2,9e14396bca7712b13a5f0b209c8633d754afc3bf577b42ef78304581ddd4e02f,,,Microsoft Corporation,Boot Manager,170d26c08c0bd42cabe41e7223cf1a3b,026ce5f4baea28c655be66c8ac4873ddcd2fb089,8d5332b350577ab7b1987f93fda104b2090f6a62e262214264f554b6163e8050,TRUE,bootmgfw.efi
+8cb4f77a-a709-4aa9-9563-a21d26fc900f,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",ee4b2aa959df5211204c6165df138ecd,ef1dd5153ae097116a870b6b3571aa1f2f99bfe7,67fe6b4b726451375e2dc3f87a0954cd01083fb4d8f4fb074bf699536450af04,,,,,14a8d4ab1ac048531dc075cda647773e,32aff74e8078b1833eba455d0c01471bfef3164c,b7d3e3c4a930fffcdb184619534ef7c3d45435ef97f7988611714f5523b207e5,TRUE,BOOTIA32.EFI
+ea9f89dc-3143-424c-b3b3-437969245705,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",1aa56b885cc8dcb37e0165fb6774acf3,51b1b97472c99971ef217632ae7d9fee3ce3f1ad,2b334e6b147104306dd91f77e900c07383c0ddff77c2979ec79ea5d92944c13d,,,Microsoft Corporation,Boot Manager,8c6a38741626834657d7c8a8efc9ba4d,605ed193044333070a922ead0b80c554c8e73287,71a5716decf09fe8bcbcc73225fe1e7012076cea39b49e9e72afa291b1fb717f,TRUE,bootmgfw.efi
+5ea7cfb0-5f73-4d02-925e-8161b423fa88,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,45A04261C55E72E48C90A5C821C3A519B4A0D9B1A6C3561CE7477AC399D23C5B,,,,,,,A372DA66E15D456DC4200BD3908E0943BA4EAF864F7A35062B6B1704320D090A,TRUE,bootmgfw.efi
+59b7d19b-fb7b-4641-b158-0d2f498e375d,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",aed4e671b03d6e093a423c7593d423c0,0795b77ff05d9365bfc1ce099e4edf239f64a073,5156a8ae596c06692aef13ac6524c7f1e20d52e4ea0f5a5ad43a6874edcc5e1f,,,,,19d9ca04dfe150f7ed275c0522308b48,fed3c32a930572d743108d45a16103a34c0c6b73,3a91f0f9e5287fa2994c7d930b2c1a5ee14ce8e1c8304ae495adc58cc4453c0c,TRUE,bootx64.efi
+f5fabb82-d43d-45ec-b057-5963c46113a0,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,C6C85806905E0B76C25C82A88BFF62B995F49124C55413E74D1DCC3461FE8336,,,,,,,8A305C5FBE7C56F9E3214D7ADB8F176341F4020F234F3C14E52335967A2D365F,TRUE,bootmgfw.efi
+2c1b4ac9-5f4e-407f-bf05-bea2bef8d7f3,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,191A99A1EF854CE43E64D1CE2FDCC0C942200B88D232F8823A439CBCD7D148C1,,,,,,,DD59AF56084406E38C63FBE0850F30A0CD1277462A2192590FB05BC259E61273,TRUE,2c1b4ac9-5f4e-407f-bf05-bea2bef8d7f3
+c947ca13-4a5b-42ca-81cd-b1d1d9a4d8dd,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,83A5C9C78BC64206AAF7B7F9901867D19BB746201923D855AAE24A2B2330F113,,,,,,,BE435DF7CD28AA2A7C8DB4FC8173475B77E5ABF392F76B7C76FA3F698CB71A9A,TRUE,c947ca13-4a5b-42ca-81cd-b1d1d9a4d8dd
+9be3b201-fec5-4264-b56b-81d4535b4c9a,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,CD0F9839C6CCBEC5CE38B882E1AB23C8AB44A8993E6B8A02026D8314EAC4EA4C,,,,,,,29CCA4544EA330D61591C784695C149C6B040022AC7B5B89CBD72800D10840EA,TRUE,9be3b201-fec5-4264-b56b-81d4535b4c9a
+41327687-8774-4304-bbda-cc7c5835b54b,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,67D204E0E5DBC0C5B2549FC2C003024525378DB4DE12E5CA1451DD996561AED5,,,,,,,DD5E4E9F20CE8BF8F3512261F176ECDD046C079D32585D9B259AFE0A28C973DF,TRUE,bootmgfw.efi
+29221f48-fbc7-4db4-8fc6-86f1e3e137b8,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,3A5B30A5017105C4CB30A0793FAE4600BF4A1A442D85C79E98405DC0083DEB8C,,,,,,,2A92103865FB60FC84D357180CC7DB45359B04AD419E8C4FAB74F7143FC0655A,TRUE,bootmgfw.efi
+afc98e92-1064-426a-87de-35479bc19474,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,1BBE108A0DA8A6A15221BA576E985B4240AD603D7D967F710428A9CB53B97B0B,,,,,,,F7E4C7FB10755AC534BCDF61AA7FA18539E42E061C247891E9BA42E17290C742,TRUE,shimia32.efi
+fc53d49c-f8d1-4a46-91be-205a0ec0515a,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",6b65628a2e6b0cf6bd54965da59a8b43,54fccbba97f50d2b57478a1c01ad8b86a5fc737a,dbeb49f986ec6618e7c256d3db4e3d5378a6ee3439c5949ae57e12722a73a198,,,Microsoft Corporation,Boot Manager,5f033a228e6fd44ea0f18196d7ca57b8,6ebac91cac25a80ff4130bc69da6c527da05318d,52ceada58e8d14ab47e706dcd6264d82affc0f9fc62ab46f77be46f262ae1b17,TRUE,bootmgfw.efi
+c67be7e5-8f3c-460a-b4ff-174ba2a0fb6d,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,997CCF341DBCE2EB9E119803723130DA90E8F1DD167A7B75400E73CBBADA54FD,,,,,,,06E3F646CEB102372E3E086D46234B06A9AF13EEF65AAD180EA2880BF8BC12A8,TRUE,bootmgfw.efi
+216969d0-1120-463f-a8b0-f8832f49fe39,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,487DF121FD496D9A443C3598DA3771FA187D408C589F4CB990041E546C529539,,,,,,,947078F97C6196968C3AE99C9A5D58667E86882CF6C8C9D58967A496BB7AF43C,TRUE,BOOTX64.EFI
+bf069911-444a-4972-8961-140fd7897324,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,5D6A0CBDAAF188974E98ACA06E664B4AE98D458327717A20B1FF6C80518EEA3D,,,,,,,A7DFCC3A8D6AB30F93F31748DBC8EA38415CF52BB9AD8085672CD9AB8938D5DE,TRUE,bf069911-444a-4972-8961-140fd7897324
+0e36a4f3-efab-453c-b6db-fe4f613b79d8,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",c9b413ac0a31f9eb0a141e05654d1d52,70f682f3c63a4a1121c3c9afa78934aa2412c049,ac22c4ad2e62a3a8369a311b69e9b3dd558359cb44de8115e6bef2ae5e5e7151,,,Microsoft Corporation,Boot Manager,9e1d88b1165fafcc8d3ba103110c4843,7ae4be62af6bbe64ea43e60462403334b278fff0,f923efa6615ce9a93e5d69963b30adb00f2d2059113f55babc477ba889841f29,TRUE,bootmgfw.efi
+e121cfa2-ee0c-4c6d-9b1a-1f48ce500b81,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",07349cf7c406343bb9a9a9d9eec50790,12f8b7152bf718ee95d9d9a8ebd50c1a8fbb9621,ef43b4b4a755494b10b7431527aead697feab6fa48cf4684cca4fb5b8cd09035,,,,,96c7007a1ef6ec8ae43756e1e3bf9807,9574b0676b8540628d0db2f89a8d8bb7b43d863b,5c5805196a85e93789457017d4f9eb6828b97c41cb9ba6d3dc1fcc115f527a55,TRUE,bootx64.efi
+997fb55c-0910-48f0-adf7-33f2e50473c6,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,9A7FA44AE658F9CDED2AA0CC440EAA8134FC1FAFED290ABBC8C45EC670884605,,,,,,,F4D7D6F0D820F749A442DAB0A34D53A71CE47DF51DE07E6723AB848108AD1945,TRUE,bootarm.efi
+25356276-9f23-4044-a512-863c5b3180df,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,96520E78051325998A6D82FFFEE0366F85289E6D8834D1F3DA9082C6EE146D26,,,,,,,B93F0699598F8B20FA0DACC12CFCFC1F2568793F6E779E04795E6D7C22530F75,TRUE,25356276-9f23-4044-a512-863c5b3180df
+d17ff559-85d0-4cc7-9327-516585723ea0,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,B81C6018141EFC89816DA4081BBC1414911125D5184108E47AB01260D84FB9B1,,,,,,,CBCBB8E81F1CFEE4D02D65481080ECDE62528344C5372B09FED4EE3CA1E14330,TRUE,bootmgfw.efi
+07e76cae-6513-4120-b399-3ab5ae5879a5,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,997CCF341DBCE2EB9E119803723130DA90E8F1DD167A7B75400E73CBBADA54FD,,,,,,,A5E0C1C1FDEBE61C4DDBB66C57EB23BCAA86C36BAB9900AD10342A4971128EAC,TRUE,bootmgfw.efi
+f4268520-fd18-40df-aecf-b2a6e8dcf27d,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",fbec641d8564e4e48784b2b07dd9c196,7ac5c5314da05d3a6e69e4213b9479a62d6f411b,ee39a9a3fbde8b15ce4ac34519e248ea746a52ae0ae680da5b0c7ef919e583a3,,,,,ba5501c6998594711fe062521d0ba9de,8dc43164d1742fd0e3a9590190ee7116bcfc04a8,96e4509450d380dac362ff8e295589128a1f1ce55885d20d89c27ba2a9d00909,TRUE,bootx64.efi
+81f3828a-1a59-4fc2-a34e-d1f297f0f719,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,CF960A60921EF186A0A511BECC06B264407111D2AE6875C93496121887318EDE,,,,,,,32D4BA3A03D1F2B6BC80D011C0FA107747B7B573FE96AAFFF21735ECF562D337,TRUE,bootia32.efi
+a280d6df-a426-4031-8dc8-31473975f92b,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,EC16CFB5AE2297154394D9AB6B5B749DCE676404486D72A44064CD9A716EC1F9,,,,,,,BB01DA0333BB639C7E1C806DB0561DC98A5316F22FEF1090FB8D0BE46DAE499A,TRUE,a280d6df-a426-4031-8dc8-31473975f92b
+35a53e95-2bf9-43c3-b7ff-c8a176b73a7e,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,641A3F8E77A42F04B0F300399F0FE6545733DB7EE00FA402358723E84BC62741,,,,,,,91D56D765B020B99B7716582E3C380147FF0ACDDF63BB09ACDED0C0249E5CC8C,TRUE,bootarm.efi
+52d2d179-addb-4556-a244-d085e0aefad2,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,EA21E2A1F1779F77C35060CD8690D2E74116C4402DD10B6F8260DB2D00B4A9E5,,,,,,,941A51239ED416A788B5059DD647631B16E506C8F6AD87B1D5F3B8C97199A160,TRUE,bootmgfw.efi
+3f7d85db-fd3c-4a8e-a83d-ac9d89dda3d8,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,626AD87C1D3475B2599DFD36B430BE3ECBFED207A20D9FBAA01F7AE808C0271B,,,,,,,A4B3FEE324D25C53FB5CB48630DC80DD7EE78C1AAC8C8DEEA927396997E33BCE,TRUE,bootmgfw.efi
+a4e079d3-3919-4c47-84ba-9a7d7d1acbe0,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,D8E8197BB6CB93157BAE6B4E63EFFA60BB49628DEBB6F771F154C229F4205DB3,,,,,,,D372C0D0F4FDC9F52E9E1F23FC56EE72414A17F350D0CEA6C26A35A6C3217A13,TRUE,a4e079d3-3919-4c47-84ba-9a7d7d1acbe0
+57416bf8-a14e-42bb-b668-d424222ffcdd,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,6E90699DC49B40F02790D085E3A1B9CEB2F81D85F55D2054163B3432FB87F59B,,,,,,,6B8EEC829F0373931099F070CBD4E2E1380CD5644201D05D80D86B1E7ED0B08B,TRUE,bootmgfw.efi
+0f4b6460-f81b-4770-8dfb-55224983a557,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,8516257431A250296A10F82A4795F9CF68E5C185CEAA2F6F77CA0942CBE0C999,,,,,,,B8D6B5E7857B45830E017C7BE3D856ADEB97C7290EB0665A3D473A4BEB51DCF3,TRUE,0f4b6460-f81b-4770-8dfb-55224983a557
+db57d7a1-5937-4ba9-896e-8fdce1ff2990,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,C79381B9A5D1D2B8A85B6A5B2255923FB2D3A5F500CC00FBBCBF10C6A3A0B40E,,,,,,,332450890F9C8FFF7EC15C53921BF27227AB9EA06B0E1C816D819F8E21CFB55F,TRUE,bootmgfw.efi
+76724735-ec57-4c1a-8712-f0267d21f0c4,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",5cdb3b41abea2f625c0a632f4ad2cddb,68041e64a6a90537c6f7d7c6c1b07ccee8fd92a3,4f9398592553ee138d8db48b95789eca19324b8408cafd0f0bc46d030e7b4fd4,,,Microsoft Corporation,Boot Manager,a7e340723a992f0a725fa1e394e5a655,882ef0e748b0ba689bb0af982c499db1fb1c8ab1,65625a143d220ea184dbd5cdfb1b9e9c3bd9654294eaa2b98628bc273ebc18b5,TRUE,bootmgfw.efi
+7520fd68-dbc4-4182-ab8e-2cc005024183,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,3BA74313087DB77CF93A00E072A2FAE00C0A472DAC5DD6988F9C0993A0769159,,,,,,,4AAC0A9E089DF8E9AC6725E0DFCA3AC11A17747A2E35F43A2B38A58F8AE2A273,TRUE,rhel-8.3-20200917-shimia32.efi
+48c8b841-9f1e-4557-ba59-91461142b90f,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,571B2AA6CA8EDF6479D3472814B8CDF34A0B8544939E5CE9F50261968E382B45,,,,,,,E800395DBE0E045781E8005178B4BAF5A257F06E159121A67C595F6AE22506FD,TRUE,48c8b841-9f1e-4557-ba59-91461142b90f
+94ba0558-c5b6-4f9f-b1fc-598e7448bf13,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,196243A87389B47FC9033AF3884F3FF0A5C891D80E22C82D2ECD5B9A3434186E,,,,,,,CF7F9E7D091023A1A1C3F5CBF7DDACF7B18F03A4D07961F71506FE9DF4388EEE,TRUE,bootx64.efi
+d7cc6936-4efd-40a1-bef3-ea4da008ae4c,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,E4FF4E538B4758E8E49010ED16D6D5380417B146F3E8806ACB3AC40611646FDB,,,,,,,EAFF8C85C208BA4D5B6B8046F5D6081747D779BADA7768E649D047FF9B1F660C,TRUE,d7cc6936-4efd-40a1-bef3-ea4da008ae4c
+ca7157a0-3de8-4642-95b6-0a42c53a97b3,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,7395EE455BB71B4A37DD973999C875F166037E7BF5B948F812A8B45ADFC03A55,,,,,,,E42572AFAC720F5D4A1C7AAAF802F094DACEB682F4E92783B2BB3FA00862AF7F,TRUE,shim64-bit.efi
+261d9721-b41e-4711-9ec1-d46057b9c56b,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,424C636253B4EFA0C69F91505EE16D7079956B8EDE4524FFCE211A1B037FF692,,,,,,,97A51A094444620DF38CD8C6512CAC909A75FD437AE1E4D22929807661238127,TRUE,261d9721-b41e-4711-9ec1-d46057b9c56b
+03fbb84a-9153-4d42-aa08-c26fd8260bd1,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,AD215B731A41CBE37CAFEE5280FFC282A8AC23B5E8BA25DFF3D28A6AAE1D2A0D,,,,,,,C3505BF3EC10A51DACE417C76B8BD10939A065D1F34E75B8A3065EE31CC69B96,TRUE,03fbb84a-9153-4d42-aa08-c26fd8260bd1
+5d92da13-8976-4b19-871d-a9266e342121,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,A84526FB39B09F95A0A1CABE23D34CC28FA554242405EB653D6EAB8669B3C1BC,,,,,,,19F4C7030AD74035F5BC07ACE285BD7538F231D25787755D72071EDE879C6978,TRUE,bootmgfw.efi
+e0a4512e-03fa-4db8-b7e0-8c8eb6f2bc8a,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,7C2FDA323F09B9BE6269BA979A620438413EBA4A93B2BA34F9B39998268AD9CD,,,,,,,37A480374DAF6202CE790C318A2BB8AA3797311261160A8E30558B7DEA78C7A6,TRUE,e0a4512e-03fa-4db8-b7e0-8c8eb6f2bc8a
+63cbc1a5-3884-4049-ad87-f32f77644986,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",8572a7c437a9bc92225906ce5fc04497,6d2ce22514e2dffca0e31eedd4804280f8c37e4c,cc5c7db3068d99d6271fb38ab15b78c633c92249c4d783db0cdae2b918e97969,,,,,3c80cdb2f0833095f9f77027e2431b0a,21b20549df4909eeb13f64d4641ef60cd5c5a682,48f4584de1c5ec650c25e6c623635ce101bd82617fc400d4150f0aee2355b4ca,TRUE,Signed_13652009334930799/shim64-bit.efi
+b0db7258-fe95-4712-ae0f-fe258342295b,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,862EF2D92E8E0DF128007AEF6F9E4D6A6D0DE3C656A4D72D1A19A18068C23508,,,,,,,F31FD461C5E99510403FC97C1DA2D8A9CBE270597D32BADF8FD66B77495F8D94,TRUE,b0db7258-fe95-4712-ae0f-fe258342295b
+3d65bba8-925b-4fcc-849e-ddfc0bdf1c49,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,C655C36EA5160603D4134B038D732604394031E177D1C32CFD582CCE0C037887,,,,,,,DC7CC8D1DC11E304ABDF6E6227838F35B223B780F030DE7B341E88A3F6A361B4,TRUE,bootmgfw.efi
+44795d05-39b3-4605-a58c-cd20de64f934,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,34776096730EB7B0CAA5415414943E2C31AAA464BB545FBCB8E341E7EBACFAB5,,,,,,,1A74740EBBE6A0E7DD44CC3D8E29F8FCF42B642298A5C5A586D77BE0DB15C2F9,TRUE,bootmgfw.efi
+02e8f438-8842-4018-8592-a4fea656bd01,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,8BF4FAC6F3981D1E6180DB0CD53152AE9666DC40884090A522840062E0C926E7,,,,,,,0257FF710F2A16E489B37493C07604A7CDA96129D8A8FD68D2B6AF633904315D,TRUE,02e8f438-8842-4018-8592-a4fea656bd01
+51d3afbe-d378-492d-86fc-3afcf9396417,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,0FB12613BC1D4AB6FBB256574EBA9347AE3A87F96E4A3C259028B55CDE1D8053,,,,,,,BC75F910FF320F5CB5999E66BBD4034F4AE537A42FDFEF35161C5348E366E216,TRUE,51d3afbe-d378-492d-86fc-3afcf9396417
+dc00f1c1-898a-479d-b9a5-9caa9973e310,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,94BDE75194960FAFF8329DCB4462BD8888B32078B0FB8FB2011C6993FDA0316A,,,,,,,9063F5FBC5E57AB6DE6C9488146020E172B176D5AB57D4C89F0F600E17FE2DE2,TRUE,dc00f1c1-898a-479d-b9a5-9caa9973e310
+5df619c2-4db7-43f4-95b6-a2e16ebf847f,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,CEF9A1B433C4ED851EC0C373F7E1F19A2B8C306A821D114F177B14E8C070276F,,,,,,,1B909115A8D473E51328A87823BD621CE655DFAE54FA2BFA72FDC0298611D6B8,TRUE,5df619c2-4db7-43f4-95b6-a2e16ebf847f
+ef578b44-9fd5-4d83-9609-4c955babbd69,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,E082E310571748B9FE6B2DFAB71550530F2452B8E7E4F7725DE7EB9E4C7B1559,,,,,,,87176A15E766BD06528ED91A61481C3B3CDE65EE95115403F9FFC6D3A26D43D0,TRUE,bootmgfw.efi
+c748db0c-0a54-4567-a733-2f803c84a914,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,6A7CD85A11D733D1D03A01AAD914A3F22C33AD9590AB27792D2B177E0E51D896,,,,,,,6D174DC1673F7CFB6F1EA75D71739AFDE2B784E214E41AE6F5AA30F622A400C4,TRUE,bootmgfw.efi
+0f3431ba-2b83-4020-b3ff-32eadbcb7205,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,7384B867C248569C3DB81E82AF35585AB3108858E958750098F9D8298CC9B8F6,,,,,,,9F2B71EC2FECC93E4EDEAE24B32F8857FA36A81A7272DEFD5435D29FA3BF828E,TRUE,bootmgfw.efi
+ae979b6b-32b7-42cd-b835-09215a457c01,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,561694642D87969C00583ED6C4BB6C41527DFF7164A079035E8C8B905A5E4B62,,,,,,,C42D11C70CCF5E8CF3FB91FDF21D884021AD836CA68ADF2CBB7995C10BF588D4,TRUE,ae979b6b-32b7-42cd-b835-09215a457c01
+9a34a20c-afea-4d1e-9109-fb7354066e06,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,79193EAE46F687D00B90B3EBA361B35802BD42E2891A8A8C286B4C00119F9F94,,,,,,,F33727B54A9908CEC7ED8DB582A1482420FA257B61B559C47343110872ADF7D8,TRUE,bootmgfw.efi
+406a9495-809e-4065-8c57-b6aa66dc4029,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,B6FDF73C4B54F57935671B1C6F03FF5F104F8092C72574C2DF2C6FFB1E5F2E61,,,,,,,0CA5E602468258B0685A2B2B7F028B977354602A82ADA86C9919FC472AE4CA40,TRUE,bootmgfw.efi
+c5c530c2-b0e2-440b-98c4-3ae3a9581479,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,24119E64BBECB849FDB3CC3EF0BEE550248B13BD5ED5AE540A9389C7D5D7C8BD,,,,,,,FD3062358E0E1DC4C3A60380EF1BDFD4C51F4473B8600937D921DF472FBF9B65,TRUE,bootmgfw.efi
+cf8adf07-931e-408c-a85f-d5e45b09a41e,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,A84FFCA344A000BE6FC526DA7D7F701B87EF5559A71D8E63F806276E4D3DFE27,,,,,,,D759308D047E9206006B51B5770FA25EF5C124B8ACC6B0139F5883765FE30DEA,TRUE,bootmgfw.efi
+4b37df07-e561-4581-977f-6eb984d0afbf,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,BD8020CC80D5F842DDFD5AC110C189707A83E85415EEA3386884ABDCFD7F3135,,,,,,,99D7ADA0D67E5233108DBD76702F4B168087CFC4EC65494D6CA8ABA858FEBADA,TRUE,rhel-7.9-shim-20200726-shim64-bit.efi
+ce52a206-8cc9-43e4-9f5d-28b646502ac3,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",de3db6ac5d9d0d31d8668a74bc3332df,b2851fbbc75273998a8dd1aabed09efa961c050f,1604f70608f964d1a835c3f3a421e58e449774f0291ff134ac298364e8e3f776,,,Microsoft Corporation,Boot Manager,664f6508818e109fb75fbe07061638e8,aecda4260dceeda535e4c967ed2fa9ae3c4d580a,52a3ca4db923c0648ac04be86ce02dbc6a3aaac8312366b106205dec6e2ca2d9,TRUE,bootmgfw.efi
+8e87c22a-ea23-4f89-bee2-c301e31b4045,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,24AF7036C63F09FEBAB1B84372ECD6151BE32CDC94E80E57F52F7D2C3665FBC4,,,,,,,F8DD2281C67C59A08FDDC9859E9D5FF73802CAD88975242BD11486F13C6DDA6B,TRUE,8e87c22a-ea23-4f89-bee2-c301e31b4045
+d69993da-b588-4dcf-aea1-5d11d9ca4dd7,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,271A4B174838286F6D4BB9FCE91A47FBC87B28BE586744BD42CD82CEF4600B72,,,,,,,FB0BBC256AEA5CF93DA99CF26481CC42F4E7BA6B32DB63B827620807E79E805C,TRUE,bootmgfw.efi
+11dd8dba-8b90-413b-b2eb-bdb05f573d2b,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",bc78920fd9f058973d63495f36203685,edbde6908eebb8bd3197c1634769213b22e0b1b3,db9643f6d78c6c5bdc29b041660174324639be8b3bc6e247c8c2026e68c4e618,,,Microsoft Corporation,Boot Manager,ddee4ca24adecb29457fd110f5a472ed,c146c31c4634aa1a51fe611ace87a75464c5e199,310949b7fd26af0e2e29e1c902ac198574f096d15836376c8b3ef2dd1fb5f1c5,TRUE,bootmgfw.efi
+cce60051-3b8f-4752-9e76-a1098bc803b6,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",f38a930c417139cd5ccfe3ff2277b4c7,b304b38b615184a936502bfb705bf254ab41ee32,c4b5797189521611b809720ed9c4734f1dec8a2ee2597781ffe438f652a58ce5,,,,,cf8d4c0a11aef346e68e0187814ac953,51e223e52d59a6e2e4df6614cfa47525722f127d,8c0349d708571ae5aa21c11363482332073297d868f29058916529efc520ef70,TRUE,bootx64.efi
+5466b767-bb4f-4044-a72c-1a7aab0d1d4f,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,1EC66D5D99383D9EB6CB553965D6ADEF787ABDDEC162844AF1CC04F24EDBCE08,,,,,,,D084AC3FCD80893B1878653C8BA9B71FB9C53E25843A989EF51A9B44C7EAFCBC,TRUE,bootmgfw.efi
+4c9eca9d-f738-4fde-99da-f5f1536910f5,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,399BDFB85E5A072F763B3692AC5B34FDB00D7C5DA4180219E99A2E0693D72B39,,,,,,,A330FDE65C067A5F0B75C80D0A300767C301EB75E0CF9B4EE240F0D60B3DC503,TRUE,bootmgfw.efi
+c9f24d64-ce8c-460c-a5b9-13c1082de5c5,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,3EF9FD0B7CEF661D5AF2971DAEF1ECC44D9210D33AF8C95E2DF9EDD694BB0FE2,,,,,,,3860B7C7FF6F4BCD5865843B2E86B2ECA5FF4FB071999F2129D4C7753B806F34,TRUE,bootmgfw.efi
+15ca73cc-0098-429e-8191-5df17cae28aa,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,C2D9AB79B0593235C5EDC3CF77C3A48FCFA740D804A0397B3D9BD9AE9EE516D4,,,,,,,CB7BBABE6E9A118C420BE4294132A88BC494969D95B9884480BD4F68AB94FB2C,TRUE,bootmgfw.efi
diff --git a/lolrmm.com/content/api/drivers.json b/lolrmm.com/content/api/drivers.json
new file mode 100644
index 00000000..d91257ee
--- /dev/null
+++ b/lolrmm.com/content/api/drivers.json
@@ -0,0 +1,45336 @@
+[
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Unknown and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "eefbdef0-8570-4a68-9824-042e17b71f98",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "41D1EEB177C0324E17DD6557F384E532DE0CF51A019A446B01EFB351BC259D77"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "CB9E3E372C5F707858E1DE6421C2D3407C240F9D7BC43A9B9F3BA1F6037615B9",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "eefbdef0-8570-4a68-9824-042e17b71f98"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "b3b0f086-0c9c-4e10-b65c-47509c6f0dfb",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "724bc2c9091c4dd631e113c32702d9f4",
+                    "SHA1": "f8799b5f344ad92948a1468937cd9255e6873dac",
+                    "SHA256": "f197a171a09ab640aa8ac4ff7ddfc88377a89fdbb3fee014abb9097d92575b67"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2016-10-12 08:06:52",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.18515 (winblue_ltsb.161012-0600)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "fe08109ce34ae68fed49348549b9ead1",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.18515",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "95c181375ef93e118f930024df1bff96",
+                    "SHA1": "e3a24ad3c9b07df2a4fb39a1432ba3597faa48f7",
+                    "SHA256": "0708c72d17d4892e2deab31b567c830ee261f5e5730997a47366c0e1e58dec0e"
+                },
+                "SHA1": "7fb211ce3088f2e657c72dcc80574310becde3e7",
+                "SHA256": "d8732eb8bd7240f17d90656424aabc0669c3d13e3117efc4805bb59dd21ceb1d",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 6.63561700395366,
+                        "Virtual Size": "0x130364"
+                    },
+                    ".data": {
+                        "Entropy": 6.142173903791614,
+                        "Virtual Size": "0x5c7f0"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4721353846875296,
+                        "Virtual Size": "0xfd30"
+                    },
+                    ".reloc": {
+                        "Entropy": 6.764151324597371,
+                        "Virtual Size": "0x5d40"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2015-08-18 17:15:28",
+                                "ValidTo": "2016-11-18 17:15:28",
+                                "Signature": "60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "f31f8c784e5d3986ccacb9c88c6d7044",
+                                    "SHA1": "833498af9a41da339c83e0d384b521f72d053331",
+                                    "SHA256": "1f47e616b2810165968d76ef4f6587611c276f4b52901bd6aa5822f9c6e52976"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "7a216607-3204-4536-9507-a3beccc529a8",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "dd9b5d03a87f0e8ddba5df77f7a98999",
+                    "SHA1": "a18abd2b659c6d0eb756052a05e463f4c2eab7cd",
+                    "SHA256": "8ede7732284dab4aa384606ca07be29e72fded094597261a2f6473494a8aca0a"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2012-07-25 20:32:59",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.2.9200.16384 (win8_rtm.120725-1247)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "87b6d22295a16073d8d456fc574441a8",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.2.9200.16384",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "a387b0075e977009a7bb74d24fc388de",
+                    "SHA1": "345e019b25904c911be9e3b6a9e2b0bb18652b04",
+                    "SHA256": "e04ed5674c66abbab401efb6e21e2481d4cbc485e5c8a6d34419bd7c8cc9fdad"
+                },
+                "SHA1": "0c26596b3297d5e5a06f8d3788579edc7895a622",
+                "SHA256": "783d088ce72996a064c0da796579475e0aef23c5e6e0e5905c98571bf8620e20",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 6.4845800528218485,
+                        "Virtual Size": "0x109ee2"
+                    },
+                    "PAGER32C": {
+                        "Entropy": 6.353527581631879,
+                        "Virtual Size": "0x3d48"
+                    },
+                    "PAGE": {
+                        "Entropy": 6.510073701345747,
+                        "Virtual Size": "0x169e"
+                    },
+                    ".rdata": {
+                        "Entropy": 5.41880175126111,
+                        "Virtual Size": "0x19b44"
+                    },
+                    ".data": {
+                        "Entropy": 4.629726747704923,
+                        "Virtual Size": "0x63cf0"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.004535487649427,
+                        "Virtual Size": "0x8e80"
+                    },
+                    "PAGER32R": {
+                        "Entropy": 7.631412897966042,
+                        "Virtual Size": "0x380"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.47076835529837,
+                        "Virtual Size": "0xfcf4"
+                    },
+                    ".reloc": {
+                        "Entropy": 2.706444085925694,
+                        "Virtual Size": "0x1ab4"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2012-04-09 20:55:50",
+                                "ValidTo": "2013-07-09 20:55:50",
+                                "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "610bbbd8000000000005",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "158438012e4dcd69b27b762c9358cfa2",
+                                    "SHA1": "684ac167849404a4101f166b759f291a43d5f749",
+                                    "SHA256": "95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "610bbbd8000000000005",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "e774e770-0d9e-40c1-b9e1-ac09484a837f",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "7490AD46B3AEA32DD21C46A7A42FF4183FFAA7C486C75C6438ADF936E512B9A5"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "DEA5BD5268B76F56B4091A20C806124DE8054FB07A652CF0E883BBA9A0938DE0",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "96d26340-d5ec-43a8-b1e7-068f46a2aeaa",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "65B2E7CC18D903C331DF1152DF73CA0DC932D29F17997481C56F3087B2DD3147"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "A739C0624B7608F40645D417E79CE0B22FA568D885ACEBE51949F268565098B4",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "96d26340-d5ec-43a8-b1e7-068f46a2aeaa"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootx64.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "0a9c062b-91a3-44f9-b577-0128708bf124",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "662458438867c4c20ffa9adb1dbe99da",
+                    "SHA1": "e407452938d3438b835e875dd8c40785587a6e0b",
+                    "SHA256": "cfd2a8f23bbce7424f4a6e27def368f17b086ffa226528900fa092736e705ef9"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2014-10-07 18:02:30",
+                "Date": "",
+                "Description": "Boot Manager (Test)",
+                "ExportedFunctions": "",
+                "FileVersion": "6.4.9857.0 (fbl_kpg_kernel(dedesa).140630-1750)",
+                "Filename": "bootx64.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "9962f9fb820e5d7f5a31b86b9d164d33",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.4.9857.0",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "c5389be8b9ed2eadc3172c020ecaf490",
+                    "SHA1": "c792c3865fa8fad335ab1bf4df6fc31f9a4bb8b7",
+                    "SHA256": "4e28f20b385ab12059b7bfd4011ce3aa3d1e1a1514c9b01f86bc2d696d83c356"
+                },
+                "SHA1": "84376651061fc88774ec945b9062c112139c883e",
+                "SHA256": "f6208932ed98aa64f5ec0d9f59138d4c1dddbd82437315aac4aa913e5d4f825e",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 6.473097220302679,
+                        "Virtual Size": "0x14b976"
+                    },
+                    "PAGER32C": {
+                        "Entropy": 6.319009763281622,
+                        "Virtual Size": "0x2e69"
+                    },
+                    "PAGE": {
+                        "Entropy": 6.536008053813184,
+                        "Virtual Size": "0x16b9"
+                    },
+                    ".rdata": {
+                        "Entropy": 5.3663917464862045,
+                        "Virtual Size": "0x23014"
+                    },
+                    ".data": {
+                        "Entropy": 4.5467853172101345,
+                        "Virtual Size": "0x62140"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.062316800180466,
+                        "Virtual Size": "0xa7c4"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4613409021077035,
+                        "Virtual Size": "0xfc40"
+                    },
+                    ".reloc": {
+                        "Entropy": 5.434784212443644,
+                        "Virtual Size": "0x9a0"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2014-07-01 20:32:01",
+                                "ValidTo": "2015-10-01 20:32:01",
+                                "Signature": "8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "9da610547a25cbe89af7ecdb99229623",
+                                    "SHA1": "6841cbcbd019586d045c2e9d6d0bc3a98fee3bf7",
+                                    "SHA256": "1cfead8146399a4dfe6759e9303c30c521cff3830e7177e87e64021dc3da4931"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Fedora Project and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "d9cb5f15-653d-4fdc-aee2-279681f7f91f",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "9954A1A99D55E8B189AB1BCA414B91F6A017191F6C40A86B6F3EF368DD860031"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "F06D3E0F031A2FDC63DD2BA2BE7F32E0D432434C3515C2F840D812FFBFA530F6",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "d9cb5f15-653d-4fdc-aee2-279681f7f91f"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootarm.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "45647cc8-3eeb-483b-97c3-170693cfea9a",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "A109E71AE3A0376CA0059A421250508EDB2BB624B6517A291F51E249F16B5CE7"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootarm.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "E8E83E3E343C069277EC4C1E79C5C61D20917E0451B9A980346732EEB7B840C1",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootarm.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "6f2d1488-6c25-477a-97ad-e0a570723b20",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "90A483526B4238C55BC5DED289D7C1D376109B9D5F3E93529EDA75C4D451523A"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "A8CE55447F57564F1CE95A7B3C505A7996BDAC4A06710DD101ECD5B818653E27",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2022-34303"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\miniloader.efi } }",
+            "Description": "This was provided by CPSD and revoked Aug-22",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "0e46bd88-7635-4162-a02e-85d9bd33be3a",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "EDD2CB55726E10ABEDEC9DE8CA5DED289AD793AB3B6919D163C875FEC1209CD5"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "miniloader.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "30CF3AD2DF14F05D89BC321744559E857055A5C84D7F0834B3DBD261ACE1CF5D",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "miniloader.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "4cc6cdc2-6f4e-4b25-b3a2-383174f52460",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "9AF92541E63EACBC5784BB44DB66F9B60726174F4EC178C6CE32EAF647EEBCA2"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "24C0732D77F6BC85BE8A6CA9B0FA3BA8611F950CA4E0194E972E59A433DC05C6",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootarm.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "25025124-0a03-422d-8fe8-530afd16951c",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "D28AEC97E28A38D94BE65369E43D01F6266195D6113E7ED17A6930A309288800"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootarm.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "372968218A3CBA11D964EF1B1E8CFF3804EDF96481B96B929208D1B483ADB30C",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootarm.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Unknown and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "e081d394-fa4c-46c9-8a1c-c8790790aa3c",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "91656AA4EF493B3824A0B7263248E4E2D657A5C8488D880CB65B01730932FB53"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "84A6C5F6C7AC07F1CC405F7B53B69BFF17BE0E4B9A428C21D39DCE0CDD4EF16B",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "e081d394-fa4c-46c9-8a1c-c8790790aa3c"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "7e81b1d7-7526-4958-98cf-688b36cf8ea0",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "3A9E49E6E644C0ABEC17D32D020339D171439ABA327409A7797E6686BD0F641C"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "FE4B7349F21EE077096B6986693C3F250758C5DDF96C14AF4BBFD96EE74A70A0",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootnetx64.efi } }",
+            "Description": "This was provided by Debian Project and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "f2418902-5951-4626-8a5f-79d4d022337f",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "59ee638030fd199a10f08a99e2cecb60",
+                    "SHA1": "e123503e3c7764b8d9e60439069505f997287914",
+                    "SHA256": "c9ec350406f26e559affb4030de2ebde5435054c35a998605b8fcf04972d8d55"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1970-01-10 22:48:48",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootnetx64.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "41218ac4af41772dbaa3d4738e0c2bf3",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "4d7caebdafbc4bb3866676173dace618baa6a129",
+                "SHA256": "aef3e0a113345c1adca2d627c5853a11ddfc4e0e07fd28c10049a9b766c0fbc5",
+                "Sections": {
+                    "/4": {
+                        "Entropy": 4.844299269362631,
+                        "Virtual Size": "0x18118"
+                    },
+                    ".text": {
+                        "Entropy": 5.625262326816911,
+                        "Virtual Size": "0x91828"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".data": {
+                        "Entropy": 4.423207936399988,
+                        "Virtual Size": "0x28828"
+                    },
+                    "/14": {
+                        "Entropy": 7.405693653367437,
+                        "Virtual Size": "0x3b3"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.8341231672694769,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".rela": {
+                        "Entropy": 2.6464824623251326,
+                        "Virtual Size": "0x1ae50"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.210346535035395,
+                        "Virtual Size": "0xea78"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+                                "ValidFrom": "2016-11-17 22:05:37",
+                                "ValidTo": "2018-02-17 22:05:37",
+                                "Signature": "0141873b6d85a37b5ac2a306448d73b6be76f7682ad14efef7ce4b377f0f7a5fbefd76377d59dc2caccd28d1be3eb180a8b66ab19a853bd14c7d5e955e8f07bc2ee0686ac3a2c9e997bd9f58de6dc9b93900c6b7824f64bf415ac51ebaa3dcfe8ad4fc2a41ad95b372c421c4f87835a59867c244e1c8df142abc4b23579f57431565eb8de6a7a0318b2fd17f93876a335c9450d2531f6a877baf43a569f83703a68e49987ca3c6dd42a595827f5be49151d3b79ea262e38ef5b37bda5b1be3462baa6ccb313193cdba21ea3cb1e9bbc751a769f354d63a0d1de3158c67d47b765b92d580ed5f1f1cdb5f61774c4b66c7deb15f4c71d605106064f33a17d31ca6",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000001e0d8474951a966ce400010000001e",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "b6f099bf203668f11a8f79ab08792ed8",
+                                    "SHA1": "4713755a345940554eada6042e90b0151591fad6",
+                                    "SHA256": "62a02001fda2712f35e5ba5f619a6403b6a2c10570eab455fdc69455535f49bb"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000001e0d8474951a966ce400010000001e",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootnetx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "3b215ee9-89b8-4437-bd89-dc9fa92cb727",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "09F7699631C18DB0C33491EB4B3C65B8F279238C5FC5E3AB0BA52737DBBD26F3"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "21BB3AD3C8E0198CA40E2636E5C3F27EAC047C1C0B39F19D81332FCA03DC4FC0",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "1f0649ef-7118-46ab-b168-e4b9736bcea4",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "85255700890931C5B71A73DFF09EA5125CD702EA65F45B4054C1463E00173FDC"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "3F5AFCDADFA8F590C39764BD9A31CE160FD7A929654491154AFD6738C0523D2C",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "46412487-6c24-4809-8b77-f2165d5a8395",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "2E6921DC970AAC433DE9AE4ED66B2681A4CD2BE649D2EE9A561871C335E8B1B7"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "DEB3FC384826610AD277DDD592F6CA8FA9D00E56457724D470DAAC32962532F9",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "10baff75-83cd-4786-ac2b-ade269c71421",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "75E78C197FF91F574735A3A606E56862E9E0B84DF0CF69F7C7F43CBC171AB371"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "268CED16B53E3430A28F1713A0D155A68BED89DB264D8D8170EB6BC548C9424B",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "0fe6f9a2-7b13-4c27-bf9a-412d9acf533f",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "AE1DCA8AAB7C4BDD21C5AA19A323F597BD1850445D76695CB2910CCCB5F163B8"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "9A02C839424A2DB0C3B98553C179C0583E7B8760C7A061176F76B6970746B8AC",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootia32.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "cd9dcfdd-25a1-42d5-bd95-3778087060b5",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "73BAEB8EB0B64056A7BC309642FDC589BF219928A906666D107E65E8B0DBF496"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootia32.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "4B6C8947CAA89BE6077E2964C4F97425C663AEFEBCDFC373CAFD982367FB5CFF",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootia32.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\shim-sles.efi } }",
+            "Description": "This was provided by SUSE Linux Products GmbH and revoked Apr-21",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "795fbec7-a5f6-4e5d-b2c3-c968bf758e26",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "040B3BC339E9B6F9ACD828B88F3482A5C3F64E67E5A714BA1DA8A70453B34AF6"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "shim-sles.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "3166EE4CE65D10105DEEE3A0163E236AC872E2C45652DC1DD78F8CE984463C12",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "shim-sles.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Unknown and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "27c9ba50-5540-4ff3-90eb-8798c48599a1",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "1CB4DCCAF2C812CFA7B4938E1371FE2B96910FE407216FD95428672D6C7E7316"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "127B01B1F605183BBA4D1A07B7EEFE01BA88203A6CD6686B28F3883F33C0ED42",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "27c9ba50-5540-4ff3-90eb-8798c48599a1"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "a2a7bdd7-c7bd-4195-97d5-a7b127691dfe",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "5348075329A1087EBB689FCFC775304B09C6786A523F83E7BB90E26DE0E61FF7"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "DE1CB8E571EEF26A3C4BABCEC97BA41894AE9DE7528A35BFF5FDDFF5C025CEED",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "7662d98a-0476-48dd-b532-8e6142d251ec",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "e2a3feaa3ac65bd8ceec1f6430f81121",
+                    "SHA1": "80257f616bfa48d64053b0198af7280152e8243f",
+                    "SHA256": "8ed8aa03199de7d541ccbb3009a2b1ff575219662d8b23fba7fdff02d80abd29"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2016-10-05 14:50:04",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.2.9200.22004 (win8_ldr.161005-0600)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "a168299b9ced4e289f438408b6a047b6",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.2.9200.22004",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "fa6462badb7aa537a9d3ecf604e9fbd7",
+                    "SHA1": "caefdafc6f3620830b306d429c83bb077f6bdaa4",
+                    "SHA256": "4689fe3d6e35db99759219db2adef6cefa62105e8b636c0c5bd2a6bec395e471"
+                },
+                "SHA1": "cd0498821da3074abf0b1c44819f1bd2f3a13355",
+                "SHA256": "90ea447ccfdcd9771de40de9721d0256d6d8a30d68963e82485c2e92b7eb5257",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 6.640808824960342,
+                        "Virtual Size": "0xdd886"
+                    },
+                    "PAGER32C": {
+                        "Entropy": 6.570088920256996,
+                        "Virtual Size": "0x4805"
+                    },
+                    "PAGE": {
+                        "Entropy": 6.507290228990708,
+                        "Virtual Size": "0x12ab"
+                    },
+                    ".rdata": {
+                        "Entropy": 5.377951519517065,
+                        "Virtual Size": "0x122af"
+                    },
+                    ".data": {
+                        "Entropy": 6.169217945416925,
+                        "Virtual Size": "0x55ef0"
+                    },
+                    "PAGER32R": {
+                        "Entropy": 7.631412897966042,
+                        "Virtual Size": "0x380"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4717263860040073,
+                        "Virtual Size": "0xfd14"
+                    },
+                    ".reloc": {
+                        "Entropy": 6.114816268597115,
+                        "Virtual Size": "0x61f4"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2015-08-18 17:15:28",
+                                "ValidTo": "2016-11-18 17:15:28",
+                                "Signature": "60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "f31f8c784e5d3986ccacb9c88c6d7044",
+                                    "SHA1": "833498af9a41da339c83e0d384b521f72d053331",
+                                    "SHA256": "1f47e616b2810165968d76ef4f6587611c276f4b52901bd6aa5822f9c6e52976"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "34e61740-5c56-404a-b796-1db5337dd86e",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "DA3560FD0C32B54C83D4F2FF869003D2089369ACF2C89608F8AFA7436BFA4655"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "EDE70AA6A98D8130019296CE64B5CCF634A997B26401C0E119B96BBF7ACE1C0C",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "34e61740-5c56-404a-b796-1db5337dd86e"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Unknown and revoked Jul-20",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "0cb9b7da-f228-4e4b-a07c-06346f0d2e47",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "B9B20E933E2B6C33C9FF088E224D802028F29A4CEBE50AB5D746027911A454FF"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "459728935C400CBED125A0AA12D0E618CCB6F4FDE3194BB2D06A511DAA335350",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "0cb9b7da-f228-4e4b-a07c-06346f0d2e47"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Oracle Corporation and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "3b905385-bf3a-4181-9c49-646bb5fb1e6d",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "408B8B3DF5ABB043521A493525023175AB1261B1DE21064D6BF247CE142153B9"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "65C4AAB0884825A8A2E4C114020E4FDB58A1D2B0CB68B7714A05D6CDE3F821D1",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "3b905385-bf3a-4181-9c49-646bb5fb1e6d"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootx64.efi } }",
+            "Description": "This was provided by Fedora Project and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "e91a68c8-807d-4b65-a86b-c51335730c55",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "fb4d9da53892bb0152dcfd7a4a150fe0",
+                    "SHA1": "a070bfbb64dc542d7b6b22de52d9b4d994b0d2f1",
+                    "SHA256": "dbaf9e056d3d5b38b68553304abc88827ebc00f80cb9c7e197cdbc5822cd316c"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:08",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootx64.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "abd377408acc02ee7f2f16320ee9b49a",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "b72252c1c92cac65c4a4637816b0a84428d16681",
+                "SHA256": "475552c7476ad45e42344eee8b30d44c264d200ac2468428aa86fc8795fb6e34",
+                "Sections": {
+                    "/4": {
+                        "Entropy": 4.847040002303806,
+                        "Virtual Size": "0x16340"
+                    },
+                    ".text": {
+                        "Entropy": 5.592334908546112,
+                        "Virtual Size": "0xa00a2"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".data": {
+                        "Entropy": 4.509189904315613,
+                        "Virtual Size": "0x2d958"
+                    },
+                    "/14": {
+                        "Entropy": 7.133596117970691,
+                        "Virtual Size": "0x4ac"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.8424565006028102,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".rela": {
+                        "Entropy": 2.602058791274868,
+                        "Virtual Size": "0x29598"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.211335054777265,
+                        "Virtual Size": "0xe340"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+                                "ValidFrom": "2014-10-01 18:02:10",
+                                "ValidTo": "2016-01-01 18:02:10",
+                                "Signature": "2b1b08b20674b8acbad524875a42f0b4d4ba6df424b9adb1e83c9309e657fe499f386cdf93a4f71393ab57da5eee4e346ebccdf9a7e990b44a76433af4071e90ee0e0fc8744003f9afe6bdda1cbd132fef8235d39c932bb9960f52bbea2062ed773a52beef26b333f603d8e9a0a9652c222a013cb1bd44bb5dc96c1a4135284c91784f0d66a2d7d97c59e26fd19d645e730b656d56e7a8166f228a751a745c4491f1865c8d5a4b1bf61fd4a564811e32699deff03a3328829cd888ae53fccb0819957ee499a2ad79d1c1d73ef7324562bee86575193983b41f66c12c95eb5d171df5c4beda799c4fb314e8e27bc47b195e1c8a2cd2d3bfbb29c8264ebddf95da",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "3300000010a4912943d94ce62e000100000010",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "61509fd4e01160eb7d8007dc182bee5b",
+                                    "SHA1": "febd34ec96d90e498d9b6fa54d7fab80ce1464d3",
+                                    "SHA256": "7d79e52d96bc7c571299d90c3bc4bff9d08e36eb74b7e8b0cd69114980737953"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "3300000010a4912943d94ce62e000100000010",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Intel Corporation and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "2a2e7598-1bd6-4772-a189-6421ab29af37",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "09F98AA90F85198C0D73F89BA77E87EC6F596C491350FB8F8BBA80A62FBB914B"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "6484A487192E0B44CBD30EB7B3D436A9150D5B5AD271974764366BDC4E8677BB",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "2a2e7598-1bd6-4772-a189-6421ab29af37"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "57a68cb9-ec2e-4a8b-881b-62a8da44a03b",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "1DC8A3F59B23CCC411D46691FC9B5C35993BCA20E7E2299F1A95223B9F112E43"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "3E73CE2DF3D7B01132C2ED47BC7D1B28E421B0600F0B8D4DECF7F7C23E83EE1B",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "7c6d9a9a-0ec1-43b7-8e1f-053fb98e9fbf",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "9dc081d5f69234c2bbe8fbf881510703",
+                    "SHA1": "99c709c98c1d9548ab82b298f47782597c767601",
+                    "SHA256": "915009d1cf9d68b9e53064de82d4b70b58d2f014a03805cc406427d323d9fc35"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2022-06-02 22:57:05",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.20396 (winblue_ltsb_escrow.220602-1730)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "a442859fd33fbf61ed0ea28bbf33bdbb",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.20396",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "aaf18af925d829095e017c505f1a0039",
+                    "SHA1": "c3d13f7d96127a3b16c7a8c0a3dd98fd9f22c3cf",
+                    "SHA256": "05367ecae4cf78cc575048fb931468b1d210df8c38ff8ca05481124b1a1a6917"
+                },
+                "SHA1": "a1aee57f1fd4a6768950f74dfb2e2a97853d4733",
+                "SHA256": "c9f47991e981394076050cb8b5cddfcbf9fb01b6d7272b9079082e20e4875cc8",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 6.495613960484225,
+                        "Virtual Size": "0x16dbe4"
+                    },
+                    ".data": {
+                        "Entropy": 5.414037738822692,
+                        "Virtual Size": "0x6c830"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.09109331005081,
+                        "Virtual Size": "0xa71c"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.472348575968224,
+                        "Virtual Size": "0xfd40"
+                    },
+                    ".reloc": {
+                        "Entropy": 5.408865957224927,
+                        "Virtual Size": "0x998"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2021-09-02 18:23:41",
+                                "ValidTo": "2022-09-01 18:23:41",
+                                "Signature": "699045742c403812de1bdf9ea2be22132e82a7c006ab278e0c9f460bd435386348031a6b5cbdf450ae5a243331dcb2cc7eace8371cf71ec35a6f663147bd211ea357614e6a611eeacca6486a778d4cd788106ade12d6625574e7a89ecab4eb0bb99295c498dd5f565680a2d26bf2545e727c4204023c48d8021b608fd901c6fefd16ce0c3a669fb0ce758dc671f2cdd7434c163f9de9453e5523d94a78205c828a4615e50330d9f52a8a77f7683d2b61ff1324382d40d31001c518b56b286fbb8c754f6940590c2071385ed0a9387b529c06bf71fff89c74634550fc331b389d558696ace05787144e5af53d20a75a84981bf8380ddac3743f407d8ff27c089e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "46f57c3b860b08484cb79066ac1014ad",
+                                    "SHA1": "c1fe3ab97b834a98460e4ae92fe2468d16f61a92",
+                                    "SHA256": "d78e6b22fec42de5200f6c56731dd6742c79fa2bf7c01c8dc04d3d5738474c9b"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "a252e6fc-a0e5-46b7-ae78-c11ac44dfecc",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "d9a85920d99763cc28d796c77094f958",
+                    "SHA1": "932efcc1a062376a53c14b3fad8f6bf34b96524f",
+                    "SHA256": "50871141459a21faba3dbbf63da5aac8863fa3d8a9891f182ed72e3a74b64fdc"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2022-12-14 23:34:14",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.20772 (winblue_ltsb_escrow.221214-1721)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "3827b6fa1f4022001328be9d79e33b18",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.20772",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "aaf18af925d829095e017c505f1a0039",
+                    "SHA1": "c3d13f7d96127a3b16c7a8c0a3dd98fd9f22c3cf",
+                    "SHA256": "05367ecae4cf78cc575048fb931468b1d210df8c38ff8ca05481124b1a1a6917"
+                },
+                "SHA1": "3b0ef33281ba05d9d9259b1fd44bf5d43e5187a4",
+                "SHA256": "3927727eb2435b28d2cf0ce1757e72ce3e92a86362b87120040c744c1c08bce9",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 6.493463299563896,
+                        "Virtual Size": "0x16e004"
+                    },
+                    ".data": {
+                        "Entropy": 5.4138887164260945,
+                        "Virtual Size": "0x6c850"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.087141441925473,
+                        "Virtual Size": "0xa740"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.472769777929499,
+                        "Virtual Size": "0xfd40"
+                    },
+                    ".reloc": {
+                        "Entropy": 5.408759919158508,
+                        "Virtual Size": "0x998"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2022-05-05 19:23:15",
+                                "ValidTo": "2023-05-04 19:23:15",
+                                "Signature": "7aa4402e28e909a6f7ff198a87c8f546fd868da5adf65529e8ced9b8ff16f56d03704671b64454a21437cdc6b47d83ea130e55b30ed223fda526676f6034a0d649e924cdf96d3c26386378d2ab91da329e3ddecbfe21c7f32764df6409a7f82f67c90ab5d9d7c167376487b3579fc1d99201098d2124f91f6558fb03285a49159fcc6d6ff6f8bbbc51f5209689963bebbc504c08089fa7c13e3bbae4f3c77a3a083548f8c95a1504b66fd5cfa658f9353ca231fd085e94f9bdb9bf68e302cae1bb6d483f97b5d4a2d26486fcab72ebe5fd0b555066edd3d894531f836130e309ccf4e98d1b44950efb0812a2190d4b0df3c5bf7ee8123a1d57410cd797dc0ccf",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000038db0bfe1b0ca33b3d400000000038d",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "74a1035aa6d38ec0a7a35a6d143cc612",
+                                    "SHA1": "62c5627f7d38759edce84eace5ae41fc7a54d6f8",
+                                    "SHA256": "b6319137740477c564fb2beb1d50929a333f092aa362ce5129085a2c9d4bf489"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000038db0bfe1b0ca33b3d400000000038d",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\BOOTX64.EFI } }",
+            "Description": "This was provided by Red Hat Inc. and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "dd78a9a0-255d-4856-b9be-76b08852303a",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "b1e4dc9ee87d701d9aabbb52211a9ba0",
+                    "SHA1": "ba2a769531f2cb00b2ca9c089f1668c6851b382f",
+                    "SHA256": "bb1dd16d530008636f232303a7a86f3dff969f848815c0574b12c2d787fec93f"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "BOOTX64.EFI",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "d984cf8612284adc59b3b73deccb777f",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "61ce3d65bef674357febe866d4e922373f809219",
+                "SHA256": "24558c1cb417b6387e2406c70ff13f5438506e8d7560dd7b226499c872c8076f",
+                "Sections": {
+                    "/4": {
+                        "Entropy": 4.865324642604779,
+                        "Virtual Size": "0x189f0"
+                    },
+                    ".text": {
+                        "Entropy": 5.645691672093194,
+                        "Virtual Size": "0x9777e"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    "/14": {
+                        "Entropy": 4.946577948119573,
+                        "Virtual Size": "0x62"
+                    },
+                    ".data": {
+                        "Entropy": 4.539674359844269,
+                        "Virtual Size": "0x2ba58"
+                    },
+                    "/26": {
+                        "Entropy": 7.473113877861932,
+                        "Virtual Size": "0x389"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.8226444693437958,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".rela": {
+                        "Entropy": 2.6539709907526596,
+                        "Virtual Size": "0x1b0d8"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.205605133391943,
+                        "Virtual Size": "0xdd28"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "ValidFrom": "2018-07-03 20:53:01",
+                                "ValidTo": "2019-07-26 20:53:01",
+                                "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "8d8a1f204c9c80213bd427fa58b387e2",
+                                    "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386",
+                                    "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "BOOTX64.EFI"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Unknown and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "8d43face-8444-4bf2-ac71-c0213d06ef91",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "495300790E6C9BF2510DABA59DB3D57E9D2B85D7D7640434EC75BAA3851C74E5"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "DA31FE4698AD3D0E30408927BE36C938BF52FA9CB8D46B12F84F5D5EC22DD1C6",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "8d43face-8444-4bf2-ac71-c0213d06ef91"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootx64.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "8e8db009-ddf8-4196-ac2a-99c9a0e6d9fb",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "6159052617b8251fa73b9137546992ca",
+                    "SHA1": "d9196a975de3cb5f3fbed654aef1a7d87801fffc",
+                    "SHA256": "cc202e8f2753ec75c9eeaac65c9d39eea6faed570664e930e3815976cd332d91"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2014-09-18 12:30:51",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.4.9840.0 (fbl_sec_oss3(dlinsley).140616-1123)",
+                "Filename": "bootx64.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "9ea079774ed23df340ecc523ddf68045",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.4.9840.0",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "2777dfee3c799f841a25c53df5d11e39",
+                    "SHA1": "6a4457a8f18e185baf0a0352666728176d377faf",
+                    "SHA256": "1ae942cee9560dc7ed300190c7efbe6312d44ec378914f3c09554d816a51b45e"
+                },
+                "SHA1": "34e4cbad02d8dd38e88bc3ab0b2dc47e91b9c02f",
+                "SHA256": "71083eb4f247ac78f52aa09f81054396a0dac1064e1191b5b56a43a6976c5c74",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 6.471130112924717,
+                        "Virtual Size": "0x14af76"
+                    },
+                    "PAGER32C": {
+                        "Entropy": 6.320430943959415,
+                        "Virtual Size": "0x2e69"
+                    },
+                    "PAGE": {
+                        "Entropy": 6.5423108965051275,
+                        "Virtual Size": "0x16bb"
+                    },
+                    ".rdata": {
+                        "Entropy": 5.474744858697431,
+                        "Virtual Size": "0x22024"
+                    },
+                    ".data": {
+                        "Entropy": 4.542679524584936,
+                        "Virtual Size": "0x620c0"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.100559280267619,
+                        "Virtual Size": "0xa7c4"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.46970412781484,
+                        "Virtual Size": "0xfce8"
+                    },
+                    ".reloc": {
+                        "Entropy": 5.4333959598080055,
+                        "Virtual Size": "0x99c"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2014-07-01 20:32:01",
+                                "ValidTo": "2015-10-01 20:32:01",
+                                "Signature": "8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "9da610547a25cbe89af7ecdb99229623",
+                                    "SHA1": "6841cbcbd019586d045c2e9d6d0bc3a98fee3bf7",
+                                    "SHA256": "1cfead8146399a4dfe6759e9303c30c521cff3830e7177e87e64021dc3da4931"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\BOOTx64.efi } }",
+            "Description": "This was provided by whitecanyon and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "cab29561-a4b4-4cb1-b6c6-115700991af8",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "df444af8d4fa4d4b0bf54cdd266ea4b6",
+                    "SHA1": "358f886257db7011d5a38b1e1bc7908a302392d5",
+                    "SHA256": "ad3be589c0474e97de5bb2bf33534948b76bb80376dfdc58b1fed767b5a15bfc"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 22:05:22",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "BOOTx64.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "16e6180b7edfa353678a459079afa5db",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "a9874a4b39d64c5116a663883834c2e789b87f99",
+                "SHA256": "50484376441815f7f85aa294290a9b6072a6a9e8feae79447c5c4de855c5a3d3",
+                "Sections": {
+                    "/4": {
+                        "Entropy": 4.84610218490152,
+                        "Virtual Size": "0x18860"
+                    },
+                    ".text": {
+                        "Entropy": 5.6427037826640545,
+                        "Virtual Size": "0x955b3"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    "/14": {
+                        "Entropy": 5.2339069016332305,
+                        "Virtual Size": "0xc9"
+                    },
+                    ".data": {
+                        "Entropy": 4.47065286455017,
+                        "Virtual Size": "0x29938"
+                    },
+                    "/26": {
+                        "Entropy": 7.287209418645642,
+                        "Virtual Size": "0x415"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.8257898339361436,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".rela": {
+                        "Entropy": 2.6492203474275433,
+                        "Virtual Size": "0x1aee0"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.2089463615530573,
+                        "Virtual Size": "0xdbd8"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "ValidFrom": "2017-08-11 20:20:00",
+                                "ValidTo": "2018-08-11 20:20:00",
+                                "Signature": "6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "a5052527524f4998a7bd87f396196fe8",
+                                    "SHA1": "2374a3e4f0499d106f0e4d71a22f7b0e709847c0",
+                                    "SHA256": "f5b4992e0bd1b102ae9d5aeec4bd213f5dd042bd27b9a345ad336d2dda10a138"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "BOOTx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootia32.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "7191ca91-6b37-4c4f-821c-a2df6c16e91c",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "57AEAB53DB02CCD1E307AD3BE524EB507D0339BB2AAB3BC9B653088B7E790FCC"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootia32.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "3E964DC8AAE03D464F3DEB556C4927075AA9F3A1998C66D65EFDE178F465D7B3",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootia32.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\shim-0.9+1474479173.6c180c6-0ubuntu1/shim } }",
+            "Description": "This was provided by Canonical Ltd and revoked Apr-21",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "9a8ab464-2a24-4329-ba2f-e9eaeb2edb90",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "E37FF3FC0EFF20BFC1C060A4BF56885E1EFD55A8E9CE3C5F4869444CACFFAD0B"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "shim-0.9+1474479173.6c180c6-0ubuntu1/shim",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "98799E6AD44F2AFF3D3D7B66E482B2F4DE4438F5752D932D12C97FF56FA1942B",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "shim-0.9+1474479173.6c180c6-0ubuntu1/shim"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "5ef6ea24-838e-4df6-b00d-3deb0ec3fa33",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "4667BF250CD7C1A06B8474C613CDB1DF648A7F58736FBF57D05D6F755DAB67F4"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "0692A9566F22F280715080EE24B8FF54ED7372A98BD4994670FCF862035281B5",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "5ef6ea24-838e-4df6-b00d-3deb0ec3fa33"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\shim.efi } }",
+            "Description": "This was provided by Unknown and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "1456951c-e037-4508-a34f-5a6ff0065521",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "803bade13dfb54c31a1096787d89ab74",
+                    "SHA1": "1076e1a25c7fe4b65b48570300c506a0317c42bb",
+                    "SHA256": "03f64a29948a88beffdb035e0b09a7370ccf0cd9ce6bcf8e640c2107318fab87"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "2013-11-26 01:54:06",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "shim.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "89c04150c5f5b596236e04ccf5ef6a2f",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "7639a4d8974693df09e8cce6d1e3d0092fa03dcd",
+                "SHA256": "e50f1f1e9fb9198e5b094773d1d0068cc1cb1987d06583abaca20adc1f8932a9",
+                "Sections": {
+                    "/4": {
+                        "Entropy": 4.84611486714032,
+                        "Virtual Size": "0x17a98"
+                    },
+                    ".text": {
+                        "Entropy": 5.636185896681617,
+                        "Virtual Size": "0xabc1b"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".data": {
+                        "Entropy": 4.794829537696304,
+                        "Virtual Size": "0x31df8"
+                    },
+                    "/14": {
+                        "Entropy": 0.6143694458867568,
+                        "Virtual Size": "0x12"
+                    },
+                    ".dynamic": {
+                        "Entropy": 1.0127462677005334,
+                        "Virtual Size": "0x130"
+                    },
+                    ".rela": {
+                        "Entropy": 2.6237858498943414,
+                        "Virtual Size": "0x29d78"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.210837608809073,
+                        "Virtual Size": "0xf4e0"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+                                "ValidFrom": "2013-09-24 17:54:03",
+                                "ValidTo": "2014-12-24 17:54:03",
+                                "Signature": "2a27d6bd2f34c68a9989ec856449fe4934ad5c0615ec5819664399053737a86be46c914b9478ce393534b759eec5eb6f015b706b853f1d2be51fe9807b178eaa9e0f9558d6a5d913c58c7492cbad106abb7395426801a42f363842e60bf72d046668865db5d8ce2c901c9673044d05abb74c171ac198c0f9376bb9185ec7523bb53e6d2c114642ffbfbe20efc6c2571c2006159cb70ff2c428e997f6ce83bf57ad9a47c47decce9830cf861a156471c62600a0260b44e29ea8e6e33c407c046f37be4a46dcaf38c018b24f969beb716d8e76cebc3d1d19134ed6f216cc2e357848b4998196ebd7326bca3e3ade1ba88e98612a569a46a1f45856f4e2dfa02a5d",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000000a6642f3f49fb7379600010000000a",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "c52110f552e27ebb1e3fae114abafb3f",
+                                    "SHA1": "4954e087123653ce38da4cdd31141b6a1bb999e4",
+                                    "SHA256": "1cf7d28cfb21714522a9c91dda9d899ceadb0769f14b25e770799d88365aa54c"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000000a6642f3f49fb7379600010000000a",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "shim.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2023-28005"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootx64.efi } }",
+            "Description": "This was provided by Trend Micro and revoked Mar-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "f15d8f48-cf83-4954-a1d2-030f6dfd40a3",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "14d423ad7ffd78c631ebcce6c78a6c8c",
+                    "SHA1": "872f7f79da66889049503fc77a7d3fefd25a6f55",
+                    "SHA256": "6a0e824654b7479152058cf738a378e629483874b6dbd67e0d8c3327b2fcac64"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootx64.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "fcc89caed202cfa0f9d16b9e1c27d970",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "6a5c3056057baea653d533429110deb3bd7ffec1",
+                "SHA256": "d0eb15fe822c6239a8bb2b42fbc035d0956c72ac6fbd1429c1ab7f7e348b8f94",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 5.627092104649462,
+                        "Virtual Size": "0x1d8c0"
+                    },
+                    "": {
+                        "Entropy": -0.0,
+                        "Virtual Size": "0x7c8"
+                    },
+                    ".xdata": {
+                        "Entropy": -0.0,
+                        "Virtual Size": "0xa00"
+                    },
+                    ".reloc": {
+                        "Entropy": 3.9187065172114592,
+                        "Virtual Size": "0x58"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+                                "ValidFrom": "2016-11-17 22:05:37",
+                                "ValidTo": "2018-02-17 22:05:37",
+                                "Signature": "0141873b6d85a37b5ac2a306448d73b6be76f7682ad14efef7ce4b377f0f7a5fbefd76377d59dc2caccd28d1be3eb180a8b66ab19a853bd14c7d5e955e8f07bc2ee0686ac3a2c9e997bd9f58de6dc9b93900c6b7824f64bf415ac51ebaa3dcfe8ad4fc2a41ad95b372c421c4f87835a59867c244e1c8df142abc4b23579f57431565eb8de6a7a0318b2fd17f93876a335c9450d2531f6a877baf43a569f83703a68e49987ca3c6dd42a595827f5be49151d3b79ea262e38ef5b37bda5b1be3462baa6ccb313193cdba21ea3cb1e9bbc751a769f354d63a0d1de3158c67d47b765b92d580ed5f1f1cdb5f61774c4b66c7deb15f4c71d605106064f33a17d31ca6",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000001e0d8474951a966ce400010000001e",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "b6f099bf203668f11a8f79ab08792ed8",
+                                    "SHA1": "4713755a345940554eada6042e90b0151591fad6",
+                                    "SHA256": "62a02001fda2712f35e5ba5f619a6403b6a2c10570eab455fdc69455535f49bb"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000001e0d8474951a966ce400010000001e",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "a1a3ef63-ac2d-4613-8918-5bcfd1fc3e40",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "250AE0BA860D6D46894491D630D58B1CA008F695C92CE2084A295486F71F985B"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "9A395E7EAB9E7976B1C30EC651B05658D780897BEBAB8A664C6091742E592E7B",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Fedora Project and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "e32b7c1e-14b0-4f29-9c62-d1664d26777d",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "3765D769C05BF98B427B3511903B2137E8A49B6F859D0AF159ED6A86786AA634"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "52A4F27CCEDCC5405D8EC128BF99861865B2273DA18A9B958ABADEFF63DF5A18",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "e32b7c1e-14b0-4f29-9c62-d1664d26777d"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2022-34303"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\miniloader.efi } }",
+            "Description": "This was provided by CPSD and revoked Aug-22",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "82bfbd61-4cd5-490f-853a-3486090e0d3e",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "90AEC5C4995674A849C1D1384463F3B02B5AA625A5C320FC4FE7D9BB58A62398"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "miniloader.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "61F2D843B99AC93FA2ED40A50E5C3F0EAD7C75894BB92C32DF33052804CFB77C",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "miniloader.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Microsoft and revoked Jul-20",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "469544ed-d70a-42d6-aca2-690d5ebecb4a",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "41CCE0FC467609CA368BEDBA45C292F2BE1B622FB9BE0473CF51E7A96EE65652"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "2B91C0C8C0F156ABC8F85274C1320C038AF0179FE4696260B1011D5361E50AEA",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "469544ed-d70a-42d6-aca2-690d5ebecb4a"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\BOOTX64.EFI } }",
+            "Description": "This was provided by Alt Linux LTD and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "2ca3cf24-b271-4a27-a228-ca91cab34b93",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "86e7e6f737ed657dda5423a10319d41c",
+                    "SHA1": "450ccd6553c679f4d87bbf3507780efc17a466c4",
+                    "SHA256": "c452ab846073df5ace25cca64d6b7a09d906308a1a65eb5240e3c4ebcaa9cc0c"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "2012-11-27 22:14:09",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "BOOTX64.EFI",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "9a795b1affc7cb4650bbd99b9a2cd819",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "586bf5d3fb1fb21159338701e324d9d26b6aa0e4",
+                "SHA256": "0dd832075d552da3d29b1ef471fc23b47c0d54b9fd1541935b23f1c5813da08c",
+                "Sections": {
+                    "/4": {
+                        "Entropy": 4.828726571617874,
+                        "Virtual Size": "0x17468"
+                    },
+                    ".text": {
+                        "Entropy": 5.6399775669379935,
+                        "Virtual Size": "0xaa161"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".data": {
+                        "Entropy": 4.771556082942012,
+                        "Virtual Size": "0x310a8"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.8341231672694769,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".rela": {
+                        "Entropy": 2.6218967970429325,
+                        "Virtual Size": "0x2af90"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.2088436906429743,
+                        "Virtual Size": "0xf1e0"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+                                "ValidFrom": "2012-07-02 22:25:14",
+                                "ValidTo": "2013-10-02 22:25:14",
+                                "Signature": "840831439e4e63e88d00e1b0c0678d70bb89f466e9027ab28177926d5def8175b3240e729f943f1e6bd94a0f27c92e696a5001c0747f6bf7574c09e8485a5eb6d7024244ddd73236c28e9dfad58ec5098b74516234232552d9230c1d0ddae73108b0a0144bd9e9265dac56ebdcce7512cf3627a6858d41876ede19d35e0e27957a6896aae9ea150098327450fe7c72385aac6feff0616b3d066cd0be7e5a537bb18488c67db9f0731c30ac7918fe977b4250ffbfbeea81e1ba3b8a0305b9374f0d22453781cc5823b5faad5e50e84306381f83382fe0ed8b176a9c9ff1868cc6543e7f12b1f112adc62430fd1ba530d877a290f0d2e09eacce07ed37ec439c25",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "33000000081eb17e9c15fc837a000100000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "c5e24205d04c09c94d81b6935af7ec09",
+                                    "SHA1": "12622dccb5b07edfd65cae6fc018e24b80ff2c82",
+                                    "SHA256": "d6afbff1c283d7777501bd3b2adb4aadb8ce32649ee401dfbb06f884362f7507"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "33000000081eb17e9c15fc837a000100000008",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "BOOTX64.EFI"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "635f3ff1-ab0a-468c-b6a3-6a8aa39301d5",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "576bde13122eaba63fa0734baecf5a48",
+                    "SHA1": "cf7b3cc939f51462213b3b05b81fbc42ee05afd8",
+                    "SHA256": "e2cf881cf07195454505047d74810ed79ae20dfd0f1593afbbf08270a486c038"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2017-03-25 11:35:17",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.18639 (winblue_ltsb.170325-0600)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "83e596b8944ed413e5bbc0c51c0b64c6",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.18639",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "95c181375ef93e118f930024df1bff96",
+                    "SHA1": "e3a24ad3c9b07df2a4fb39a1432ba3597faa48f7",
+                    "SHA256": "0708c72d17d4892e2deab31b567c830ee261f5e5730997a47366c0e1e58dec0e"
+                },
+                "SHA1": "fab234f84e488343ea0f65072d8785217cabef40",
+                "SHA256": "165a5dcdea3a7de7cfae38298597445eba59282308c7243be50f568aa610f4f2",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 6.635628506909973,
+                        "Virtual Size": "0x130364"
+                    },
+                    ".data": {
+                        "Entropy": 6.142432235727058,
+                        "Virtual Size": "0x5c7f0"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4724787157502846,
+                        "Virtual Size": "0xfd30"
+                    },
+                    ".reloc": {
+                        "Entropy": 6.764072371259567,
+                        "Virtual Size": "0x5d44"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2016-10-11 20:39:31",
+                                "ValidTo": "2018-01-11 20:39:31",
+                                "Signature": "bd80b589ac202a8c57028b505da374963d49e555f4d7fba7ec9c9b645e2c3cc1b869ca054fce40a3953a4cae404cf07bc8f52e9408afa7cf74f03c131aa37e26eea21fe524bc06fe6bf59c1d510cc505cae5e385344eb27a4500ac119b30d5a54c5ae9c249665539cbf51fb8680a5311ee884d3d4a2c38a8e6e170f7c9f94aa821f889f4ef7733ca24c6ecc56105ec5b39f8609dc897a2e7deca1c32d696208e8b92a92419b386e3714c104f01a54b619de5afb79db9618e7f90852b33228d4ae67d6e74b3c55ad9f6f41b86952aed4d73efe4e09f36d2ce97679ce82ca30d073a1dc401342b1b255abaa86b506d8344fa287e2a1214e2d3b98dfdb9c6d85fda",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "33000001066ec325c431c9180e000000000106",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "dde4566ad877cdd7257537c5a15caff8",
+                                    "SHA1": "61ccf092df4eb7534ffc8df983b362e10eb895c2",
+                                    "SHA256": "0ae3a29cfb54cd16c853b2246cc428219bb87f7e4ea299b0374b2ac43f2a61d8"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "33000001066ec325c431c9180e000000000106",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootia32.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "e9402a67-21ec-4fdb-b0a3-7f1700f1ede7",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "40b3933716925a99d7457268b098c42e",
+                    "SHA1": "f2ffc38ed784f8938830012818332db0e4bebfe3",
+                    "SHA256": "4f94f40c6b4bac7bf219c73dafd0870879f1db10de6c8620f6f1333d7aa5455a"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2014-08-18 17:44:08",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.4.9820.0 (fbl_sec(dlinsley).140425-1225)",
+                "Filename": "bootia32.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "670eb63cbc05c4a4fa62f3c63d5b5f0a",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.4.9820.0",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "d94c4831d7cd65bd85851b4c2726909e",
+                    "SHA1": "e4705a5872fb945b5826084d24ee95df003b18e3",
+                    "SHA256": "e2dd71c959ee2c73c142c38d5f2a2f2566a8d421c88ef20cf4eaf567db79fd44"
+                },
+                "SHA1": "4c53e7cd05e537f0f730ed2b079200c7e1543a72",
+                "SHA256": "132d59d83c29be7351d35c44b846dfc3f37b3c62bc40eac6aec3fd68e7cfcfde",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 6.640315213526757,
+                        "Virtual Size": "0x117cde"
+                    },
+                    "PAGER32C": {
+                        "Entropy": 6.501891369169368,
+                        "Virtual Size": "0x3adf"
+                    },
+                    "PAGE": {
+                        "Entropy": 6.552393775330552,
+                        "Virtual Size": "0x128f"
+                    },
+                    ".rdata": {
+                        "Entropy": 5.206756496774499,
+                        "Virtual Size": "0x1a0d8"
+                    },
+                    ".data": {
+                        "Entropy": 5.087579213860843,
+                        "Virtual Size": "0x4db30"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.470390846117556,
+                        "Virtual Size": "0xfce0"
+                    },
+                    ".reloc": {
+                        "Entropy": 6.753504719085344,
+                        "Virtual Size": "0x5e84"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2014-07-01 20:32:01",
+                                "ValidTo": "2015-10-01 20:32:01",
+                                "Signature": "8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "9da610547a25cbe89af7ecdb99229623",
+                                    "SHA1": "6841cbcbd019586d045c2e9d6d0bc3a98fee3bf7",
+                                    "SHA256": "1cfead8146399a4dfe6759e9303c30c521cff3830e7177e87e64021dc3da4931"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootia32.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "89393561-f676-4029-a1ca-88a4c4fa03b9",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "958C0DB651F4E4CCD062446263618C877910E08257EC6D9BCDD8BF1E33134FFB"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "8536BA8D9039C5F91752BDC45A7AD2F91FDA2334363850DCEB38FD87DB7632E4",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "8c855009-8e77-4446-acf1-17ce8b445b01",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "f1fe210387316d9b4c40f31214cea418",
+                    "SHA1": "51d44ad13402af95119844f7da407090702e764e",
+                    "SHA256": "5a47b0b11d2fd9cd39c627d1e6bf4afed9601aa15d6a5d84fb10f39755d2d323"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2021-12-04 21:50:19",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.20227 (winblue_ltsb.211204-1700)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "37d03ef09bf90e11e07eed536a7fed7e",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.20227",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "c3a45277e34522772d2ffb9c618850dd",
+                    "SHA1": "ccaa1ad0944140bed3cf64cdaf8c9d2004c29074",
+                    "SHA256": "474fc92022c5254d909bd3560e682dc6a340333b34b82d63e8b9a575cf09b292"
+                },
+                "SHA1": "97e4998bff2642bafef802b3d909e89f69b1046e",
+                "SHA256": "b7313be4901f1a80f84e4e8a6636f090e7125b97fc845d4454d5e4bef3d40ca7",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 6.6338522426228606,
+                        "Virtual Size": "0x132694"
+                    },
+                    ".data": {
+                        "Entropy": 6.174248711645025,
+                        "Virtual Size": "0x5c8b0"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.472265991210306,
+                        "Virtual Size": "0xfd30"
+                    },
+                    ".reloc": {
+                        "Entropy": 6.752299420294601,
+                        "Virtual Size": "0x5e90"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2021-09-02 18:23:41",
+                                "ValidTo": "2022-09-01 18:23:41",
+                                "Signature": "699045742c403812de1bdf9ea2be22132e82a7c006ab278e0c9f460bd435386348031a6b5cbdf450ae5a243331dcb2cc7eace8371cf71ec35a6f663147bd211ea357614e6a611eeacca6486a778d4cd788106ade12d6625574e7a89ecab4eb0bb99295c498dd5f565680a2d26bf2545e727c4204023c48d8021b608fd901c6fefd16ce0c3a669fb0ce758dc671f2cdd7434c163f9de9453e5523d94a78205c828a4615e50330d9f52a8a77f7683d2b61ff1324382d40d31001c518b56b286fbb8c754f6940590c2071385ed0a9387b529c06bf71fff89c74634550fc331b389d558696ace05787144e5af53d20a75a84981bf8380ddac3743f407d8ff27c089e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "46f57c3b860b08484cb79066ac1014ad",
+                                    "SHA1": "c1fe3ab97b834a98460e4ae92fe2468d16f61a92",
+                                    "SHA256": "d78e6b22fec42de5200f6c56731dd6742c79fa2bf7c01c8dc04d3d5738474c9b"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "c54ad511-bb85-42f4-ae87-e476854748b9",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "450EFFC827CA535A79D5C4FF3E1A3F614CA9126B3792F997D38791CA7399320C"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "4B0C9083430D91770BBB629380DB3A2A89DC73BB8DF677725668F727A2C2147C",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "b7f9ffcf-525f-427e-b3fd-72289f61ffd3",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "C470161A06E6B452253A623536924979CDD11838E08D8E4DC86F763732E64B0B"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "462F49B4FC9E4CE706D668042EB76F711B4292BAE2BE8DD5897182B316EF217D",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "d2c1c960-2c20-4647-ba66-d3c5d3385cff",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "1730c4cbe167c78763e0a6e4211a55a5",
+                    "SHA1": "62e70e5fd08037f8e32f298c8d9614535afbb331",
+                    "SHA256": "da9943277174960b0d7d3f0d656176f3723ed2f03a90518beb3c6c202b88cc14"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2016-09-20 08:18:08",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.18478 (winblue_ltsb.160920-0600)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "1854d98bc963a9a82e0d9abef6bc3873",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.18478",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "85fa20421a65e83905361d389b335669",
+                    "SHA1": "fad704c4353c271f61f7ffcecc3bc5aceb3a15b7",
+                    "SHA256": "60bb1a6f5f679831418c16a7c2000159d31507690560194ca357bfd0b4018f9c"
+                },
+                "SHA1": "dfd1cc6207f892703292d88a29f587db858fc0eb",
+                "SHA256": "dd3ca7c4bf6698e7d72f6c2fb0eb59997336c294d604062ef495ee8e1f49931c",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 6.491145372503799,
+                        "Virtual Size": "0x16a6a4"
+                    },
+                    ".data": {
+                        "Entropy": 4.536862186949299,
+                        "Virtual Size": "0x6b290"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.113198153724958,
+                        "Virtual Size": "0xa53c"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.470966782245555,
+                        "Virtual Size": "0xfd10"
+                    },
+                    ".reloc": {
+                        "Entropy": 5.391748979025571,
+                        "Virtual Size": "0x960"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2015-08-18 17:15:28",
+                                "ValidTo": "2016-11-18 17:15:28",
+                                "Signature": "60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "f31f8c784e5d3986ccacb9c88c6d7044",
+                                    "SHA1": "833498af9a41da339c83e0d384b521f72d053331",
+                                    "SHA256": "1f47e616b2810165968d76ef4f6587611c276f4b52901bd6aa5822f9c6e52976"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "058a1317-f391-4baf-86a8-31ea7b01d6e6",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "aff88198eaa921bd4c804c7b39833ff4",
+                    "SHA1": "8c5d802f57367e3f81b341095265c6dbf0774403",
+                    "SHA256": "459457c48e1b450d8f22858ffb392fca78bb6f4da837862889ab798bdcbdf08f"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2012-08-21 03:22:30",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.2.9200.16399 (win8_gdr.120820-2123)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "e8b4de749b80b47640ea86b06f56429f",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.2.9200.16399",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "a387b0075e977009a7bb74d24fc388de",
+                    "SHA1": "345e019b25904c911be9e3b6a9e2b0bb18652b04",
+                    "SHA256": "e04ed5674c66abbab401efb6e21e2481d4cbc485e5c8a6d34419bd7c8cc9fdad"
+                },
+                "SHA1": "d79557da8528c045a204a3abf3dcd26b7fb814f3",
+                "SHA256": "905c2df524e664759d55a6dad4b62b58220adc59fec3e852964efc2165b0fc0c",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 6.4845800528218485,
+                        "Virtual Size": "0x109ee2"
+                    },
+                    "PAGER32C": {
+                        "Entropy": 6.353527581631879,
+                        "Virtual Size": "0x3d48"
+                    },
+                    "PAGE": {
+                        "Entropy": 6.510073701345747,
+                        "Virtual Size": "0x169e"
+                    },
+                    ".rdata": {
+                        "Entropy": 5.418752774603626,
+                        "Virtual Size": "0x19b44"
+                    },
+                    ".data": {
+                        "Entropy": 4.629726747704923,
+                        "Virtual Size": "0x63cf0"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.004535487649427,
+                        "Virtual Size": "0x8e80"
+                    },
+                    "PAGER32R": {
+                        "Entropy": 7.631412897966042,
+                        "Virtual Size": "0x380"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.471186192315521,
+                        "Virtual Size": "0xfcf4"
+                    },
+                    ".reloc": {
+                        "Entropy": 2.706444085925694,
+                        "Virtual Size": "0x1ab4"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2012-04-09 20:55:50",
+                                "ValidTo": "2013-07-09 20:55:50",
+                                "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "610bbbd8000000000005",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "158438012e4dcd69b27b762c9358cfa2",
+                                    "SHA1": "684ac167849404a4101f166b759f291a43d5f749",
+                                    "SHA256": "95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "610bbbd8000000000005",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "568b07e2-3499-46e8-928a-843aff3217f5",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "d70a1a6c6f9861a0e59fdf7f22d78658",
+                    "SHA1": "50343f4e379f1dfa6364a89d9075f5150ad481f6",
+                    "SHA256": "7c09d8b90b72b7c2ccf1a413e335c2d1a25d75bb8541f9bc16b4c4e26bda6855"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2016-02-10 07:52:42",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.18233 (winblue_ltsb.160210-0600)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "9a3221899f456225679f8e54739100ac",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.18233",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "85fa20421a65e83905361d389b335669",
+                    "SHA1": "fad704c4353c271f61f7ffcecc3bc5aceb3a15b7",
+                    "SHA256": "60bb1a6f5f679831418c16a7c2000159d31507690560194ca357bfd0b4018f9c"
+                },
+                "SHA1": "19a0cfa98525d7ac0edc5b0770e5b1e5dcc4a992",
+                "SHA256": "fd69741dcd1bc0d9ab8a02c2a7ee8d466a58613562536aa8aab5ea260bbdf9c3",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 6.491203662022541,
+                        "Virtual Size": "0x16a6a4"
+                    },
+                    ".data": {
+                        "Entropy": 4.535808771844317,
+                        "Virtual Size": "0x6b290"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.109699981025818,
+                        "Virtual Size": "0xa53c"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.470959394300465,
+                        "Virtual Size": "0xfd10"
+                    },
+                    ".reloc": {
+                        "Entropy": 5.392289502924012,
+                        "Virtual Size": "0x960"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2015-08-18 17:15:28",
+                                "ValidTo": "2016-11-18 17:15:28",
+                                "Signature": "60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "f31f8c784e5d3986ccacb9c88c6d7044",
+                                    "SHA1": "833498af9a41da339c83e0d384b521f72d053331",
+                                    "SHA256": "1f47e616b2810165968d76ef4f6587611c276f4b52901bd6aa5822f9c6e52976"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "45ac4276-741b-4e22-92bd-bb97042ed4bb",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "1F535987EA7386DF6BFE75F51EFD35E4D2DA4B002DCA2999C0CB4B767BAFAFFD"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "0CCF098A0B3F109F35C763E69DFA54190365999A78707EF63863A812C1C07F9C",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\HfiPcieGen3 } }",
+            "Description": "This was provided by Intel Corporation and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "1387dafb-6dad-48b4-a186-98e52cac74b7",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "4dcaca83effd9b0a6fd63f766d4ec969",
+                    "SHA1": "bd9fc7d7672f8c70045b2fc6f9029064f1030763",
+                    "SHA256": "5890fa227121c76d90ed9e63c87e3a6533eea0f6f0a1a23f1fc445139bc6bcdf"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "HfiPcieGen3",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "36218d733c0afdd2d6dce6f616335a2f",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "96787a55f640b630ba6277197dbdfd14ecf3b87d",
+                "SHA256": "0ed1b0fae1a6e705d1b116d08b7184e0a2ee2a0e6b0c372ce69b40e9ef34579f",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 5.464301989959131,
+                        "Virtual Size": "0x36340"
+                    },
+                    ".data": {
+                        "Entropy": 6.984348675206676,
+                        "Virtual Size": "0x3cb60"
+                    },
+                    ".reloc": {
+                        "Entropy": 6.692193979712798,
+                        "Virtual Size": "0x2360"
+                    },
+                    ".debug": {
+                        "Entropy": 4.703183509474167,
+                        "Virtual Size": "0xc0"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "ValidFrom": "2017-08-11 20:20:00",
+                                "ValidTo": "2018-08-11 20:20:00",
+                                "Signature": "47f27d2f6c0691c8e54b4403f9ec6c6b4423a43467cca7e8cf8afe60457f3b5703cde9d840ac3dd35567d791af1d1146376ba1fba9a8a502b5c9601232f24349ca5c324d1806150540cc5823d7dd777b3166268a26734c21b32862e300c8ca42856ec161633c1a076f4213c4c2a63e2ffd0ee16a301ae0c6dba732bc500a5986742520022ce33746f96c4ea8641b2a68a902872a41a8e6701e96158ab91c54c6695bc736fa047ec57b40d732abeb61e34414454e6702ef7bc5518a0d77ab42ed5efc23b01683b5c3c95c4aeb564b6f76cdae4d2e33ac59fca4cfdeb4c215549e1f43b64fd3eb9ba35171be9dab9375a1a94107dd4f95bbf88e9c239136619e20",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "3300000024c1fb0e65d9747386000100000024",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "82b02850f57505f0830f6dd30b6aeffd",
+                                    "SHA1": "e600e0efe4030190c5e0cab9aaad72f4e76db429",
+                                    "SHA256": "1c1d5edaeb9a5feef85e34eb40607816e98464127723d284f99b69c0c15e42f7"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "3300000024c1fb0e65d9747386000100000024",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "HfiPcieGen3"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "N/A"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\mboot-official_arm64.efi } }",
+            "Description": "This was provided by vmware and revoked Aug-22",
+            "OperatingSystem": "64-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "c10b8a2d-9bdd-46c5-bbdb-177f88c7794f",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "F4DC5A40D2A9DBDAB210BAE0C508E053AE986C4DA42D68760A1655D6FBAEC051"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "mboot-official_arm64.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "8CC2B48C79FBF5654B28B7BEEC51A3266E4CBB4FBE3A84F843EA0957683A1E93",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "mboot-official_arm64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "cd328e2d-3b59-4c94-a0e0-60b7f793db09",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "13DBA28447FDBE3C8A24FEE3EB88638CE1D8F97CD4925056C0AD0E91CA51237D"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "D6D10836B79E28ACE9E2BEC7EF9B67DC736ED6C1C8EA24D395DDAAF05B76CEBD",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "85443af0-4180-4b3e-978c-e3d8c8d35422",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "bc8921a85faf4205abd65c8b0263e795",
+                    "SHA1": "b820221890353f2d702024c23c19cbf17ed25f20",
+                    "SHA256": "5e67bf240b1d05f6f618908868a494c50a30ab255b06619fa28411eb260f674a"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2013-09-28 23:57:09",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.16415 (winblue_gdr.130928-1658)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "bf4168403960a0df177f58277f06250c",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.16415",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "7c1182353e1a18467ac8596eb17c533e",
+                    "SHA1": "3dbd444a114f18bb9cfb639f095ee5a0915ba297",
+                    "SHA256": "3556b638af47e65fa07578b156ff85afa0145f715fc594c65a97aab98841c601"
+                },
+                "SHA1": "6a3777265403ea83fb91ab07988464303e66b172",
+                "SHA256": "669353cc31e65f896a755db94a045d9dc1b4a24baba14fce11d623bdfacec78c",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 6.6503504605349155,
+                        "Virtual Size": "0x12a444"
+                    },
+                    ".data": {
+                        "Entropy": 5.269091289979136,
+                        "Virtual Size": "0x564f0"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.470992478914469,
+                        "Virtual Size": "0xfd10"
+                    },
+                    ".reloc": {
+                        "Entropy": 5.536154915453736,
+                        "Virtual Size": "0x7f10"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2013-06-17 21:43:38",
+                                "ValidTo": "2014-09-17 21:43:38",
+                                "Signature": "78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "28b23b39f3bbd936a26a5b86451be0ac",
+                                    "SHA1": "3b16f29295d5a7c323beb479c71d3d20c6b8acc2",
+                                    "SHA256": "4383c9a796dc607ddaae1849d8e5d2e7ea211aad2c599fe1e251285ec87dd150"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "4e4ca92c-52eb-4289-a935-f6ec64b79e3a",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "326967C7FFC1B86DB8B32B0570E88A89CC1534CFCF300B98C077E473F9B18FA1"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "DA9C62E148457AFB0629FAB0C2D58623F9AC35A9A95EF23388ECFE85451C60C0",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\Signed_13652009334930799/shimia32.efi } }",
+            "Description": "This was provided by Debian and revoked Apr-21",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "3cd9faa5-1675-4640-8304-86e162b60451",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "a9a003cc7225b64519ee59289a90f3e2",
+                    "SHA1": "dfc22f0bbe6a3ed81106a30d61010fd1510465cc",
+                    "SHA256": "8aa509fb461c099a3c1b806d281a1e1275771eda0b0e3f7d95e0c11b3c1734eb"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "Signed_13652009334930799/shimia32.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "22f93e6ecea58e543fcffa73f5c466b3",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "0945ed2479004a84b2d743244ff7dacdb688aa9e",
+                "SHA256": "ff9f39869baafa17592820f7f5cf101b15a8423831abfa97c89cf193cdd98e89",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 5.8537436588293055,
+                        "Virtual Size": "0xa0617"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    "/4": {
+                        "Entropy": 5.064013199597692,
+                        "Virtual Size": "0x69"
+                    },
+                    ".data": {
+                        "Entropy": 5.281820466264779,
+                        "Virtual Size": "0x23764"
+                    },
+                    "/16": {
+                        "Entropy": 7.405693653367437,
+                        "Virtual Size": "0x3b3"
+                    },
+                    ".dynamic": {
+                        "Entropy": 1.4765954737895086,
+                        "Virtual Size": "0x80"
+                    },
+                    ".rel": {
+                        "Entropy": 3.5626097123135003,
+                        "Virtual Size": "0x9798"
+                    },
+                    ".dynsym": {
+                        "Entropy": 4.413842774423678,
+                        "Virtual Size": "0xa1f0"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "ValidFrom": "2018-07-03 20:53:01",
+                                "ValidTo": "2019-07-26 20:53:01",
+                                "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "8d8a1f204c9c80213bd427fa58b387e2",
+                                    "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386",
+                                    "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "Signed_13652009334930799/shimia32.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by VMware Inc. and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "c368c62d-85dc-4bc7-8302-09be91700a9f",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "66AA13A0EDC219384D9C425D3927E6ED4A5D1940C5E7CD4DAC88F5770103F2F1"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "7CEE7E91292E5591BA4597D312BCFE9C0EEB906B18B327B8983BA497F9921BF7",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "c368c62d-85dc-4bc7-8302-09be91700a9f"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "c045cb03-9cfb-4ef9-b058-6734090e1dda",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "8D93D60C691959651476E5DC464BE12A85FA5280B6F524D4A1C3FCC9D048CFAD"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "34440CB45EB6EC2532EF89D6FCD7D3D9BC2A021677BEBC9D65C47A725A6845D4",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "c045cb03-9cfb-4ef9-b058-6734090e1dda"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "bab3bdab-1013-4418-bb3c-2ec673c8b6f5",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "57692FC2B80D809A3BE409B44475DDED7225C76FDD5FF09E4ED7D330A58733A5"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "9F91A5AAC09BA6E514DC37A013A68589DD22C1F5A7A539F4138CBC8ABC0A45F4",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "d01601d7-2e46-4b78-801f-d260597e9b74",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "a1f22c60755e8b4f85769168e7799133",
+                    "SHA1": "0cedc7fa4d3c732832d1961814a6107a9e7aad91",
+                    "SHA256": "b97915da9f05277fa5687f8c41132df69152517f2ba252d466395b40d4f2d155"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2013-09-29 01:04:04",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.16415 (winblue_gdr.130928-1658)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "5692b49c53b4401e76a43c82d7d496de",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.16415",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "476ff7a2afe034c2194a948f1f780094",
+                    "SHA1": "1a999ada5820fb409ce7f2ec343e215caf2e07a4",
+                    "SHA256": "802de9524cf6556e6464828cc411f87a8fb3693742c5515126eb511122e9086a"
+                },
+                "SHA1": "6308e47e8133dfe6cf9532213c65b964acebe111",
+                "SHA256": "53af0ddbd3c4d33bd003403d8c9b41877e07770d3e789c781e5897858585e299",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 6.501382294444077,
+                        "Virtual Size": "0x164d34"
+                    },
+                    ".data": {
+                        "Entropy": 4.529158876011279,
+                        "Virtual Size": "0x6b230"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.077805756878547,
+                        "Virtual Size": "0xa3c8"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4716247871437864,
+                        "Virtual Size": "0xfd10"
+                    },
+                    ".reloc": {
+                        "Entropy": 2.3400563322102284,
+                        "Virtual Size": "0x2000"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2013-06-17 21:43:38",
+                                "ValidTo": "2014-09-17 21:43:38",
+                                "Signature": "78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "28b23b39f3bbd936a26a5b86451be0ac",
+                                    "SHA1": "3b16f29295d5a7c323beb479c71d3d20c6b8acc2",
+                                    "SHA256": "4383c9a796dc607ddaae1849d8e5d2e7ea211aad2c599fe1e251285ec87dd150"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Oracle Corporation and revoked Jul-20",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "9470ea71-b7e9-4e8e-ae73-a4b5fe32bc04",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "45e4a006c19fa21bbbec494e6d51c63c",
+                    "SHA1": "ceca75b14c16bc19a9aafc883fcb081554f563e4",
+                    "SHA256": "56b3da7259eb1bec44199a7ebf74c6fe912c8fe9bf4a20a7610c5e9bc0b601cd"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "bc5372019b75e9e8257a83a86bd0b33d",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "99cd0326b914b5f6ea53cb2280d9a455bb68d70b",
+                "SHA256": "8310f47ba34eb1aca146a5bdb8b59138173e659fbeb57a4c89355d8c54930b6b",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 5.774216074421671,
+                        "Virtual Size": "0x92ab3"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.5709505944546687,
+                        "Virtual Size": "0xa"
+                    },
+                    "/4": {
+                        "Entropy": 5.040573517037893,
+                        "Virtual Size": "0x7e"
+                    },
+                    ".data": {
+                        "Entropy": 5.3361211360622445,
+                        "Virtual Size": "0x216dc"
+                    },
+                    "/16": {
+                        "Entropy": 7.130706042544344,
+                        "Virtual Size": "0x5f0"
+                    },
+                    ".dynamic": {
+                        "Entropy": 1.4043380507095067,
+                        "Virtual Size": "0x78"
+                    },
+                    ".rel": {
+                        "Entropy": 3.5471242189199925,
+                        "Virtual Size": "0x9718"
+                    },
+                    ".dynsym": {
+                        "Entropy": 4.395499383245927,
+                        "Virtual Size": "0x9380"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "ValidFrom": "2019-05-02 21:31:23",
+                                "ValidTo": "2020-05-02 21:31:23",
+                                "Signature": "977d904632387b183cd2f5257baa329d7f537c6f4fc8debcd79358d1e293dc413472d9570abf3aa27047041d96b6c77b855466e096ddc99417584c171ff4c239619a185d80f52131622bbd527228a0229f00a878bf53b3b79dd2e65b0ce48d17c209e27a0e77f1eddc0fd85a8fcb0e66cddefd40bf8afc73830971be672e3245869e219a3902283f00f4a5c1bf6357400fe3d38e2c3e74433e158deff1733e5249b246ab66481e983dbe60a4274286b00d96fe28e794a5823e658cd0c83603769d96a4c4f766e3f5f0a173889eab9da0cfd9517f42d7e9d12b089214c09f21ee561dde677f28cd7ea82b5846fff64be02f195ee75ff499f67821369241536406",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "3300000034a76221f066806d9d000100000034",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "981b2766a6b1467da361c3f6158b5efb",
+                                    "SHA1": "2de358273a7fab18d9e8359579e78544e4f90e45",
+                                    "SHA256": "c9b4b474a8cf82bb390bee17e0eb009360599aafc792dca2c161926e2b9c7f7f"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "3300000034a76221f066806d9d000100000034",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "9470ea71-b7e9-4e8e-ae73-a4b5fe32bc04"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "5b0c97fd-1a72-4f30-af67-1f398fef3675",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "F3D38950A3CACF61C94DB9153576194E953B5785637159B3AA6F1E923220EAD4"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "37CAA54424C152D84DE63C288DF7CE27BA97B8671CF27DE4101066EEAE8BE90C",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "120f5dbe-0a55-4b54-a42f-e51cb54f75c4",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "7F964730CFB7B8CEA284E2E810212FF9B0EE18227F64427A095D6886493DB0C4"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "7294F03850C2084A287FAEFBA778592D9D01E5062DD2E980537E39FDBFE20316",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Fedora Project and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "c4189bae-54f2-4fe5-8978-dc3e1ddc20ee",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "78B4EDCAABC8D9093E20E217802CAEB4F09E23A3394C4ACC6E87E8F35395310F"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "9E5773C34073B8473BD1EBC9D4D50780A7CDF9EB767750107D4B0F45BC8EABE8",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "c4189bae-54f2-4fe5-8978-dc3e1ddc20ee"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "48eb1fa0-a607-4967-8faf-20dc68913367",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "82ACBA48D5236CCFF7659AFC14594DEE902BD6082EF1A30A0B9B508628CF34F4"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "7D092A6101832F2CF3F9DE42C66A9948751B05D3D4005FB9C0E8BDF9B8DAEC6B",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "48eb1fa0-a607-4967-8faf-20dc68913367"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootx64.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "163602d8-2ce1-4c1a-9101-568c50a6f887",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "0e937bbc24f9343c32c2641a3b728ea8",
+                    "SHA1": "3c3db26f3be97e13953510a1615c3efd05f10aea",
+                    "SHA256": "2992068e4f616f2d7253e9d58116a97f22923f4dc1b78a58be4499b982ecf270"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2014-08-18 17:28:19",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.4.9820.0 (fbl_sec(dlinsley).140425-1038)",
+                "Filename": "bootx64.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "c815c638cba6bdc82a6b4f72204ed252",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.4.9820.0",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "420a1a5671848b2653305add8102a14f",
+                    "SHA1": "114d1b38b6213056c957863df20adfa4d8e5d3a1",
+                    "SHA256": "20a649595bb060b7fabbd48e91fff890b90f378cbbdcf05d770a881393fa42fa"
+                },
+                "SHA1": "d2e758288883a7b37a46b773ec0ff61c328e8bf7",
+                "SHA256": "64604ea91f31b815bd0219d56563b9c2d307fc6c71ecc38d498221e0e0e9c4ad",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 6.47422240022722,
+                        "Virtual Size": "0x14ab76"
+                    },
+                    "PAGER32C": {
+                        "Entropy": 6.320194972365571,
+                        "Virtual Size": "0x2e69"
+                    },
+                    "PAGE": {
+                        "Entropy": 6.547079200625931,
+                        "Virtual Size": "0x1639"
+                    },
+                    ".rdata": {
+                        "Entropy": 5.425860402319835,
+                        "Virtual Size": "0x21e54"
+                    },
+                    ".data": {
+                        "Entropy": 4.348734060496247,
+                        "Virtual Size": "0x63050"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.080132511208591,
+                        "Virtual Size": "0xa758"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.469760072257071,
+                        "Virtual Size": "0xfce0"
+                    },
+                    ".reloc": {
+                        "Entropy": 5.422764555576717,
+                        "Virtual Size": "0x988"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2014-07-01 20:32:01",
+                                "ValidTo": "2015-10-01 20:32:01",
+                                "Signature": "8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "9da610547a25cbe89af7ecdb99229623",
+                                    "SHA1": "6841cbcbd019586d045c2e9d6d0bc3a98fee3bf7",
+                                    "SHA256": "1cfead8146399a4dfe6759e9303c30c521cff3830e7177e87e64021dc3da4931"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "3fd56670-7eb8-406e-af51-68998459de7d",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "E226D6F3A332238FEE8A42A8FD57E8B009725DB5F8DF4DC1CB54F17C6F47A9C7"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "894C9E5370DA9DF83426F92C42CFDC5D79CE004ADBD45A7663E9F5E9A6A198C6",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Unknown and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "e950e347-4bfd-44d7-b2c6-7dbbce0f2667",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "C69D64A5B839E41BA16742527E17056A18CE3C276FD26E34901A1BC7D0E32219"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "AA8DB86BE59A48E4C525DD468119BEBA1D836CE4293C76E4B736902D1AD62F27",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "e950e347-4bfd-44d7-b2c6-7dbbce0f2667"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\BOOTX64.EFI } }",
+            "Description": "This was provided by Red Hat Inc. and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "2bfaff34-8a6b-486e-a308-0484d2372727",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "1886fd591b86756f2823f157d197be5f",
+                    "SHA1": "b9d3918f7829cf8308e519448712a95d58eb6ed5",
+                    "SHA256": "02e6216acaef6401401fa555ecbed940b1a5f2569aed92956137ae58482ef1b7"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1970-01-09 17:23:08",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "BOOTX64.EFI",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "c453084032024e3b2dcd648c9406e760",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "1316e2b5fb83b29acc00c5050799afb7ccd6b6e2",
+                "SHA256": "fb5eebcd4100593a1b2890267037b7701c83f32c284b99908ff1c34d5693bfc2",
+                "Sections": {
+                    "/4": {
+                        "Entropy": 4.852580285671373,
+                        "Virtual Size": "0x18c28"
+                    },
+                    ".text": {
+                        "Entropy": 5.639910820231437,
+                        "Virtual Size": "0x96ba3"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    "/14": {
+                        "Entropy": 5.160331946961136,
+                        "Virtual Size": "0x84"
+                    },
+                    ".data": {
+                        "Entropy": 4.46067866301335,
+                        "Virtual Size": "0x2a358"
+                    },
+                    "/26": {
+                        "Entropy": 7.338341139988703,
+                        "Virtual Size": "0x3e2"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.809123167269477,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".rela": {
+                        "Entropy": 2.6459313794720467,
+                        "Virtual Size": "0x1b0d8"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.2034263115689736,
+                        "Virtual Size": "0xdd40"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "ValidFrom": "2017-08-11 20:20:00",
+                                "ValidTo": "2018-08-11 20:20:00",
+                                "Signature": "6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "a5052527524f4998a7bd87f396196fe8",
+                                    "SHA1": "2374a3e4f0499d106f0e4d71a22f7b0e709847c0",
+                                    "SHA256": "f5b4992e0bd1b102ae9d5aeec4bd213f5dd042bd27b9a345ad336d2dda10a138"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "BOOTX64.EFI"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Unknown and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "7e14af6f-c8b8-4c15-a2ef-bc0a2b39e085",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "6DBBEAD23E8C860CF8B47F74FBFCA5204DE3E28B881313BB1D1ECCDC4747934E"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "88B530624B67FAA0C0C1039618958F4DE983A997A6FF762BCCA82B8201194F28",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "7e14af6f-c8b8-4c15-a2ef-bc0a2b39e085"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\BOOTX64.efi } }",
+            "Description": "This was provided by Oracle Corporation and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "7cb68e8b-c07d-4b76-9af0-0936553f516c",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "e933dba3a6ab068b91601eb1828cec97",
+                    "SHA1": "4b496c6b76d4ddafb0e2b3c0fb27f47639005f98",
+                    "SHA256": "2679650fe341f2cf1ea883460b3556aaaf77a70d6b8dc484c9301d1b746cf7b5"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1970-01-09 17:23:08",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "BOOTX64.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "92f1d7fd78d0353c62e5dc8e81f558e2",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "a63dbf2c3b022c5d70c20e674ab8066a2b3290c7",
+                "SHA256": "06edb9f17a9007c8b6db6ee2fc240e88e238f06c7c983f987cd9be1b80010d04",
+                "Sections": {
+                    "/4": {
+                        "Entropy": 4.852580285671373,
+                        "Virtual Size": "0x18c28"
+                    },
+                    ".text": {
+                        "Entropy": 5.63990249860699,
+                        "Virtual Size": "0x96ba3"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    "/14": {
+                        "Entropy": 5.146942838207223,
+                        "Virtual Size": "0x84"
+                    },
+                    ".data": {
+                        "Entropy": 4.460859983643804,
+                        "Virtual Size": "0x2a358"
+                    },
+                    "/26": {
+                        "Entropy": 7.130706042544344,
+                        "Virtual Size": "0x5f0"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.809123167269477,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".rela": {
+                        "Entropy": 2.6459313794720467,
+                        "Virtual Size": "0x1b0d8"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.2034263115689736,
+                        "Virtual Size": "0xdd40"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "ValidFrom": "2018-07-03 20:53:01",
+                                "ValidTo": "2019-07-26 20:53:01",
+                                "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "8d8a1f204c9c80213bd427fa58b387e2",
+                                    "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386",
+                                    "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "BOOTX64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "24c0575d-dfa7-4f1b-8503-e136cf8fcf3a",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "9141EA1A4E6BF1F4D72C28A1D0D124A928D5A7D36B14FC7E7E53EF442360FF99"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "B334937090AC1D2DB8FFFA7D6BB72F97FDE42712300524E2C89F0E7DCA5EF4D5",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "90d2feb1-4600-4854-9a4e-fbf54b14c72a",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "C9F9C03434997FBD0FBB698DAC556264EBE967F948A97978A0C32EF85F94B188"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "1E75347868FC5FDDD501E1E2B56C7D511030513B0E9F45DC074DC562F11590E7",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "da54ae14-5e4d-4280-b91e-4b78d0df036a",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "23FCD6BF3084CEE6A9F9885E5239230B0ADDE0C870589EE461551D1CA8F4E85B"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "31DCD37C53CEE49C1241978CB976230EFDA89A83C3E3DBC18EDA92099055026A",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "a4e64b6f-16b8-43db-af2f-c77daf3f0ca9",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "E39891F48BBCC593B8ED86CE82CE666FC1145B9FCBFD2B07BAD0A89BF4C7BFBF"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "D84AE3F1BB7B2F2C41B986E473AD424CF6F1D136B4E91AA5F73824737169D820",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "a4e64b6f-16b8-43db-af2f-c77daf3f0ca9"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\BOOTX64.EFI } }",
+            "Description": "This was provided by Red Hat Inc. and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "a205120a-b99d-4e65-a96d-b8092539c1d7",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "0C51D7906FC4931149765DA88682426B2CFE9E6AA4F27253EAB400111432E3A7"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "BOOTX64.EFI",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "0CE7F3FEC8BBB04E182027DD6800B7993E9F14EB579504DDECDD2F06294D7739",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "BOOTX64.EFI"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "61dad3bb-db5d-497c-8aca-74ae55991a3b",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "6f065bbb5d76aa5fb79975c9480b9ee6",
+                    "SHA1": "6dc5e016421e15ec84239bf6a643dabeed536cdc",
+                    "SHA256": "03df4500273c43189296f09d734977c882a008fc056f43c309b9d2351f31792e"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2016-10-12 08:08:30",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.18515 (winblue_ltsb.161012-0600)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "3560dd8322a15d0e23d3747e32a04ebc",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.18515",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "85fa20421a65e83905361d389b335669",
+                    "SHA1": "fad704c4353c271f61f7ffcecc3bc5aceb3a15b7",
+                    "SHA256": "60bb1a6f5f679831418c16a7c2000159d31507690560194ca357bfd0b4018f9c"
+                },
+                "SHA1": "5ecee585f6f31b380d65407f6b73dbaf03388624",
+                "SHA256": "7c6f0f7062aca9c286fb921917747c8b65ff4a69eb71102b90c1570b4c521fea",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 6.491384926143433,
+                        "Virtual Size": "0x16acf4"
+                    },
+                    ".data": {
+                        "Entropy": 5.389266574153063,
+                        "Virtual Size": "0x6c590"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.105064334989352,
+                        "Virtual Size": "0xa554"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.471738871242664,
+                        "Virtual Size": "0xfd30"
+                    },
+                    ".reloc": {
+                        "Entropy": 5.403599915824733,
+                        "Virtual Size": "0x968"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2015-08-18 17:15:28",
+                                "ValidTo": "2016-11-18 17:15:28",
+                                "Signature": "60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "f31f8c784e5d3986ccacb9c88c6d7044",
+                                    "SHA1": "833498af9a41da339c83e0d384b521f72d053331",
+                                    "SHA256": "1f47e616b2810165968d76ef4f6587611c276f4b52901bd6aa5822f9c6e52976"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Fedora Project and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "dbc9e79d-2655-4892-81fe-830383602432",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "2B2298EAA26B9DC4A4558AE92E7BB0E4F85CF34BF848FDF636C0C11FBEC49897"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "E1DC3EF55626A4CF6DDC425A353208F309271B8A9FDBF8964082FB08DFB7A170",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "dbc9e79d-2655-4892-81fe-830383602432"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\centos-7.9-shim-20200726-shim64-bit.efi } }",
+            "Description": "This was provided by Red Hat, Inc. and revoked Apr-21",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "26ede8d7-1e62-43e2-97f4-710a4352d0ba",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "5C2AFE34BD8A7AEBBB439C251DFB6A424F00E535AC4DF61EC19745B6F10E893A"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "centos-7.9-shim-20200726-shim64-bit.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "5C512E50028955AED91AF0317813C68B427A7F73A6497BDA82F4551BE1A04936",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "centos-7.9-shim-20200726-shim64-bit.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "ca53fb23-c94b-436c-9066-079bd6480ae7",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "6730C911E6D91009420D202FB6F394568A06AA97E9F33F30C7E92AAA71332D68"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "97C24B65A08878AEB0002FC577B717A950C0A20E60EBDFC569637EF57059A2BE",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Alt Linux LTD and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "bf8069da-0ffc-463d-b17c-3e0ee49d0585",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "C452AB846073DF5ACE25CCA64D6B7A09D906308A1A65EB5240E3C4EBCAA9CC0C"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "5C39F0E5E0E7FA3BE05090813B13D161ACAF48494FDE6233B452C416D29CDDBE",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bf8069da-0ffc-463d-b17c-3e0ee49d0585"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "9a4cfe78-97aa-4d04-a049-9f0c2d3869c1",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "3AE76C45CA70E9180C1559981F42622DD251BCA1FBE6B901C52EC11673B03514"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "D8C26A5324CA74212B59B59BEF1BC33FB5B6946DCDDE84414C60A2E315EDE741",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "9a4cfe78-97aa-4d04-a049-9f0c2d3869c1"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "3939d676-6d9d-48b4-8be9-d7d7f3528c08",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "C127F0EEFC2E451989D88E4D1DA8A3B08CA9D5884987A6157E04E9A71C01ADFC"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "EDFFF0969567FF1C1867AA921EAA5CF4C65D20F0511BA7EE7328F7B67238DF53",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "3939d676-6d9d-48b4-8be9-d7d7f3528c08"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "a434e53e-5631-4181-bd2e-47c546370f7b",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "6d00124e9f1f50bf046eb6e5151c9e97",
+                    "SHA1": "2121406a967bcc56cfb20b53b60f255d950862d5",
+                    "SHA256": "f51bc0b8fce1bae71b76cb3ade28b712669d4e938fd37c9f5872493acc25fae1"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2012-09-20 00:11:29",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.2.9200.20521 (win8_ldr.120919-1813)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "7c2bf377d0edb86f010d202d48024145",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.2.9200.20521",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "a387b0075e977009a7bb74d24fc388de",
+                    "SHA1": "345e019b25904c911be9e3b6a9e2b0bb18652b04",
+                    "SHA256": "e04ed5674c66abbab401efb6e21e2481d4cbc485e5c8a6d34419bd7c8cc9fdad"
+                },
+                "SHA1": "5dd4309442a74a780e3e099f0625b1eed2e54c25",
+                "SHA256": "ec89ddd37880430cd5242f5f15d13f4cf699f50dbe04643e5b70093631608204",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 6.484872015753315,
+                        "Virtual Size": "0x109ee2"
+                    },
+                    "PAGER32C": {
+                        "Entropy": 6.353319232465821,
+                        "Virtual Size": "0x3d48"
+                    },
+                    "PAGE": {
+                        "Entropy": 6.514825397638524,
+                        "Virtual Size": "0x169e"
+                    },
+                    ".rdata": {
+                        "Entropy": 5.4212846406362525,
+                        "Virtual Size": "0x19b34"
+                    },
+                    ".data": {
+                        "Entropy": 4.628310210600715,
+                        "Virtual Size": "0x63cf0"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.014681487785778,
+                        "Virtual Size": "0x8e8c"
+                    },
+                    "PAGER32R": {
+                        "Entropy": 7.631412897966042,
+                        "Virtual Size": "0x380"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.471043136394146,
+                        "Virtual Size": "0xfcf4"
+                    },
+                    ".reloc": {
+                        "Entropy": 2.70744089792279,
+                        "Virtual Size": "0x1ab4"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2012-04-09 20:55:50",
+                                "ValidTo": "2013-07-09 20:55:50",
+                                "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "610bbbd8000000000005",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "158438012e4dcd69b27b762c9358cfa2",
+                                    "SHA1": "684ac167849404a4101f166b759f291a43d5f749",
+                                    "SHA256": "95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "610bbbd8000000000005",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "dba882ff-03d1-4cf3-9e9d-9358d6416d79",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "D417C004525C7BB57523836278CEE120FD66147983BA738AAC011E24BE75E6E2"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "4759E0891A636E1A3D27472C48AF55F27BF5E3CCF474141FEFBBA2AA124AC410",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "cb5a22b9-4471-44a3-9783-c27df207f95a",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "264CBC5765718A0BCCB0F79C0FDD133A898203FB6F4F2052CB0647FBF6000ED0"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "B1EC3A20DD620668852C057FD33023CB945D35122C079F13A59A73F8A4E4FC12",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "40f5cc74-badf-47d0-8fd7-021190a05953",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "A5BCFC748DA415BD7F00B669E1237C9898A6D03517CC80B3626F0BE326046B28"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "A7BF87F519397CA73C79AB94079E0E8218661C149713A8A286DBF1079E57B4BE",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "164bcf0f-91a1-4754-9c4d-f2c1b90aea06",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "1D8B58C1FDB8DA8B33CCEE1E5F973AF734D90EF317E33F5DB1573C2BA088A80C"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "9C904F10520295D070DB9CF381101512946AB832C2BD92D4E92D42B934F40DC3",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "164bcf0f-91a1-4754-9c4d-f2c1b90aea06"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "b429b35f-a9c3-4de9-a7be-da2b2c688a02",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "B420509D0D69B294633FD7AE2C36B2B549D45A6A863EF16843A1116A11127F56"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "02FF707BE8808663B2CC33286630839DD7B14AC8E2340F4661870B18A9621D9D",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "7b45ea3e-38d4-4bac-aac7-54806c6ffb28",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "3E1A6021B3C6066E94F7F06AD7B29E35B1BD9EE496827A290EFB9BE7A27C5D63"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "3E5206C60B696D3B81696DF457D74881F0188ADFD75404A4C0AA627688975671",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "a74084e3-94b3-4674-99c8-e314f7f6241f",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "367A31E5838831AD2C074647886A6CDFF217E6B1BA910BFF85DC7A87AE9B5E98"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "957D8826BEE05DFEA66994C237E61BD70CC0115CC176E1D931F1D892C6C16814",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "a74084e3-94b3-4674-99c8-e314f7f6241f"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootx64.efi } }",
+            "Description": "This was provided by Neverware and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "cef9f132-2635-47a6-bed7-6011eb7f04ca",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "d0a9c315f3180e44d8c7a202276041a7",
+                    "SHA1": "6d3071da0d10845d4c297c11e0f71dc557981cd0",
+                    "SHA256": "d8d4e6ddf6e42d74a6a536ea62fd1217e4290b145c9e5c3695a31b42efb5f5a4"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootx64.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "0008d969a43a2b94edd849cdee6ae3c9",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "d58b60ac3b5fdd3d52a9bc8da3e73c2a13ad36f6",
+                "SHA256": "3f8f266488f3b888eb77b8df43582fa8124366b7d0670ed78926410f9c9f411f",
+                "Sections": {
+                    "/4": {
+                        "Entropy": 4.862207156121677,
+                        "Virtual Size": "0x187d0"
+                    },
+                    ".text": {
+                        "Entropy": 5.644091890418596,
+                        "Virtual Size": "0x9599e"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    "/14": {
+                        "Entropy": 4.946577948119573,
+                        "Virtual Size": "0x62"
+                    },
+                    ".data": {
+                        "Entropy": 4.510419511401317,
+                        "Virtual Size": "0x2aad8"
+                    },
+                    "/26": {
+                        "Entropy": 7.20273225550972,
+                        "Virtual Size": "0xb79"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.7842520391300999,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".rela": {
+                        "Entropy": 2.652342087574957,
+                        "Virtual Size": "0x1b0d8"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.2106323395732113,
+                        "Virtual Size": "0xdd10"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "ValidFrom": "2018-07-03 20:53:01",
+                                "ValidTo": "2019-07-26 20:53:01",
+                                "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "8d8a1f204c9c80213bd427fa58b387e2",
+                                    "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386",
+                                    "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootx64.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "4e70304f-ec00-41a5-b542-69701b5df29b",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "8806CF0C7BD5DF7E01D120F56734113BE916E183755577BD48026C25DB268680"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootx64.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "A6E8C6906E4845A30A036FB669BA82146E334908706778AC569DF45CBF8637F7",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by HP and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "55b45543-5130-4632-b2a9-12f11c8da501",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "781764102188A8B4B173D4A8F5EC94D828647156097F99357A581E624B377509"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "BBD53435E3881C13F6EF3D7C17DDE9BCCF2BB2D95D303DC4623CD1AA8F51EF23",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "55b45543-5130-4632-b2a9-12f11c8da501"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "b3a8852a-b702-419a-9d1c-4b371a130474",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "0928F0408BF725E61D67D87138A8EEBC52962D2847F16E3587163B160E41B6AD"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "5613DD1553044BEF74610BC012D676375588421FF0000B69DCF62D1081451ECE",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "b3a8852a-b702-419a-9d1c-4b371a130474"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\BOOTX64.EFI } }",
+            "Description": "This was provided by Red Hat Inc. and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "2cb09869-230c-4114-a4ec-a744b3181282",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "418f5f26299f7eb90d5659caff5388a3",
+                    "SHA1": "d076bcca3841b8c400b4ae3317ea65de33782094",
+                    "SHA256": "9f1863ed5717c394b42ef10a6607b144a65ba11fb6579df94b8eb2f0c4cd60c1"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1970-01-10 14:01:04",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "BOOTX64.EFI",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "390218e8b12b9b5a8985baf49e163930",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "d8f34bcb62883019182a69e25f0b71caa3fcabdc",
+                "SHA256": "0e99607b20d537497169c506c6893243d3f1bd5960505c1566bd97c0a741adfb",
+                "Sections": {
+                    "/4": {
+                        "Entropy": 4.850383937155969,
+                        "Virtual Size": "0x18c28"
+                    },
+                    ".text": {
+                        "Entropy": 5.640931943255041,
+                        "Virtual Size": "0x96ce3"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    "/14": {
+                        "Entropy": 5.127727685417211,
+                        "Virtual Size": "0x84"
+                    },
+                    ".data": {
+                        "Entropy": 4.4633509004578,
+                        "Virtual Size": "0x2a358"
+                    },
+                    "/26": {
+                        "Entropy": 7.339046392262435,
+                        "Virtual Size": "0x9c7"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.809123167269477,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".rela": {
+                        "Entropy": 2.6478060576511773,
+                        "Virtual Size": "0x1b0a8"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.2029723126169776,
+                        "Virtual Size": "0xdd88"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "ValidFrom": "2018-07-03 20:53:01",
+                                "ValidTo": "2019-07-26 20:53:01",
+                                "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "8d8a1f204c9c80213bd427fa58b387e2",
+                                    "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386",
+                                    "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "BOOTX64.EFI"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Intel Corporation and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "04cb75f3-e10f-4f9c-9f8f-97d4a310922c",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "E36DFC719D2114C2E39AEA88849E2845AB326F6F7FE74E0E539B7E54D81F3631"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "0CCD31ED42FF79E74FBA9C064F59F698E3AE9F9E690BE296EA63936E81982000",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "04cb75f3-e10f-4f9c-9f8f-97d4a310922c"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Oracle Corporation and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "536cb2d9-c5ae-4fbc-90af-4502d0f6c9c3",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "47FF1B63B140B6FC04ED79131331E651DA5B2E2F170F5DAEF4153DC2FBC532B1"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "0CA03AD1A65AFE81EC23E2B20E05D80C41AAEB5D6D5F98E2D0C5661F46E0CE9F",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "536cb2d9-c5ae-4fbc-90af-4502d0f6c9c3"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\cent-8.3-20200730-shimia32.efi } }",
+            "Description": "This was provided by Red Hat, Inc. and revoked Apr-21",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "8041563b-fe86-4183-9409-a479ef4f9b46",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "F5D396FC5AD8B7EAC22652129D56449DC30B6965CE3E41F5D76590E3B1ECFE62"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "cent-8.3-20200730-shimia32.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "5E9D231F7BC2F98E9CBFBE65DA29F7B663A1E84FEE090250BD0976D65DB3FC0A",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "cent-8.3-20200730-shimia32.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootarm.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "0c015961-2a7d-4fc2-99ca-5cfccf2de27f",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "4A9B1C438BC8F114BFAA82F5D533DA31CC610C276711422C74A167B8AEED7C82"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootarm.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "F50D0AAA4875B0B609D0F796AACB77D582E0246D3FC544F76ADB73B67A156626",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootarm.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\shim.efi } }",
+            "Description": "This was provided by Micron Technology and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "b3ceecb6-6bb6-43fa-9ab3-8ba2d6647443",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "2ccccbe8e79cfaa23784d56e0edf946f",
+                    "SHA1": "4dc601eb63e1e8d30e7ed4eede0a757630e66dc5",
+                    "SHA256": "b3e506340fbf6b5786973393079f24b66ba46507e35e911db0362a2acde97049"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "2014-03-10 12:11:20",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "shim.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "d407a4d3a9887218394aa73e94ffbde5",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "d483cd3de769ee4a2bd69c498501e7764656fb75",
+                "SHA256": "9d61099de8327efeff7e4aea81d9f3396a2218e6b22e15d05032a765897c0eba",
+                "Sections": {
+                    "/4": {
+                        "Entropy": 4.852850797014689,
+                        "Virtual Size": "0x17d58"
+                    },
+                    ".text": {
+                        "Entropy": 5.634947420095376,
+                        "Virtual Size": "0xab9fb"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".data": {
+                        "Entropy": 4.804980130818098,
+                        "Virtual Size": "0x32158"
+                    },
+                    "/14": {
+                        "Entropy": 0.6143694458867568,
+                        "Virtual Size": "0x12"
+                    },
+                    ".dynamic": {
+                        "Entropy": 1.0259041624373757,
+                        "Virtual Size": "0x130"
+                    },
+                    ".rela": {
+                        "Entropy": 2.622199242754339,
+                        "Virtual Size": "0x29d78"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.212193108334823,
+                        "Virtual Size": "0xf5a0"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+                                "ValidFrom": "2013-09-24 17:54:03",
+                                "ValidTo": "2014-12-24 17:54:03",
+                                "Signature": "2a27d6bd2f34c68a9989ec856449fe4934ad5c0615ec5819664399053737a86be46c914b9478ce393534b759eec5eb6f015b706b853f1d2be51fe9807b178eaa9e0f9558d6a5d913c58c7492cbad106abb7395426801a42f363842e60bf72d046668865db5d8ce2c901c9673044d05abb74c171ac198c0f9376bb9185ec7523bb53e6d2c114642ffbfbe20efc6c2571c2006159cb70ff2c428e997f6ce83bf57ad9a47c47decce9830cf861a156471c62600a0260b44e29ea8e6e33c407c046f37be4a46dcaf38c018b24f969beb716d8e76cebc3d1d19134ed6f216cc2e357848b4998196ebd7326bca3e3ade1ba88e98612a569a46a1f45856f4e2dfa02a5d",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000000a6642f3f49fb7379600010000000a",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "c52110f552e27ebb1e3fae114abafb3f",
+                                    "SHA1": "4954e087123653ce38da4cdd31141b6a1bb999e4",
+                                    "SHA256": "1cf7d28cfb21714522a9c91dda9d899ceadb0769f14b25e770799d88365aa54c"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000000a6642f3f49fb7379600010000000a",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "shim.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Oracle Corporation and revoked Jul-20",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "af34038a-8535-46ac-8f63-bdf18bb89563",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "1D5C15CED73845B7E968BF3ACE52C5C660AA2DA6DDEFF2CE6445A04B885A0F12"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "04A779863E698705914958CFCF521450B8D2C9AE321DFE36A2DFDA00AE75ADC1",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "af34038a-8535-46ac-8f63-bdf18bb89563"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootarm.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "44560d47-de27-4691-bee4-6306bc160643",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "8810B37003E7CDDA026663968AA9E1B9CCCC96EED98528CF5A975BDE7B8084B7"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootarm.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "7391D51035BE75620EE4F0F597DF65F54D3518A7CFB74276D7A778AAF7B39477",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootarm.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "de853203-30c9-4dc4-a050-6812dc4e0113",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "996C1D55955DFB3698869BDC2A700E6BCC762468716B5CBDA7295CF98841220A"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "BA8D25B9FA843DA5A70D38A5AA96549F2166E2F0B4C1C007AF8A07D07E98A528",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "160959a3-8cac-43f9-a0d1-1c108375fb95",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "266C1429C8DC389481B3814BC3AF8723DB28EECEB0BB026BBBEDA0CC41D36BC3"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "DBEEA13BD8FC4D613501D8CF564A129A541AEE6FB5AB82CB4A5F448B52FD1C52",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "09476ffd-a0fd-4510-9e36-a20727c16b8c",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "5AAFC9F5F98DB75F8519D8652924932939760F00DF8827FA2A6E36DB265F21F8"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "A97E2E39DA89F16E0AFB9CF3A213205ED00BF2200A573812B5C5F56FDB8B2402",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "b8cfe531-3969-4203-a575-fec35e4880fd",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "F2A74464235248EA2A41EA0D0256E9CDD24BB6B3E2A6F2FC7E0AADC86EC56CA1"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "D2BF5E584EA2F3844B27CEF320636D1A2CD6BFB023ED65110FF6D0EF09292114",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\grubnetx64.efi } }",
+            "Description": "This was provided by Canonical and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "1b134b19-47f4-4bfd-af37-40c05933168f",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "cba477486346b0fad728f78e3542e00e",
+                    "SHA1": "cecc72f2d1a431149d9bc47f8e21b655e980e9f2",
+                    "SHA256": "804e354c6368bb27a90fae8e498a57052b293418259a019c4f53a2007254490f"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "2014-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "grubnetx64.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "f383b5c1f0cb8806742c8df990bc7803",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "c1f26b124fcfb2c73ec9c9cfafe3fcfbc269d4e7",
+                "SHA256": "8e8addb29426d845a0101c2c1f26c2e7fe8c78128ab04f16cfcb4e06461b0101",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 5.571601531682557,
+                        "Virtual Size": "0xb000"
+                    },
+                    ".data": {
+                        "Entropy": 1.2839449201733235,
+                        "Virtual Size": "0xf000"
+                    },
+                    "mods": {
+                        "Entropy": 4.318730379441639,
+                        "Virtual Size": "0x142000"
+                    },
+                    ".reloc": {
+                        "Entropy": 5.904300253815697,
+                        "Virtual Size": "0x1000"
+                    }
+                },
+                "Signature": "",
+                "Signatures": {}
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "grubnetx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "c818cbe0-bc64-4557-a266-570214ebaaa8",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "8055EDEEB18561927DD5956BE9070C4503FEC783AA96F166F5F93FDBC3C2AB43"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "57B017C3A6AC4676B1852E407297158D1D471373DC299CF557832D9E3F13577A",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "d880c342-2996-430a-b850-fb372cecbef7",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "245E9B81342E45E1BAF4F8D830D18EA7FAE9FDFF05497290EA6442C4EF0FFA57"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "C681A40CEB9F33F435A44614FB7E0D34007F1C67B83E8C907506414950CC45EB",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\shim64-bit.efi } }",
+            "Description": "This was provided by Canonical Ltd and revoked Apr-21",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "e638d650-dd39-49a9-a737-b02670064e45",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "2906120c5459cec104e70135cc2c7ffb",
+                    "SHA1": "e0a77a7cdefc31ecba261fcd6181b97efce9cc49",
+                    "SHA256": "273d4432af53f07f8fb2013bb13d70bd46ea49c6c1c9de6c631ae4d75c98baf0"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "shim64-bit.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "9bdc83ad343e8745e1f3d55c36cf2df6",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "095b16e4a405e6d6dbdfc1475c941c64201d41b5",
+                "SHA256": "84e680f95cd31db85663a5482a68778dd236503d88e8a6d8e3c4a6c9ba201102",
+                "Sections": {
+                    "/4": {
+                        "Entropy": 4.8785374734689935,
+                        "Virtual Size": "0x1f0c8"
+                    },
+                    ".text": {
+                        "Entropy": 5.683178156318327,
+                        "Virtual Size": "0xa3c01"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    "/14": {
+                        "Entropy": 5.205469492567452,
+                        "Virtual Size": "0x84"
+                    },
+                    ".data": {
+                        "Entropy": 4.412613928549267,
+                        "Virtual Size": "0x2db68"
+                    },
+                    "/26": {
+                        "Entropy": 7.322772708526002,
+                        "Virtual Size": "0x449"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.8630797231656377,
+                        "Virtual Size": "0x100"
+                    },
+                    ".rela": {
+                        "Entropy": 2.6535499216585814,
+                        "Virtual Size": "0x1c6f8"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.2062260361646557,
+                        "Virtual Size": "0xf378"
+                    }
+                },
+                "Signature": "",
+                "Signatures": {}
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "shim64-bit.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Unknown and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "99b952f7-5438-417b-9dab-c318bdcd75e6",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "61CEC4A377BF5902C0FEAEE37034BF97D5BC6E0615E23A1CDFBAE6E3F5FB3CFD"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "B6C36B2B18A3E73EA007173F8669D9A9A861FDDF27C3E3C0C3F1315E2AE5B43F",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "99b952f7-5438-417b-9dab-c318bdcd75e6"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "c348343b-faea-4c60-a0bd-c140a51ca9f0",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "9DEBCA159F7892D56C94614C469CF37C8DA035683B1251FC4E6EC0EF2EEE720E"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "4A62256316FBC805231420BAA4668B26023AE08B1BC7203A71C28905D19C817A",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "663a9b38-509f-4a27-b2b8-13801ce4ee89",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "B2BEAECAC1BDE409F82933D80FA3BF5FA0D1FF8D1F97E5260BB25C0FBBA35CA7"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "3E8EE29691F1F22F5B46C301EDFE411821D466E7A39672A416E387060A0EEFE0",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\BOOTia32.efi } }",
+            "Description": "This was provided by whitecanyon and revoked Jul-20",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "2b96f3c6-afdb-4da2-84d4-601c9a71b2a8",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "93d2db760e57e03fd6e20cc55dc4aa46",
+                    "SHA1": "5468b9ca48c3f67380a51e4a91732fb0792eb40d",
+                    "SHA256": "adcc0b6fd6dc5911bf42f036c033fc3e43f07a8312e91d0d8d32793b62940c7e"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1970-01-09 08:27:36",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "BOOTia32.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "69a56b18be5865ccda9ab3a5bb4987ab",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "ec708522ed126c2bc6b8e3306c8231351927e369",
+                "SHA256": "a9f6c38c2608d6f36f246e74a9fd17e915c89e54eafa2281b8ace86133df22b3",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 5.839449556174616,
+                        "Virtual Size": "0x92f08"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.5709505944546687,
+                        "Virtual Size": "0xa"
+                    },
+                    "/4": {
+                        "Entropy": 5.2339069016332305,
+                        "Virtual Size": "0xc9"
+                    },
+                    ".data": {
+                        "Entropy": 5.335073549417548,
+                        "Virtual Size": "0x20adc"
+                    },
+                    "/16": {
+                        "Entropy": 7.287209418645642,
+                        "Virtual Size": "0x415"
+                    },
+                    ".dynamic": {
+                        "Entropy": 1.337010437462914,
+                        "Virtual Size": "0x78"
+                    },
+                    ".rel": {
+                        "Entropy": 3.5663663055705634,
+                        "Virtual Size": "0x8fa0"
+                    },
+                    ".dynsym": {
+                        "Entropy": 4.38880926502971,
+                        "Virtual Size": "0x9280"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "ValidFrom": "2017-08-11 20:20:00",
+                                "ValidTo": "2018-08-11 20:20:00",
+                                "Signature": "6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "a5052527524f4998a7bd87f396196fe8",
+                                    "SHA1": "2374a3e4f0499d106f0e4d71a22f7b0e709847c0",
+                                    "SHA256": "f5b4992e0bd1b102ae9d5aeec4bd213f5dd042bd27b9a345ad336d2dda10a138"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "BOOTia32.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "77a4c1f2-a194-4778-8074-4ba1d052129f",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "26019df09c3d207b9be1a2f395b8645a",
+                    "SHA1": "db3344e8cb837776d854dc6adbfa5473a19bd611",
+                    "SHA256": "b67db8d53c925febadafce4356206c85f73e22456eae4ed6ee77f6a9e11a078c"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2016-09-20 08:10:54",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.18478 (winblue_ltsb.160920-0600)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "b93d4a486013424efe0fb34668b50b85",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.18478",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "95c181375ef93e118f930024df1bff96",
+                    "SHA1": "e3a24ad3c9b07df2a4fb39a1432ba3597faa48f7",
+                    "SHA256": "0708c72d17d4892e2deab31b567c830ee261f5e5730997a47366c0e1e58dec0e"
+                },
+                "SHA1": "71ff189bcbb7e43d0793a0efb827f7225fb122b0",
+                "SHA256": "4f3e97e36ec05236dc378c544310a9685d57409b87020bee731d7ddbf90987c6",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 6.632108331411666,
+                        "Virtual Size": "0x130264"
+                    },
+                    ".data": {
+                        "Entropy": 5.287095365347617,
+                        "Virtual Size": "0x5b510"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.471496237401348,
+                        "Virtual Size": "0xfd10"
+                    },
+                    ".reloc": {
+                        "Entropy": 6.7662012546004755,
+                        "Virtual Size": "0x5d00"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2015-08-18 17:15:28",
+                                "ValidTo": "2016-11-18 17:15:28",
+                                "Signature": "60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "f31f8c784e5d3986ccacb9c88c6d7044",
+                                    "SHA1": "833498af9a41da339c83e0d384b521f72d053331",
+                                    "SHA256": "1f47e616b2810165968d76ef4f6587611c276f4b52901bd6aa5822f9c6e52976"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootarm.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "29a5f4df-eaf4-468f-94e1-da9ba1b1c20a",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "1BCF1611E0CC92C9D46D2A51C7ECF6EC63C562EF759324A1D9151D508A16B7B3"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootarm.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "BC5D2B2C7E7CB051D084484259095B2868CAEC001C09A6FD33302B0AA0DFA7E2",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootarm.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "66314d3b-bec0-4042-94f3-2744b5a337ee",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "61dcd3b5b1b343f78cdba79267151107",
+                    "SHA1": "f62b5d4321be185905a65037dfcdeb277a4f6169",
+                    "SHA256": "490c927242cc6227ca439a7e9aa9d771ad4d1686eede1f331cbb6c69e9be746e"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2013-08-21 22:13:37",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.16384 (winblue_rtm.130821-1623)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "e7ae8ab50eae0f2730780d6e87a165cc",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.16384",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "76b472327057a88cd36ca28afc4c0e33",
+                    "SHA1": "3111a9f1a2306b44b216f95d22c5d3780e200bb4",
+                    "SHA256": "99f483be10e4f3d7da9abe8eabdf67c61589c0ecec750aac0991666c9bc4e518"
+                },
+                "SHA1": "339702656fbb6e001e9a283dbd54567323f0332f",
+                "SHA256": "88582f3cae30afd77990944709ac4e272d68cdc009d9c3ff6f7c2e19e74f5975",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 6.634660604406808,
+                        "Virtual Size": "0x11125e"
+                    },
+                    "PAGER32C": {
+                        "Entropy": 6.5590017342718845,
+                        "Virtual Size": "0x4795"
+                    },
+                    "PAGE": {
+                        "Entropy": 6.562392196399758,
+                        "Virtual Size": "0x1333"
+                    },
+                    ".rdata": {
+                        "Entropy": 5.897305248359915,
+                        "Virtual Size": "0x154c4"
+                    },
+                    ".data": {
+                        "Entropy": 5.3304508105703245,
+                        "Virtual Size": "0x56510"
+                    },
+                    "PAGER32R": {
+                        "Entropy": 7.124151697179559,
+                        "Virtual Size": "0x100"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4708887278026244,
+                        "Virtual Size": "0xfd10"
+                    },
+                    ".reloc": {
+                        "Entropy": 5.536942764112647,
+                        "Virtual Size": "0x7fe4"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2013-06-17 21:43:38",
+                                "ValidTo": "2014-09-17 21:43:38",
+                                "Signature": "78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "28b23b39f3bbd936a26a5b86451be0ac",
+                                    "SHA1": "3b16f29295d5a7c323beb479c71d3d20c6b8acc2",
+                                    "SHA256": "4383c9a796dc607ddaae1849d8e5d2e7ea211aad2c599fe1e251285ec87dd150"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "32eed29e-9d32-4120-8a43-02c7dfc4ae22",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "35434d7522f9aabb654847d66da05599",
+                    "SHA1": "638291271b5b95b647a7ee324dddc79bec196616",
+                    "SHA256": "1eaed62c4abcb2524643e1723f6aadcc31a74af4d2285d3b13880cc44c22dec5"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2012-09-20 00:13:01",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.2.9200.16420 (win8_gdr.120919-1813)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "dbed1f7ed9e19e53bfc7f43122ce3d83",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.2.9200.16420",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "a387b0075e977009a7bb74d24fc388de",
+                    "SHA1": "345e019b25904c911be9e3b6a9e2b0bb18652b04",
+                    "SHA256": "e04ed5674c66abbab401efb6e21e2481d4cbc485e5c8a6d34419bd7c8cc9fdad"
+                },
+                "SHA1": "765ce680a932d9f36a6b09c2191c9e2cab1a89cd",
+                "SHA256": "c6b0d030bb3e54294742b3914ae76c949e52a065abb28d08054fdf90d7eed628",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 6.484872015753315,
+                        "Virtual Size": "0x109ee2"
+                    },
+                    "PAGER32C": {
+                        "Entropy": 6.353319232465821,
+                        "Virtual Size": "0x3d48"
+                    },
+                    "PAGE": {
+                        "Entropy": 6.514825397638524,
+                        "Virtual Size": "0x169e"
+                    },
+                    ".rdata": {
+                        "Entropy": 5.421235290994017,
+                        "Virtual Size": "0x19b34"
+                    },
+                    ".data": {
+                        "Entropy": 4.628310210600715,
+                        "Virtual Size": "0x63cf0"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.014681487785778,
+                        "Virtual Size": "0x8e8c"
+                    },
+                    "PAGER32R": {
+                        "Entropy": 7.631412897966042,
+                        "Virtual Size": "0x380"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4710594887067385,
+                        "Virtual Size": "0xfcf4"
+                    },
+                    ".reloc": {
+                        "Entropy": 2.70744089792279,
+                        "Virtual Size": "0x1ab4"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2012-04-09 20:55:50",
+                                "ValidTo": "2013-07-09 20:55:50",
+                                "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "610bbbd8000000000005",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "158438012e4dcd69b27b762c9358cfa2",
+                                    "SHA1": "684ac167849404a4101f166b759f291a43d5f749",
+                                    "SHA256": "95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "610bbbd8000000000005",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Unknown and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "72b28839-6c76-40b4-b8ec-6582be7d81eb",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "05D87E15713454616F5B0ED7849AB5C1712AB84F02349478EC2A38F970C01489"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "F69D87F5BC30026B00110DADD0264311D15DECE6B67F046506755284AF5EC002",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "72b28839-6c76-40b4-b8ec-6582be7d81eb"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "2a9c12a2-bc01-4af2-bb23-a5f1fcba5bdc",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "C1547CF902570207A9694B6B8E353FE41419DB6A3802221DDF10FB8F86947804"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "B15095CBB09505C8354657EF7DF0FA4046F5F9DC74B26EF12A7D83E82A718322",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "e1e05cba-138a-4879-84c6-0ab872d03ea5",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "34dc51ef7732132306a90266b0dcaf95",
+                    "SHA1": "4f92bc4253c99fb31787f7b1501b0f3af801534a",
+                    "SHA256": "0328f7dd12b552efa7a9e083730333b85f3f4e83d39387fc531863b422f75cc8"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2015-09-29 08:01:44",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.18067 (winblue_ltsb.150929-0600)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "aad10724a4a2b676a69459a61124efec",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.18067",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "2fbc53c18b773e0990639d636825b0ba",
+                    "SHA1": "2a1d3ef0d46e4b8b403cdf0c29bcefbe41250cb3",
+                    "SHA256": "d1a38cd90fba6fb39948b1c0ee836f9542268bb74c4379963c2920d11f696f22"
+                },
+                "SHA1": "e41e22000179036196670a70b71dc199f503f803",
+                "SHA256": "25933d1597ead1c390abc59433aec7c8f955c588551024c88c6388afbc84ed40",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 6.489801499882737,
+                        "Virtual Size": "0x169a84"
+                    },
+                    ".data": {
+                        "Entropy": 4.539922885880969,
+                        "Virtual Size": "0x6b290"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.0876428216562735,
+                        "Virtual Size": "0xa518"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.471196048302116,
+                        "Virtual Size": "0xfd10"
+                    },
+                    ".reloc": {
+                        "Entropy": 5.3873912473580265,
+                        "Virtual Size": "0x960"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2015-08-18 17:15:28",
+                                "ValidTo": "2016-11-18 17:15:28",
+                                "Signature": "60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "f31f8c784e5d3986ccacb9c88c6d7044",
+                                    "SHA1": "833498af9a41da339c83e0d384b521f72d053331",
+                                    "SHA256": "1f47e616b2810165968d76ef4f6587611c276f4b52901bd6aa5822f9c6e52976"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "52a629bd-deb4-4e92-aa7c-3e4c301a086a",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "00a62b0feb53c1c76e1e5246aab69123",
+                    "SHA1": "4654356766b9e062ffd65fd26bf3d0916430881c",
+                    "SHA256": "d87817f76309b1e420547808cb573aea0c8e7de14123793a42388582184286b7"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2014-09-18 12:30:36",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.4.9840.0 (fbl_sec_oss3(dlinsley).140616-1123)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "ec46eab41a4c2ffd8c352d6e0dea430b",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.4.9840.0",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "2777dfee3c799f841a25c53df5d11e39",
+                    "SHA1": "6a4457a8f18e185baf0a0352666728176d377faf",
+                    "SHA256": "1ae942cee9560dc7ed300190c7efbe6312d44ec378914f3c09554d816a51b45e"
+                },
+                "SHA1": "5b65a8b1427f80e9c997bbad4e66dd36742314f7",
+                "SHA256": "e0df7ce01e42a61228f4005fcdb9c42675ff7280a0be9ec1c32ad9d5e0493f10",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 6.474331847803071,
+                        "Virtual Size": "0x171504"
+                    },
+                    ".data": {
+                        "Entropy": 4.473253546138282,
+                        "Virtual Size": "0x620c0"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.082213472250921,
+                        "Virtual Size": "0xa7c4"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.47008160921905,
+                        "Virtual Size": "0xfce8"
+                    },
+                    ".reloc": {
+                        "Entropy": 5.415490038570185,
+                        "Virtual Size": "0x99c"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2014-07-01 20:32:01",
+                                "ValidTo": "2015-10-01 20:32:01",
+                                "Signature": "8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "9da610547a25cbe89af7ecdb99229623",
+                                    "SHA1": "6841cbcbd019586d045c2e9d6d0bc3a98fee3bf7",
+                                    "SHA256": "1cfead8146399a4dfe6759e9303c30c521cff3830e7177e87e64021dc3da4931"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\gcdx64.efi } }",
+            "Description": "This was provided by Canonical and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "5f398d53-d42c-4c4c-acc2-b3766bf08b97",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "5b234f54fbe2396c8248e75ee4f691d2",
+                    "SHA1": "ba379da7ab2c2c99c24e004f4357da5cb6acaa6d",
+                    "SHA256": "e7681f153121ea1e67f74bbcb0cdc5e502702c1b8cc55fb65d702dfba948b5f4"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "2014-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "gcdx64.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "4a7dcdd069fcdf8d7319ea5e135403fb",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "f48de3320923666bd1a9690f993a6d83ed420c24",
+                "SHA256": "0ac2943abf5ef953b939247b74331fb2c437e405a81dd5569d9cff1d6183d53a",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 5.571601531682557,
+                        "Virtual Size": "0xb000"
+                    },
+                    ".data": {
+                        "Entropy": 1.2839449201733235,
+                        "Virtual Size": "0xf000"
+                    },
+                    "mods": {
+                        "Entropy": 4.3228367643315035,
+                        "Virtual Size": "0x13e000"
+                    },
+                    ".reloc": {
+                        "Entropy": 5.904300253815697,
+                        "Virtual Size": "0x1000"
+                    }
+                },
+                "Signature": "",
+                "Signatures": {}
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "gcdx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\rhel-7.9-20200730-shim64-bit.efi } }",
+            "Description": "This was provided by Red Hat, Inc. and revoked Apr-21",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "db9487ab-4dc1-4c3d-a04a-70696d63bcc4",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "D6EE8DB782E36CAFFB4D9F8207900487DE930AABCC1D196FA455FBFD6F37273D"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "rhel-7.9-20200730-shim64-bit.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "24357D13D3CFC29A7E83D86A6BB53FC932461B7D0A653701188D7B427C704FB1",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "rhel-7.9-20200730-shim64-bit.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootia32.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "2f495b21-1d43-43c5-8770-c221121a2e6a",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "B7EA2FBD3FEEDA309912B2767BA80DD037813E80FED17CDA79EF7F62B6D1953B"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootia32.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "6FDB5AB3815A499948DF5ED732EE275FA44CE8313287A33B2875B2A2B1D60021",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootia32.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\rhel-8.3-shim-20200726-shimia32.efi } }",
+            "Description": "This was provided by Red Hat, Inc. and revoked Apr-21",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "063ad364-8db5-4bb6-a731-799b970cf900",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "FFF421A9DCD3EF38AD585E8BACA408AC2E4CDBDFA679900EC17089624E310ADA"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "rhel-8.3-shim-20200726-shimia32.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "96DD3FFBAB73A9DAA0CA93C34C4EDA5BD9C8AEEB0480C1A3BD93131F44CA9A29",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "rhel-8.3-shim-20200726-shimia32.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "a24fcdef-7393-4141-ae9a-f97fce196c35",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "71B601EE3746DA7177726DB84F5B417C9721583D2D88AD857BF368A54FF76BFA"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "98A4F01BD9D8A039C669C2AF9082A0EEFBCEABEA4C739E05A1D0C59C5D851AD1",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\shim-13-0ubuntu2/shim64-bit.efi } }",
+            "Description": "This was provided by Canonical Ltd and revoked Apr-21",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "b1d65631-7072-4168-b25a-5e18d41b3410",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "1d9a09ad4a977af7eb8359638d016fbf",
+                    "SHA1": "70673742c167b615118ed8692cc0a100427c3f46",
+                    "SHA256": "a8ddf4d0f6a7056f55b464cc79a986cce24541961263c216bedc19a7c4ca2296"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "shim-13-0ubuntu2/shim64-bit.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "a27c33dada320aff0672ce32f953ffbc",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "412391ed50bdc33f24da222c7d79c00dcafbaddb",
+                "SHA256": "9be93e365a8240a03b05db26684b708b46d7585be325a3e22170cd5b324e0cb0",
+                "Sections": {
+                    "/4": {
+                        "Entropy": 4.859071012200417,
+                        "Virtual Size": "0x18680"
+                    },
+                    ".text": {
+                        "Entropy": 5.636950908142091,
+                        "Virtual Size": "0x94f6a"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    "/14": {
+                        "Entropy": 5.317320051092131,
+                        "Virtual Size": "0xd2"
+                    },
+                    ".data": {
+                        "Entropy": 4.5618243060977575,
+                        "Virtual Size": "0x2a688"
+                    },
+                    "/26": {
+                        "Entropy": 7.322772708526002,
+                        "Virtual Size": "0x449"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.8630797231656377,
+                        "Virtual Size": "0x100"
+                    },
+                    ".rela": {
+                        "Entropy": 2.6508835902550336,
+                        "Virtual Size": "0x1ae80"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.212807020759649,
+                        "Virtual Size": "0xedf0"
+                    }
+                },
+                "Signature": "",
+                "Signatures": {}
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "shim-13-0ubuntu2/shim64-bit.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "94c6901b-e217-41cf-a4c7-b62763759d3e",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "839894ED391B7C88E995F845CA152F65BF881850D768E3EF3880838B52846A74"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "A8FAD7CD0CC1DC152AE0880C21D91F6270FDB410D60E1129963AFCD3DF5841F1",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "59605f2c-5575-464b-aacc-af09e949f153",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "32AD3296829BC46DCFAC5EDDCB9DBF2C1EED5C11F83B2210CF9C6E60C798D4A7"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "BA0610793FAA746150C0FD5689158B01DEEEA7320E2F14B31EE9AF4F2C4D1587",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "59605f2c-5575-464b-aacc-af09e949f153"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "b2be4369-0672-4a82-96df-ee4d208d3352",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "54061FF50D91296F2F44D8B338AEEDFBBE86DF49DB5DE8A45191AAA931F5BCF6"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "79631821A585BFC9A9A5D2D92D37714EFD84A3D856284A0897654461EC1C137D",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Unknown and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "59b5e207-bca6-4425-b392-2fd0ed44935e",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "9BAF4F76D76BF5D6A897BFBD5F429BA14D04E08B48C3EE8D76930A828FFF3891"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "610D0A80FD4E876EAD581903B33C96ECC4B8BD7115FC9DF5579B3A25416FDAEF",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "59b5e207-bca6-4425-b392-2fd0ed44935e"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "d1e51f20-1939-4b7c-8875-2458c9e418d9",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "270C84B29D86F16312B06AAAE4EBB8DFF8DE7D080D825B8839FF1766274EFF47"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "FD1CD4D4A1AC691E7A0AF14C3DFB17DAF3F2E6A2B286C9E233070979EC36BB6F",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "d1e51f20-1939-4b7c-8875-2458c9e418d9"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "18b807f0-bafd-4f25-8f7d-e2ff15fb5691",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "24dca2244a6220a9bb1962697f8aa2f0",
+                    "SHA1": "2688b0ed81c02678e9884b32b6ef0fd603930cd7",
+                    "SHA256": "148fe18f715a9fcfe1a444ce0fff7f85869eb422330dc04b314c0f295d6da79e"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "2012-10-15 05:52:12",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "c86257e19730c49e2abfbdf19e322c49",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "6a9e3957a060061c09a674ed338df34af8f23540",
+                "SHA256": "f88e92940985413acd440daa20c08df99c54613636826d9d95b898d39c44b19b",
+                "Sections": {
+                    "/4": {
+                        "Entropy": 4.818597410150845,
+                        "Virtual Size": "0x17158"
+                    },
+                    ".text": {
+                        "Entropy": 5.636154950062723,
+                        "Virtual Size": "0xa8b3d"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".data": {
+                        "Entropy": 4.785189552901681,
+                        "Virtual Size": "0x30b48"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.8341231672694769,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".rela": {
+                        "Entropy": 2.630441034461607,
+                        "Virtual Size": "0x2af48"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.2123348112059116,
+                        "Virtual Size": "0xf090"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+                                "ValidFrom": "2012-07-02 22:25:14",
+                                "ValidTo": "2013-10-02 22:25:14",
+                                "Signature": "840831439e4e63e88d00e1b0c0678d70bb89f466e9027ab28177926d5def8175b3240e729f943f1e6bd94a0f27c92e696a5001c0747f6bf7574c09e8485a5eb6d7024244ddd73236c28e9dfad58ec5098b74516234232552d9230c1d0ddae73108b0a0144bd9e9265dac56ebdcce7512cf3627a6858d41876ede19d35e0e27957a6896aae9ea150098327450fe7c72385aac6feff0616b3d066cd0be7e5a537bb18488c67db9f0731c30ac7918fe977b4250ffbfbeea81e1ba3b8a0305b9374f0d22453781cc5823b5faad5e50e84306381f83382fe0ed8b176a9c9ff1868cc6543e7f12b1f112adc62430fd1ba530d877a290f0d2e09eacce07ed37ec439c25",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "33000000081eb17e9c15fc837a000100000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "c5e24205d04c09c94d81b6935af7ec09",
+                                    "SHA1": "12622dccb5b07edfd65cae6fc018e24b80ff2c82",
+                                    "SHA256": "d6afbff1c283d7777501bd3b2adb4aadb8ce32649ee401dfbb06f884362f7507"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "33000000081eb17e9c15fc837a000100000008",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\shim-0.4-0ubuntu4/shim64-bit.efi } }",
+            "Description": "This was provided by Canonical Ltd and revoked Apr-21",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "c8bbda28-7392-4588-a899-755c58de432b",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "15d38ac115b29438f9f82509f78c340a",
+                    "SHA1": "c017bdf23c9fae3f7c66a28aaefa4ce95d174a71",
+                    "SHA256": "1db183cf5655b2dd0ce9508273b339146c3b7dcdec0d0ac3c180c953083faf18"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "2013-09-23 01:33:04",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "shim-0.4-0ubuntu4/shim64-bit.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "8712d45e1ae024cb45067ad5918e12da",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "a6aa33d40dacfcc964b01a5c18d26829d362fbce",
+                "SHA256": "702a10fa1541869f455143ed00425e4e9b2d533c3b639259bde6aac97eca15ed",
+                "Sections": {
+                    "/4": {
+                        "Entropy": 4.852971920873678,
+                        "Virtual Size": "0x176f8"
+                    },
+                    ".text": {
+                        "Entropy": 5.634227672572103,
+                        "Virtual Size": "0xa84d5"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".data": {
+                        "Entropy": 4.791429945661147,
+                        "Virtual Size": "0x30b48"
+                    },
+                    "/14": {
+                        "Entropy": 7.33045778996378,
+                        "Virtual Size": "0x441"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.8174565006028103,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".rela": {
+                        "Entropy": 2.627268789314352,
+                        "Virtual Size": "0x299a0"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.2126934517254524,
+                        "Virtual Size": "0xf120"
+                    }
+                },
+                "Signature": "",
+                "Signatures": {}
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "shim-0.4-0ubuntu4/shim64-bit.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\Signed_13652009334930799/shimaa64.efi } }",
+            "Description": "This was provided by Debian and revoked Apr-21",
+            "OperatingSystem": "64-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "faa5ce45-c815-4eec-a757-84e1b181afcf",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "3E828EF5E880FE62B33D36B78F2235F1A314153899AC80469597297B9A9DD22D"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "Signed_13652009334930799/shimaa64.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "EBF3E0F060E9ECA943F49444CC0DBF6CBE1AEC2C20AE10DFB9E757335AA26ADD",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "Signed_13652009334930799/shimaa64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "077ccbb7-5e3d-455d-abbf-317e3ee73abd",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "A5E476C4BA2ED8EF8C30F247F3E13AFA5C7E3A5A952E4B8325C22F33F7F23621"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "DB67C1601CC3B3313B9F6E8F12E76627E7BC6F3936BD8147FCAFAF5FB6556966",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Intel Corporation and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "8e051211-3998-46bf-abf0-cfba6699c4f1",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "CF13A243C1CD2E3C8CEB7E70100387CECBFB830525BBF9D0B70C79ADF3E84128"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "07058C9BBCCB99D58FC93EBE2C007CFE28E1BF74E51954584AA3D3CA06689FBA",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "8e051211-3998-46bf-abf0-cfba6699c4f1"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "b262ea41-bb3c-4682-9a8d-a4e52e495c6c",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "9ac88694e8ed9aee8005b00700994fd1",
+                    "SHA1": "f1fcc53669caf87c89c1acec550dc9b989d5f4a8",
+                    "SHA256": "7a0294ba07a2aee3648afc0daf2efd526a5b76349ec906f819c03bc217257638"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2012-09-13 20:23:52",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.2.9200.20516 (win8_ldr.120913-1503)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "7f5843d48a960315b047e5231470e1b6",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.2.9200.20516",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "fa6462badb7aa537a9d3ecf604e9fbd7",
+                    "SHA1": "caefdafc6f3620830b306d429c83bb077f6bdaa4",
+                    "SHA256": "4689fe3d6e35db99759219db2adef6cefa62105e8b636c0c5bd2a6bec395e471"
+                },
+                "SHA1": "a9f1a7c49b57694d6f44de42e7675ccf07e0a57e",
+                "SHA256": "81199ecb7a384d04f4e0f5541af731ca6ab0a04f1e2d692b4c386e0f02f15009",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 6.641518892559521,
+                        "Virtual Size": "0xdd286"
+                    },
+                    "PAGER32C": {
+                        "Entropy": 6.572183780133045,
+                        "Virtual Size": "0x4805"
+                    },
+                    "PAGE": {
+                        "Entropy": 6.502474956779901,
+                        "Virtual Size": "0x12ab"
+                    },
+                    ".rdata": {
+                        "Entropy": 5.359607054105938,
+                        "Virtual Size": "0x122aa"
+                    },
+                    ".data": {
+                        "Entropy": 5.32099548613425,
+                        "Virtual Size": "0x54bf0"
+                    },
+                    "PAGER32R": {
+                        "Entropy": 7.631412897966042,
+                        "Virtual Size": "0x380"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.470952087691717,
+                        "Virtual Size": "0xfcf4"
+                    },
+                    ".reloc": {
+                        "Entropy": 6.124599725636047,
+                        "Virtual Size": "0x61b0"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2012-04-09 20:55:50",
+                                "ValidTo": "2013-07-09 20:55:50",
+                                "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "610bbbd8000000000005",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "158438012e4dcd69b27b762c9358cfa2",
+                                    "SHA1": "684ac167849404a4101f166b759f291a43d5f749",
+                                    "SHA256": "95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "610bbbd8000000000005",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "a9874948-be3c-49ba-b6ca-9ff18f01aa9e",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "1364B7B94AB2A93E79D297EBF6CE0A30F7997E5929E408EF0D3B5D54C64E7B90"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "9E1E22CBF19E9A483E6D57345959A3F8862C3C98E2A825EB995819F0CF210F48",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Oracle Corporation and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "ae5b655b-a592-4d17-bce2-99ef497e846c",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "b6736f2d357c4f0b8d557c3c0c39fb54",
+                    "SHA1": "4917df76db99a277efdb57da560e145ca3d32d35",
+                    "SHA256": "e7c20b3ab481ec885501eca5293781d84b5a1ac24f88266b5270e7ecb4aa2538"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "5917ac93685b816492c5476071db3871",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "f039244623179184ac63f73797aee7f926f2132e",
+                "SHA256": "6e79e3d0580d244c2fc2179a4f08cb80f945ad33d8c4c325de4e35e0d41584c5",
+                "Sections": {
+                    "/4": {
+                        "Entropy": 4.796856025961145,
+                        "Virtual Size": "0x13ab0"
+                    },
+                    ".text": {
+                        "Entropy": 5.612002982618474,
+                        "Virtual Size": "0x87259"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.3567796494470397,
+                        "Virtual Size": "0xa"
+                    },
+                    ".data": {
+                        "Entropy": 4.362375087615993,
+                        "Virtual Size": "0x24058"
+                    },
+                    "/14": {
+                        "Entropy": 7.113430283211426,
+                        "Virtual Size": "0x603"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.8424565006028102,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".rela": {
+                        "Entropy": 2.5870428023786656,
+                        "Virtual Size": "0x24ea0"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.188660636162784,
+                        "Virtual Size": "0xcc30"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+                                "ValidFrom": "2015-10-28 20:43:37",
+                                "ValidTo": "2017-01-28 20:43:37",
+                                "Signature": "71bbbe63866fd705b424a7ba51f23ca48a84197382972d3a8f43597f67928ed7263aa0a22681b89d851ddb655f9ccf932a92da0dc6c7f43eded65716ee65ed2739ef140bb95d987dcdc1b7ee9134abd02370e12c3eba71662f10e88370610acb6c98fff27c38b3b829333d75428e804aded09b3486717d41188f048902c169787bcf10996c7b66de4dfa5b8217bdb02314393db288a8dffb5b5b63a14d781ebf0efa5ac640585fdf6370bcb52870f92d67282231111211726c82c09a1a1a81043bba955b40bbc91c033272d987521e37d8aa1dd0fa54513c12acc0a1480801d2dfa5e438a71a0a30a684a39233224b9e71463db6b99a67073724a200425b42c6",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "3300000018e730837f472a7b5b000100000018",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "d442a6ab238e766c07d33f02d299a9a5",
+                                    "SHA1": "3fb2a93548919ed386a441800a5d941ee358e38f",
+                                    "SHA256": "8806fc9fc29ec30556728d016e0667364f4f3359b8747cbd45d5f783ffe93abb"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "3300000018e730837f472a7b5b000100000018",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "ae5b655b-a592-4d17-bce2-99ef497e846c"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "d0f8d27f-26e3-4500-bcb8-dab29c667c29",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "400AC66D59B7B094A9E30B01A6BD013AFF1D30570F83E7592F421DBE5FF4BA8F"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "0742A120E871BBB67D6947D05E9301CDACBCCB4AF650464F996B40352CA9699B",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "d0f8d27f-26e3-4500-bcb8-dab29c667c29"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootarm.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "4002b7f5-487f-4822-a1bd-6fbf1167f00a",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "4F93ED05AD7E20BDDE6241D24B196D6334C8C4010D92757E4868FF4BBD6A0F98"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootarm.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "3142879893B677C1B25C92F9CF1DF3F90B209509992D52E9C64C3371296A9A08",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootarm.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "c2d12b91-7e1e-403c-8d76-9664229a68c0",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "93F5233E9970A7DB1E4C9AA2DE2404636728E7C66C03F2BBE74B18B20A93BA96"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "101EC6206BC939A389713775B3BDB405E91252FAD75509C54FA1DBBE822F4596",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Intel Corporation and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "46629c02-f2d8-440a-bc46-d67ad73ea772",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "147730B42F11FE493FE902B6251E97CD2B6F34D36AF59330F11D02A42F940D07"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "3141C6EF9FCE61084D16F0659A9596B0156F24D6F4B03837C4B7543CFB378D61",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "46629c02-f2d8-440a-bc46-d67ad73ea772"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2023-28005"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootx64.efi } }",
+            "Description": "This was provided by Trend Micro and revoked Mar-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "d22cf9cb-63e3-4445-8af3-abd3537282d0",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "1788D84AA61EDE6F2E96CFC900AD1CAB1C5BE86537F27212E8C291D6ADE3B1E9"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootx64.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "884A2EC5FFBB42E948401E425123DCF2557664E77B3B7474A728069FDECD46ED",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "aa9b6b05-0b51-423e-b4f7-39cb30cbc987",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "9875bf0884ed2f18a32cefd749c60406",
+                    "SHA1": "ecdde500ab2b06dd0c870c1f64d783f2cbd095dd",
+                    "SHA256": "cef75d1da8e991ac96d36f8a14562849207f9dd50fc63028ba83277d5c27d00b"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2021-12-04 22:14:22",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.20227 (winblue_ltsb.211204-1700)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "007e746f6aeff8bcb4479e6e49236260",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.20227",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "aaf18af925d829095e017c505f1a0039",
+                    "SHA1": "c3d13f7d96127a3b16c7a8c0a3dd98fd9f22c3cf",
+                    "SHA256": "05367ecae4cf78cc575048fb931468b1d210df8c38ff8ca05481124b1a1a6917"
+                },
+                "SHA1": "3971fa916c03c91a66e72c58ad766724b6a5c219",
+                "SHA256": "62288f1f5f2f8529292eb45c2ae2a33d1057a3dec12164958e76ded36fbe712b",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 6.492974348184544,
+                        "Virtual Size": "0x16d9e4"
+                    },
+                    ".data": {
+                        "Entropy": 5.416154317517693,
+                        "Virtual Size": "0x6c7f0"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.082245001282489,
+                        "Virtual Size": "0xa704"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4720882192142506,
+                        "Virtual Size": "0xfd30"
+                    },
+                    ".reloc": {
+                        "Entropy": 5.406889572520271,
+                        "Virtual Size": "0x994"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2021-09-02 18:23:41",
+                                "ValidTo": "2022-09-01 18:23:41",
+                                "Signature": "699045742c403812de1bdf9ea2be22132e82a7c006ab278e0c9f460bd435386348031a6b5cbdf450ae5a243331dcb2cc7eace8371cf71ec35a6f663147bd211ea357614e6a611eeacca6486a778d4cd788106ade12d6625574e7a89ecab4eb0bb99295c498dd5f565680a2d26bf2545e727c4204023c48d8021b608fd901c6fefd16ce0c3a669fb0ce758dc671f2cdd7434c163f9de9453e5523d94a78205c828a4615e50330d9f52a8a77f7683d2b61ff1324382d40d31001c518b56b286fbb8c754f6940590c2071385ed0a9387b529c06bf71fff89c74634550fc331b389d558696ace05787144e5af53d20a75a84981bf8380ddac3743f407d8ff27c089e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "46f57c3b860b08484cb79066ac1014ad",
+                                    "SHA1": "c1fe3ab97b834a98460e4ae92fe2468d16f61a92",
+                                    "SHA256": "d78e6b22fec42de5200f6c56731dd6742c79fa2bf7c01c8dc04d3d5738474c9b"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "84dbe789-ccc2-4988-a6f0-b4c74b74e133",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "f0056ccaf2bb46ff7e936a2e371f94b7",
+                    "SHA1": "56b864169cb1f986f5103c248d6e83caab52154c",
+                    "SHA256": "065d94b9ea00397a2addb747e1e0978e4de6bf175339778fb9b0760fec3d3b61"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2014-04-26 13:28:07",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.17109 (winblue_gdr.140426-0111)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "86f6426a9b47dc73eb8c8bafbb46799f",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.17109",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "f946cf9d5023059fc9f2140cd5b159d7",
+                    "SHA1": "13ecec12054fd579ab92638fb336a8a17c1264db",
+                    "SHA256": "f699df0555e9fe0fb7019c00aa9f4c2da8abeacc45ef7f11dd65541052afb896"
+                },
+                "SHA1": "c730aa1c864f3b802de8d123b5b883dc9b2ce81b",
+                "SHA256": "00550ccee4edfefd7b7fb54864d0aa5df059885e9e79ff80d4fb134b4487c05d",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 6.504411864376694,
+                        "Virtual Size": "0x167854"
+                    },
+                    ".data": {
+                        "Entropy": 4.531675396212995,
+                        "Virtual Size": "0x6b2b0"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.086465742838075,
+                        "Virtual Size": "0xa4a0"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4710786971088847,
+                        "Virtual Size": "0xfd10"
+                    },
+                    ".reloc": {
+                        "Entropy": 2.3314984387449065,
+                        "Virtual Size": "0x2020"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2013-06-17 21:43:38",
+                                "ValidTo": "2014-09-17 21:43:38",
+                                "Signature": "78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "28b23b39f3bbd936a26a5b86451be0ac",
+                                    "SHA1": "3b16f29295d5a7c323beb479c71d3d20c6b8acc2",
+                                    "SHA256": "4383c9a796dc607ddaae1849d8e5d2e7ea211aad2c599fe1e251285ec87dd150"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\BOOTX64.EFI } }",
+            "Description": "This was provided by Red Hat Inc. and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "52f8c789-bc20-45cd-a1b6-8a564b18fff6",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "5557985ad6236a2e6f4dc5efcb052bd7",
+                    "SHA1": "36f2525fb6ae3fed1191d10ae9b4a524fe5914e1",
+                    "SHA256": "6efefe0b5b01478b7b944c10d3a8aca2cca4208888e2059f8a06cb5824d7bab0"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1970-01-10 02:40:12",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "BOOTX64.EFI",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "6d83b980fd7541fbe793a891b95d5621",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "224b166130e25c00ac9a6c33d7816acc6b98cde5",
+                "SHA256": "d57f40a0e9018765cd79393a0d57d8e6d6d880d93b95fa57cedbda5a0b4a1ae3",
+                "Sections": {
+                    "/4": {
+                        "Entropy": 4.837270867662857,
+                        "Virtual Size": "0x1ebf8"
+                    },
+                    ".text": {
+                        "Entropy": 5.61945309796477,
+                        "Virtual Size": "0x9be5f"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    "/14": {
+                        "Entropy": 5.255022427055196,
+                        "Virtual Size": "0xe4"
+                    },
+                    ".data": {
+                        "Entropy": 4.419173693560442,
+                        "Virtual Size": "0x2c518"
+                    },
+                    "/26": {
+                        "Entropy": 7.338341139988703,
+                        "Virtual Size": "0x3e2"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.7957307370557809,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".rela": {
+                        "Entropy": 2.655945791385897,
+                        "Virtual Size": "0x1c548"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.2164293589099726,
+                        "Virtual Size": "0x10230"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+                                "ValidFrom": "2016-11-17 22:05:37",
+                                "ValidTo": "2018-02-17 22:05:37",
+                                "Signature": "0141873b6d85a37b5ac2a306448d73b6be76f7682ad14efef7ce4b377f0f7a5fbefd76377d59dc2caccd28d1be3eb180a8b66ab19a853bd14c7d5e955e8f07bc2ee0686ac3a2c9e997bd9f58de6dc9b93900c6b7824f64bf415ac51ebaa3dcfe8ad4fc2a41ad95b372c421c4f87835a59867c244e1c8df142abc4b23579f57431565eb8de6a7a0318b2fd17f93876a335c9450d2531f6a877baf43a569f83703a68e49987ca3c6dd42a595827f5be49151d3b79ea262e38ef5b37bda5b1be3462baa6ccb313193cdba21ea3cb1e9bbc751a769f354d63a0d1de3158c67d47b765b92d580ed5f1f1cdb5f61774c4b66c7deb15f4c71d605106064f33a17d31ca6",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000001e0d8474951a966ce400010000001e",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "b6f099bf203668f11a8f79ab08792ed8",
+                                    "SHA1": "4713755a345940554eada6042e90b0151591fad6",
+                                    "SHA256": "62a02001fda2712f35e5ba5f619a6403b6a2c10570eab455fdc69455535f49bb"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000001e0d8474951a966ce400010000001e",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "BOOTX64.EFI"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "48d8feab-a988-4578-a65e-c6ba5f43ffac",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "77CDCFC9644F8F80FF407CDE316AC235DDD1ADA9C3B6A5AA9544DB2D64B79FED"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "ABF6F968CF9ACDDC04BA5F287F857551CC9D3237CE402D527279930AB5F84894",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "54a6f135-0fba-459b-8749-4a0764d690c1",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "0A3C2072EF4FBDBF045E1876E855BB8AD5DD0809F66AD1442239A7D856AD908E"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "8D76482F549D66048611DE6C4E67289E3B0BF051130B546E9A4B98B8DE0C4EA8",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "a950cc79-4054-4d02-bd8d-3de2165a3721",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "992820E6EC8C41DAAE4BD8AB48F58268E943A670D35CA5E2BDCD3E7C4C94A072"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "169D0AC3DA1DDA382812F7F221B8C9CD55961A05D876E3D812641313297848BA",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "a950cc79-4054-4d02-bd8d-3de2165a3721"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootarm.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "eba694e7-6b97-4fd7-8e20-e26392cad8e7",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "86E9384C41F9339D9B0F80B48055D02BE5FF908860F2CEF63359E0D8B7937A27"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootarm.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "07463549E9B992F78E7E64BD24BCA93754EF3674F5F5D76C4D44F462060DF0B9",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootarm.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootarm.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "76afa72a-2b55-4649-9fc2-3dbdc27456e6",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "AF93D5A2238F01D595A1BC2092F0AB29A550B2B96BDE7356EBF64D8F04234958"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootarm.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "5AA8E7418AE78250745BE3ACFC2B8D1FC1DD4D1DEFB54F19A508BD8247CC958F",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootarm.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootx64.efi } }",
+            "Description": "This was provided by Endless OS and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "b59f1e98-72fb-4ccf-a651-bf9318f14150",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "a130bc7f90388e8f9d885f55fc7a8b8e",
+                    "SHA1": "b7f9b5a096cd0d524da6296ace355e268cc01a9d",
+                    "SHA256": "0fa3a29ad05130d7fe5bf4d2596563cded1d874096aacc181069932a2e49519a"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1970-01-09 02:08:12",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootx64.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "7661abbf92a68466a3562ec887365e6a",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "ccdc96497a3d4cb4a616939fbf102e5faa787a9f",
+                "SHA256": "4b2bd93b32de4be7235c95c97af98e12bed5f0602b7b428700f9a1348cb2f731",
+                "Sections": {
+                    "/4": {
+                        "Entropy": 4.8333953377065395,
+                        "Virtual Size": "0x18018"
+                    },
+                    ".text": {
+                        "Entropy": 5.6193950523430525,
+                        "Virtual Size": "0x8effc"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".data": {
+                        "Entropy": 4.357579251117195,
+                        "Virtual Size": "0x28f78"
+                    },
+                    "/14": {
+                        "Entropy": 7.407333327251879,
+                        "Virtual Size": "0x371"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.8341231672694769,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".rela": {
+                        "Entropy": 2.634187270160945,
+                        "Virtual Size": "0x1abc8"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.207672075514832,
+                        "Virtual Size": "0xea00"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+                                "ValidFrom": "2015-10-28 20:43:37",
+                                "ValidTo": "2017-01-28 20:43:37",
+                                "Signature": "71bbbe63866fd705b424a7ba51f23ca48a84197382972d3a8f43597f67928ed7263aa0a22681b89d851ddb655f9ccf932a92da0dc6c7f43eded65716ee65ed2739ef140bb95d987dcdc1b7ee9134abd02370e12c3eba71662f10e88370610acb6c98fff27c38b3b829333d75428e804aded09b3486717d41188f048902c169787bcf10996c7b66de4dfa5b8217bdb02314393db288a8dffb5b5b63a14d781ebf0efa5ac640585fdf6370bcb52870f92d67282231111211726c82c09a1a1a81043bba955b40bbc91c033272d987521e37d8aa1dd0fa54513c12acc0a1480801d2dfa5e438a71a0a30a684a39233224b9e71463db6b99a67073724a200425b42c6",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "3300000018e730837f472a7b5b000100000018",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "d442a6ab238e766c07d33f02d299a9a5",
+                                    "SHA1": "3fb2a93548919ed386a441800a5d941ee358e38f",
+                                    "SHA256": "8806fc9fc29ec30556728d016e0667364f4f3359b8747cbd45d5f783ffe93abb"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "3300000018e730837f472a7b5b000100000018",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\centos-7.9-shim-20200726-shimia32.efi } }",
+            "Description": "This was provided by Red Hat, Inc. and revoked Apr-21",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "fd70f49d-4efd-4ebb-a889-5dbbcebe33a0",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "398995770D21E9F66B90D69D1EDE16C9E58C0634B2F7D26B1F22501DD93FDAE5"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "centos-7.9-shim-20200726-shimia32.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "8C3A26B5831FF45BC3BCA44C2815951E2DA489A91BBCD295F12DFDBCED9958B9",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "centos-7.9-shim-20200726-shimia32.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "a544e544-0e7e-4fcc-9195-e10564ba5674",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "7F49CCB309323B1C7AB11C93C955B8C744F0A2B75C311F495E18906070500027"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "3D3434BC5A18F072D4CF59D5651F9CE05B61B6FC3C21EBBCF371777AA1E1E1D5",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "a544e544-0e7e-4fcc-9195-e10564ba5674"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Alt Linux LTD and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "3a74fd6f-8747-4f47-b44e-fa10af3da555",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "EED7E0EFF2ED559E2A79EE361F9962AF3B1E999131E30BB7FD07546FAE0A7267"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "9EA346FCFE6DB7F3140DA8FFD5738F6CF97D6014DA61033B32049CB17696B372",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "3a74fd6f-8747-4f47-b44e-fa10af3da555"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "dd1e593d-19e6-4e29-8d3f-5b85a21bf35b",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "FD4591ADD2E5B0664363720C71492982D5B223A141A6248246CD2381F67E926C"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "940A66FBDCB9A3BE16FC8FF56DB63CBFFD7283F15ECF7E50BD9BBAC7EAD303F0",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "7550a473-863a-43f8-aad7-fff5be3977f0",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "199F3CF990816D710F556722CA068597C4341B7F346642339839AE30495309D0"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "4640438E0AAEEE87664C893198B41AA03BBF3214E181AAC4E2DE81A5400D2C27",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\shim-0.8-0ubuntu2/shim64-bit.efi } }",
+            "Description": "This was provided by Canonical Ltd and revoked Apr-21",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "eff3ed05-f849-4ea0-9f4f-1af40e48c368",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "e5569162d84d9553c5cb32345e717a9e",
+                    "SHA1": "64a3960e247176d3389e64a2a61a3be0782dde88",
+                    "SHA256": "e6ed1aaa082e63c15be118462ad2d14cee3bd9cdd81db5c8801b33ade2183d50"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1970-01-09 20:05:41",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "shim-0.8-0ubuntu2/shim64-bit.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "1feeb7cf14b7809b43c9044ff910afd2",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "5a9676753387c0f2b6bf9bae87605b78667df8f1",
+                "SHA256": "45ec69179be0f20088f10be909fc8b6104f85607db0a556482fee9384eb4d52b",
+                "Sections": {
+                    "/4": {
+                        "Entropy": 4.8448409206206575,
+                        "Virtual Size": "0x161e0"
+                    },
+                    ".text": {
+                        "Entropy": 5.587299575684047,
+                        "Virtual Size": "0x9f5ec"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".data": {
+                        "Entropy": 4.508686595222319,
+                        "Virtual Size": "0x2d718"
+                    },
+                    "/14": {
+                        "Entropy": 7.322772708526002,
+                        "Virtual Size": "0x449"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.8424565006028102,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".rela": {
+                        "Entropy": 2.603259641312489,
+                        "Virtual Size": "0x29598"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.209835026586944,
+                        "Virtual Size": "0xe538"
+                    }
+                },
+                "Signature": "",
+                "Signatures": {}
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "shim-0.8-0ubuntu2/shim64-bit.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootx64.efi } }",
+            "Description": "This was provided by Miray Software AG and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "fec3976c-cd0e-4929-a01d-23c584cf7e00",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "fb9005cf320ed99d82d5b6a98988c576",
+                    "SHA1": "f4bc99b43ab88f15d2803b5a9de898223a380563",
+                    "SHA256": "68ee4632c7be1c66c83e89dd93eaee1294159abf45b4c2c72d7dc7499aa2a043"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1970-01-10 13:30:02",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootx64.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "a1a05331029aa3aa0fd396897cb46e8a",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "5e8fe0458328bfeacd491e1c74857c526f444596",
+                "SHA256": "0e5eb8d0bebf089a974bc0ca85d33d73f9a0bf72ed2a5e3a62a0387b51d509ce",
+                "Sections": {
+                    "/4": {
+                        "Entropy": 4.837183147385955,
+                        "Virtual Size": "0x161d8"
+                    },
+                    ".text": {
+                        "Entropy": 5.589380447571309,
+                        "Virtual Size": "0x9f00b"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".data": {
+                        "Entropy": 4.598664200386453,
+                        "Virtual Size": "0x2c298"
+                    },
+                    "/14": {
+                        "Entropy": 7.180357884758935,
+                        "Virtual Size": "0x5ea"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.8424565006028102,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".rela": {
+                        "Entropy": 2.5990440989417416,
+                        "Virtual Size": "0x29598"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.2043588757367574,
+                        "Virtual Size": "0xe508"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+                                "ValidFrom": "2013-09-24 17:54:03",
+                                "ValidTo": "2014-12-24 17:54:03",
+                                "Signature": "2a27d6bd2f34c68a9989ec856449fe4934ad5c0615ec5819664399053737a86be46c914b9478ce393534b759eec5eb6f015b706b853f1d2be51fe9807b178eaa9e0f9558d6a5d913c58c7492cbad106abb7395426801a42f363842e60bf72d046668865db5d8ce2c901c9673044d05abb74c171ac198c0f9376bb9185ec7523bb53e6d2c114642ffbfbe20efc6c2571c2006159cb70ff2c428e997f6ce83bf57ad9a47c47decce9830cf861a156471c62600a0260b44e29ea8e6e33c407c046f37be4a46dcaf38c018b24f969beb716d8e76cebc3d1d19134ed6f216cc2e357848b4998196ebd7326bca3e3ade1ba88e98612a569a46a1f45856f4e2dfa02a5d",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000000a6642f3f49fb7379600010000000a",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "c52110f552e27ebb1e3fae114abafb3f",
+                                    "SHA1": "4954e087123653ce38da4cdd31141b6a1bb999e4",
+                                    "SHA256": "1cf7d28cfb21714522a9c91dda9d899ceadb0769f14b25e770799d88365aa54c"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000000a6642f3f49fb7379600010000000a",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "c2ba98da-826c-45bb-bb56-09db34e78fe0",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "47f4be47cd0365cc9f8a6c802f5a3192",
+                    "SHA1": "01cf7cf98149854f741a31f3a6d8071ad80ea347",
+                    "SHA256": "a22471b1d04c11ca895e8c078c221718c96c40309d64cf84144759ca7dfbd0d0"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2013-09-28 22:53:54",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.16415 (winblue_gdr.130928-1658)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "cefe4b51ab58c74a20f0302fca66bd03",
+                "MachineType": "THUMB",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.16415",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "958a6622f7bc1063a804ffe24cc2dfbc",
+                    "SHA1": "2149d5b311e880738eb501393113a37d1bd511b1",
+                    "SHA256": "ed29968ce0c75d2e0327cfa0c2ecb6492b2c8f590877e9cb6e6d3360e0e8992d"
+                },
+                "SHA1": "e230f2632b21bdb523d214032f979104df1ee867",
+                "SHA256": "88c2eac45b9480cc7e423558ba1b90097e8f12dbf98f4628c7a574c6371c6030",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 7.049152498387783,
+                        "Virtual Size": "0x9b114"
+                    },
+                    ".data": {
+                        "Entropy": 6.106175836191492,
+                        "Virtual Size": "0x35cf0"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.141258232502104,
+                        "Virtual Size": "0x5ab0"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.471815692049393,
+                        "Virtual Size": "0xfce8"
+                    },
+                    ".reloc": {
+                        "Entropy": 4.719816616755866,
+                        "Virtual Size": "0x4020"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2013-04-10 20:41:53",
+                                "ValidTo": "2014-07-10 20:41:53",
+                                "Signature": "cbc341b6aa9c66039f4068be8e0a48a0e38ad5c22d4a6f33e6c39817378261c73b0ac8e800662cde2333f4a79c3b75b726b7aaefc55cb467374a3804a65dd3bcf318da3699a4951225e092422aa4bb08880db7d021c4b7883ccd2452884d6e00d6ec06e6055f30218dfc376e893fdf2b0174ba323e15e0d9e480862c7132f49666ab01c246edcb9e403752b15284de32fa501cbed5bba0e45c60635520155a623bbd1b14d47e4cb8c9b2114d41de618eb6fbb022303df44f93d5d6ba60a5edc24f31c0530da52ea1392985d95b01833392c7686abf5c318308b442b5055011dfd475058a740a741ef63482b84edf9758ccfa5f3472df9c7043ca60912102c15b",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000001b40b3e1eae3b8c84600000000001b",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "2e3f888fadd3d8d498f3237752c18df9",
+                                    "SHA1": "4f3c14facbfca2505dddb77d8b8bfe71abb1d2ed",
+                                    "SHA256": "574085e964e5d1fc9d71150ef08a0e08779e1919f28d75a19dad15f69571c8f6"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000001b40b3e1eae3b8c84600000000001b",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Unknown and revoked Jul-20",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "0bbd943d-7d16-4fe7-ac8b-f9d12daba1f4",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "B52531C84351EB695A8AFF0B7A5BDF93972CDEDFAF4067745425D75E21CD0CBB"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "26A8EBB3EF412AA70D4AB4486EBEE8DB42656AE7F2EC868FA95FA656090F01BE",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "0bbd943d-7d16-4fe7-ac8b-f9d12daba1f4"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\BOOTIA32.EFI } }",
+            "Description": "This was provided by Red Hat Inc. and revoked Jul-20",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "d50e4193-70d2-4807-9bc9-671894e82df9",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "7f6637b50f8043e83815eff4f6f6425c",
+                    "SHA1": "9519b7ba40ba48be3ef06c3b4c09169824e35bb9",
+                    "SHA256": "7f3bdd2e92ae417b2143cc993c7fe48d9363ffa65c9cc461b6a407a779998174"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "BOOTIA32.EFI",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "7de3ac2823e2f7c241f2b181a8417647",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "c3c4d0ccdc07c03c20f133f9f65f6f12accea87a",
+                "SHA256": "c7d9dab91b726dea5abaa893d8f60bd4795f489894044dc56a9d3aad9cc49740",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 5.844138421048036,
+                        "Virtual Size": "0x94d37"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    "/4": {
+                        "Entropy": 4.855334501626881,
+                        "Virtual Size": "0x5c"
+                    },
+                    ".data": {
+                        "Entropy": 5.362038159088457,
+                        "Virtual Size": "0x229bc"
+                    },
+                    "/16": {
+                        "Entropy": 7.340161985642677,
+                        "Virtual Size": "0x3e1"
+                    },
+                    ".dynamic": {
+                        "Entropy": 1.3647139881914778,
+                        "Virtual Size": "0x78"
+                    },
+                    ".rel": {
+                        "Entropy": 3.534994670132211,
+                        "Virtual Size": "0x9048"
+                    },
+                    ".dynsym": {
+                        "Entropy": 4.405087128822569,
+                        "Virtual Size": "0x9370"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "ValidFrom": "2018-07-03 20:53:01",
+                                "ValidTo": "2019-07-26 20:53:01",
+                                "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "8d8a1f204c9c80213bd427fa58b387e2",
+                                    "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386",
+                                    "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "BOOTIA32.EFI"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "ff057f2b-0bc9-4318-a017-66307880a7c6",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "4d7e341b788c22d2ffd0a6e8d7c27190",
+                    "SHA1": "2ab7a9fc3312a502e9178fe76930d65d07480b31",
+                    "SHA256": "21554d1f3bf9f52d3cd297d27df56215c0fd08a0bf673868f3d8c6c064dc5609"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2015-02-04 20:26:03",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "10.0.10010.0 (fbl_kpg_kernel.140630-1750)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "28196e29d41524919202b6bd1e38f35c",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "10.0.10010.0",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "8b6b2892c15ff00e4ddf7eb144e1ae12",
+                    "SHA1": "89115214dfec813ecfa5a23bed633254c214e62c",
+                    "SHA256": "97ff062fbed8c63a4a2526daab5b76fde0b0c54540be4264d13a9116216a1be1"
+                },
+                "SHA1": "ed2c4554266084506d2e514797b3dfc86a50118a",
+                "SHA256": "f4c53c0b054413691ba25a2d162bcde9c9e35b5e706272f70bff96ed5c05a7b8",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 6.4887395472277625,
+                        "Virtual Size": "0xec124"
+                    },
+                    ".data": {
+                        "Entropy": 4.34472616116653,
+                        "Virtual Size": "0x3b260"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.025018814445507,
+                        "Virtual Size": "0x7d64"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4599700329826906,
+                        "Virtual Size": "0xfc40"
+                    },
+                    ".reloc": {
+                        "Entropy": 5.395165473860109,
+                        "Virtual Size": "0x7fc"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2014-07-01 20:32:01",
+                                "ValidTo": "2015-10-01 20:32:01",
+                                "Signature": "8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "9da610547a25cbe89af7ecdb99229623",
+                                    "SHA1": "6841cbcbd019586d045c2e9d6d0bc3a98fee3bf7",
+                                    "SHA256": "1cfead8146399a4dfe6759e9303c30c521cff3830e7177e87e64021dc3da4931"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\rhel-7.9-20200909-shimia32.efi } }",
+            "Description": "This was provided by Red Hat, Inc. and revoked Apr-21",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "146ba6ae-683a-4c91-b076-c267a77bbd47",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "2B7A7A4DAFC35E49D03CBE7118E6BA4582401E1776B9C18A2597725B05A605F1"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "rhel-7.9-20200909-shimia32.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "FE924700AC79DC4689ADD5F7C6761E0D60E665A65F9572B43915010881B0BFBC",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "rhel-7.9-20200909-shimia32.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by The Broadband Computer Co and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "2d78b89b-4a5d-4d38-8c20-2baf76df8699",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "386D695CDF2D4576E01BCACCF5E49E78DA51AF9955C0B8FA7606373B007994B3"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "83B1D2B20830EE199D8845C999D4680B1B2B6D9C1F424DD13826DA3FA7F7139E",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "2d78b89b-4a5d-4d38-8c20-2baf76df8699"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\BOOTX64.EFI } }",
+            "Description": "This was provided by Oracle Corporation and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "33ce2528-8820-4680-bc5d-b48fcc1f9d2d",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "925441e09c4b9c8e30a467a29c16ee49",
+                    "SHA1": "7a26f6d09fcc80e5be03b7a6e5f8fe2a3652f29f",
+                    "SHA256": "894d7839368f3298cc915ae8742ef330d7a26699f459478cf22c2b6bb2850166"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1970-01-10 02:40:12",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "BOOTX64.EFI",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "53663cb5fea6bde711171523a2206e45",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "b0adec5a51e018cc50ef0497126ef4a8d9fd037c",
+                "SHA256": "899afe09e356003605b30dc209a5ba4ef6910baef23fac268bcac6db3cfee98d",
+                "Sections": {
+                    "/4": {
+                        "Entropy": 4.837270867662857,
+                        "Virtual Size": "0x1ebf8"
+                    },
+                    ".text": {
+                        "Entropy": 5.619450573511709,
+                        "Virtual Size": "0x9be5f"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    "/14": {
+                        "Entropy": 5.3247800569653165,
+                        "Virtual Size": "0xe5"
+                    },
+                    ".data": {
+                        "Entropy": 4.41909152489649,
+                        "Virtual Size": "0x2c518"
+                    },
+                    "/26": {
+                        "Entropy": 7.113430283211426,
+                        "Virtual Size": "0x603"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.7957307370557809,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".rela": {
+                        "Entropy": 2.6559476189231193,
+                        "Virtual Size": "0x1c548"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.2164267361361474,
+                        "Virtual Size": "0x10230"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+                                "ValidFrom": "2016-11-17 22:05:37",
+                                "ValidTo": "2018-02-17 22:05:37",
+                                "Signature": "0141873b6d85a37b5ac2a306448d73b6be76f7682ad14efef7ce4b377f0f7a5fbefd76377d59dc2caccd28d1be3eb180a8b66ab19a853bd14c7d5e955e8f07bc2ee0686ac3a2c9e997bd9f58de6dc9b93900c6b7824f64bf415ac51ebaa3dcfe8ad4fc2a41ad95b372c421c4f87835a59867c244e1c8df142abc4b23579f57431565eb8de6a7a0318b2fd17f93876a335c9450d2531f6a877baf43a569f83703a68e49987ca3c6dd42a595827f5be49151d3b79ea262e38ef5b37bda5b1be3462baa6ccb313193cdba21ea3cb1e9bbc751a769f354d63a0d1de3158c67d47b765b92d580ed5f1f1cdb5f61774c4b66c7deb15f4c71d605106064f33a17d31ca6",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000001e0d8474951a966ce400010000001e",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "b6f099bf203668f11a8f79ab08792ed8",
+                                    "SHA1": "4713755a345940554eada6042e90b0151591fad6",
+                                    "SHA256": "62a02001fda2712f35e5ba5f619a6403b6a2c10570eab455fdc69455535f49bb"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000001e0d8474951a966ce400010000001e",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "BOOTX64.EFI"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Intel Corporation and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "518b78e7-eeb3-43b0-a377-acfa0e831ce0",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "5D1E9ACBBB4A7D024B6852DF025970E2CED66FF622EE019CD0ED7FD841CCAD02"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "5875DB0835E08A9189F23833B21774FDD1C4C3BD4C5D3459471A49B85CFFD1E1",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "518b78e7-eeb3-43b0-a377-acfa0e831ce0"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "b42db55a-4520-493a-81ec-42002887ea96",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "caa781731a9d13ac418d97ec2cccb8f1",
+                    "SHA1": "7ac2da2861fe7b90862a27b63629d8a9ee58d97d",
+                    "SHA256": "7fddfe06c44dc4302da54577353c18fdbe11b41cb3e6064ec1c116ee102fe080"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2016-10-05 14:24:09",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.2.9200.22004 (win8_ldr.161005-0600)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "7f0de7a661590f1c33de0b80676e8827",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.2.9200.22004",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "a387b0075e977009a7bb74d24fc388de",
+                    "SHA1": "345e019b25904c911be9e3b6a9e2b0bb18652b04",
+                    "SHA256": "e04ed5674c66abbab401efb6e21e2481d4cbc485e5c8a6d34419bd7c8cc9fdad"
+                },
+                "SHA1": "003454b835a5ee7ee200f9cb4e68b071e2b8e69b",
+                "SHA256": "d1af02fca7522c8d27e053544b3b653ff2daffcae9c420e460235dacab53f7cd",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 6.481657238537085,
+                        "Virtual Size": "0x10a5e2"
+                    },
+                    "PAGER32C": {
+                        "Entropy": 6.357861791329596,
+                        "Virtual Size": "0x3d48"
+                    },
+                    "PAGE": {
+                        "Entropy": 6.514627558721207,
+                        "Virtual Size": "0x169e"
+                    },
+                    ".rdata": {
+                        "Entropy": 5.427514584005019,
+                        "Virtual Size": "0x19b14"
+                    },
+                    ".data": {
+                        "Entropy": 5.464601076751779,
+                        "Virtual Size": "0x65010"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.017575781905406,
+                        "Virtual Size": "0x8eb0"
+                    },
+                    "PAGER32R": {
+                        "Entropy": 7.631412897966042,
+                        "Virtual Size": "0x380"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.47211306543629,
+                        "Virtual Size": "0xfd14"
+                    },
+                    ".reloc": {
+                        "Entropy": 2.715757042100683,
+                        "Virtual Size": "0x1ad6"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2015-08-18 17:15:28",
+                                "ValidTo": "2016-11-18 17:15:28",
+                                "Signature": "60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "f31f8c784e5d3986ccacb9c88c6d7044",
+                                    "SHA1": "833498af9a41da339c83e0d384b521f72d053331",
+                                    "SHA256": "1f47e616b2810165968d76ef4f6587611c276f4b52901bd6aa5822f9c6e52976"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "5cab3a24-4bf3-427a-887e-92ec2ed8f1a7",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "7f11c44bb3fd9f28c453ed0545ce1fd2",
+                    "SHA1": "e5e7294536819a91f69d03c57425ad2576a1055d",
+                    "SHA256": "74b39c206dc8a11cd196d5998d2996b6ad477d72eaf86e19a3dc14ec0eab0f1e"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2014-04-26 11:39:30",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.17109 (winblue_gdr.140426-0111)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "cd78242cb85f016a3ea62002c8f07c0d",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.17109",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "61ae12104fd32308c2c6da0ad0f4da3a",
+                    "SHA1": "5916de417c3548f9179b3fca1170571bd0615d62",
+                    "SHA256": "9d016f97efd1b99cdeec92f9010dbe2695c277306c00fe7e352588a7f6e7be26"
+                },
+                "SHA1": "1df5dc38345eee82fcb606f8c5140c619f187946",
+                "SHA256": "4628ec2698cfbca38d3bb4872df8e65a370ed4591e3fbd613a28b394942b8976",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 6.644731222099491,
+                        "Virtual Size": "0x12da04"
+                    },
+                    ".data": {
+                        "Entropy": 5.269345781205062,
+                        "Virtual Size": "0x5b510"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4713678198457463,
+                        "Virtual Size": "0xfd10"
+                    },
+                    ".reloc": {
+                        "Entropy": 5.543449582817808,
+                        "Virtual Size": "0x7fba"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2013-06-17 21:43:38",
+                                "ValidTo": "2014-09-17 21:43:38",
+                                "Signature": "78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "28b23b39f3bbd936a26a5b86451be0ac",
+                                    "SHA1": "3b16f29295d5a7c323beb479c71d3d20c6b8acc2",
+                                    "SHA256": "4383c9a796dc607ddaae1849d8e5d2e7ea211aad2c599fe1e251285ec87dd150"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootarm.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "0cbcf08b-1870-478c-bb85-8d12308ec1c2",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "C32E05EEF54D7EAA0DD89FE0F4D1A8D97671FB456F6299047C3192C3E3724BCA"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootarm.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "90AA7C82344C06E7657FA919AD2B7395A07F8A1ECA8C159029569BD4467CC7B2",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootarm.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "3645f533-8562-4958-aaa3-7e5924aadd8e",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "3BE8E7EB348D35C1928F19C769846788991641D1F6CF09514CA10269934F7359"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "A7094801F966FC5C253DBD17066AF5BBCB3AF5E281D0A4DAB24E30C7A4B0FB12",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "3645f533-8562-4958-aaa3-7e5924aadd8e"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "b6967d5b-ea2b-4a4b-b24c-63a8eb8dedcd",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "CC7396D1C306ADFCE49E70D7DAF32D093A8F2FEBE2AC0576BA853770E11B3EF2"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "8E5609A57BD66CC153EC2AC60CC10C2E641334C26EA5068C1FD8373A503EF1D7",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "add3eacb-c3b2-4adc-ba76-49ddb1af2ae3",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "EE83A566496109A74F6AC6E410DF00BB29A290E0021516AE3B8A23288E7E2E72"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "FCCC2A01967926437DC0F5F49C6ACEED4DC67EBD7E99169023B5F89A7264CB98",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "add3eacb-c3b2-4adc-ba76-49ddb1af2ae3"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "bcd750be-01b1-4b34-b7a5-065af773d063",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "A7B788A7849607348C0DE9041989F7D67EC302F0CE8D7FDE5E434801F012B5B1"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "65FFA344151D7347ABD0DEB599086063A503FB6419BE9E4358851F6B6AE96749",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "2eba3138-0822-49f5-abb8-ea5cae849369",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "29cf71c7b7ff3b63a229ec82bfc2708f",
+                    "SHA1": "65bb31b71a030a3fe93ba4d64e4ae0cedabbfbcf",
+                    "SHA256": "d5bc11fb619bfced64249b930c785ead5fca3927f0ce3c5efd3f1d9af04b37bf"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2014-06-14 02:32:56",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.17211 (winblue_gdr.140613-1709)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "bad97e7203aec2bd026403a7f70688b9",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.17211",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "f946cf9d5023059fc9f2140cd5b159d7",
+                    "SHA1": "13ecec12054fd579ab92638fb336a8a17c1264db",
+                    "SHA256": "f699df0555e9fe0fb7019c00aa9f4c2da8abeacc45ef7f11dd65541052afb896"
+                },
+                "SHA1": "cd3f23904459410ad9f11b26faff47ac28fa5f04",
+                "SHA256": "df216fa3f13f8f7472c9586da4d0a7cd11cd60a041f486a611a4667f1c3d2cc6",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 6.50474071717545,
+                        "Virtual Size": "0x167954"
+                    },
+                    ".data": {
+                        "Entropy": 4.530096794223056,
+                        "Virtual Size": "0x6b290"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.107728899214702,
+                        "Virtual Size": "0xa4a0"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4710227926789994,
+                        "Virtual Size": "0xfd10"
+                    },
+                    ".reloc": {
+                        "Entropy": 2.329099853080047,
+                        "Virtual Size": "0x2020"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2013-06-17 21:43:38",
+                                "ValidTo": "2014-09-17 21:43:38",
+                                "Signature": "78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "28b23b39f3bbd936a26a5b86451be0ac",
+                                    "SHA1": "3b16f29295d5a7c323beb479c71d3d20c6b8acc2",
+                                    "SHA256": "4383c9a796dc607ddaae1849d8e5d2e7ea211aad2c599fe1e251285ec87dd150"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\shim64-bit.efi } }",
+            "Description": "This was provided by HP Inc. and revoked Apr-21",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "0072a990-7f8a-484c-8727-bd0912dd2ce6",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "E6236DC1EE074C077C7A1C9B3965947430847BE125F7AEB71D91A128133AEA7F"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "shim64-bit.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "DF01F567CF2C2A7B872EB750F12EC534B6F207E760D1ACA6795DB7CB12CFD92D",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "shim64-bit.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Unknown and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "ae22fd08-2ecd-43b7-a5c7-3b857e0e3b71",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "1F179186EFDF5EF2DE018245BA0EAE8134868601BA0D35FF3D9865C1537CED93"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "20E870697471F16EAC55A9658212F83A7E443CDB3844C7D1901B4D4271828F7D",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "ae22fd08-2ecd-43b7-a5c7-3b857e0e3b71"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\shimaa64.efi } }",
+            "Description": "This was provided by Canonical Ltd and revoked Apr-21",
+            "OperatingSystem": "64-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "0acd4573-d0e2-4f57-8c94-3d6e57a391e7",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "62B79FB4A04052FCB498A97F22A3567642D4BC47D1C2FF9A06311C8C6148E907"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "shimaa64.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "3C6318DC79E5CE66F7DCCC71DF01C4E4ACC53F14D978011A29033D59D43D9233",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "shimaa64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "34cf714a-cbf0-4339-afb8-bae3643a4075",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "FE0E58846C40717FEDE6A1E0D6A0546CBF8B8CF0B82258FC16D05BAB58107D34"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "AA38D5E097A9853A25A1DAA838ED83BC43569DB871FDF24888512A434024A866",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "4750d526-693a-4831-991f-4ace2cbe92ad",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "0D85DAAA481B1BE84320E12B5078794DA29628ACB43B69C8909D291BB995CA72"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "D764AC6251FD2641EEBBFBF7A5A95E212DF5997875990D90562CA65D5D966BAE",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "4750d526-693a-4831-991f-4ace2cbe92ad"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "46e2d5a7-6b08-4c8f-b90a-dac8418621e2",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "f9dc5d54b477c66ca23b879546b650b7",
+                    "SHA1": "6f16c59cb8e6b3febb9e73702914f06475dff19a",
+                    "SHA256": "c3297e35c3a9efc4c051706aab77d29a26e62d9a38de256dffeb77a0eec8666a"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2012-09-18 01:24:19",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.2.9200.16418 (win8_gdr.120917-1921)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "087617bd4578c903f0a66bd157217f0f",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.2.9200.16418",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "a387b0075e977009a7bb74d24fc388de",
+                    "SHA1": "345e019b25904c911be9e3b6a9e2b0bb18652b04",
+                    "SHA256": "e04ed5674c66abbab401efb6e21e2481d4cbc485e5c8a6d34419bd7c8cc9fdad"
+                },
+                "SHA1": "1128abbba4480920fc7a0a772239cd1d132a1910",
+                "SHA256": "b65fe0af8297168749dc235340cba7c08cf6b956fdd25fc2c9f16d20da536713",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 6.484872015753315,
+                        "Virtual Size": "0x109ee2"
+                    },
+                    "PAGER32C": {
+                        "Entropy": 6.353319232465821,
+                        "Virtual Size": "0x3d48"
+                    },
+                    "PAGE": {
+                        "Entropy": 6.514825397638524,
+                        "Virtual Size": "0x169e"
+                    },
+                    ".rdata": {
+                        "Entropy": 5.421083425321203,
+                        "Virtual Size": "0x19b34"
+                    },
+                    ".data": {
+                        "Entropy": 4.628310210600715,
+                        "Virtual Size": "0x63cf0"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.014681487785778,
+                        "Virtual Size": "0x8e8c"
+                    },
+                    "PAGER32R": {
+                        "Entropy": 7.631412897966042,
+                        "Virtual Size": "0x380"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4707832631070623,
+                        "Virtual Size": "0xfcf4"
+                    },
+                    ".reloc": {
+                        "Entropy": 2.70744089792279,
+                        "Virtual Size": "0x1ab4"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2012-04-09 20:55:50",
+                                "ValidTo": "2013-07-09 20:55:50",
+                                "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "610bbbd8000000000005",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "158438012e4dcd69b27b762c9358cfa2",
+                                    "SHA1": "684ac167849404a4101f166b759f291a43d5f749",
+                                    "SHA256": "95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "610bbbd8000000000005",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\cent-7.9-20200730-shim64-bit.efi } }",
+            "Description": "This was provided by Red Hat, Inc. and revoked Apr-21",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "9091dbdc-0263-43e1-a886-3c18c6532dd3",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "DDA0121DCF167DB1E2622D10F454701837AC6AF304A03EC06B3027904988C56B"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "cent-7.9-20200730-shim64-bit.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "5DB10187E0E8BB8D2FF649810E03F80FB6873370F3AB1F013811B8E9670F3863",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "cent-7.9-20200730-shim64-bit.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "fcbb1d82-1e57-4ca2-8679-e366cd7cb4e8",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "21F27D89F2E77DEE7CD4336E3A3ADE362A2AAE9FB2EFE2079491A518F3D51FED"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "355B0240DD31FAD0ED13D77B7F880F8EBB32BCC72F9667BECBA3263E099DF378",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootx64.efi } }",
+            "Description": "This was provided by Isoo Software Dev Co Ltd and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "2e3641bb-5bd7-42d3-8353-481b4593c641",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "2fb83ba40e7c8d9019f48dfa8269bdb8",
+                    "SHA1": "775705904e0748bc6210e1869f20765a2f1b027b",
+                    "SHA256": "e24b315a551671483d8b9073b32de11b4de1eb2eab211afd2d9c319ff55e08d0"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootx64.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "89805fbe6421f1d03023514f8fd7215d",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "f41fb5b7aaf48c05faed3e6622d2e2e70c95d2b7",
+                "SHA256": "561d28e0888cdb0a8fce41754742aa8eb1bf5c8dd4eacbf9af0f40e0d36013c2",
+                "Sections": {
+                    "/4": {
+                        "Entropy": 4.861285118776935,
+                        "Virtual Size": "0x18780"
+                    },
+                    ".text": {
+                        "Entropy": 5.6413160957491595,
+                        "Virtual Size": "0x95a7e"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    "/14": {
+                        "Entropy": 4.946577948119573,
+                        "Virtual Size": "0x62"
+                    },
+                    ".data": {
+                        "Entropy": 4.469891621916525,
+                        "Virtual Size": "0x29c18"
+                    },
+                    "/26": {
+                        "Entropy": 7.335685443962851,
+                        "Virtual Size": "0x3e6"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.8630797231656377,
+                        "Virtual Size": "0x100"
+                    },
+                    ".rela": {
+                        "Entropy": 2.6482475445299474,
+                        "Virtual Size": "0x1b0d8"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.209809899920352,
+                        "Virtual Size": "0xdd10"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "ValidFrom": "2017-08-11 20:20:00",
+                                "ValidTo": "2018-08-11 20:20:00",
+                                "Signature": "6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "a5052527524f4998a7bd87f396196fe8",
+                                    "SHA1": "2374a3e4f0499d106f0e4d71a22f7b0e709847c0",
+                                    "SHA256": "f5b4992e0bd1b102ae9d5aeec4bd213f5dd042bd27b9a345ad336d2dda10a138"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "cb08669d-8b82-45b7-8fc7-ea815f96e336",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "1DA53F3A2C7C41C93099737266B5619FF616A433FB3B870234622D7AAFAB9A7A"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "BD6E8218BAF3A86090201D6A118858CFA5F63AA2732CC880DADF39A1609F12E3",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\rhel-7.9-20200730-shimia32.efi } }",
+            "Description": "This was provided by Red Hat, Inc. and revoked Apr-21",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "9b6deeaf-b8bb-4f8e-a8b6-d174312fcb7f",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "172FA584B4EEA5A5D4104FB0AC30EDE032CCD31CD2675D7003D79A2CD0C243E6"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "rhel-7.9-20200730-shimia32.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "2CAD0B454397089723959FAAFC2DB5388C50DFD5C02319703BABA6F03654561C",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "rhel-7.9-20200730-shimia32.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\BOOTIA32.EFI } }",
+            "Description": "This was provided by Red Hat Inc. and revoked Jul-20",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "60383f5c-6dcc-4df4-aad0-510733820a1b",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "752f28cd2893f6dc4e568c9a15f6b456",
+                    "SHA1": "22cbe49e2494a44bf823958840b6e1291ffe6d11",
+                    "SHA256": "3e333de87d211247b2ab00093cab48f6069d718afd29e9917a3d5f60e87557b6"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:39",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "BOOTIA32.EFI",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "69b63c494c676d3a1013a775b18568e8",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "09c724498ed275fb4a76f04700f5b2d39413405f",
+                "SHA256": "953a7719b50073e701730fcff79b2fee7054c72c54d1f0b0f2571d3ce7fdb925",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 5.791450448387524,
+                        "Virtual Size": "0x9a39a"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    "/4": {
+                        "Entropy": 5.2274469074374705,
+                        "Virtual Size": "0xde"
+                    },
+                    ".data": {
+                        "Entropy": 5.297966843937964,
+                        "Virtual Size": "0x22bbc"
+                    },
+                    "/16": {
+                        "Entropy": 7.338341139988703,
+                        "Virtual Size": "0x3e2"
+                    },
+                    ".dynamic": {
+                        "Entropy": 1.3813806548581444,
+                        "Virtual Size": "0x78"
+                    },
+                    ".rel": {
+                        "Entropy": 3.630273097903543,
+                        "Virtual Size": "0x9720"
+                    },
+                    ".dynsym": {
+                        "Entropy": 4.40137747298349,
+                        "Virtual Size": "0xac10"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+                                "ValidFrom": "2016-11-17 22:05:37",
+                                "ValidTo": "2018-02-17 22:05:37",
+                                "Signature": "0141873b6d85a37b5ac2a306448d73b6be76f7682ad14efef7ce4b377f0f7a5fbefd76377d59dc2caccd28d1be3eb180a8b66ab19a853bd14c7d5e955e8f07bc2ee0686ac3a2c9e997bd9f58de6dc9b93900c6b7824f64bf415ac51ebaa3dcfe8ad4fc2a41ad95b372c421c4f87835a59867c244e1c8df142abc4b23579f57431565eb8de6a7a0318b2fd17f93876a335c9450d2531f6a877baf43a569f83703a68e49987ca3c6dd42a595827f5be49151d3b79ea262e38ef5b37bda5b1be3462baa6ccb313193cdba21ea3cb1e9bbc751a769f354d63a0d1de3158c67d47b765b92d580ed5f1f1cdb5f61774c4b66c7deb15f4c71d605106064f33a17d31ca6",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000001e0d8474951a966ce400010000001e",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "b6f099bf203668f11a8f79ab08792ed8",
+                                    "SHA1": "4713755a345940554eada6042e90b0151591fad6",
+                                    "SHA256": "62a02001fda2712f35e5ba5f619a6403b6a2c10570eab455fdc69455535f49bb"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000001e0d8474951a966ce400010000001e",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "BOOTIA32.EFI"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "d90f0a0a-e161-4ebb-a2e3-5dbaa75cfaaf",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "5A184E740657E218D635168286F0F70BB5672E4EDB78717550C70686C232EA5B"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "C4081B588CA3FC9965C2D04A0E8CCA3E0016566CC8A84FEB78CBF63A4ED72EED",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "66d407b1-5e65-4314-89c3-cc6dd5c10d59",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "28CE0DAD50730900C5D18CC58D5255293452CA37D764868C16EAA9EAF6BD7C83"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "EBB480F63BB81A4C88F42E97A1B40DAB2EBB926A358EACC1C52A5DB88A2BC6CA",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\Signed_14173467011297444/shim64-bit.efi } }",
+            "Description": "This was provided by Debian and revoked Apr-21",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "d20a9d4f-d336-4400-b839-d2334be05e06",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "9d017c87755ffc16175ff7fa5dcbb175",
+                    "SHA1": "47263679db883d7ad9adbc93d6a1fbf8095f0133",
+                    "SHA256": "af79b14064601bc0987d4747af1e914a228c05d622ceda03b7a4f67014fee767"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "Signed_14173467011297444/shim64-bit.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "8273287f52ffff4624121d2926ef9df4",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "69b368ef62566f9b06db68ab91c736f98d0749b9",
+                "SHA256": "599a102b6445fa88392b8c85a31d80ece950624219d846affbfb7131d4bf550b",
+                "Sections": {
+                    "/4": {
+                        "Entropy": 4.853329182162778,
+                        "Virtual Size": "0x1f020"
+                    },
+                    ".text": {
+                        "Entropy": 5.634218168833761,
+                        "Virtual Size": "0x9ff35"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    "/14": {
+                        "Entropy": 5.064013199597692,
+                        "Virtual Size": "0x69"
+                    },
+                    ".data": {
+                        "Entropy": 4.405783332258001,
+                        "Virtual Size": "0x2d1f8"
+                    },
+                    "/26": {
+                        "Entropy": 7.435250663075391,
+                        "Virtual Size": "0x57a"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.8630797231656377,
+                        "Virtual Size": "0x100"
+                    },
+                    ".rela": {
+                        "Entropy": 2.6583278822249916,
+                        "Virtual Size": "0x1c6c8"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.211174101144175,
+                        "Virtual Size": "0xf2d0"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "ValidFrom": "2018-07-03 20:53:01",
+                                "ValidTo": "2019-07-26 20:53:01",
+                                "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "8d8a1f204c9c80213bd427fa58b387e2",
+                                    "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386",
+                                    "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "Signed_14173467011297444/shim64-bit.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootarm.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "e7f84927-3fb4-41c9-b2fc-e87985cfbcc3",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "AF3BBF0C275BDD5EBD8A87F00263847485572F8A983DEF0EAE9895CD93D7FFC3"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootarm.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "94F92895ED36D4EA45B0942E755640420AF5CA3B8E3EA855FC6A39C9A3661666",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootarm.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\BOOTX64.EFI } }",
+            "Description": "This was provided by Fedora Project and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "fecfe761-f926-4a24-bb10-bf4b8d96750d",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "efca75864e4fa65df7ccf2a5c124a3c5",
+                    "SHA1": "ad9a72bdb69a17abe85d948e6bbbb89141da2543",
+                    "SHA256": "0ce02100f67c7ef85f4eed368f02bf7092380a3c23ca91fd7f19430d94b00c19"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "BOOTX64.EFI",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "f2c580ccd60898d4aa2676249d67c171",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "85fa4266743ebb0262b8c1da8b01d1f26e630404",
+                "SHA256": "e6cb6a3dcbd85954e5123759461198af67658aa425a6186ffc9b57b772f9158f",
+                "Sections": {
+                    "/4": {
+                        "Entropy": 4.853871352073291,
+                        "Virtual Size": "0x186d0"
+                    },
+                    ".text": {
+                        "Entropy": 5.64531153004446,
+                        "Virtual Size": "0x975ee"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    "/14": {
+                        "Entropy": 4.946577948119573,
+                        "Virtual Size": "0x62"
+                    },
+                    ".data": {
+                        "Entropy": 4.537670509902523,
+                        "Virtual Size": "0x2ba18"
+                    },
+                    "/26": {
+                        "Entropy": 7.133596117970691,
+                        "Virtual Size": "0x4ac"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.8226444693437958,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".rela": {
+                        "Entropy": 2.6486948946395157,
+                        "Virtual Size": "0x1b0d8"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.206001279398792,
+                        "Virtual Size": "0xdd28"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "ValidFrom": "2017-08-11 20:20:00",
+                                "ValidTo": "2018-08-11 20:20:00",
+                                "Signature": "6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "a5052527524f4998a7bd87f396196fe8",
+                                    "SHA1": "2374a3e4f0499d106f0e4d71a22f7b0e709847c0",
+                                    "SHA256": "f5b4992e0bd1b102ae9d5aeec4bd213f5dd042bd27b9a345ad336d2dda10a138"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "BOOTX64.EFI"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "696a399a-9f49-485d-9753-63edd677f144",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "99B2BD1FCF17B52C64E8506B97FA10CF8B6397C9D05D8D543F86893B210DBA62"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "944E6F803D3E1B0C1AA767B14B0F4D960A45F80F0A0A459253CA65147E947F72",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "32544796-1bfd-476b-a4f6-8fccc5a593a3",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "8cbc20535be05799179c23fb8354b9d3",
+                    "SHA1": "458cad1c4b11da8201ca12a6ed0f50ec81261e1e",
+                    "SHA256": "61535caa144761fc48cc9d7a835dfaf020b569edfc7fa628f983d58a3ac25f2a"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2014-02-22 04:25:22",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.17031 (winblue_gdr.140221-1952)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "f66d8bc26d38b7faaa1fbd4c4fdda3ff",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.17031",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "61ae12104fd32308c2c6da0ad0f4da3a",
+                    "SHA1": "5916de417c3548f9179b3fca1170571bd0615d62",
+                    "SHA256": "9d016f97efd1b99cdeec92f9010dbe2695c277306c00fe7e352588a7f6e7be26"
+                },
+                "SHA1": "7098af963c0223858f2fa56cc226ee27048f35d3",
+                "SHA256": "e443176d6a0621e65cadde51f4019ec7fb25e91fa87cbb6cbaf09d94e9e49918",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 6.644560099017493,
+                        "Virtual Size": "0x12d8f4"
+                    },
+                    ".data": {
+                        "Entropy": 5.271385172760688,
+                        "Virtual Size": "0x5b510"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.471468768902206,
+                        "Virtual Size": "0xfd10"
+                    },
+                    ".reloc": {
+                        "Entropy": 5.537342833364972,
+                        "Virtual Size": "0x7fb8"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2013-06-17 21:43:38",
+                                "ValidTo": "2014-09-17 21:43:38",
+                                "Signature": "78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "28b23b39f3bbd936a26a5b86451be0ac",
+                                    "SHA1": "3b16f29295d5a7c323beb479c71d3d20c6b8acc2",
+                                    "SHA256": "4383c9a796dc607ddaae1849d8e5d2e7ea211aad2c599fe1e251285ec87dd150"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Microsoft and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "f57db2b6-025f-43fe-af3a-c50cc2bc1aec",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "91971C1497BF8E5BC68439ACC48D63EBB8FAABFD764DCBE82F3BA977CAC8CF6A"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "2AEC3E859816EFA89AF844D6DD8CCAEA345A851CB23006D3C2928081352BEB25",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "f57db2b6-025f-43fe-af3a-c50cc2bc1aec"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\BOOTX64.EFI } }",
+            "Description": "This was provided by Red Hat Inc. and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "d159a67f-5512-4922-bc1e-5c675a73d0cb",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "69843fea4e1051a4614a17f5bc8daf97",
+                    "SHA1": "84958a487eb9b1c6d55883e3c32361132c1fe214",
+                    "SHA256": "3ece27cbb3ec4438cce523b927c4f05fdc5c593a3766db984c5e437a3ff6a16b"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "2014-10-02 09:13:35",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "BOOTX64.EFI",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "d0be4e86a7eaa87c849e3e137c3471dd",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "1ed0450060202cea44d69a503da1b33004a963dc",
+                "SHA256": "df4e1cf6eaf602f99849ddb6802bd91fb13cd5c3f9fb420250d8a3d750642efa",
+                "Sections": {
+                    "/4": {
+                        "Entropy": 4.8404117804324684,
+                        "Virtual Size": "0x16238"
+                    },
+                    ".text": {
+                        "Entropy": 5.592324512235591,
+                        "Virtual Size": "0x9f80e"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".data": {
+                        "Entropy": 4.599000636926533,
+                        "Virtual Size": "0x2c458"
+                    },
+                    "/14": {
+                        "Entropy": 7.338341139988703,
+                        "Virtual Size": "0x3e2"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.8424565006028102,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".rela": {
+                        "Entropy": 2.6016627065866507,
+                        "Virtual Size": "0x29598"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.2071099501580793,
+                        "Virtual Size": "0xe508"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+                                "ValidFrom": "2014-10-01 18:02:10",
+                                "ValidTo": "2016-01-01 18:02:10",
+                                "Signature": "2b1b08b20674b8acbad524875a42f0b4d4ba6df424b9adb1e83c9309e657fe499f386cdf93a4f71393ab57da5eee4e346ebccdf9a7e990b44a76433af4071e90ee0e0fc8744003f9afe6bdda1cbd132fef8235d39c932bb9960f52bbea2062ed773a52beef26b333f603d8e9a0a9652c222a013cb1bd44bb5dc96c1a4135284c91784f0d66a2d7d97c59e26fd19d645e730b656d56e7a8166f228a751a745c4491f1865c8d5a4b1bf61fd4a564811e32699deff03a3328829cd888ae53fccb0819957ee499a2ad79d1c1d73ef7324562bee86575193983b41f66c12c95eb5d171df5c4beda799c4fb314e8e27bc47b195e1c8a2cd2d3bfbb29c8264ebddf95da",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "3300000010a4912943d94ce62e000100000010",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "61509fd4e01160eb7d8007dc182bee5b",
+                                    "SHA1": "febd34ec96d90e498d9b6fa54d7fab80ce1464d3",
+                                    "SHA256": "7d79e52d96bc7c571299d90c3bc4bff9d08e36eb74b7e8b0cd69114980737953"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "3300000010a4912943d94ce62e000100000010",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "BOOTX64.EFI"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "e06e3faf-46e8-4902-9bd7-69b462d292d2",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "B4938ED2FF001B73EF31E5BBBEBE1D6DBB7D9888A9FBE5251A52A5ED016652CF"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "3EBB964E2D24C5D0F2E07972A9F143B73161344790E960463BF9C229000848C1",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "29bd7324-d53f-4143-acc6-d03d0e4e3aa1",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "BDD01126E9D85710D3FE75AF1CC1702A29F081B4F6FDF6A2B2135C0297A9CEC5"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "9EABEA9AE699526AD519782DA21718DA7190490AA3436BBBD80269D4A4CC37C5",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "29bd7324-d53f-4143-acc6-d03d0e4e3aa1"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Fedora Project and revoked Jul-20",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "887e3ac7-c597-4327-86cc-29936e2f8cdb",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "D14EE5616DC8EC74D695AF08DACC78BBEFAFA7A97A5CFEAB9B961E86CE9EDD37"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "2F1DAE62EA074FD06DBBF620009CB3E65988D15431A061EAAB4D7ED1A97A3689",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "887e3ac7-c597-4327-86cc-29936e2f8cdb"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "2856fed8-45ba-4ef2-8904-8d9c9ecc6cb4",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "9EBDA9554AD5BB9E3D5CE700F7C86D4F5B0D782BF1DBF30A6A7234749A5DD517"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "E28C1F6E413330EA1DE56643F344702D2962988ED72AC49DC7B33B51B2238537",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\rhel-7.9-20200909-shim64-bit.efi } }",
+            "Description": "This was provided by Red Hat, Inc. and revoked Apr-21",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "c900de9c-b4b1-40b1-b106-db0845396462",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "A608A87F51BDF7532B4B80FA95EADFDF1BF8B0CBB58A7D3939C9F11C12E71C85"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "rhel-7.9-20200909-shim64-bit.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "C2405153F56A12F727853FD55BC9C99B81937B42A1A0BC585310DA45D35A3FAD",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "rhel-7.9-20200909-shim64-bit.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Intel Corporation and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "b089a9fd-d664-400b-b66c-158cd1848428",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "81A8B2C9751AEB1FABA7DBDE5EE9691DC0EAEE2A31C38B1491A8146756A6B770"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "D4D97AEAB61079D3EB0E55794504991DD1BEB0F200315718FFE44BAE89F8F330",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "b089a9fd-d664-400b-b66c-158cd1848428"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "0dc82e15-40ab-4a65-bfbe-9c8925d3cdbb",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "DBB424CB8AD35EE68546092645C4689D6027A97FEDF3C5AF842B9572F1276997"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "8DEB88A2435270BD24328760FA6FB5C77BCD5C47F7A0109F15300D644CB9A228",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "3f6b5528-2fd7-427f-967e-e89cd9e77182",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "D860D3DC4D9A412E8FE8036100BDA7637B57A0168CA811781ED4A00815A97E0C"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "540CABD0862F121CE200DCEBB6C9D3B209B266F0CD413CEA2385886F965E5062",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\rhel-8.3-20200730-shim64-bit.efi } }",
+            "Description": "This was provided by Red Hat, Inc. and revoked Apr-21",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "365019a1-7820-4c83-a483-15dfd2ca466c",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "288878F12E8B9C6CCBF601C73D5F4E985CAC0FF3FCB0C24E4414912B3EB91F15"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "rhel-8.3-20200730-shim64-bit.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "FE09433ECE56EFB74EDFFB10BB4E2C05EF9FA3C37C5E60BD5E87FBDEEAB3EB40",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "rhel-8.3-20200730-shim64-bit.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootia32.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "3175132e-f5d7-4d88-b395-ca30351f8c69",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "439f829f38523f2c1e9995474cab6030",
+                    "SHA1": "71d6ef211cc60fe99eb7f949640dabd36759b36a",
+                    "SHA256": "a6f13f3bb8132d248591f6762ced6d3a55efd8812db9730449e267cb6447145b"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2015-05-13 15:26:53",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "10.0.10121.0 (fbl_sec_oss3.140523-1156)",
+                "Filename": "bootia32.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "45a7c3cf799b58b886c0b4c7f6f71d32",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "10.0.10121.0",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "6bea06624768875081a9a967c3b37e7a",
+                    "SHA1": "7e16bd7ca20e183f5a6c2098ce732e7f91fde530",
+                    "SHA256": "61cb375839f46ec38deee3a50e5790ebde67d13cc9e41b745ca3368b5fe02620"
+                },
+                "SHA1": "52cad42539bc3f27a103e4a9bc0fd51a1b51a265",
+                "SHA256": "55a5bb13e3a985e0ab011e69b41704319de0843f9254cf91ed2964c13af345fe",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 6.707639927172937,
+                        "Virtual Size": "0xbf6e0"
+                    },
+                    "PAGER32C": {
+                        "Entropy": 5.781085769559349,
+                        "Virtual Size": "0x1eaf"
+                    },
+                    "PAGE": {
+                        "Entropy": 6.553305479665424,
+                        "Virtual Size": "0x13bf"
+                    },
+                    ".rdata": {
+                        "Entropy": 5.278688704736593,
+                        "Virtual Size": "0x12934"
+                    },
+                    ".data": {
+                        "Entropy": 4.443254562769542,
+                        "Virtual Size": "0x37f90"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.469109462754718,
+                        "Virtual Size": "0xfe50"
+                    },
+                    ".reloc": {
+                        "Entropy": 6.780898828243956,
+                        "Virtual Size": "0x60f4"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2014-07-01 20:32:01",
+                                "ValidTo": "2015-10-01 20:32:01",
+                                "Signature": "8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "9da610547a25cbe89af7ecdb99229623",
+                                    "SHA1": "6841cbcbd019586d045c2e9d6d0bc3a98fee3bf7",
+                                    "SHA256": "1cfead8146399a4dfe6759e9303c30c521cff3830e7177e87e64021dc3da4931"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootia32.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Oracle Corporation and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "e84c007a-a263-4bea-ad23-e46447001e91",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "540801DD345DC1C33EF431B35BF4C0E68BD319B577B9ABE1A9CFF1CBC39F548F"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "44FD1F90799B852B3BED642DE300BCF9EF6CA81036CD5588C24D5B8E00D4B9D1",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "e84c007a-a263-4bea-ad23-e46447001e91"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "298f4996-3321-455a-bce2-919c3a73da65",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "7836465BDFFAE768EFAEDCBAA8B5787BAF51B2792A020E80E341A3F824FF82CA"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "7AFFFCAF48E9289AA0C44566C53EC0A311BF3E2ABF351E0122C685FD568D97B1",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "9d219a02-b011-4466-8b2c-6fd725593454",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "7C7372A60D71E04879B8930C164944D96D3753E0A2924A31231D1D5FB97882F2"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "4155DCEAAF889DE79ADB9B2130F1CF23AADD24080C2B2C1EC5F4C359C52A8D7D",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "47601d49-9a7e-4402-b5e3-69bc03788afc",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "C999EB66393506C8149C35C8A8CE87671895D65167E4B0140B54DA72A92D7C88"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "AA4931B170DA278A4A954FEB76CBF7310B657AB9232D1C7A4B6EB628D8A98073",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "58c24252-f076-486b-90fb-5a1c7b922efa",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "AB311E737112E4D34ABF545836BC671637663E93738CEFA37405214CE8C92A58"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "C334B9CA48819E7E408A3A3418879978828AA302BAA3ED86DE64D8AE5ACA0EAB",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootarm.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "bbc2661b-25de-4c4b-ac84-367115d44e8c",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "7803F12E7E1B7063502EB8E223A9013E2B61125A888B74D61465B51DE53276BA"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootarm.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "5E189C9D2633F0AC10ECB763A150568925884E29ED684050194D87B883B68B34",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootarm.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootarm.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "2b807893-889b-4dd8-99be-ff17aecfb58e",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "7D0B74AE42DF73A0C2C9CA64F6C83813D3D6A5C4B02BC47F566CEDD5682C691A"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootarm.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "73DD7327621AA77D919473F71D3175EFA40F174D3C16060C079CEF169CC51363",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootarm.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootia32.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "9b9f7199-24ed-4372-8247-e420ab0b7937",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "49465D4AD701642C7BCB5EF30A0807A3CD438AB42BF8D62D68038C3FCBBE8605"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootia32.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "4E00B1C1CC2BFCB1FF2FDB4184D13CEA5A2617BACC3623C3DF52C50158065E73",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootia32.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "a77872f7-4890-473d-887f-bfd93f46641d",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "f5eca8462be6c481c75ec3955b47c4f8",
+                    "SHA1": "45e97d3cfb90ad162fa8f5a14ad8e5b4710a748a",
+                    "SHA256": "f74947590a87a005023e9ef89cdf0c38d8d582ca4173f8201cebc443ef796790"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2014-02-22 05:17:10",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.17031 (winblue_gdr.140221-1952)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "6514d19c16df6d0d9cf75bba91350dcc",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.17031",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "f946cf9d5023059fc9f2140cd5b159d7",
+                    "SHA1": "13ecec12054fd579ab92638fb336a8a17c1264db",
+                    "SHA256": "f699df0555e9fe0fb7019c00aa9f4c2da8abeacc45ef7f11dd65541052afb896"
+                },
+                "SHA1": "c3f69560b62f619f851df687c0adb2fa35cc0160",
+                "SHA256": "3bc9ed257486b68fac5899eaa19732a1340d06c8baf4b0ff53c7f5c052e6470f",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 6.505313659869744,
+                        "Virtual Size": "0x167784"
+                    },
+                    ".data": {
+                        "Entropy": 4.530485730893638,
+                        "Virtual Size": "0x6b2b0"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.106107637688331,
+                        "Virtual Size": "0xa494"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.471177246677347,
+                        "Virtual Size": "0xfd10"
+                    },
+                    ".reloc": {
+                        "Entropy": 2.3270407806858406,
+                        "Virtual Size": "0x2020"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2013-06-17 21:43:38",
+                                "ValidTo": "2014-09-17 21:43:38",
+                                "Signature": "78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "28b23b39f3bbd936a26a5b86451be0ac",
+                                    "SHA1": "3b16f29295d5a7c323beb479c71d3d20c6b8acc2",
+                                    "SHA256": "4383c9a796dc607ddaae1849d8e5d2e7ea211aad2c599fe1e251285ec87dd150"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2022-34303"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\shim.efi } }",
+            "Description": "This was provided by CPSD and revoked Aug-22",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "530ab1a9-d9a6-4f01-986a-5b69c99400b4",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "284153E7D04A9F187E5C3DBFE17B2672AD2FBDD119F27BEC789417B7919853EC"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "shim.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "51BD59697B4E1DF61DF32AD57CEBE394BE54E3E9DBFEB8DC00A3A176D13A5767",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "shim.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "dfa9cb92-1691-442f-96df-9692e4ab29c4",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "13c9c74d08c33a6231d859bb35a060bf",
+                    "SHA1": "833319ae7ee8fd2da9705d51d32ef1a6fd22e2fd",
+                    "SHA256": "6f53cd5bf434b19b4e14ca127c596752079d989fcc98bb7d7cf3155619ec347d"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2022-04-11 22:46:30",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.20366 (winblue_ltsb_escrow.220411-1722)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "3aaa631aa80579a7ec4606f002de3436",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.20366",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "aaf18af925d829095e017c505f1a0039",
+                    "SHA1": "c3d13f7d96127a3b16c7a8c0a3dd98fd9f22c3cf",
+                    "SHA256": "05367ecae4cf78cc575048fb931468b1d210df8c38ff8ca05481124b1a1a6917"
+                },
+                "SHA1": "293ba261a22d2b62ac580140be62676856d48527",
+                "SHA256": "d038eec123e1e13ab3ad27534de697c9779e9c27c62575f06771f80d3cbb7148",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 6.492763350625338,
+                        "Virtual Size": "0x16dae4"
+                    },
+                    ".data": {
+                        "Entropy": 5.414272117838945,
+                        "Virtual Size": "0x6c7f0"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.090094273963687,
+                        "Virtual Size": "0xa710"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4723693660714603,
+                        "Virtual Size": "0xfd40"
+                    },
+                    ".reloc": {
+                        "Entropy": 5.4026611513435014,
+                        "Virtual Size": "0x98c"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2021-09-02 18:23:41",
+                                "ValidTo": "2022-09-01 18:23:41",
+                                "Signature": "699045742c403812de1bdf9ea2be22132e82a7c006ab278e0c9f460bd435386348031a6b5cbdf450ae5a243331dcb2cc7eace8371cf71ec35a6f663147bd211ea357614e6a611eeacca6486a778d4cd788106ade12d6625574e7a89ecab4eb0bb99295c498dd5f565680a2d26bf2545e727c4204023c48d8021b608fd901c6fefd16ce0c3a669fb0ce758dc671f2cdd7434c163f9de9453e5523d94a78205c828a4615e50330d9f52a8a77f7683d2b61ff1324382d40d31001c518b56b286fbb8c754f6940590c2071385ed0a9387b529c06bf71fff89c74634550fc331b389d558696ace05787144e5af53d20a75a84981bf8380ddac3743f407d8ff27c089e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "46f57c3b860b08484cb79066ac1014ad",
+                                    "SHA1": "c1fe3ab97b834a98460e4ae92fe2468d16f61a92",
+                                    "SHA256": "d78e6b22fec42de5200f6c56731dd6742c79fa2bf7c01c8dc04d3d5738474c9b"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Novell Systems and revoked Jul-20",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "24b32147-9b69-40e3-a166-b0c457b3c371",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "2F9A8EB6C8E18E7E118AFE9B51E233D88EC76C0EA256FF1F2A842B3A0EA9F466"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "3F8091F700DA0DD082C6C06D0D3B68DB8D51FBE03198BBD6E4FA0D4A9EACA522",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "24b32147-9b69-40e3-a166-b0c457b3c371"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\shim-0.4-0ubuntu3/shim64-bit.efi } }",
+            "Description": "This was provided by Canonical Ltd and revoked Apr-21",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "bc584a7b-f352-4e0a-b86e-7954c4b63d2e",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "91721AA76266B5BB2F8009F1188510A36E54AFD56E967387EA7D0B114D782089"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "shim-0.4-0ubuntu3/shim64-bit.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "FA07B984FB6FDD32DB497C55225E614759BFEB7093BE1F02AB2E30BE1869B2E7",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "shim-0.4-0ubuntu3/shim64-bit.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Unknown and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "1ca07dec-812e-46a2-ada4-141584aa0c12",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "6873D2F61C29BD52E954EEFF5977AA8367439997811A62FF212C948133C68D97"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "6E5D8278A7A4A58DBBA2F5D01B09B9DE4BB20ACD2DD4890846C8125A65136BF8",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "1ca07dec-812e-46a2-ada4-141584aa0c12"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\BOOTX64.EFI } }",
+            "Description": "This was provided by HP and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "fbb59470-8b0e-4ad8-8692-e8a3e1c4df8c",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "94dfb76b94c30266578ce327901ec791",
+                    "SHA1": "909d4c9217388c496ccadd8e1ed5aa58766a60bd",
+                    "SHA256": "f1863ec8b7f43f94ad14fb0b8b4a69497a8c65ecbc2a55e0bb420e772b8cdc91"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "BOOTX64.EFI",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "d55f2dc318b152d9d722021bf8376658",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "6b4d5fb92240528828725c87f1c2f7de1aa7e7f5",
+                "SHA256": "f8e2a41c0444d7da76fc1682f3eb7e2a90140e1b68b413f4426bac357cbe14bb",
+                "Sections": {
+                    "/4": {
+                        "Entropy": 4.84673389141427,
+                        "Virtual Size": "0x18858"
+                    },
+                    ".text": {
+                        "Entropy": 5.639710840411351,
+                        "Virtual Size": "0x94dab"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    "/14": {
+                        "Entropy": 5.2645431551668285,
+                        "Virtual Size": "0xc9"
+                    },
+                    ".data": {
+                        "Entropy": 4.464961714868577,
+                        "Virtual Size": "0x295e8"
+                    },
+                    "/26": {
+                        "Entropy": 7.349457523109135,
+                        "Virtual Size": "0x35f"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.8257898339361436,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".rela": {
+                        "Entropy": 2.6505568397234684,
+                        "Virtual Size": "0x1adc0"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.21037984522559,
+                        "Virtual Size": "0xeda8"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "ValidFrom": "2018-07-03 20:53:01",
+                                "ValidTo": "2019-07-26 20:53:01",
+                                "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "8d8a1f204c9c80213bd427fa58b387e2",
+                                    "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386",
+                                    "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "BOOTX64.EFI"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\grubx64.efi } }",
+            "Description": "This was provided by Canonical and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "2b61baf4-c396-4e1b-b487-87c1ebf4b17a",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "379f249742bb47ea2d7cec2b9d3fb1b7",
+                    "SHA1": "b678307ce3a2c6d5a2f988e7ec068590edbf1c50",
+                    "SHA256": "7eac80a915c84cd4afec638904d94eb168a8557951a4d539b0713028552b6b8c"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "2014-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "grubx64.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "c3f1acb15ea4dd4002d43c5941d1a64e",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "31a862d073e46ffc608cfc93ffc8e18c38dfed8f",
+                "SHA256": "3d23947c39680b9fcf22b092b97c9d38edcc02f7ad13d3a925d1ee0b62797e73",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 5.571601531682557,
+                        "Virtual Size": "0xb000"
+                    },
+                    ".data": {
+                        "Entropy": 1.2839449201733235,
+                        "Virtual Size": "0xf000"
+                    },
+                    "mods": {
+                        "Entropy": 4.796361582647025,
+                        "Virtual Size": "0x17d000"
+                    },
+                    ".reloc": {
+                        "Entropy": 5.904300253815697,
+                        "Virtual Size": "0x1000"
+                    }
+                },
+                "Signature": "",
+                "Signatures": {}
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "grubx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootx64.efi } }",
+            "Description": "This was provided by NTI Corporation and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "9ae39650-46fc-402d-a4dc-569ce8411039",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "fcc5a83e211d451fcb6f8082cc598ea0",
+                    "SHA1": "20ad14d6ff96fc1dde5df105e0b71cebc77f5b48",
+                    "SHA256": "e051b788ecbaeda53046c70e6af6058f95222c046157b8c4c1b9c2cfc65f46e5"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1970-01-10 18:41:20",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootx64.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "e2be3deb5a33615e127a7b2930bb544a",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "608df8090d9d8b9aa3ef02b395415edb65d9be6d",
+                "SHA256": "7b5dfe4f9e4ee68e3cdd9c91bcae26db334d49ae4c1f9525cecd834de48df110",
+                "Sections": {
+                    "/4": {
+                        "Entropy": 4.842008275901556,
+                        "Virtual Size": "0x16238"
+                    },
+                    ".text": {
+                        "Entropy": 5.5918453515116635,
+                        "Virtual Size": "0x9f72b"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".data": {
+                        "Entropy": 4.609462071845652,
+                        "Virtual Size": "0x2c678"
+                    },
+                    "/14": {
+                        "Entropy": 0.6143694458867568,
+                        "Virtual Size": "0x12"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.8424565006028102,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".rela": {
+                        "Entropy": 2.602685601595089,
+                        "Virtual Size": "0x29598"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.2058008626392853,
+                        "Virtual Size": "0xe520"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+                                "ValidFrom": "2014-10-01 18:02:10",
+                                "ValidTo": "2016-01-01 18:02:10",
+                                "Signature": "2b1b08b20674b8acbad524875a42f0b4d4ba6df424b9adb1e83c9309e657fe499f386cdf93a4f71393ab57da5eee4e346ebccdf9a7e990b44a76433af4071e90ee0e0fc8744003f9afe6bdda1cbd132fef8235d39c932bb9960f52bbea2062ed773a52beef26b333f603d8e9a0a9652c222a013cb1bd44bb5dc96c1a4135284c91784f0d66a2d7d97c59e26fd19d645e730b656d56e7a8166f228a751a745c4491f1865c8d5a4b1bf61fd4a564811e32699deff03a3328829cd888ae53fccb0819957ee499a2ad79d1c1d73ef7324562bee86575193983b41f66c12c95eb5d171df5c4beda799c4fb314e8e27bc47b195e1c8a2cd2d3bfbb29c8264ebddf95da",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "3300000010a4912943d94ce62e000100000010",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "61509fd4e01160eb7d8007dc182bee5b",
+                                    "SHA1": "febd34ec96d90e498d9b6fa54d7fab80ce1464d3",
+                                    "SHA256": "7d79e52d96bc7c571299d90c3bc4bff9d08e36eb74b7e8b0cd69114980737953"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "3300000010a4912943d94ce62e000100000010",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootx64.efi } }",
+            "Description": "This was provided by TeraByte Inc. and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "dabe9a66-0446-43a1-b9bc-fe279702a5ab",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "5ebf16973c90bb7a23fb44504d80f390",
+                    "SHA1": "ccb632ec30624e6860fe361920b83d1739d9db1a",
+                    "SHA256": "4b8668a5d465bcdd9000aa8dfcff42044fcbd0aece32fc7011a83e9160e89f09"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1970-01-01 01:28:49",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootx64.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "24a7545dc37bc7d366b05c68752af476",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "63006031749d3e2d445fd952c8da201181b90593",
+                "SHA256": "6b6e59284750fc0e6fac4d6c2a46100e9b0dde54e000b7327edd4a4dced9e9a0",
+                "Sections": {
+                    "/4": {
+                        "Entropy": 4.842286067133961,
+                        "Virtual Size": "0x18848"
+                    },
+                    ".text": {
+                        "Entropy": 5.636907616740039,
+                        "Virtual Size": "0x9517a"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    "/14": {
+                        "Entropy": 5.199783217663668,
+                        "Virtual Size": "0xc5"
+                    },
+                    ".data": {
+                        "Entropy": 4.543005509538862,
+                        "Virtual Size": "0x2a5d8"
+                    },
+                    "/26": {
+                        "Entropy": 7.264358037145479,
+                        "Virtual Size": "0x482"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.8341231672694769,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".rela": {
+                        "Entropy": 2.6458352177504407,
+                        "Virtual Size": "0x1ae68"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.2108977484090375,
+                        "Virtual Size": "0xedc0"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "ValidFrom": "2017-08-11 20:20:00",
+                                "ValidTo": "2018-08-11 20:20:00",
+                                "Signature": "6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "a5052527524f4998a7bd87f396196fe8",
+                                    "SHA1": "2374a3e4f0499d106f0e4d71a22f7b0e709847c0",
+                                    "SHA256": "f5b4992e0bd1b102ae9d5aeec4bd213f5dd042bd27b9a345ad336d2dda10a138"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "71999c6f-6195-4944-ad16-105579c98549",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "CB6722995D4821AEAA9871C1B9782A02ED2F3D2BC6C1AAFD3E6B7673A210A8FB"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "50A8B3CD4F80C8C27FA47242869FDE8B6B7709A8AD1AF0EF0A726D20623007D8",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootx64.efi } }",
+            "Description": "This was provided by Miray Software AG and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "5efb08ce-213c-49be-8c2b-0ae849f64b3c",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "9e12eb37ae8b46c4010ec3e1b7201f21",
+                    "SHA1": "90a6b60c5051a3b00d779c03ac1e07f5df376347",
+                    "SHA256": "f277af4f9bdc918ae89fa35cc1b34e34984c04ae9765322c3cb049574d36509c"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1970-01-09 23:56:52",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootx64.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "077432d8b1ae0ceea719297360357320",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "d537e7c393d18329197e079601678b9b476247d3",
+                "SHA256": "4e371dd0448f1de869ee087b59ff88d11865463715272bcc6c29b0d5e21dbd82",
+                "Sections": {
+                    "/4": {
+                        "Entropy": 4.8209991495784,
+                        "Virtual Size": "0x1e768"
+                    },
+                    ".text": {
+                        "Entropy": 5.607257358833804,
+                        "Virtual Size": "0x9953f"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    "/14": {
+                        "Entropy": 5.278552013395339,
+                        "Virtual Size": "0xce"
+                    },
+                    ".data": {
+                        "Entropy": 4.4112605874652075,
+                        "Virtual Size": "0x2b838"
+                    },
+                    "/26": {
+                        "Entropy": 7.18604621467741,
+                        "Virtual Size": "0x5bc"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.8341231672694769,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".rela": {
+                        "Entropy": 2.657629438857694,
+                        "Virtual Size": "0x1c3b0"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.21155188819022,
+                        "Virtual Size": "0x101b8"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "ValidFrom": "2017-08-11 20:20:00",
+                                "ValidTo": "2018-08-11 20:20:00",
+                                "Signature": "47f27d2f6c0691c8e54b4403f9ec6c6b4423a43467cca7e8cf8afe60457f3b5703cde9d840ac3dd35567d791af1d1146376ba1fba9a8a502b5c9601232f24349ca5c324d1806150540cc5823d7dd777b3166268a26734c21b32862e300c8ca42856ec161633c1a076f4213c4c2a63e2ffd0ee16a301ae0c6dba732bc500a5986742520022ce33746f96c4ea8641b2a68a902872a41a8e6701e96158ab91c54c6695bc736fa047ec57b40d732abeb61e34414454e6702ef7bc5518a0d77ab42ed5efc23b01683b5c3c95c4aeb564b6f76cdae4d2e33ac59fca4cfdeb4c215549e1f43b64fd3eb9ba35171be9dab9375a1a94107dd4f95bbf88e9c239136619e20",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "3300000024c1fb0e65d9747386000100000024",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "82b02850f57505f0830f6dd30b6aeffd",
+                                    "SHA1": "e600e0efe4030190c5e0cab9aaad72f4e76db429",
+                                    "SHA256": "1c1d5edaeb9a5feef85e34eb40607816e98464127723d284f99b69c0c15e42f7"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "3300000024c1fb0e65d9747386000100000024",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "1457ea3c-21cc-46d1-adf3-606e98b3938b",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "CC8EEC6EB9212CBF897A5ACE7E8ABEECE1079F1A6DEF0A789591CB1547F1F084"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "97BB9FD717C396231E86ECBE5A760D56DBACF4AE8E963D16D724591E45919B65",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "1457ea3c-21cc-46d1-adf3-606e98b3938b"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "025ed4ef-d8c6-492b-927f-a1eb484d7b89",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "812EB0FA2DF13A889549729CADBF1720B68F6C9E21955741B72802590AF1B5CA"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "D0A3923ED57307BBDDA1ECF0FF1C40F478DD6F439F80A072508C3551520CD52C",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "e12666fa-d6b3-449e-b3c3-18cf7a3d5b69",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "815D98AEE498CF27FD6648C7E02CFC0A4A88AA73237CBB2352FE38384A72683D"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "764D5B7F15EF539E0C8685DF62AB7CC7DBA3FCA50A08A8F7643D108A0A7FF757",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Univention GmbH and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "e4cbfa0b-8b40-4ac9-b390-a566dbddd873",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "70A1450AF2AD395569AD0AFEB1D9C125324EE90AEC39C258880134D4892D51AB"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "2B7A243AC2248C630A51D73889E4BAA33DA94BD58D63E364A5FEF1A0998B4F5E",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "e4cbfa0b-8b40-4ac9-b390-a566dbddd873"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootx64.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "b3f78afd-8a4f-444e-8561-b32a5d6015f1",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "CB95A4D2E0E02A5B56D059C9F223C2326753EA8C44D2E3FA6C4486629BE387A9"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootx64.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "C8AA71C72318CA43CBA4302FBAD12B474E7E4ED1B0EDA8A48CD71343A32FF155",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Unknown and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "0d33abea-51fd-4453-a8a3-150328e8ce21",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "9ED33F0FBC180BC032F8909CA2C4AB3418EDC33A45A50D2521A3B5876AA3EA2C"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "A121947909D35BB042F0049D18E4EE2B27941E10D14E4D6B1C11945CA79992E6",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "0d33abea-51fd-4453-a8a3-150328e8ce21"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by HP and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "73af3c3c-dce6-48b2-bebf-ea167cbaef2a",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "E6856F137F79992DC94FA2F43297EC32D2D9A76F7BE66114C6A13EFC3BCDF5C8"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "A2BE1EB17E12E0A66A87342C9D1CFD4D7DB81504A16B4FCB32F15C6BAA3F589D",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "73af3c3c-dce6-48b2-bebf-ea167cbaef2a"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\BOOTX64.EFI } }",
+            "Description": "This was provided by Red Hat Inc. and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "329800cf-dad0-4ca8-bdc9-6ec18ff01421",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "eff2e129dcbf0ddc1e70c9ae8b5d0c6f",
+                    "SHA1": "c5997af577c074aac5cf0fb290f24bec27618d73",
+                    "SHA256": "835881f2a5572d7059b5c8635018552892e945626f115fc9ca07acf7bde857a4"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "BOOTX64.EFI",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "c748cde9827385f9832a4f0ab1f02550",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "6436ae30f3f189f70f9043d91ede90058fbeb00a",
+                "SHA256": "338b89190177e950151a198823fd9d5f4ea25c1faf73e56ca5d9cf69d373fd66",
+                "Sections": {
+                    "/4": {
+                        "Entropy": 4.86401422844892,
+                        "Virtual Size": "0x189f0"
+                    },
+                    ".text": {
+                        "Entropy": 5.645524701763948,
+                        "Virtual Size": "0x9775e"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    "/14": {
+                        "Entropy": 4.946577948119573,
+                        "Virtual Size": "0x62"
+                    },
+                    ".data": {
+                        "Entropy": 4.540880693208529,
+                        "Virtual Size": "0x2ba58"
+                    },
+                    "/26": {
+                        "Entropy": 7.340161985642677,
+                        "Virtual Size": "0x3e1"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.8226444693437958,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".rela": {
+                        "Entropy": 2.6542755257736204,
+                        "Virtual Size": "0x1b0d8"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.2053343981539277,
+                        "Virtual Size": "0xdd28"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "ValidFrom": "2018-07-03 20:53:01",
+                                "ValidTo": "2019-07-26 20:53:01",
+                                "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "8d8a1f204c9c80213bd427fa58b387e2",
+                                    "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386",
+                                    "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "BOOTX64.EFI"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootx64.efi } }",
+            "Description": "This was provided by Blancco Technology Group and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "4d2c43e5-7a66-4890-93c7-3f9ce734f78e",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "757b01c0eb9ed075c6e93d2fac4b0e4e",
+                    "SHA1": "948d8090a1f360db50a84f3cab750f95d76044b6",
+                    "SHA256": "5b248e913d71853d3da5aedd8d9a4bc57a917126573817fb5fcb2d86a2f1c886"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootx64.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "22534ca115844f647fd2698572201490",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "7a21dd6f0289ca16c6f2a46cd37a965721f07518",
+                "SHA256": "24d6b301a1268ba8b373275981538855205eb0115609800f2b5b95377483b108",
+                "Sections": {
+                    "/4": {
+                        "Entropy": 4.834298869664788,
+                        "Virtual Size": "0x1e698"
+                    },
+                    ".text": {
+                        "Entropy": 5.6177167078803505,
+                        "Virtual Size": "0x9aac7"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    "/14": {
+                        "Entropy": 5.287094102644723,
+                        "Virtual Size": "0xa9"
+                    },
+                    ".data": {
+                        "Entropy": 4.411757169157883,
+                        "Virtual Size": "0x2bc78"
+                    },
+                    "/26": {
+                        "Entropy": 7.246800061582028,
+                        "Virtual Size": "0x42e"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.7873974037224476,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".rela": {
+                        "Entropy": 2.655298369840716,
+                        "Virtual Size": "0x1c470"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.210413889723783,
+                        "Virtual Size": "0xfff0"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "ValidFrom": "2017-08-11 20:20:00",
+                                "ValidTo": "2018-08-11 20:20:00",
+                                "Signature": "6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "a5052527524f4998a7bd87f396196fe8",
+                                    "SHA1": "2374a3e4f0499d106f0e4d71a22f7b0e709847c0",
+                                    "SHA256": "f5b4992e0bd1b102ae9d5aeec4bd213f5dd042bd27b9a345ad336d2dda10a138"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "293680d1-928e-47e7-b45b-421122787ad8",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "C05B9250BDA8E86B6E5C6A8C584F0F61B4A3D243689965B5A955A2CB198D1E99"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "66CC4EE53DAE4DD746AE6D8B58B858DDDF1634A498D5EF41F50264E6F948F526",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\rhel-8.3-20200730-shimia32.efi } }",
+            "Description": "This was provided by Red Hat, Inc. and revoked Apr-21",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "a1062c3c-45c5-4c75-bbd2-d744c8e3fcb8",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "01E2DA8EC5A6929DDBBBEB2E9807586FACDDCA6A7EF62BFEBB581BDC2D7274D6"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "rhel-8.3-20200730-shimia32.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "A1DD22421CC934E050572520A026985AE8C5FC5AD73816510713F1E1D4DFF575",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "rhel-8.3-20200730-shimia32.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "d0acb6e2-2647-424d-b438-eff9f1b605fd",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "1B9A8D23FFC211EFF6F12D17037EB076EA46562DEC937F44CC49D4AF1C119BA0"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "1B9A8D23FFC211EFF6F12D17037EB076EA46562DEC937F44CC49D4AF1C119BA0",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootx64.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "837d8bdc-6458-4eba-87cf-c82a32d1eca6",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "F254087746FDB5D9D9EAE6DF458485752BEB0FCF295C36D273511B45F7480287"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootx64.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "106E99968A816752C4A0F5DF6AEACC0400C688DE35832798029040CDB41E1F09",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootx64.efi } }",
+            "Description": "This was provided by NTI Corporation and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "0e0c1a30-7f00-408c-94fc-b8679bfe90ee",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "543a59e6a502706a4a6210c7b7f22033",
+                    "SHA1": "70b0cb8fdadfc2cfe995adfa594d282e7ffcaa41",
+                    "SHA256": "7bc9cb5463ce0f011fb5085eb8ba77d1acd283c43f4a57603cc113f22cebc579"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "2013-10-24 20:30:19",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootx64.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "87ae10260e4ba99762c952c6b1781476",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "d8282df774ac784f175e5954d46864fd06c28bc3",
+                "SHA256": "b06dc8f3de1e7e5a53dc7ad0f8028f78a843df54884b4a92bcec21071f0e649b",
+                "Sections": {
+                    "/4": {
+                        "Entropy": 4.8275795242762225,
+                        "Virtual Size": "0x174e0"
+                    },
+                    ".text": {
+                        "Entropy": 5.64000824439747,
+                        "Virtual Size": "0xaa4f1"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".data": {
+                        "Entropy": 4.77616587395717,
+                        "Virtual Size": "0x31528"
+                    },
+                    "/14": {
+                        "Entropy": -0.0,
+                        "Virtual Size": "0xa"
+                    },
+                    ".dynamic": {
+                        "Entropy": 1.0259041624373757,
+                        "Virtual Size": "0x130"
+                    },
+                    ".rela": {
+                        "Entropy": 2.6207035651809227,
+                        "Virtual Size": "0x2af90"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.210966719000789,
+                        "Virtual Size": "0xf210"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+                                "ValidFrom": "2013-09-24 17:54:03",
+                                "ValidTo": "2014-12-24 17:54:03",
+                                "Signature": "2a27d6bd2f34c68a9989ec856449fe4934ad5c0615ec5819664399053737a86be46c914b9478ce393534b759eec5eb6f015b706b853f1d2be51fe9807b178eaa9e0f9558d6a5d913c58c7492cbad106abb7395426801a42f363842e60bf72d046668865db5d8ce2c901c9673044d05abb74c171ac198c0f9376bb9185ec7523bb53e6d2c114642ffbfbe20efc6c2571c2006159cb70ff2c428e997f6ce83bf57ad9a47c47decce9830cf861a156471c62600a0260b44e29ea8e6e33c407c046f37be4a46dcaf38c018b24f969beb716d8e76cebc3d1d19134ed6f216cc2e357848b4998196ebd7326bca3e3ade1ba88e98612a569a46a1f45856f4e2dfa02a5d",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000000a6642f3f49fb7379600010000000a",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "c52110f552e27ebb1e3fae114abafb3f",
+                                    "SHA1": "4954e087123653ce38da4cdd31141b6a1bb999e4",
+                                    "SHA256": "1cf7d28cfb21714522a9c91dda9d899ceadb0769f14b25e770799d88365aa54c"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000000a6642f3f49fb7379600010000000a",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Intel Corporation and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "97efcb29-1524-4142-923b-4395a39fe3ee",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "4185821F6DAB5BA8347B78A22B5F9A0A7570CA5C93A74D478A793D83BAC49805"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "C31524CF5814D19C11611A5E5C27B2071DCB76B7EC6DC2DEC93FF9DE5CE656DE",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "97efcb29-1524-4142-923b-4395a39fe3ee"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "c1e70cfa-8b21-4b51-8b94-9a06bb4b5550",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "06EB5BADD26E4FAE65F9A42358DEEF7C18E52CC05FBB7FC76776E69D1B982A14"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "608854C2B7A26B00A3970757C2FA176B361F74FE094F7CFA482C439071279548",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "c1e70cfa-8b21-4b51-8b94-9a06bb4b5550"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "64508479-d4fc-4415-b202-d787a4d094e6",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "F4D8EAD6C325030538D10EBB39F0EFDC2F553794C14A5E45F9555C335925D9D3"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "0EF0AD66BA9A0C4E4815BFD072FE7E281DC382D8DE08A4529DF3FF997B19E705",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\shim64-bit.efi } }",
+            "Description": "This was provided by Oracle America, Inc. and revoked Apr-21",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "4feb177a-ce68-4853-9874-5b834a0b9cb6",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "BDD4086C019F5D388453C6D93475D39A576572BAFF75612C321B46A35A5329B1"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "shim64-bit.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "3898A72298BBF39E2E9B268DA9661B47B6AC5C160518089E27BF8DF25B77D584",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "shim64-bit.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by TrueCrypt Foundation and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "5abbd1d8-5850-4e54-9375-6a9639a8db58",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "80B4D96931BF0D02FD91A61E19D14F1DA452E66DB2408CA8604D411F92659F0A"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "77F55C6E07D808021F9E66017605D8B2DED6C55944693641902C4CE821E37878",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "5abbd1d8-5850-4e54-9375-6a9639a8db58"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\rhel-8.3-20200917-shim64-bit.efi } }",
+            "Description": "This was provided by Red Hat, Inc. and revoked Apr-21",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "3b5b838e-359b-483e-94e9-a1c1ed3077d6",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "40D6CAE02973789080CF4C3A9AD11B5A0A4D8BBA4438AB96E276CC784454DEE7"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "rhel-8.3-20200917-shim64-bit.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "258C72394A0D163E9196A16682D3881E6CB24171EDA78FE026CC9CA9BEBFF22E",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "rhel-8.3-20200917-shim64-bit.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Unknown and revoked Jul-20",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "61d9e3c8-8cc0-4c53-b886-e6e2e676f475",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "4EE45A217B38A8C13777DF0860F1255E52BAF3CF9D075373E31AD7E2C85E2CDB"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "AA909ADBB83E05F92BA2E1144C6A33CB320A760409E1015B00A9EED666063510",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "61d9e3c8-8cc0-4c53-b886-e6e2e676f475"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "0ecce400-dd9c-4291-9502-c8682a4474a4",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "9F136F152A21885D574519554C7B64C15F014E413CDE6AD160F2091EBA9E6424"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "891C44B16ABB7063144BBEF23BC35609FD14BB3FCD8ADFD1E804526AF344EBD4",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "b7909152-9a87-4045-9aca-ae18890b2b71",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "3B7696DF627ADE30BB15BDC5CE3F3C27240C973353E8551E7B036C90D01280C9"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "41607556B9A25F6F3AB73331589519553F83D2CB3629FB3E729303898D173023",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootarm.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "989b4dda-91c9-4903-9027-6ff3e74738b2",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "DAF87006F2653909E39A52B7ECB234484E7AC84AC21EB59354C1BAFCDDF08D9C"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootarm.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "87150D354E809EE266FC005B1DECA64F70A72B9505AD79062D337EEF012CA896",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootarm.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "aa7f07a3-cedd-4752-b1fd-0e8043dd54e6",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "97A8C5BA11D61FEFBB5D6A05DA4E15BA472DC4C6CD4972FC1A035DE321342FE4"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "7C783057C245A34DFF5A9497C3CD4181FC80D06439884E12AD5D67A4F5266CD6",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "aa7f07a3-cedd-4752-b1fd-0e8043dd54e6"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "3598ca7a-27b3-4c09-aaca-cb5108eca19f",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "39ABED2935891EEF96E2B733BBC6951DAFAD1A4C6B500D2D9B28C358355A6AB8"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "1B455F745A6397C1B4FDFA43E634462EE1414DB21EF5A3391142B0F988F31FFE",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "865cadf5-d63e-438b-a8e9-44591fb69d2a",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "3c5fa521303c8b5564f3c2ce44596d69",
+                    "SHA1": "599dbc2acbec93f50c653471403aab7be0b978d1",
+                    "SHA256": "736afb5df29ec9c88532be9c620ef80901bf23e72f2d3488b757aff17e734ace"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2013-09-25 01:06:47",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.16411 (winblue_gdr.130924-1807)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "f512804db694f319cf51306dd2c2c618",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.16411",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "7c1182353e1a18467ac8596eb17c533e",
+                    "SHA1": "3dbd444a114f18bb9cfb639f095ee5a0915ba297",
+                    "SHA256": "3556b638af47e65fa07578b156ff85afa0145f715fc594c65a97aab98841c601"
+                },
+                "SHA1": "d1bfb94ce4288f7f4e3f27ef22618991485e06ec",
+                "SHA256": "3f28c4f2fb32c10e5faed1debf7db6ae8c821bf286ffdb57a5b31fce0730e111",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 6.650572748526797,
+                        "Virtual Size": "0x12a4a4"
+                    },
+                    ".data": {
+                        "Entropy": 5.268881641959374,
+                        "Virtual Size": "0x564f0"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.470826687572494,
+                        "Virtual Size": "0xfd10"
+                    },
+                    ".reloc": {
+                        "Entropy": 5.533455631907051,
+                        "Virtual Size": "0x7f10"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2013-06-17 21:43:38",
+                                "ValidTo": "2014-09-17 21:43:38",
+                                "Signature": "78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "28b23b39f3bbd936a26a5b86451be0ac",
+                                    "SHA1": "3b16f29295d5a7c323beb479c71d3d20c6b8acc2",
+                                    "SHA256": "4383c9a796dc607ddaae1849d8e5d2e7ea211aad2c599fe1e251285ec87dd150"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "2b66ad2e-41d5-498c-bd23-2c88e3a74ccd",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "FFD7688E7D2B8C3C3140B415E728BBE7663C54E23BD288FF2CF4617835088F39"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "6DB28A61DEE4A1209B94F5C984C44D9674F69EE700373FD7BF1A3CBDAAB83FA0",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "3cddc9bb-dc68-4cd7-aee9-227b47b47966",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "9414F5FA5853978C07FC6BB17A1CA9460FE443FFCA021FA52C8672A94460F44F"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "413782A6CEE2CFF718F87A737CD989E2A6067E67212B575AD8A7D80B1A62F206",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "9f95756f-dfcf-48ae-9c0c-8d99f4894e28",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "2298078eaeda24a91219936dfb897e5b",
+                    "SHA1": "23760cf7521a929e9bfcaa5591ad186a18f91f87",
+                    "SHA256": "ce65c29521cd8498fad962e5f70d55c5044366ec09c761a60cc7c4a2001776a4"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2014-08-18 17:28:06",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.4.9820.0 (fbl_sec(dlinsley).140425-1038)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "8000831e91c318757fa911d4c879dc02",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.4.9820.0",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "420a1a5671848b2653305add8102a14f",
+                    "SHA1": "114d1b38b6213056c957863df20adfa4d8e5d3a1",
+                    "SHA256": "20a649595bb060b7fabbd48e91fff890b90f378cbbdcf05d770a881393fa42fa"
+                },
+                "SHA1": "d88ac2154cd473d25c41be40bcca918158badf94",
+                "SHA256": "59e4fa86b1c3bb7df3cdb79a17ec36af9ad12e153172f6d8e662fcfb9dbb37d5",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 6.474040887094493,
+                        "Virtual Size": "0x170eb4"
+                    },
+                    ".data": {
+                        "Entropy": 4.306218248343971,
+                        "Virtual Size": "0x63050"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.083164356102291,
+                        "Virtual Size": "0xa758"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4701486563458728,
+                        "Virtual Size": "0xfce0"
+                    },
+                    ".reloc": {
+                        "Entropy": 5.402300872203148,
+                        "Virtual Size": "0x988"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2014-07-01 20:32:01",
+                                "ValidTo": "2015-10-01 20:32:01",
+                                "Signature": "8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "9da610547a25cbe89af7ecdb99229623",
+                                    "SHA1": "6841cbcbd019586d045c2e9d6d0bc3a98fee3bf7",
+                                    "SHA256": "1cfead8146399a4dfe6759e9303c30c521cff3830e7177e87e64021dc3da4931"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "d1d2f3cc-064e-455c-af50-3bd0d46a06f2",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "889829fb843f0a94ac85fd363af55729",
+                    "SHA1": "7064b8e79beeb6e7443033f51a17d7973ea424a2",
+                    "SHA256": "7f292bce8dc97b601ef1ea72bdf7d96a12a87782bb1b1c547f85c55c7b3ff035"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2022-02-15 11:51:09",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.20300 (winblue_ltsb_escrow.220215-0706)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "d6604f3caaa504ff3aedbade7d87fb97",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.20300",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "c3a45277e34522772d2ffb9c618850dd",
+                    "SHA1": "ccaa1ad0944140bed3cf64cdaf8c9d2004c29074",
+                    "SHA256": "474fc92022c5254d909bd3560e682dc6a340333b34b82d63e8b9a575cf09b292"
+                },
+                "SHA1": "a8dc3e14fb4ad8d264fdaba4ccbc89d64ee4791d",
+                "SHA256": "f025a519dccf1df41951c22c6dc5cafa61e21b117e174b4983b45ccc22c6375f",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 6.632565264872485,
+                        "Virtual Size": "0x132694"
+                    },
+                    ".data": {
+                        "Entropy": 6.174017317899591,
+                        "Virtual Size": "0x5c8b0"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4723546570842396,
+                        "Virtual Size": "0xfd40"
+                    },
+                    ".reloc": {
+                        "Entropy": 6.755773988883993,
+                        "Virtual Size": "0x5e94"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2021-09-02 18:23:41",
+                                "ValidTo": "2022-09-01 18:23:41",
+                                "Signature": "699045742c403812de1bdf9ea2be22132e82a7c006ab278e0c9f460bd435386348031a6b5cbdf450ae5a243331dcb2cc7eace8371cf71ec35a6f663147bd211ea357614e6a611eeacca6486a778d4cd788106ade12d6625574e7a89ecab4eb0bb99295c498dd5f565680a2d26bf2545e727c4204023c48d8021b608fd901c6fefd16ce0c3a669fb0ce758dc671f2cdd7434c163f9de9453e5523d94a78205c828a4615e50330d9f52a8a77f7683d2b61ff1324382d40d31001c518b56b286fbb8c754f6940590c2071385ed0a9387b529c06bf71fff89c74634550fc331b389d558696ace05787144e5af53d20a75a84981bf8380ddac3743f407d8ff27c089e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "46f57c3b860b08484cb79066ac1014ad",
+                                    "SHA1": "c1fe3ab97b834a98460e4ae92fe2468d16f61a92",
+                                    "SHA256": "d78e6b22fec42de5200f6c56731dd6742c79fa2bf7c01c8dc04d3d5738474c9b"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2022-34302"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\shdloader.efi } }",
+            "Description": "This was provided by New Horizon Datasys Inc and revoked Aug-22",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "85ef0c80-cca4-48f1-8ace-0ab2fda03b79",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "431612322a95c76c8bbfb190f00aa9cc",
+                    "SHA1": "e0b9eb89abfb711dc3600589fcdceafb74ecaaed",
+                    "SHA256": "c55be4a2a6ac574a9d46f1e1c54cac29d29dcd7b9040389e7157bb32c4591c4c"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "2013-06-16 02:13:10",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "shdloader.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "1c9670b5add3e4d6aa442a53427f422a",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "11ddf040e749c8362e91c58fd17cb9c7aea4be91",
+                "SHA256": "c3d65e174d47d3772cb431ea599bba76b8670bfaa51081895796432e2ef6461f",
+                "Sections": {
+                    "/4": {
+                        "Entropy": 4.513510764209654,
+                        "Virtual Size": "0x18f0"
+                    },
+                    ".text": {
+                        "Entropy": 5.9651561169269165,
+                        "Virtual Size": "0x7962"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.3567796494470397,
+                        "Virtual Size": "0xa"
+                    },
+                    ".data": {
+                        "Entropy": 4.005064003834089,
+                        "Virtual Size": "0x2098"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.903083847405932,
+                        "Virtual Size": "0x130"
+                    },
+                    ".rela": {
+                        "Entropy": 1.8366456660065942,
+                        "Virtual Size": "0xfc0"
+                    },
+                    ".dynsym": {
+                        "Entropy": 2.618034288058892,
+                        "Virtual Size": "0x1668"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+                                "ValidFrom": "2012-07-02 22:25:14",
+                                "ValidTo": "2013-10-02 22:25:14",
+                                "Signature": "840831439e4e63e88d00e1b0c0678d70bb89f466e9027ab28177926d5def8175b3240e729f943f1e6bd94a0f27c92e696a5001c0747f6bf7574c09e8485a5eb6d7024244ddd73236c28e9dfad58ec5098b74516234232552d9230c1d0ddae73108b0a0144bd9e9265dac56ebdcce7512cf3627a6858d41876ede19d35e0e27957a6896aae9ea150098327450fe7c72385aac6feff0616b3d066cd0be7e5a537bb18488c67db9f0731c30ac7918fe977b4250ffbfbeea81e1ba3b8a0305b9374f0d22453781cc5823b5faad5e50e84306381f83382fe0ed8b176a9c9ff1868cc6543e7f12b1f112adc62430fd1ba530d877a290f0d2e09eacce07ed37ec439c25",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "33000000081eb17e9c15fc837a000100000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "c5e24205d04c09c94d81b6935af7ec09",
+                                    "SHA1": "12622dccb5b07edfd65cae6fc018e24b80ff2c82",
+                                    "SHA256": "d6afbff1c283d7777501bd3b2adb4aadb8ce32649ee401dfbb06f884362f7507"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "33000000081eb17e9c15fc837a000100000008",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "shdloader.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "4e6a6f59-083f-4829-baa5-0c388a9a7634",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "6078C0FA37D9D35DADAC7AD90E90A3A95C44985A3D305BD22A5D838ED45491EE"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "5ED5BD6952F8E520D74AA3001BC587493AFB6D628C0A3BF80875676C63F07B75",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Intel Corporation and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "d8aa2211-8d13-4e4e-88af-60ff17efd3cc",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "DF91AC85A94FCD0CFB8155BD7CBEFAAC14B8C5EE7397FE2CC85984459E2EA14E"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "407326C7F1C837A861EE8D187170C779A9B6A25B0736761645D7E549EBFA17C2",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "d8aa2211-8d13-4e4e-88af-60ff17efd3cc"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "4936b474-694a-4b6d-b023-1c868be1b2ff",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "5E2BB7BC8B16E0B9DDFF75606668E69D76AF1219C17180EF0A5B9B383F00B995"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "FDD173678810D9F9F887B428EB260CF42C837EACC41A11E89C08131E262E2C01",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "ac6f3137-42fd-46e6-8cfb-a22a6785d529",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "de6894cde22aaa436aca77368eda64f9",
+                    "SHA1": "da4574fc375ca85005e13c0210a0ed8397b51121",
+                    "SHA256": "6ce1f2986f0c46683ba07d296d0a84448ecf76c69db183fe29c36eed8f8e8f2f"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2016-02-10 07:49:58",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.18233 (winblue_ltsb.160210-0600)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "1ee7ccaae6df60e3e850ae6c4a3b7478",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.18233",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "95c181375ef93e118f930024df1bff96",
+                    "SHA1": "e3a24ad3c9b07df2a4fb39a1432ba3597faa48f7",
+                    "SHA256": "0708c72d17d4892e2deab31b567c830ee261f5e5730997a47366c0e1e58dec0e"
+                },
+                "SHA1": "810d7ecef2570772d2b70facfec1a6028e4bd611",
+                "SHA256": "566ae5fb2f355b2c03ecbbab4770e92856b0d1c3d659fe0c11263f1a5f8d7086",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 6.632717954879298,
+                        "Virtual Size": "0x12fe54"
+                    },
+                    ".data": {
+                        "Entropy": 5.28434417329483,
+                        "Virtual Size": "0x5b4f0"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.471459084643445,
+                        "Virtual Size": "0xfd10"
+                    },
+                    ".reloc": {
+                        "Entropy": 6.762930538535226,
+                        "Virtual Size": "0x5d10"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2015-08-18 17:15:28",
+                                "ValidTo": "2016-11-18 17:15:28",
+                                "Signature": "60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "f31f8c784e5d3986ccacb9c88c6d7044",
+                                    "SHA1": "833498af9a41da339c83e0d384b521f72d053331",
+                                    "SHA256": "1f47e616b2810165968d76ef4f6587611c276f4b52901bd6aa5822f9c6e52976"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "88e2e7f2-0a89-4a66-9f99-1a73ca3a061c",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "21258FA3877177AC480CB571134BEE7BA1531DDD1274217DFF71BCD618F6C3D5"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "DD32DCC6A6E054F4FB518B3F26EE9F41D338AB5EAFFF83F3682E34728EAAECEA",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "357e4bd3-4bc9-4b94-81a1-3833515e2d4e",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "7FC7196EBBFA0D7947DE66F37158DF23821F156F724FC3CC906F16E8EBFA3E9F"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "9A59A2B53C8BBD2E536EADE26F26F3EE61129AB027812922B52C572364465E8C",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2023-28005"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootia32.efi } }",
+            "Description": "This was provided by Trend Micro and revoked Mar-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "ddecc35f-2233-4894-86d8-69e6e473943e",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "2e2ee7180f421c97f27615cef8531dab",
+                    "SHA1": "2375db1ba66ae1873c8f31b76f305ec8bfcbf3c2",
+                    "SHA256": "c4ebdc43048c43f5f11c59ead051a3585a07fafce985cfed8b27b73a5492f9b2"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootia32.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "ece26d0686590a1ae0f950a412ed1a10",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "15634f8fd748f28e29e4b77ce899a6d561576240",
+                "SHA256": "52febd655c84f4557de0ca35a236d468c03fa3bd0f51f54c31b37db29673da3f",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 5.757847859456988,
+                        "Virtual Size": "0x232a0"
+                    },
+                    ".reloc": {
+                        "Entropy": 6.810300778659803,
+                        "Virtual Size": "0x18f0"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+                                "ValidFrom": "2016-11-17 22:05:37",
+                                "ValidTo": "2018-02-17 22:05:37",
+                                "Signature": "0141873b6d85a37b5ac2a306448d73b6be76f7682ad14efef7ce4b377f0f7a5fbefd76377d59dc2caccd28d1be3eb180a8b66ab19a853bd14c7d5e955e8f07bc2ee0686ac3a2c9e997bd9f58de6dc9b93900c6b7824f64bf415ac51ebaa3dcfe8ad4fc2a41ad95b372c421c4f87835a59867c244e1c8df142abc4b23579f57431565eb8de6a7a0318b2fd17f93876a335c9450d2531f6a877baf43a569f83703a68e49987ca3c6dd42a595827f5be49151d3b79ea262e38ef5b37bda5b1be3462baa6ccb313193cdba21ea3cb1e9bbc751a769f354d63a0d1de3158c67d47b765b92d580ed5f1f1cdb5f61774c4b66c7deb15f4c71d605106064f33a17d31ca6",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000001e0d8474951a966ce400010000001e",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "b6f099bf203668f11a8f79ab08792ed8",
+                                    "SHA1": "4713755a345940554eada6042e90b0151591fad6",
+                                    "SHA256": "62a02001fda2712f35e5ba5f619a6403b6a2c10570eab455fdc69455535f49bb"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000001e0d8474951a966ce400010000001e",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootia32.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "3cf4dc5f-5fc3-4a44-b069-bced755a5e5d",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "1C19A5A240A361131DCC5EC25363DA6E79C7D55B3C79C0976C947F1D04A38AAA"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "C990C8BF9D0C8E5A50CAF28C9FF6E8EA1949C5DD6AAAC5AB08B3A77CC0D5F011",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "fa8ffd8e-ef04-4510-bf93-34fe1fadc156",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "1510988D3DCCE120F22696A9E87B02E7FAD6367EF4AE8BFD54CDB528A5C48E99"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "E21231BE8A60E9FE94AD0D2202ED01C36E4AFC731A30659B8AC44C22B7377FBD",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\shim-0~20120906.bcd0a4e8-0ubuntu4/shim64-bit.efi } }",
+            "Description": "This was provided by Canonical Ltd and revoked Apr-21",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "51f20c00-6e15-4b45-852a-8f62e6f55436",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "23142E14424FB3FF4EFC75D00B63867727841ABA5005149070EE2417DF8AB799"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "shim-0~20120906.bcd0a4e8-0ubuntu4/shim64-bit.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "DD33B966BE5F3882EED189E583AA4CA4D28E74B356DDEFFA164234DD7E89ABCA",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "shim-0~20120906.bcd0a4e8-0ubuntu4/shim64-bit.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "c2c1c3d4-441d-4ce1-92c9-094411b3bf09",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "BFCAA41445F20B54AEA650D03D7C39B77CD82A7A14824DC55AA587C4C0F742A3"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "E299D3CA4A5A6579E863DD54488B6E804E47B20B75B7E71DC64B47F6403386B5",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "7ca92d66-191e-469f-8320-a1f67a1eaa64",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "DB1E5C6152A28D3EB6B1AFEAAD4974F3654AC6FBBE769D870ABB74EDE632B9E5"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "AB66D5C1C320900FC15984D7E1D44331411F2339DA9376F3E9BC2A4CB9B06014",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "4814d421-23eb-4222-8cc1-aab6645981fb",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "9783B5EE4492E9E891C655F1F48035959DAD453C0E623AF0FE7BF2C0A57885E3"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "103FE82E5F090184D8DB7A48801D1E503E3C6FC0726783E9A49A84F9FFD4C78A",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "4814d421-23eb-4222-8cc1-aab6645981fb"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\cent-8.3-20200730-shim64-bit.efi } }",
+            "Description": "This was provided by Red Hat, Inc. and revoked Apr-21",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "3dfbbf26-7e19-4d38-9b5a-6e332ba5fc34",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "CB994B400590B66CBF55FC663555CAF0D4F1CE267464D0452C2361E05EE1CD50"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "cent-8.3-20200730-shim64-bit.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "DA649429AA5899D242782ED21EC332A217C3D530296FC9D7A0E3F1F694EB7FE1",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "cent-8.3-20200730-shim64-bit.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootarm.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "bca306da-15be-48c3-8a55-3165085410b9",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "731A31CC36C5A7D7445F9644CE4E850E99CC7962EF6E2DE98721447A1438D805"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootarm.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "AC390194D59EC41A1A01BD96417CFE79E833CD6BBCA820B5FCB35CC3FE99653B",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootarm.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by BITDEFENDER and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "78f886c7-28cd-4686-ac8f-ee82f3e0fbcb",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "D89A11D16C488DD4FBBC541D4B07FAF8670D660994488FE54B1FBFF2704E4288"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "A95666BFAF48FD9C4CAF2F3ED4EB593145C48BD3C93E4B00638088CE7EE962CF",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "78f886c7-28cd-4686-ac8f-ee82f3e0fbcb"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "c8440951-fa74-42e2-bee5-4a70db2dec53",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "450c5929a254f83c3fcfa056b9ecb5f9",
+                    "SHA1": "3f62302d8c036c7d2d4ae6a47fc8439028871808",
+                    "SHA256": "84d75f7a8913d66db946eaf1480eaddec3063d27a6f625f040b406718abcac44"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2017-03-25 12:33:45",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.18639 (winblue_ltsb.170325-0600)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "958ceee3668f4eff01fb29d03518b49e",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.18639",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "85fa20421a65e83905361d389b335669",
+                    "SHA1": "fad704c4353c271f61f7ffcecc3bc5aceb3a15b7",
+                    "SHA256": "60bb1a6f5f679831418c16a7c2000159d31507690560194ca357bfd0b4018f9c"
+                },
+                "SHA1": "0213406b236ee5c1f1e4fbf0101d24cc10ab7e24",
+                "SHA256": "fe26e6c2bc5ac4357e6657624180ca1e946d6dabe79cdb098d7b8b4e440851aa",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 6.4910310466732115,
+                        "Virtual Size": "0x16acf4"
+                    },
+                    ".data": {
+                        "Entropy": 5.389366981443705,
+                        "Virtual Size": "0x6c590"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.102700785324201,
+                        "Virtual Size": "0xa554"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.472082202305419,
+                        "Virtual Size": "0xfd30"
+                    },
+                    ".reloc": {
+                        "Entropy": 5.400761827022373,
+                        "Virtual Size": "0x968"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2016-10-11 20:39:31",
+                                "ValidTo": "2018-01-11 20:39:31",
+                                "Signature": "bd80b589ac202a8c57028b505da374963d49e555f4d7fba7ec9c9b645e2c3cc1b869ca054fce40a3953a4cae404cf07bc8f52e9408afa7cf74f03c131aa37e26eea21fe524bc06fe6bf59c1d510cc505cae5e385344eb27a4500ac119b30d5a54c5ae9c249665539cbf51fb8680a5311ee884d3d4a2c38a8e6e170f7c9f94aa821f889f4ef7733ca24c6ecc56105ec5b39f8609dc897a2e7deca1c32d696208e8b92a92419b386e3714c104f01a54b619de5afb79db9618e7f90852b33228d4ae67d6e74b3c55ad9f6f41b86952aed4d73efe4e09f36d2ce97679ce82ca30d073a1dc401342b1b255abaa86b506d8344fa287e2a1214e2d3b98dfdb9c6d85fda",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "33000001066ec325c431c9180e000000000106",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "dde4566ad877cdd7257537c5a15caff8",
+                                    "SHA1": "61ccf092df4eb7534ffc8df983b362e10eb895c2",
+                                    "SHA256": "0ae3a29cfb54cd16c853b2246cc428219bb87f7e4ea299b0374b2ac43f2a61d8"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "33000001066ec325c431c9180e000000000106",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Oracle Corporation and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "07ce0c22-0e7a-4f68-91e2-61a9d9cd566f",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "65F3C0A01B8402D362B9722E98F75E5E991E6C186E934F7B2B2E6BE6DEC800EC"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "6A86152DF323185DCD535369C94B9226FEB6AAB4479C00A4A916B4E82E4A85FE",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "07ce0c22-0e7a-4f68-91e2-61a9d9cd566f"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "5a1e393f-1595-4e4e-993e-7097a184ce42",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "3FE9F8D11EDCA3FC1899100484DE4CC2C626ABB38B73985A441B7C3A0D39CA54"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "8DA046540148E1E146DE2F96C7D860962ED059A923E9685E868DC4C6065684AA",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "dbbed756-4f18-430e-9a68-6f0054091fa3",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "EA9C72C1CE865E6044ABFF576FD712D4DF3F5114318753EFCFEFED70EE586884"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "573D0A8D59DC7FDB0BE784ABE9B51DA9183848B613FF4C96B143D286043B4E43",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\BOOTIA32.EFI } }",
+            "Description": "This was provided by Red Hat Inc. and revoked Jul-20",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "9308b260-6695-43ee-bddb-a90f20e035f1",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "c62cb9b4d87523ac468bd048647eabec",
+                    "SHA1": "57916473f391f8b25aa2497acf5c58d2eb304e2b",
+                    "SHA256": "38909daf2fe29bbfe22303939d3904f38dca48b7f2a41f28f34de564a0242781"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1970-01-09 09:45:32",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "BOOTIA32.EFI",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "77fefa9f6ac9273ee5edb4d19e87d348",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "e609f8ddc446dc27a2aec3577e2b7869126662c0",
+                "SHA256": "03c8c9956938147bcc81a19e580ca8b5214e82829ec0494c22b0f59013ca22b2",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 5.773526636331647,
+                        "Virtual Size": "0x92ba3"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.5709505944546687,
+                        "Virtual Size": "0xa"
+                    },
+                    "/4": {
+                        "Entropy": 5.070551147779766,
+                        "Virtual Size": "0x7e"
+                    },
+                    ".data": {
+                        "Entropy": 5.335958404758759,
+                        "Virtual Size": "0x216dc"
+                    },
+                    "/16": {
+                        "Entropy": 7.338341139988703,
+                        "Virtual Size": "0x3e2"
+                    },
+                    ".dynamic": {
+                        "Entropy": 1.4043380507095067,
+                        "Virtual Size": "0x78"
+                    },
+                    ".rel": {
+                        "Entropy": 3.5471242189199925,
+                        "Virtual Size": "0x9718"
+                    },
+                    ".dynsym": {
+                        "Entropy": 4.3951515278569575,
+                        "Virtual Size": "0x9380"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "ValidFrom": "2017-08-11 20:20:00",
+                                "ValidTo": "2018-08-11 20:20:00",
+                                "Signature": "6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "a5052527524f4998a7bd87f396196fe8",
+                                    "SHA1": "2374a3e4f0499d106f0e4d71a22f7b0e709847c0",
+                                    "SHA256": "f5b4992e0bd1b102ae9d5aeec4bd213f5dd042bd27b9a345ad336d2dda10a138"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "BOOTIA32.EFI"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "f907fd87-1f8a-4a91-8ed1-e74bf106b15c",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "9DD2DCB72F5E741627F2E9E03AB18503A3403CF6A904A479A4DB05D97E2250A9"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "B40F5FF7030848DB736573E06A1A1C5BF49F119E66DD0BA7E48E2651E2CE7059",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "f907fd87-1f8a-4a91-8ed1-e74bf106b15c"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "73fcc470-7c81-4385-8c78-933467e404cf",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "DE7F766E4454DA118A6C42BEE476C4BB66F660BFDB88DB572C4621C43EC1836E"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "35F731A87345B78EAC85100D339ED77CE83B7DF6151B401B446A79D9FEBCD36D",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\rhel-8.3-shim-20200726-shim64-bit.efi } }",
+            "Description": "This was provided by Red Hat, Inc. and revoked Apr-21",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "cc89429d-d9b6-412c-8083-4879ab57f589",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "EF87BE89A413657DE8721498552CF9E0F3C1F71BC62DFA63B9F25BBC66E86494"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "rhel-8.3-shim-20200726-shim64-bit.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "98721004CFF6B89B3E5A9267D29250710E6A6C8AFAE06EEF29F92745CD70E079",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "rhel-8.3-shim-20200726-shim64-bit.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "9164d869-3953-40eb-91e4-26a837e3aacc",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "e518520c0709c922714f016a9ec3d893",
+                    "SHA1": "3ef1fcd520f386618b77de8759b40d169b042708",
+                    "SHA256": "05729029ef940c5e6ee96b3b1253c08783c01329bce2e9951bc22a09223fc15c"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2022-04-11 22:20:40",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.20366 (winblue_ltsb_escrow.220411-1722)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "c6697cdbcf51cc54053438e644243327",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.20366",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "c3a45277e34522772d2ffb9c618850dd",
+                    "SHA1": "ccaa1ad0944140bed3cf64cdaf8c9d2004c29074",
+                    "SHA256": "474fc92022c5254d909bd3560e682dc6a340333b34b82d63e8b9a575cf09b292"
+                },
+                "SHA1": "056c3b1ab4f9b248ffc5285f299a2653839357f2",
+                "SHA256": "1eadf7bf5fde916884a4beb82dd68ba50be05413f00aae8571190a2eaa462640",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 6.63395324582708,
+                        "Virtual Size": "0x1326f4"
+                    },
+                    ".data": {
+                        "Entropy": 6.175578570095665,
+                        "Virtual Size": "0x5c8b0"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4725471322840162,
+                        "Virtual Size": "0xfd40"
+                    },
+                    ".reloc": {
+                        "Entropy": 6.751781167901335,
+                        "Virtual Size": "0x5ea4"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2021-09-02 18:23:41",
+                                "ValidTo": "2022-09-01 18:23:41",
+                                "Signature": "699045742c403812de1bdf9ea2be22132e82a7c006ab278e0c9f460bd435386348031a6b5cbdf450ae5a243331dcb2cc7eace8371cf71ec35a6f663147bd211ea357614e6a611eeacca6486a778d4cd788106ade12d6625574e7a89ecab4eb0bb99295c498dd5f565680a2d26bf2545e727c4204023c48d8021b608fd901c6fefd16ce0c3a669fb0ce758dc671f2cdd7434c163f9de9453e5523d94a78205c828a4615e50330d9f52a8a77f7683d2b61ff1324382d40d31001c518b56b286fbb8c754f6940590c2071385ed0a9387b529c06bf71fff89c74634550fc331b389d558696ace05787144e5af53d20a75a84981bf8380ddac3743f407d8ff27c089e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "46f57c3b860b08484cb79066ac1014ad",
+                                    "SHA1": "c1fe3ab97b834a98460e4ae92fe2468d16f61a92",
+                                    "SHA256": "d78e6b22fec42de5200f6c56731dd6742c79fa2bf7c01c8dc04d3d5738474c9b"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "30e370b5-bc05-4b98-96d1-8e71f41083fe",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "311A2AC55B50C09B30B3CC93B994A119153EEEAC54EF892FC447BBBD96101AA1"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "EE721020DB7794DE74F59992A2C6B4DCA5B9FD584BBCBDEF96930B9A7132BE1C",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "30e370b5-bc05-4b98-96d1-8e71f41083fe"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "cf486d6a-cb41-4d0b-9258-81a14e76f719",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "4B59C6D8E94428C4CBDB0F306FED75B099EA349431F001AA819C3BD0D1600812"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "89C7492FAA5DFEFFE4F126764CD556A82B53520404636BD50C32405346959016",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootaa64.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "2297fba2-2316-41a2-93f7-20ea8c9f6b98",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "A1A59CC2784246AD693B1DF151454642324E89C898566A59906891F48089ECE9"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootaa64.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "2674036BC5EE2446739FBBBE21F8480DA23AD5E98A6768754B4C9B9FC37EF2E2",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootaa64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootarm.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "cc19dcf6-f6e2-4820-8df0-73abc96a95d8",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "706B8A820652212D3A5F57303C9CB2B80B9E79DCF2621F29318AF2346419EDFA"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootarm.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "4CADDFE7EB99A666652EBDA685A542612C851C732801AA5B15AB39E826D7C1D7",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootarm.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "9ad7a737-68be-4ce9-9595-30623e887396",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "c44756dff66637b44b1180df93fecc70",
+                    "SHA1": "502c5761b07eef8e5b1b90cd8465a36a115e339b",
+                    "SHA256": "6582dccb8b305efe0bbbafdcc7d295a6a8bf1df0397e1a8ac736e9098a2a64c0"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2022-06-27 22:58:31",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.20476 (winblue_ltsb_escrow.220627-1731)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "6c1910730f135cbd5a78e3a48520e647",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.20476",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "aaf18af925d829095e017c505f1a0039",
+                    "SHA1": "c3d13f7d96127a3b16c7a8c0a3dd98fd9f22c3cf",
+                    "SHA256": "05367ecae4cf78cc575048fb931468b1d210df8c38ff8ca05481124b1a1a6917"
+                },
+                "SHA1": "1d5beb0bd494d324fa663da050cc61e8f7f2ce92",
+                "SHA256": "77e2945b3a2b0d14e9943f90ddd7bb87dde9cc5d8be09f9693e9f4166769363d",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 6.493411591352979,
+                        "Virtual Size": "0x16dcf4"
+                    },
+                    ".data": {
+                        "Entropy": 5.413862912163844,
+                        "Virtual Size": "0x6c830"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.079086771447321,
+                        "Virtual Size": "0xa734"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4723930407949566,
+                        "Virtual Size": "0xfd40"
+                    },
+                    ".reloc": {
+                        "Entropy": 5.410822163532266,
+                        "Virtual Size": "0x998"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2021-09-02 18:23:41",
+                                "ValidTo": "2022-09-01 18:23:41",
+                                "Signature": "699045742c403812de1bdf9ea2be22132e82a7c006ab278e0c9f460bd435386348031a6b5cbdf450ae5a243331dcb2cc7eace8371cf71ec35a6f663147bd211ea357614e6a611eeacca6486a778d4cd788106ade12d6625574e7a89ecab4eb0bb99295c498dd5f565680a2d26bf2545e727c4204023c48d8021b608fd901c6fefd16ce0c3a669fb0ce758dc671f2cdd7434c163f9de9453e5523d94a78205c828a4615e50330d9f52a8a77f7683d2b61ff1324382d40d31001c518b56b286fbb8c754f6940590c2071385ed0a9387b529c06bf71fff89c74634550fc331b389d558696ace05787144e5af53d20a75a84981bf8380ddac3743f407d8ff27c089e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "46f57c3b860b08484cb79066ac1014ad",
+                                    "SHA1": "c1fe3ab97b834a98460e4ae92fe2468d16f61a92",
+                                    "SHA256": "d78e6b22fec42de5200f6c56731dd6742c79fa2bf7c01c8dc04d3d5738474c9b"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "4c768cdf-df02-45b1-9342-63389224b997",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "7B94F0505F37B19B432ABA08BE2E3E003038C02CEB531E169D460DB60C351649"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "593148805FC70C5FBE0299A185DD367DF00A8E7AA95242C90C6567A73C1CD259",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "163d69a7-be4d-47bf-ba9b-ad2e76271175",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "FDBE6C45F2414421562D812EB67C5FA0CFD0D40AFE2CF0CDDC5E09054ACB4FE5"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "73ED112C5EE295BA56BEA8679E062EE22A5E01B23438A7B8F459AF8F61A93BF4",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Intel Corporation and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "90e05866-5975-498c-bab9-1a71dd286011",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "DF02AAB48387A9E1D4C65228089CB6ABE196C8F4B396C7E4BBC395DE136977F6"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "6AE5984A47CCE9129498E534DB84F0FD33FE9AEE2860462414416282EB0CF34A",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "90e05866-5975-498c-bab9-1a71dd286011"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2023-28005"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootia32.efi } }",
+            "Description": "This was provided by Trend Micro and revoked Mar-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "990b3c53-97bc-4fd8-a212-e60c6fda898c",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "1F8A0E13AADE0885A06B5D822BB21D8111664C37691F0D256EBA840277511BCA"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootia32.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "B97D5B2A7A9E582652CB9A9BDE1BB68EB631C2329168A996BD19CDD1499408BA",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootia32.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Intel Corporation and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "73fc4a00-2d2f-46c4-a597-bd0cc015dfdc",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "BEF7663BE5EA4DBFD8686E24701E036F4C03FB7FCD67A6C566ED94CE09C44470"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "690B765C38BE3FBA65B829677D98A67943F92E24E9860EE2A13273F5932B8A0A",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "73fc4a00-2d2f-46c4-a597-bd0cc015dfdc"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootia32.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "8ceef305-f81d-4d24-bb34-2adf41c5b779",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "BF550C6F826C96461552E665F53A4F275A14838FD64CCF773D194B78CE33E907"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootia32.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "6A412612692B81C56395EDBC4E4CB189478D15BD7474A01829ECF867C71ED871",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootia32.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "58907c65-5be5-4821-9c87-8d27b5a8840d",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "17C2B5B96693CDC2951C89DDE641D14716063F5FC8795CEBC635378B73044E8B"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "376E727A97432EE289CE9485988E24C0E20321DDC45443D7916D20D9C8824883",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Unknown and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "b842b745-24ab-4f75-a302-5d4c4bf0101b",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "C2469759C1947E14F4B65F72A9F5B3AF8B6F6E727B68BB0D91385CBF42176A8A"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "C33397B499368E23DDA3FD5B9CC989647442F279EE6F80B53C620721C958346D",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "b842b745-24ab-4f75-a302-5d4c4bf0101b"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "f651508a-842a-4af6-b332-559fc9897806",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "D069A07B5ACDE004FE7286558041F1F123DD88BB1395E5E453F62F48EF37D199"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "9CD99CEFF9B7496E7B6720AF4C561668D6993376EC18593E3F54B1540E5B31A0",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "ad4ed491-2e8d-4c16-9bad-4352f1ce2f67",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "C875AE8A8DB5441A577172869A4EC6E71DACE7A875F42A2FBBA4B52F293499DE"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "339E7E433DA8002B9FFB9EEB3C768742A93953509FC02BCAF95254228914067F",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootx64.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "38e6bed7-1db9-4c15-8358-040edb77a39c",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "6B54497FF9915A6977428BDF8F45B116D874C4F8A836B5BDFC373D05F4C0EF87"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootx64.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "E438149CA86CF5F2FDD1318BF0D6C301593EA74B06940E031964F34561255BC8",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\BOOTx64.EFI } }",
+            "Description": "This was provided by BITDEFENDER and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "35c8a2f7-287d-4251-a949-d1ad45040784",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "93858168a4a5a02e0446ee0c003ecdf1",
+                    "SHA1": "096dbcb4f3baa2a21cd0e267052430ccd175593a",
+                    "SHA256": "badff5e4f0fea711701ca8fb22e4c43821e31e210cf52d1d4f74dd50f1d039bc"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:08",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "BOOTx64.EFI",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "0887bbb1fff22018d425b56dfb642db7",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "db9c3757f8f341bd6be92611fbbfb3ca8bc80d6f",
+                "SHA256": "e352109145416e3b61dcf5e09492d24410828121e7d74c08ce0d3157b45a0831",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 5.634144687504991,
+                        "Virtual Size": "0xab58b"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".data": {
+                        "Entropy": 4.800117402438687,
+                        "Virtual Size": "0x31eb8"
+                    },
+                    "/4": {
+                        "Entropy": 0.6143694458867568,
+                        "Virtual Size": "0x12"
+                    },
+                    ".dynamic": {
+                        "Entropy": 1.177741779247768,
+                        "Virtual Size": "0x140"
+                    },
+                    ".rela": {
+                        "Entropy": 2.6309115175747873,
+                        "Virtual Size": "0x29d78"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.2171085714056926,
+                        "Virtual Size": "0xf570"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+                                "ValidFrom": "2013-09-24 17:54:03",
+                                "ValidTo": "2014-12-24 17:54:03",
+                                "Signature": "2a27d6bd2f34c68a9989ec856449fe4934ad5c0615ec5819664399053737a86be46c914b9478ce393534b759eec5eb6f015b706b853f1d2be51fe9807b178eaa9e0f9558d6a5d913c58c7492cbad106abb7395426801a42f363842e60bf72d046668865db5d8ce2c901c9673044d05abb74c171ac198c0f9376bb9185ec7523bb53e6d2c114642ffbfbe20efc6c2571c2006159cb70ff2c428e997f6ce83bf57ad9a47c47decce9830cf861a156471c62600a0260b44e29ea8e6e33c407c046f37be4a46dcaf38c018b24f969beb716d8e76cebc3d1d19134ed6f216cc2e357848b4998196ebd7326bca3e3ade1ba88e98612a569a46a1f45856f4e2dfa02a5d",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000000a6642f3f49fb7379600010000000a",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "c52110f552e27ebb1e3fae114abafb3f",
+                                    "SHA1": "4954e087123653ce38da4cdd31141b6a1bb999e4",
+                                    "SHA256": "1cf7d28cfb21714522a9c91dda9d899ceadb0769f14b25e770799d88365aa54c"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000000a6642f3f49fb7379600010000000a",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "BOOTx64.EFI"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\shim64-bit.efi } }",
+            "Description": "This was provided by VMware, Inc. and revoked Apr-21",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "3e375fd6-edc4-48ff-801e-cf5d4fef7d2e",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "1142A0CC7C9004DFF64C5948484D6A7EC3514E176F5CA6BDEED7A093940B93CC"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "shim64-bit.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "10914C967939CA831D9D39B87332A6E8882FE99901DC0E4DE4931CA5A065B9FF",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "shim64-bit.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Oracle Corporation and revoked Jul-20",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "a8267643-bd8f-42e9-851a-86b986973758",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "8EC2540CEDDD592E616AF4386DA9EAF76855EF0A792E26FC149B32E951D76C85"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "AD1A9C1667E89214EE947D6B40D61BFFB7EA942ABCCE85319520CC3DE301FA1B",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "a8267643-bd8f-42e9-851a-86b986973758"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\cent-7.9-20200730-shimia32.efi } }",
+            "Description": "This was provided by Red Hat, Inc. and revoked Apr-21",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "a7bf3e37-f600-48ff-82d4-4f1e82c199d2",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "DDF3E4261419944F7C2F8B92F6D14C35060B4F94818CC4183F0C072706DEF726"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "cent-7.9-20200730-shimia32.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "2D07ABD75C154055A858D4461A1B1B76D763E9ED294E2E10244C20601E072A29",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "cent-7.9-20200730-shimia32.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "bbd79406-168c-449a-8206-9927288fefd4",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "B3EAFDEB6E2809BD72730E4FC7896B9D94543CA360E9629B63C039FF91274BEB"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "F64F70D1D3AD35BEC25526472C51765BEB40AAF72CA8EC1242E046F62C18C11E",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "4885e5bd-31eb-4f63-af7f-efff02e753ee",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "92F858F6A02BD2014618B05D7759E34E7781B15C34C8814BA4C930B320F8DB09"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "53E9CF33ED9379862E5A5424E0C3FBE6D81D0D622368F773C81658F408A642E3",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "c7f3ce1c-9b48-4d6e-b769-4a2869e09bb4",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "F02174BB75BC774DF2D7A63A0B0F7A040C9907399F97F642743DA97DF30104C7"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "642296E7342D651FE2FE547C1F08329777CCD44DC4F11C75FEC1F037A9B4B9B4",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\BOOTX64.EFI } }",
+            "Description": "This was provided by Red Hat Inc. and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "64c9ea42-80a1-425d-ae59-d9ee4eadf4ba",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "A924D3CAD6DA42B7399B96A095A06F18F6B1ABA5B873B0D5F3A0EE2173B48B6C"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "BOOTX64.EFI",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "BDD96B78F3AA4B123851342995451880CB2498E785ED12E48CEB36F1A3F49B2B",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "BOOTX64.EFI"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "a7cc38fb-91b2-4e2c-a0a9-2a6051c31cb5",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "8A03960BDEA6A4953AC50A2BBF9317BE228C2EBBC299E1E90CC7C6EB18F43B94"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "E785D139C9F008F9135EDFAD44492D11D09B83373ABE74AD45B7CADD25EBB464",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootx64.efi } }",
+            "Description": "This was provided by TeraByte Inc. and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "e314abb1-31d1-460f-9df0-f437263d9e71",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "50588d1cf5701594eefb3eb90f401614",
+                    "SHA1": "8a6738664c7dd6a99dbbd32c0c43432e9f88c85a",
+                    "SHA256": "9d00ae4cd47a41c783dc48f342c076c2c16f3413f4d2df50d181ca3bb5ad859d"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "2014-09-04 13:05:11",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootx64.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "c2d60556e72219f9d4dd063a6843aa37",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "83720b7f32ce09df641395f39a86bc48b3e8a9b8",
+                "SHA256": "d809eddc88a14239e8a069fa71f81f3e4af4dc293f7575d71d597c80f8767816",
+                "Sections": {
+                    "/4": {
+                        "Entropy": 4.836197087741231,
+                        "Virtual Size": "0x161d8"
+                    },
+                    ".text": {
+                        "Entropy": 5.588107260830429,
+                        "Virtual Size": "0x9f2be"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".data": {
+                        "Entropy": 4.597286314345456,
+                        "Virtual Size": "0x2cab8"
+                    },
+                    "/14": {
+                        "Entropy": 0.6143694458867568,
+                        "Virtual Size": "0x12"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.8341231672694769,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".rela": {
+                        "Entropy": 2.6053915011200695,
+                        "Virtual Size": "0x2aa50"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.2071015337175828,
+                        "Virtual Size": "0xe520"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+                                "ValidFrom": "2013-09-24 17:54:03",
+                                "ValidTo": "2014-12-24 17:54:03",
+                                "Signature": "2a27d6bd2f34c68a9989ec856449fe4934ad5c0615ec5819664399053737a86be46c914b9478ce393534b759eec5eb6f015b706b853f1d2be51fe9807b178eaa9e0f9558d6a5d913c58c7492cbad106abb7395426801a42f363842e60bf72d046668865db5d8ce2c901c9673044d05abb74c171ac198c0f9376bb9185ec7523bb53e6d2c114642ffbfbe20efc6c2571c2006159cb70ff2c428e997f6ce83bf57ad9a47c47decce9830cf861a156471c62600a0260b44e29ea8e6e33c407c046f37be4a46dcaf38c018b24f969beb716d8e76cebc3d1d19134ed6f216cc2e357848b4998196ebd7326bca3e3ade1ba88e98612a569a46a1f45856f4e2dfa02a5d",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000000a6642f3f49fb7379600010000000a",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "c52110f552e27ebb1e3fae114abafb3f",
+                                    "SHA1": "4954e087123653ce38da4cdd31141b6a1bb999e4",
+                                    "SHA256": "1cf7d28cfb21714522a9c91dda9d899ceadb0769f14b25e770799d88365aa54c"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000000a6642f3f49fb7379600010000000a",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\shim-0.9+1465500757.14a5905-0ubuntu1/shim64-bit.efi } }",
+            "Description": "This was provided by Canonical Ltd and revoked Apr-21",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "81ea3a10-a003-4839-ae9f-52cb700d38d4",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "FABC379DF395E6F52472B44FA5082F9F0E0DA480F05198C66814B7055B03F446"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "shim-0.9+1465500757.14a5905-0ubuntu1/shim64-bit.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "889337B0F67FFBDDD260CEE774DFA332DBB4EAE7D11333B2DDBAD7CA7FA773A2",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "shim-0.9+1465500757.14a5905-0ubuntu1/shim64-bit.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "495a811b-db1c-41f6-88db-36688933fcec",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "CB340011AFEB0D74C4A588B36EBAA441961608E8D2FA80DCA8C13872C850796B"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "DF224EF3B05794CBCE084C11BAAF3D85F380A5213D9097E400D9FA42FC412933",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "495a811b-db1c-41f6-88db-36688933fcec"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\shim-0.9+1474479173.6c180c6-1ubuntu1/shim64-bit.efi } }",
+            "Description": "This was provided by Canonical Ltd and revoked Apr-21",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "2a4a532a-848c-4ca5-a910-357daefe32e7",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "e04975ca0b4139e160f03ab301fe80b6",
+                    "SHA1": "8b736cf22a54133d32665bed98eedf76755e0b10",
+                    "SHA256": "4cd73702d6b209ea8d57657ac4603c8127134d01973d84018af7c68335751ad9"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "shim-0.9+1474479173.6c180c6-1ubuntu1/shim64-bit.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "9671f8d6de959b9d084f2a67f6dfadf3",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "f7df1f4af46adceea20652bc796d86b47d9eeb6c",
+                "SHA256": "3c430c719c9053a74d74dcc5e52b40d10f109db1dc9458a05a7a413b86a93467",
+                "Sections": {
+                    "/4": {
+                        "Entropy": 4.843946446868365,
+                        "Virtual Size": "0x18118"
+                    },
+                    ".text": {
+                        "Entropy": 5.624855658077438,
+                        "Virtual Size": "0x91898"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".data": {
+                        "Entropy": 4.421216580279309,
+                        "Virtual Size": "0x28848"
+                    },
+                    "/14": {
+                        "Entropy": 7.322772708526002,
+                        "Virtual Size": "0x449"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.8630797231656377,
+                        "Virtual Size": "0x100"
+                    },
+                    ".rela": {
+                        "Entropy": 2.646133679930085,
+                        "Virtual Size": "0x1ae50"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.2051544492157,
+                        "Virtual Size": "0xea78"
+                    }
+                },
+                "Signature": "",
+                "Signatures": {}
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "shim-0.9+1474479173.6c180c6-1ubuntu1/shim64-bit.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "60aaedd4-4eb0-485b-a534-82645695a185",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "4A4873A319A3A3DE35EA325771DFFCBB31EC14550A4E029CF0FEB9CD686B8C92"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "A0946E9C77C27E5E9D19BCEEFE4DC147F97BF1CA7FE12F15280D390BA7A0D67A",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "e9785a5c-1caf-4577-85fa-9a2eadc9bfe9",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "788383A4C733BB87D2BF51673DC73E92DF15AB7D51DC715627AE77686D8D23BC"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "D389EDE1F84051086D30B8C2CFC362797B129854DF1313CA474F83A143F55D11",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "e9785a5c-1caf-4577-85fa-9a2eadc9bfe9"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootia32.efi } }",
+            "Description": "This was provided by Neverware and revoked Jul-20",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "b03177a4-54ec-4449-b30d-f197e75b8b3e",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "1adb4d9d5d5c38a654581d03699efb51",
+                    "SHA1": "120f24f0e7bfbbe0e0419060b1489921d9fd3fe5",
+                    "SHA256": "56fb79aab26ee9d0e0ca372fb86a8bb459acbc505d0ab35e6a632a3d5f88dcb3"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootia32.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "eaaa74b1ac8f59f8610a8e898de54cf6",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "82d315d856cf1a43ff8d22192638c8f416be591f",
+                "SHA256": "aa6f27b8b2ca5826f497362042c003b5e1d7ca22383d82730fbc5c45e048d839",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 5.841766513831158,
+                        "Virtual Size": "0x93147"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    "/4": {
+                        "Entropy": 4.946577948119573,
+                        "Virtual Size": "0x62"
+                    },
+                    ".data": {
+                        "Entropy": 5.369085585418017,
+                        "Virtual Size": "0x21a7c"
+                    },
+                    "/16": {
+                        "Entropy": 7.20273225550972,
+                        "Virtual Size": "0xb79"
+                    },
+                    ".dynamic": {
+                        "Entropy": 1.38767138404284,
+                        "Virtual Size": "0x78"
+                    },
+                    ".rel": {
+                        "Entropy": 3.537809435563718,
+                        "Virtual Size": "0x9048"
+                    },
+                    ".dynsym": {
+                        "Entropy": 4.388630978541453,
+                        "Virtual Size": "0x9360"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "ValidFrom": "2018-07-03 20:53:01",
+                                "ValidTo": "2019-07-26 20:53:01",
+                                "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "8d8a1f204c9c80213bd427fa58b387e2",
+                                    "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386",
+                                    "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootia32.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "ac90e9e0-2035-46a5-b3fc-f0670e6d0ddd",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "A0107A564E93989C57044FD18AA85BEB1258101AC3D9F6E10BF12C1C6573BC2B"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "2B2025F4C880166D94222A95A88FF0A525C361D7B2C8A886B4E4CE6FBDD6520D",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "ec0d55b6-d46c-4f5e-b467-1a8fe09e64d2",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "0C0C78837FA767EB045B8199E1E20AD666F90928DAEEB8F5E5253D8E7877FCB4"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "FB03DB013F31A9AA909B77CF510CD129B9E857A93E37BF9ABB91A79EB296C758",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\centos-8.3-shim-20200726-shimia32.efi } }",
+            "Description": "This was provided by Red Hat, Inc. and revoked Apr-21",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "fbf92874-0ee4-4c8e-9dc5-ab73b6bb4010",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "06C670F8572BF89ABAE13D14D81FFE80D5550F696862B1AB386E4D8C56B02016"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "centos-8.3-shim-20200726-shimia32.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "1A9DDD9AF383AD81787CD7C6A6DC8C8AA86CD995157C32AD476B60D2C494F7FA",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "centos-8.3-shim-20200726-shimia32.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "2e84c348-bc0b-46e8-aad0-77b20e8c534e",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "041babadd6d890113ca977dc8c8783b0",
+                    "SHA1": "a19c725dbf32822ebedb4b356cff0eb02d6d9c8e",
+                    "SHA256": "586898c60cff539b76d23dbf2c92e4105f6a7549e13f53d293708b793ca90d2d"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2015-09-29 07:59:36",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.18067 (winblue_ltsb.150929-0600)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "c1feed742caf34c142f70956e0c1259b",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.18067",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "bea299106bb70032737ee0f38109e096",
+                    "SHA1": "65f3332d76faa2a5ae73e63d26bfa69503b6c134",
+                    "SHA256": "b6ad69793fc6b368aec09ba17c870dca193917afe40f10691983732cb4f36a5b"
+                },
+                "SHA1": "0e2909e38cccf18e7e44be9c12d9a4856a38b512",
+                "SHA256": "e35cc798f138406bdc5e793574f62fe3be4c7dd6424aa6825e6ec7b2a345b591",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 6.631975040652875,
+                        "Virtual Size": "0x12f284"
+                    },
+                    ".data": {
+                        "Entropy": 5.285987336724433,
+                        "Virtual Size": "0x5b4f0"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4716181867603395,
+                        "Virtual Size": "0xfd10"
+                    },
+                    ".reloc": {
+                        "Entropy": 6.762931731511957,
+                        "Virtual Size": "0x5d00"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2015-08-18 17:15:28",
+                                "ValidTo": "2016-11-18 17:15:28",
+                                "Signature": "60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "f31f8c784e5d3986ccacb9c88c6d7044",
+                                    "SHA1": "833498af9a41da339c83e0d384b521f72d053331",
+                                    "SHA256": "1f47e616b2810165968d76ef4f6587611c276f4b52901bd6aa5822f9c6e52976"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "9e382fdf-568a-4b81-b4ce-58c25f3b2d80",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "9A22818E84CA5CDEC6F7FDF0A10B9FF230A53A5C18F4E9179C90A3FD268CD622"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "CB5C370B7BDC87A2153425852F477916BA3B13E4C62EA419AD93DBDD34780BEC",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootia32.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "13ef8a27-3274-4d3d-831f-36b30bc88627",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "C2CC91555617171A7D8AF57DEE529B443A41A1FAD3D4032DBDB814DAD6C2688E"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootia32.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "F2F2F729FC1B94C3B3AD210E0664FAE3351D0D7541581FE2C6DC7B087BE2B16C",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootia32.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "dc63ce55-4d4d-40f7-996d-6fc85f01443f",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "8FDB0851B7639B3293019BF0A8DBD6B7DD57910AC0CC0224852C3381880F2A45"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "76AC59211DF73F8BC0F1369CE290BFF57AD705CD1EB3B402D19E12FE5FFBD6D6",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "2682f970-000c-406a-bf2e-fa4c1ac8bbeb",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "E6C63C984BC754736376564A8F9AB1B7885B9AC2F49F1EC6E4053049D26F78F9"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "B28C498A7CD61006A32A9EEF404AED4349CA68DC6F2240833BA4EC745D37A1DA",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootarm.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "5891ca2a-61e6-4938-942b-bfcc61dcb929",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "0021B5B11CEB03402D618134800A36C54E1C4328AD389D50B40EACC1E881DCB5"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootarm.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "CD4A508F248776D8679ECEDB7BB1AF1752C23FDF66284522B4B36F242471B72C",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootarm.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\BOOTX64.EFI } }",
+            "Description": "This was provided by Fedora Project and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "7cd28475-a974-4b4b-becd-b57b605d2b9e",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "831541e64bf58f95339e2e1fbc08b9a8",
+                    "SHA1": "78d90cb632f7b98b3c39ef79f5a8079654b27e5b",
+                    "SHA256": "f1b4f6513b0d544a688d13adc291efa8c59f420ca5dcb23e0b5a06fa7e0d083d"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "2013-11-06 14:45:47",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "BOOTX64.EFI",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "aa8eae148f6ac90c370eb50c88b974e1",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "2f8b409981580582bfe5fd5e36f8d3e23c061966",
+                "SHA256": "a120f42de7b5bfcb55c40afc857b6baf4d1ac60725500c27a5b2942bda970ccf",
+                "Sections": {
+                    "/4": {
+                        "Entropy": 4.852532962586707,
+                        "Virtual Size": "0x17c88"
+                    },
+                    ".text": {
+                        "Entropy": 5.632428417166211,
+                        "Virtual Size": "0xab73e"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".data": {
+                        "Entropy": 4.788657848345654,
+                        "Virtual Size": "0x32638"
+                    },
+                    "/14": {
+                        "Entropy": 7.133596117970691,
+                        "Virtual Size": "0x4ac"
+                    },
+                    ".dynamic": {
+                        "Entropy": 1.0193252150689545,
+                        "Virtual Size": "0x130"
+                    },
+                    ".rela": {
+                        "Entropy": 2.6197000559147496,
+                        "Virtual Size": "0x2b440"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.212411046351249,
+                        "Virtual Size": "0xf540"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+                                "ValidFrom": "2013-09-24 17:54:03",
+                                "ValidTo": "2014-12-24 17:54:03",
+                                "Signature": "2a27d6bd2f34c68a9989ec856449fe4934ad5c0615ec5819664399053737a86be46c914b9478ce393534b759eec5eb6f015b706b853f1d2be51fe9807b178eaa9e0f9558d6a5d913c58c7492cbad106abb7395426801a42f363842e60bf72d046668865db5d8ce2c901c9673044d05abb74c171ac198c0f9376bb9185ec7523bb53e6d2c114642ffbfbe20efc6c2571c2006159cb70ff2c428e997f6ce83bf57ad9a47c47decce9830cf861a156471c62600a0260b44e29ea8e6e33c407c046f37be4a46dcaf38c018b24f969beb716d8e76cebc3d1d19134ed6f216cc2e357848b4998196ebd7326bca3e3ade1ba88e98612a569a46a1f45856f4e2dfa02a5d",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000000a6642f3f49fb7379600010000000a",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "c52110f552e27ebb1e3fae114abafb3f",
+                                    "SHA1": "4954e087123653ce38da4cdd31141b6a1bb999e4",
+                                    "SHA256": "1cf7d28cfb21714522a9c91dda9d899ceadb0769f14b25e770799d88365aa54c"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000000a6642f3f49fb7379600010000000a",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "BOOTX64.EFI"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\BOOTX64.EFI } }",
+            "Description": "This was provided by Red Hat Inc. and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "cb2d5dcd-595c-40d2-a14f-9b80d0fefc7e",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "d06af20d9fe41bce9fdcc0e3ce175987",
+                    "SHA1": "c242ab25b79c1910f451b87f5499802df249e301",
+                    "SHA256": "0dc24c75eb1aef56b9f13ab9de60e2eca1c4510034e290bbb36cf60a549b234c"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "BOOTX64.EFI",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "3f5b9c90792efc13debd32233440ad32",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "23b7889abdb236c8cd871733ba2ea7f91d543b99",
+                "SHA256": "537b428a0ad622765010c4405c1603ff464fcbb24ae4c2fbf559a10b8ea4593d",
+                "Sections": {
+                    "/4": {
+                        "Entropy": 4.853673837012988,
+                        "Virtual Size": "0x18c48"
+                    },
+                    ".text": {
+                        "Entropy": 5.6393589178613786,
+                        "Virtual Size": "0x96b83"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    "/14": {
+                        "Entropy": 5.124924534645108,
+                        "Virtual Size": "0x84"
+                    },
+                    ".data": {
+                        "Entropy": 4.461532819567069,
+                        "Virtual Size": "0x2a3b8"
+                    },
+                    "/26": {
+                        "Entropy": 7.338341139988703,
+                        "Virtual Size": "0x3e2"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.809123167269477,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".rela": {
+                        "Entropy": 2.6503742316211305,
+                        "Virtual Size": "0x1b0d8"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.207599033482772,
+                        "Virtual Size": "0xdd40"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "ValidFrom": "2018-07-03 20:53:01",
+                                "ValidTo": "2019-07-26 20:53:01",
+                                "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "8d8a1f204c9c80213bd427fa58b387e2",
+                                    "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386",
+                                    "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "BOOTX64.EFI"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "3b7197b1-fac3-4680-b8a4-b91cc56d984b",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "0A620707ACF23A4E6CDC357A1499E14852B605D9EB6186422F57D458E627D6C0"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "E012F7C26EC6DE9D336AF7843DE0A4278D6191FA7989DDCAC40A978FD927BB6C",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\Signed_14173467011297444/shimia32.efi } }",
+            "Description": "This was provided by Debian and revoked Apr-21",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "40519b35-c303-4cb2-aa20-c08545506e08",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "b857ca99527ef8704d481f4901948705",
+                    "SHA1": "e4e5ede245103cde830e02c847c59abeeea32025",
+                    "SHA256": "a8a3300e33a0a2692839ccba84803c5e742d12501b6d58c46eb87f32017f2cff"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "Signed_14173467011297444/shimia32.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "c77a847cc9c46de840d61ec8e3453f29",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "cba6f1df00f5220288d92686d84ae7e10c950c32",
+                "SHA256": "a80b37c9749d6f2c2fdf64922a3142eb0fd63c72fd2989d7e75dcb4be367299a",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 5.854758369929387,
+                        "Virtual Size": "0xa0537"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    "/4": {
+                        "Entropy": 5.064013199597692,
+                        "Virtual Size": "0x69"
+                    },
+                    ".data": {
+                        "Entropy": 5.281293400299073,
+                        "Virtual Size": "0x23764"
+                    },
+                    "/16": {
+                        "Entropy": 7.435250663075391,
+                        "Virtual Size": "0x57a"
+                    },
+                    ".dynamic": {
+                        "Entropy": 1.4765954737895086,
+                        "Virtual Size": "0x80"
+                    },
+                    ".rel": {
+                        "Entropy": 3.5626097123135003,
+                        "Virtual Size": "0x9798"
+                    },
+                    ".dynsym": {
+                        "Entropy": 4.417215138757397,
+                        "Virtual Size": "0xa1e0"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "ValidFrom": "2018-07-03 20:53:01",
+                                "ValidTo": "2019-07-26 20:53:01",
+                                "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "8d8a1f204c9c80213bd427fa58b387e2",
+                                    "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386",
+                                    "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "Signed_14173467011297444/shimia32.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by BITDEFENDER and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "064e9fe7-c5dc-4858-9006-e9b1e0e3001b",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "F2A16D35B554694187A70D40CA682959F4F35C2CE0EAB8FD64F7AC2AB9F5C24A"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "AECD34387179AFF5CE02103679312CDEB1DA835015A8548FCE93765E7219612E",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "064e9fe7-c5dc-4858-9006-e9b1e0e3001b"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "84fbccc2-01e7-4a24-adbd-a1d3ca0acc50",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "35C16AA2BB4DADF5028F4801185CD368B922C6CF7651CB7FEF30DFB95920FB99"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "574695D73FF3813C780728858B4A6D2CE6D24B41308B23281E438B66A60E4424",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "ad6add2d-fe39-4ffb-b31d-7dffaf3ef28c",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "BB44FD8CD04ABC3B54E5CCEA97EF81E70FD3933C34288D8B86F6ECB4F3ED1FDE"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "CF61636CEFDF20CF4B35382124800E047F5886952888BD41D1B8426BF34D2D29",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "ac900b72-efdd-4779-9a1f-401949c3446f",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "AD16DE1E2BA27196395124683B80EFC186EE7E51D434F8FF67D973F46E8E602F"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "F4F5C82CD7BFA5294F973385F7F2FBCAF3AFD3748952B06692C085792BE146F7",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "0c3bd8f7-9926-4763-98d1-7eaf036f7bf1",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "22C3867606A625048E1D9D5230F07FAE41E70BD08EA978BDB37563C0EDD9DA03"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "513310D70C03096167B915705C9F0CF34B2B62AC317AA3F89FA5CC385D74DB54",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "191557da-f224-48bb-b027-94534c5637ae",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "800423CEB7E4759621A62C729BABC81F53259D95F76457224AD601542B7B26D4"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "34F107AD8F982B591FB92BCC193BFCDBFF916C720BC69D96A0E9BD22CBA1E84C",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\BOOTX64.EFI } }",
+            "Description": "This was provided by Red Hat Inc. and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "8afa8fb8-bd3a-4033-9f71-3d1e574708ce",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "ac8a7a2580ddb3d88ca49856664d6824",
+                    "SHA1": "9c07457b464050230ec5376b0601e06c8cf3faaa",
+                    "SHA256": "89f3d1f6e485c334cd059d0995e3cdfdc00571b1849854847a44dc5548e2dcfb"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1970-01-10 14:01:04",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "BOOTX64.EFI",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "e297beb49756fef9d2bcad4b860426b3",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "1c1007b55a1e5c1ca49b0b6673fd83b0ae9a9dc3",
+                "SHA256": "62c6affbee1ba9a0435562db6e092a5018effeed0bd0f1d0494f34ce6cd403e9",
+                "Sections": {
+                    "/4": {
+                        "Entropy": 4.8520727981082565,
+                        "Virtual Size": "0x18c28"
+                    },
+                    ".text": {
+                        "Entropy": 5.640692113472777,
+                        "Virtual Size": "0x96d03"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    "/14": {
+                        "Entropy": 5.18628715184291,
+                        "Virtual Size": "0x84"
+                    },
+                    ".data": {
+                        "Entropy": 4.4625470240437215,
+                        "Virtual Size": "0x2a358"
+                    },
+                    "/26": {
+                        "Entropy": 7.339046392262435,
+                        "Virtual Size": "0x9c7"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.809123167269477,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".rela": {
+                        "Entropy": 2.6480533598999405,
+                        "Virtual Size": "0x1b0a8"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.202575116995807,
+                        "Virtual Size": "0xdd88"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "ValidFrom": "2018-07-03 20:53:01",
+                                "ValidTo": "2019-07-26 20:53:01",
+                                "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "8d8a1f204c9c80213bd427fa58b387e2",
+                                    "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386",
+                                    "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "BOOTX64.EFI"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Unknown and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "d40485d2-4fea-4d92-99e9-e1531fe4d33a",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "DCCC3CE1C00EE4B0B10487D372A0FA47F5C26F57A359BE7B27801E144EACBAC4"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "1275826206FEF9AA0A48A60BBC15300B3201F76F45E3CCE3FD0064DE2FC7CC5F",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "d40485d2-4fea-4d92-99e9-e1531fe4d33a"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Oracle Corporation and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "9517d1f7-d485-4c7e-95b9-bdf297b342e1",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "47FF1B63B140B6FC04ED79131331E651DA5B2E2F170F5DAEF4153DC2FBC532B1"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "BA44BD2BB872DD6C6A8687F65CC138585A963473203D6F3F64770E5365812630",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "9517d1f7-d485-4c7e-95b9-bdf297b342e1"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Oracle Corporation and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "22532a2a-950a-425c-b1c7-ae8f8e4faa5b",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "1F16078CCE009DF62EDB9E7170E66CAAE670BCE71B8F92D38280C56AA372031D"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "1CC3D6DA3017F0F1422D1B8115622EDEF65FBC497487234D17F4D356670F28EB",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "22532a2a-950a-425c-b1c7-ae8f8e4faa5b"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Unknown and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "f65396ab-3920-4a6d-9bf0-fbbf62d52999",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "08BB2289E9E91B4D20FF3F1562516AB07E979B2C6CEFE2AB70C6DFC1199F8DA5"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "6A3C1124A642244F23685B68D2E5A0AE036651AA401DE70B3912EFD044B62222",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "f65396ab-3920-4a6d-9bf0-fbbf62d52999"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Intel Corporation and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "8a6aa8d7-205b-4747-aa92-8b526be3b7d2",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "45876B4DD861D45B3A94800774027A5DB45A48B2A729410908B6412F8A87E95D"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "29DA5912698EE1928C239D394EF95A4BEEF0DC59262B6BFFEC24FA205C4B8A10",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "8a6aa8d7-205b-4747-aa92-8b526be3b7d2"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\centos-8.3-shim-20200726-shim64-bit.efi } }",
+            "Description": "This was provided by Red Hat, Inc. and revoked Apr-21",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "6e1223b2-5193-4ba9-b9b5-b09c45dd4286",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "4F0214FCE4FA8897D0C80A46D6DAB4124726D136FC2492EFD01BFEDFA3887A9C"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "centos-8.3-shim-20200726-shim64-bit.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "D662EF94388DB203CE52DF9902D77E9E5EFB25A202B5B096351D604FD3E63080",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "centos-8.3-shim-20200726-shim64-bit.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "aa0019cf-ba6c-4a6b-8ea9-3e4494562744",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "aa60f3f1fa0e30a28c2b0bd0ee4fc806",
+                    "SHA1": "55c991c8563ae11352ae9d0c24644853fceac18a",
+                    "SHA256": "54c7d9c28672a1306e43ed7feed38b295f8eec279251f996fa293f68fc6cfb12"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2022-02-15 12:19:17",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.20300 (winblue_ltsb_escrow.220215-0706)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "f3c14ba5c3670afacd47f0574922b98f",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.20300",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "aaf18af925d829095e017c505f1a0039",
+                    "SHA1": "c3d13f7d96127a3b16c7a8c0a3dd98fd9f22c3cf",
+                    "SHA256": "05367ecae4cf78cc575048fb931468b1d210df8c38ff8ca05481124b1a1a6917"
+                },
+                "SHA1": "a4ede25f03e0ce65fa4a840c454c73019275d8de",
+                "SHA256": "5052ce3b96db73a909bf0e54355e357f8ab7284fa48f9b21c85efedbb886c100",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 6.4945526926976,
+                        "Virtual Size": "0x16d9e4"
+                    },
+                    ".data": {
+                        "Entropy": 5.416517617217657,
+                        "Virtual Size": "0x6c7f0"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.080928684654755,
+                        "Virtual Size": "0xa710"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4721768908716837,
+                        "Virtual Size": "0xfd40"
+                    },
+                    ".reloc": {
+                        "Entropy": 5.402081860527767,
+                        "Virtual Size": "0x994"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2021-09-02 18:23:41",
+                                "ValidTo": "2022-09-01 18:23:41",
+                                "Signature": "699045742c403812de1bdf9ea2be22132e82a7c006ab278e0c9f460bd435386348031a6b5cbdf450ae5a243331dcb2cc7eace8371cf71ec35a6f663147bd211ea357614e6a611eeacca6486a778d4cd788106ade12d6625574e7a89ecab4eb0bb99295c498dd5f565680a2d26bf2545e727c4204023c48d8021b608fd901c6fefd16ce0c3a669fb0ce758dc671f2cdd7434c163f9de9453e5523d94a78205c828a4615e50330d9f52a8a77f7683d2b61ff1324382d40d31001c518b56b286fbb8c754f6940590c2071385ed0a9387b529c06bf71fff89c74634550fc331b389d558696ace05787144e5af53d20a75a84981bf8380ddac3743f407d8ff27c089e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "46f57c3b860b08484cb79066ac1014ad",
+                                    "SHA1": "c1fe3ab97b834a98460e4ae92fe2468d16f61a92",
+                                    "SHA256": "d78e6b22fec42de5200f6c56731dd6742c79fa2bf7c01c8dc04d3d5738474c9b"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Unknown and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "670b1089-ea21-40d1-ac0a-1dc0adeb7b05",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "D9668AB52785086786C134B5E4BDDBF72452813B6973229AB92AA1A54D201BF5"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "30A947ED2F95D0E7F2746F3A4F3C458FC64554295BA5B4C302FE0EE4F8027C0C",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "670b1089-ea21-40d1-ac0a-1dc0adeb7b05"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootx64.efi } }",
+            "Description": "This was provided by SEAGATE Technology and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "a3bbd629-976b-4804-b5ea-2e62ee592092",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "370b63db6afc64b05feadcbffb223da4",
+                    "SHA1": "e9449d88a4154e0d1bfda7986c089f743b00e9ed",
+                    "SHA256": "95049f0e4137c790b0d2767195e56f73807d123adcf8f6e7bf2d4d991d305f89"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "2013-05-23 05:14:08",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootx64.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "ca747f0a7e1bcbc51cf4f9cd2a17f9a5",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "41686992e3e8fc975674d5134909975b66b54a38",
+                "SHA256": "777adc7e8a3e1422b3fc9c10ce31e996c057fe801a5292f0902bd5c5365e7287",
+                "Sections": {
+                    "/4": {
+                        "Entropy": 4.819140517708772,
+                        "Virtual Size": "0x174e8"
+                    },
+                    ".text": {
+                        "Entropy": 5.641612169819171,
+                        "Virtual Size": "0xaa991"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".data": {
+                        "Entropy": 4.797978054526178,
+                        "Virtual Size": "0x316e8"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.8341231672694769,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".rela": {
+                        "Entropy": 2.6244580629738223,
+                        "Virtual Size": "0x2af90"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.2127120070382236,
+                        "Virtual Size": "0xf1f8"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+                                "ValidFrom": "2012-07-02 22:25:14",
+                                "ValidTo": "2013-10-02 22:25:14",
+                                "Signature": "840831439e4e63e88d00e1b0c0678d70bb89f466e9027ab28177926d5def8175b3240e729f943f1e6bd94a0f27c92e696a5001c0747f6bf7574c09e8485a5eb6d7024244ddd73236c28e9dfad58ec5098b74516234232552d9230c1d0ddae73108b0a0144bd9e9265dac56ebdcce7512cf3627a6858d41876ede19d35e0e27957a6896aae9ea150098327450fe7c72385aac6feff0616b3d066cd0be7e5a537bb18488c67db9f0731c30ac7918fe977b4250ffbfbeea81e1ba3b8a0305b9374f0d22453781cc5823b5faad5e50e84306381f83382fe0ed8b176a9c9ff1868cc6543e7f12b1f112adc62430fd1ba530d877a290f0d2e09eacce07ed37ec439c25",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "33000000081eb17e9c15fc837a000100000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "c5e24205d04c09c94d81b6935af7ec09",
+                                    "SHA1": "12622dccb5b07edfd65cae6fc018e24b80ff2c82",
+                                    "SHA256": "d6afbff1c283d7777501bd3b2adb4aadb8ce32649ee401dfbb06f884362f7507"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "33000000081eb17e9c15fc837a000100000008",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootarm.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "285c0ef5-dd8b-4c50-af8f-6ed20f233294",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "4380A43A7B0BE1ACE54A65B3E25ED35F340D6906365821AF139941D5D6E1EA1B"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootarm.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "FC40897F668AA86E5279CA8FEB62873A06A569742967E0F243F51ED56BDB53CD",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootarm.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "N/A"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\mboot-official_em64t.efi } }",
+            "Description": "This was provided by vmware and revoked Aug-22",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "0c0db73b-9d53-4fa1-93fe-cab2b3cabf9f",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "CA65A9B2915D9A055A407BC0698936349A04E3DB691E178419FBA701AAD8DE55"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "mboot-official_em64t.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "918871DEC65B4D8A8D0E29B221351DFEA3A1D9212A4E0D7EE692CC1696E9AFC6",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "mboot-official_em64t.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "ddacf4b0-e6e4-4546-b3bc-f196645266b1",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "47F7A5F3821286A9C677F66CFE2A84D5CA94CB6FC1EBE8E1986E91EDD58CBE33"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "39CEDF83BD3417A90588795CDE2BD6BAF7089997FDDB588E552952C179958D84",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "bcda745b-c931-494a-bf26-4dfd7c824ee9",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "324CBE75EF34E09A98C71B186F535F9091A1FF257BEA93DFEAF199EB352CA0F6"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "A09DBE91C9743163A3DC26BB7E51398C751DF7140D5DA4DD6D43B1915FA906EC",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Intel Corporation and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "ce737ee6-e949-44cb-badf-3f1d775d4832",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "6DEAD13257DFC3CCC6A4B37016BA91755FE9E0EC1F415030942E5ABC47F07C88"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "10368826DC89AF42B4AD7E69A9E1F4DA9486DD645C088F445998E8DCA18EB0D4",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "ce737ee6-e949-44cb-badf-3f1d775d4832"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootx64.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "1ab3d6b3-7bd1-477e-8127-a2be4b9a7636",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "f9c6e874f1efcfe3a046acceb16d86dc",
+                    "SHA1": "4ef60851f60fb3c04c48a99e582bd5d868e91d75",
+                    "SHA256": "e8818666b7e014b6e4820afaa84d5a84fa42cb5d2663c848d358b2913274ba21"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2014-11-05 18:19:11",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.4.9880.0 (fbl_sec_oss3(dlinsley).140616-1123)",
+                "Filename": "bootx64.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "9618221803e2befd17607ef2d957442f",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.4.9880.0",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "a02554021493291650ba1e2951aef07f",
+                    "SHA1": "3cb0d2f0d1a2046caf0027cfd995294a09eeda72",
+                    "SHA256": "3089fe7fa4527043c200fafe2a7272e48a1f7c54725a623f22d12f2cdbb48350"
+                },
+                "SHA1": "1581d6767a70eb0bf596b82592440346eb00cefb",
+                "SHA256": "990a4dd8c86392421d680fa039af4e88d1ebdc97f61a73f8347d6b314fe8cd51",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 6.474696277787201,
+                        "Virtual Size": "0x14da96"
+                    },
+                    "PAGER32C": {
+                        "Entropy": 6.329737871071302,
+                        "Virtual Size": "0x2e69"
+                    },
+                    "PAGE": {
+                        "Entropy": 6.553345757683435,
+                        "Virtual Size": "0x1726"
+                    },
+                    ".rdata": {
+                        "Entropy": 5.678015481743603,
+                        "Virtual Size": "0x20d34"
+                    },
+                    ".data": {
+                        "Entropy": 4.550324790112712,
+                        "Virtual Size": "0x625a0"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.1168156717400635,
+                        "Virtual Size": "0xa80c"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4696484697973857,
+                        "Virtual Size": "0xfd54"
+                    },
+                    ".reloc": {
+                        "Entropy": 5.429956404165192,
+                        "Virtual Size": "0x9c8"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2014-07-01 20:32:01",
+                                "ValidTo": "2015-10-01 20:32:01",
+                                "Signature": "8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "9da610547a25cbe89af7ecdb99229623",
+                                    "SHA1": "6841cbcbd019586d045c2e9d6d0bc3a98fee3bf7",
+                                    "SHA256": "1cfead8146399a4dfe6759e9303c30c521cff3830e7177e87e64021dc3da4931"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\shim-0~20120906.bcd0a4e8-0ubuntu3/shim64-bit.efi } }",
+            "Description": "This was provided by Canonical Ltd and revoked Apr-21",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "f4e945a8-aa6f-48dc-822c-ff44ce513b70",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "D4241190CD5A369D8C344C660E24F3027FB8E7064FAB33770E93FA765FFB152E"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "shim-0~20120906.bcd0a4e8-0ubuntu3/shim64-bit.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "561EEF7131FFB079F75F6EC3E5738354A3C0EEB204863E7A4018B6409B7D26D0",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "shim-0~20120906.bcd0a4e8-0ubuntu3/shim64-bit.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by EgoSecure and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "fb78c0ab-b76a-47b5-b7ef-d64bf38611b4",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "5C39F0E5E0E7FA3BE05090813B13D161ACAF48494FDE6233B452C416D29CDDBE"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "5C39F0E5E0E7FA3BE05090813B13D161ACAF48494FDE6233B452C416D29CDDBE",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "fb78c0ab-b76a-47b5-b7ef-d64bf38611b4"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "312c2d35-25a3-454a-a458-a797350273b1",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "F330F23C09772A64E1478A19CE003FABCA4F52A9431A8C6803019AD532D7DDC8"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "AEFCF3C2010344775B306EFA5FA4A9B7630AA95DA5B59C4E96A2524302B51E50",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Unknown and revoked Jul-20",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "d964e229-7407-4292-88b5-505f8be99d2f",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "9E0D9074F146461F9ACEE7D27F2C7DD8BEE73EB62AC62CF87F03BEE0C4516528"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "17F186C88052B988B4C9B62F8D7F55023AC317C82324DD5A958D05B8A1246F77",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "d964e229-7407-4292-88b5-505f8be99d2f"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootarm.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "28fb8eaa-e498-44f7-8f1f-1dcf1dad47d7",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "22B5A88D79B8146598613B3701B0D2AD3E1D2BC215D3A613A30356953239485C"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootarm.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "0E0D94096278CEDCF333D4902F64ADE7815ED4000A1F6EA45EB93D2DBE18E496",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootarm.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootarm.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "cef00ef9-665c-48ed-9b4c-d383d2846e05",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "7AB5FF84B7B80A432366E3BBCC198ED382C9FD592CD5DD210138D2F9297CC1F6"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootarm.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "494A55C84A5A244292DB7F678D4574C7CC6E58D522F0BE270D68B0F1A41E19D3",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootarm.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootia32.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "1a268d88-47d0-4204-ade4-ed6e4ef6028e",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "D79651AA3A0491D33B7979F5B41936F8ACEFBA99BBA10E05FD6F54E2859CC589"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootia32.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "B510C9A79CB6CE1BC37912839AF57B453CC4A77C3D5DCC9935F8CCFF7C81F9FE",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootia32.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootia32.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "e0432a67-4ec8-4281-b4c1-a800e1b615be",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "6A16ADA3FE0C5468F0A43FB2F597A42F3DA3218C88EE819BF799110CF7A79B6C"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootia32.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "84897E4405319DAB2822D63147F3DA90AC2A436A7D24EC5DD91B277AB6528FAB",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootia32.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "33559284-bca8-4af2-917e-d209ee8d15c5",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "8CB4FDAE88F4F492AC6C87716602366DF1AC84224B85AB2D3949F5AEE79CEFEB"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "A37FF7C979ED0E58633D61D00CDFF45A2488E86C740240C77834C8C8C651CB19",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "04eaf4b4-a618-4d2c-8eb1-1e0065c05212",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "A983E73E57BDF014C9A29331290EE87DF37F97C81DBCC43C6C933FE2209C0BD5"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "EA4EEC2975E4EAED0C5EE6C25C887FC8C7A0298FB613852DEC200DACD2485FD3",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "454bb2af-6ee7-483d-8a15-73f2fec386ba",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "2116183BBAB5D6964C001C931A09ECA1DC0FD6651A61BE4A8A9548DC476B90B1"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "1B9401C47B0837F1FA315F2F29F304ED360B5B2E2843141367562B60EDB1CCA9",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "bfdc85a7-3cc9-4d18-b798-0fd82f9c5e85",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "64CCC886EB99C30AA808E5CA9BD371577BAF9D3FA0E450118464F514B47A028A"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "78D6FDE56994BCF26964ED51DF446165DAD66BCB0BC6792B9EDD2850F19DEA4F",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "aeb357f2-c2cb-42f1-a37c-3f0a2a355346",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "caa781731a9d13ac418d97ec2cccb8f1",
+                    "SHA1": "7ac2da2861fe7b90862a27b63629d8a9ee58d97d",
+                    "SHA256": "7fddfe06c44dc4302da54577353c18fdbe11b41cb3e6064ec1c116ee102fe080"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2016-10-05 14:24:09",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.2.9200.22004 (win8_ldr.161005-0600)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "7f0de7a661590f1c33de0b80676e8827",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.2.9200.22004",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "a387b0075e977009a7bb74d24fc388de",
+                    "SHA1": "345e019b25904c911be9e3b6a9e2b0bb18652b04",
+                    "SHA256": "e04ed5674c66abbab401efb6e21e2481d4cbc485e5c8a6d34419bd7c8cc9fdad"
+                },
+                "SHA1": "003454b835a5ee7ee200f9cb4e68b071e2b8e69b",
+                "SHA256": "d1af02fca7522c8d27e053544b3b653ff2daffcae9c420e460235dacab53f7cd",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 6.481657238537085,
+                        "Virtual Size": "0x10a5e2"
+                    },
+                    "PAGER32C": {
+                        "Entropy": 6.357861791329596,
+                        "Virtual Size": "0x3d48"
+                    },
+                    "PAGE": {
+                        "Entropy": 6.514627558721207,
+                        "Virtual Size": "0x169e"
+                    },
+                    ".rdata": {
+                        "Entropy": 5.427514584005019,
+                        "Virtual Size": "0x19b14"
+                    },
+                    ".data": {
+                        "Entropy": 5.464601076751779,
+                        "Virtual Size": "0x65010"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.017575781905406,
+                        "Virtual Size": "0x8eb0"
+                    },
+                    "PAGER32R": {
+                        "Entropy": 7.631412897966042,
+                        "Virtual Size": "0x380"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.47211306543629,
+                        "Virtual Size": "0xfd14"
+                    },
+                    ".reloc": {
+                        "Entropy": 2.715757042100683,
+                        "Virtual Size": "0x1ad6"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2015-08-18 17:15:28",
+                                "ValidTo": "2016-11-18 17:15:28",
+                                "Signature": "60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "f31f8c784e5d3986ccacb9c88c6d7044",
+                                    "SHA1": "833498af9a41da339c83e0d384b521f72d053331",
+                                    "SHA256": "1f47e616b2810165968d76ef4f6587611c276f4b52901bd6aa5822f9c6e52976"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\Signed_14173467011297444/shimaa64.efi } }",
+            "Description": "This was provided by Debian and revoked Apr-21",
+            "OperatingSystem": "64-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "2d38a9bc-5c3e-4871-9e74-a1181a10764d",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "c5fe8d0376e90b44fd565015cd7e82c9",
+                    "SHA1": "a69b510efc63da996aa74d11e49b6748141d2803",
+                    "SHA256": "903d0d76ada77672c60a4d63be5f6e1b8f247cea9e7d32b6cb26e1a82815d09d"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "Signed_14173467011297444/shimaa64.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    "text",
+                    "text"
+                ],
+                "InternalName": "",
+                "MD5": "a1b9b882d3990b8465c7010a406ecd99",
+                "MachineType": "ARM64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "58d47e6513a61b42d4c1c2a9150cf9fd051ec435",
+                "SHA256": "754952ff4187789c0269982d056f6a863409963f46d870c0a8d054e0fe69857b",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 6.294539620252291,
+                        "Virtual Size": "0x99000"
+                    },
+                    ".data": {
+                        "Entropy": 2.6794102876071513,
+                        "Virtual Size": "0x34b08"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "ValidFrom": "2018-07-03 20:53:01",
+                                "ValidTo": "2019-07-26 20:53:01",
+                                "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "8d8a1f204c9c80213bd427fa58b387e2",
+                                    "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386",
+                                    "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "Signed_14173467011297444/shimaa64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "6a65ed03-95af-404a-8ac0-95fa8ac8eb99",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "E7D9BDBCC68B5BED590C29B72DCA2B96779B8B68B12A47DED074B8F1B32F8FBE"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "0CF738DD9BEA4F3BA350C805AE7A59076147080BC46F1D6D6C994382E77F8486",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootx64.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "af2bf5be-c938-4852-a9b2-14ecff96c414",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "13A1F37BEDFB5417B6B737E2A3816C8FD587D74D836914B2B2EDC9FD6CA30E58"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootx64.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "D19F5CAC6AA761C1F66C71B9B7A2D44DFF216B97BE10F66180F5E4EF084C9811",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Unknown and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "ccef0d61-ad41-4f54-8ce1-9197ccf0e44d",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "72C26F827CEB92989798961BC6AE748D141E05D3EBCFB65D9041B266C920BE82"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "3AE3DA82C39C6BEEFD251265370D57D5BFC67181662736C62F2E6F687409C81B",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "ccef0d61-ad41-4f54-8ce1-9197ccf0e44d"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "a34d1cd4-ad9d-4dda-8e4e-ac86e42a6d92",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "DF6EC4F50BE2A4B7657F0397BED483BE143A18883615800A65A64B7E84D9B858"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "331A6D1D07B7A19AB36312AB8303C9FA5B5D2628B6EF5C593846B6F4B824059F",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "c8069469-51c7-44c5-8032-1d2fde34f8d3",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "48CDB31A16D891124BE77490FBC2AD13CB355A18CB0007258CA4BCEA44F288EF"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "D76281DD69E992EFB55604A1B4E6171E552F3B7E1411D75368F98EF91ED69E21",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "463dc6a9-273b-448d-b189-ec577fc29317",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "E9C71B7CD5A4DF0BA48D2CA48E6C468E657257F73F66017DE45E18EE746ED7D5"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "C2B1E1BB8F016D310FEA7225EEF9DC6B6F0E33E5C9DD74E9F24835DF6287296E",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootx64.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "43311ee4-a044-4086-9a53-ae01c3ef7f4f",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "2da35b95ebf3903dcaf2ec18fcd2c975",
+                    "SHA1": "9006b56e7af152fae72c7095cf9155515a1c5a97",
+                    "SHA256": "f8f38c4febe9d8e45e71a459c5bff171755c348d5f619f3c6ef30a3f8fd02bd1"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2015-02-04 20:26:14",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "10.0.10010.0 (fbl_kpg_kernel.140630-1750)",
+                "Filename": "bootx64.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "8d9e858d7fc95bfcc3690f3bddfac320",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "10.0.10010.0",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "8b6b2892c15ff00e4ddf7eb144e1ae12",
+                    "SHA1": "89115214dfec813ecfa5a23bed633254c214e62c",
+                    "SHA256": "97ff062fbed8c63a4a2526daab5b76fde0b0c54540be4264d13a9116216a1be1"
+                },
+                "SHA1": "0d0e3c0e73f5561985e6a004d8d160be88d64ee7",
+                "SHA256": "0b753bd95ae643b2543f501533ca54db34ddc9d20f336358067a7069240a6214",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 6.491978717136592,
+                        "Virtual Size": "0xd0ea8"
+                    },
+                    "PAGER32C": {
+                        "Entropy": 5.528643658730128,
+                        "Virtual Size": "0x2d9"
+                    },
+                    "PAGE": {
+                        "Entropy": 6.535197922143474,
+                        "Virtual Size": "0x1726"
+                    },
+                    ".rdata": {
+                        "Entropy": 5.392724511782535,
+                        "Virtual Size": "0x19914"
+                    },
+                    ".data": {
+                        "Entropy": 4.42328323265371,
+                        "Virtual Size": "0x3b260"
+                    },
+                    ".pdata": {
+                        "Entropy": 5.981623522146152,
+                        "Virtual Size": "0x7d64"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.459847805795169,
+                        "Virtual Size": "0xfc40"
+                    },
+                    ".reloc": {
+                        "Entropy": 5.420446329188424,
+                        "Virtual Size": "0x804"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2014-07-01 20:32:01",
+                                "ValidTo": "2015-10-01 20:32:01",
+                                "Signature": "8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "9da610547a25cbe89af7ecdb99229623",
+                                    "SHA1": "6841cbcbd019586d045c2e9d6d0bc3a98fee3bf7",
+                                    "SHA256": "1cfead8146399a4dfe6759e9303c30c521cff3830e7177e87e64021dc3da4931"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "cc522d44-5de1-43fd-8d62-29b630f45f98",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "f2a111697ab3f412ae7be6354d3c63fd",
+                    "SHA1": "47e31958625236b685c3d33cbc22fa0d9f8e3414",
+                    "SHA256": "3b30c3e6a923cbb7cf65b539025f12b1c810d74480f25cbfcb9a7bfd633f06ed"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2012-09-18 01:21:36",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.2.9200.20519 (win8_ldr.120917-1922)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "c9d595c35045f8b200f9d3142cb3d683",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.2.9200.20519",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "a387b0075e977009a7bb74d24fc388de",
+                    "SHA1": "345e019b25904c911be9e3b6a9e2b0bb18652b04",
+                    "SHA256": "e04ed5674c66abbab401efb6e21e2481d4cbc485e5c8a6d34419bd7c8cc9fdad"
+                },
+                "SHA1": "eabc1fcab7ce92c8dc667046c46a82ad0b2d8907",
+                "SHA256": "545c8c806d6a8b2ab307bf7ff5dff05dd86cfc431d3920692e15e7928ac98eed",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 6.484872015753315,
+                        "Virtual Size": "0x109ee2"
+                    },
+                    "PAGER32C": {
+                        "Entropy": 6.353319232465821,
+                        "Virtual Size": "0x3d48"
+                    },
+                    "PAGE": {
+                        "Entropy": 6.514825397638524,
+                        "Virtual Size": "0x169e"
+                    },
+                    ".rdata": {
+                        "Entropy": 5.420997475066845,
+                        "Virtual Size": "0x19b34"
+                    },
+                    ".data": {
+                        "Entropy": 4.628310210600715,
+                        "Virtual Size": "0x63cf0"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.014681487785778,
+                        "Virtual Size": "0x8e8c"
+                    },
+                    "PAGER32R": {
+                        "Entropy": 7.631412897966042,
+                        "Virtual Size": "0x380"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4710726954860402,
+                        "Virtual Size": "0xfcf4"
+                    },
+                    ".reloc": {
+                        "Entropy": 2.70744089792279,
+                        "Virtual Size": "0x1ab4"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2012-04-09 20:55:50",
+                                "ValidTo": "2013-07-09 20:55:50",
+                                "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "610bbbd8000000000005",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "158438012e4dcd69b27b762c9358cfa2",
+                                    "SHA1": "684ac167849404a4101f166b759f291a43d5f749",
+                                    "SHA256": "95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "610bbbd8000000000005",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "1d193967-c24f-46c5-83ae-4bf1d5ea80ca",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "23A0F1DE04EF678E621A449040CF519DDC3679FE54C9E2E0897DFE2C80D3DC26"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "9C4A74D11888FA41A0341EE6F0B75DB69C34827851755F46506A6C0ED96CEC8D",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "70316201-97eb-4739-a72b-abdcd208e20b",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "5EB2C76843B253ACBCECBB84767697128F000C18358C78C5BAF135A5996C037F"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "EFA5CA12CFC70DEA81EB71088B4BDBD44D5B45A8F8D81B7DB243D6A03A7F11C4",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\shim-15+1533136590.3beb971-0ubuntu1/shim64-bit.efi } }",
+            "Description": "This was provided by Canonical Ltd and revoked Apr-21",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "f901491e-f41b-4b77-8f9f-f9e5a6f03c8c",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "75a7ca7cd2451ad3190c71a38c41ca02",
+                    "SHA1": "a60d97d18e48c13e38723508639f0600aa6888f9",
+                    "SHA256": "5bfe928eec15454be29504e8f592a4ce5908afe3284b9eeeb259b25145eea2ab"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "shim-15+1533136590.3beb971-0ubuntu1/shim64-bit.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "9c9e2e8f49820dbed91f5cae846bbadb",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "afc56df60e5ea5a55a1e21f76562d073a56ec46b",
+                "SHA256": "8844d9b3aea1568a7ff298e6dc12564c422dafae6510db377454ca6072861dde",
+                "Sections": {
+                    "/4": {
+                        "Entropy": 4.859622277775737,
+                        "Virtual Size": "0x1f018"
+                    },
+                    ".text": {
+                        "Entropy": 5.636421874643909,
+                        "Virtual Size": "0xa0075"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    "/14": {
+                        "Entropy": 5.1485772576861875,
+                        "Virtual Size": "0x84"
+                    },
+                    ".data": {
+                        "Entropy": 4.618421307458241,
+                        "Virtual Size": "0x2f6d8"
+                    },
+                    "/26": {
+                        "Entropy": 7.322772708526002,
+                        "Virtual Size": "0x449"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.8630797231656377,
+                        "Virtual Size": "0x100"
+                    },
+                    ".rela": {
+                        "Entropy": 2.6716229722395415,
+                        "Virtual Size": "0x1c6c8"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.2098335666907074,
+                        "Virtual Size": "0xf2e8"
+                    }
+                },
+                "Signature": "",
+                "Signatures": {}
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "shim-15+1533136590.3beb971-0ubuntu1/shim64-bit.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "224dff2d-8d29-4951-b7b7-4a0cd2c18dbc",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "7F9602C123A090BB0C4C3B69662BC52D675A0A4ED444D1C1E0E26C2B0DC3760B"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "7429F9578205C654FC25D2FBE8B6F27D8082E049A962982EB70F55DCA02BE882",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Intel Corporation and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "bf3c5a6b-8fac-470b-a458-c84e7fed7dc7",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "3A4F74BEAFAE2B9383AD8215D233A6CF3D057FB3C7E213E897BEEF4255FAEE9D"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "BAE97EFC507382C0BDF7B1E74DBC38C0E31BF65186B7989CD9C7AF29DA27F656",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bf3c5a6b-8fac-470b-a458-c84e7fed7dc7"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "cfec0cca-c6b7-4327-a2d8-7dca0515e161",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "36B7CDB6564C58CB54895B6D2C73F88D2908BCBD693BFD253945BD31E3EE81BC"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "C1136125F38F6B76285AE4F1A0068F49819CBB5B57F6AB85960640F93FEC21BD",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "c632b521-0428-4bcd-b37c-3cbd25eccc0e",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "F48E6DD8718E953B60A24F2CBEA60A9521DEAE67DB25425B7D3ACE3C517DD9B7"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "E33E9D1B1D5ADE1934AC7BD39F0BA4CEAC9459A7E2AABB8D204354D4C8652E6E",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "c632b521-0428-4bcd-b37c-3cbd25eccc0e"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "d457a885-6677-4118-9cf3-05bfc65e1fde",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "B149B29E8211E24827FBE0168D30CB2619CD3365BD6F8173E7A731C5F702DCD9"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "E3946218D523E5D20C99A9A5BB22303DDCEF958DE2A978E01AF2F46D2D7A4DDD",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "7c5fa8fd-40fd-437f-a2cd-e21aaa43336f",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "633F9806BC96A831CC2C8D521D71E9EBD02180DABA1A50978EF6B72E5034E9EF"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "176693F4060E5330AE384BBB5470A0F3C936EC725DAABA81D5DB2B820141D282",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "a93c81ef-3f87-43cd-8d09-67e57167689c",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "825ACCE0634B91818F57CE96B8314ECEE7373BD20DA77FB08B9B96D66EB65145"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "C1D93E3D7F580616051BC1456083F6DCC80DB4642E7AA2909041E86F8209583C",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\sbs.efi } }",
+            "Description": "This was provided by Unknown and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "9d795efb-5f1e-4db5-920d-97de9ba77753",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "2edaa19d0ac13a692d90ab976522966f",
+                    "SHA1": "8aeae94deaffa792e788dbd6bdd27629f17e3f9d",
+                    "SHA256": "992d359aa7a5f789d268b94c11b9485a6b1ce64362b0edb4441ccc187c39647b"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 19:58:11",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "sbs.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "c73ed000259378b96a9c57c588fc6ef0",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "66fe7992ab4da8a44c7b06a0b958faa9a293014b",
+                "SHA256": "a1111555bfde8807746c8af73deceb4bdadc52dee87004e2ad7239c038687985",
+                "Sections": {
+                    "/4": {
+                        "Entropy": 4.844338442798661,
+                        "Virtual Size": "0x18170"
+                    },
+                    ".text": {
+                        "Entropy": 5.631394972561704,
+                        "Virtual Size": "0x920e1"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".data": {
+                        "Entropy": 4.407658207289342,
+                        "Virtual Size": "0x285a8"
+                    },
+                    "/14": {
+                        "Entropy": 7.161591522225466,
+                        "Virtual Size": "0x53d"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.8341231672694769,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".rela": {
+                        "Entropy": 2.650758642360982,
+                        "Virtual Size": "0x1aec8"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.2005941982779254,
+                        "Virtual Size": "0xd860"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "ValidFrom": "2017-08-11 20:20:00",
+                                "ValidTo": "2018-08-11 20:20:00",
+                                "Signature": "6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "a5052527524f4998a7bd87f396196fe8",
+                                    "SHA1": "2374a3e4f0499d106f0e4d71a22f7b0e709847c0",
+                                    "SHA256": "f5b4992e0bd1b102ae9d5aeec4bd213f5dd042bd27b9a345ad336d2dda10a138"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "sbs.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "4f434341-9305-4574-9289-5bd1370108c7",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "399F9DA6CF5A87839637B55F62BB2CC6A93FA5AF7FE7AD76B4AF0FB320C98127"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "854AD42E44FBE19122072E177080C2AA9F729BFDE223FA6EA98BE1490BB9A4C0",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "116c526f-a50d-4f84-b577-d52dbbde526b",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "0B4908AD33CB2F7E87D3108B74364C5C42FA597807EEAC98DE5EC63F5896CE34"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "46BA7E327D359A9B108CAFBBF2D7B6B32AA6767C2A3A472B4FFE2587FE376977",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "897f5834-55db-41fc-a4ca-9d880ca00ec7",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "ABEE522892FA10B22208B4D1540184617BC9875C9E03E5353B4FF476577D918B"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "FB2F396A01911260D4035CCABF36DB99081DA3F8D98BB40549D7D5E93CE4EAA2",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "c7e48901-5dda-4d9a-b064-9ec8e51efc06",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "6CFDDB6203F254D38A5BCDD4173D51647A487CA70AB21326ACA0A03BB3D2BAC0"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "0876FD237955DB876744D5AEFBBF0DB3771AA2603233E123B39F4E772FC3B457",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "934f9364-3471-415f-a502-036969a78958",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "0E44212BADF40D6B8DE3311E632045370588E0B23B7A480EB5DC10DB65D1B4B3"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "F51C64E1690E8FADAE2C55EDE85377D6680C337DABCFC01FF6CF37D8D87892BA",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\shim-0.7-0ubuntu4/shim64-bit.efi } }",
+            "Description": "This was provided by Canonical Ltd and revoked Apr-21",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "465c1250-966d-4d32-b168-3b2c614e17f2",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "2f0397316df4c2f34530fa28716256ae",
+                    "SHA1": "0c4ed758c59239c84740373a3a1da56d5d4b400b",
+                    "SHA256": "dd8f3f048db46f3983348d35cd77d121f56d856cf33234857073e25a7f450b2c"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:08",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "shim-0.7-0ubuntu4/shim64-bit.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "1bdc36814a6f20464e94616f0d98a521",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "093660339cf8e3fc1d8a80855e4f3a72e9a92f30",
+                "SHA256": "17864e719e9c61d84e29a3cedf2b63aeaecfc10867211efc3077dd216b0a4965",
+                "Sections": {
+                    "/4": {
+                        "Entropy": 4.84229298761354,
+                        "Virtual Size": "0x16050"
+                    },
+                    ".text": {
+                        "Entropy": 5.589734350916883,
+                        "Virtual Size": "0x9dd4b"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".data": {
+                        "Entropy": 4.627610996610074,
+                        "Virtual Size": "0x2c078"
+                    },
+                    "/14": {
+                        "Entropy": 7.322772708526002,
+                        "Virtual Size": "0x449"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.8424565006028102,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".rela": {
+                        "Entropy": 2.6180499183854384,
+                        "Virtual Size": "0x29598"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.2048776341706633,
+                        "Virtual Size": "0xe490"
+                    }
+                },
+                "Signature": "",
+                "Signatures": {}
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "shim-0.7-0ubuntu4/shim64-bit.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootia32.efi } }",
+            "Description": "This was provided by Isoo Software Dev Co Ltd and revoked Jul-20",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "8b88b928-4717-4a30-832e-dcb3bb15b7a3",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "40b8a117af84ea3225963daf421eccb3",
+                    "SHA1": "99823dd47cfe71774cb0fcc687fa1da921b6240b",
+                    "SHA256": "bd882355bf6813cf88ec0b83b6133691100f480381ac06531c3d5909cf1fb626"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootia32.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "b1aea18419d0643fb2e4d8f6da2ae461",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "3085f38227977dce8dac3b29c92b0103e5b5eae8",
+                "SHA256": "56f9e50da4817b1de9d9291eb5f2bc63703ca3e6f4a8571bde28cf756e2c80ba",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 5.843166036178159,
+                        "Virtual Size": "0x931e7"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.5709505944546687,
+                        "Virtual Size": "0xa"
+                    },
+                    "/4": {
+                        "Entropy": 4.946577948119573,
+                        "Virtual Size": "0x62"
+                    },
+                    ".data": {
+                        "Entropy": 5.336485470877681,
+                        "Virtual Size": "0x20cdc"
+                    },
+                    "/16": {
+                        "Entropy": 7.335685443962851,
+                        "Virtual Size": "0x3e6"
+                    },
+                    ".dynamic": {
+                        "Entropy": 1.4609704737895086,
+                        "Virtual Size": "0x80"
+                    },
+                    ".rel": {
+                        "Entropy": 3.52145733418307,
+                        "Virtual Size": "0x9048"
+                    },
+                    ".dynsym": {
+                        "Entropy": 4.390812113462173,
+                        "Virtual Size": "0x9360"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "ValidFrom": "2017-08-11 20:20:00",
+                                "ValidTo": "2018-08-11 20:20:00",
+                                "Signature": "6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "a5052527524f4998a7bd87f396196fe8",
+                                    "SHA1": "2374a3e4f0499d106f0e4d71a22f7b0e709847c0",
+                                    "SHA256": "f5b4992e0bd1b102ae9d5aeec4bd213f5dd042bd27b9a345ad336d2dda10a138"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootia32.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "c8d926b0-b5a4-4960-b951-1f4cfffd940e",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "2493adfef4cb684c76b9697cf414c95b",
+                    "SHA1": "d05a293ae6ba3f9d4f03da5027807f2182be4c22",
+                    "SHA256": "ee0a54e2dd9848d7a209d2c945449a0bac9a46c45e5e033c6982d2924839ac74"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2016-02-10 16:43:19",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.18233 (winblue_ltsb.160210-0600)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "09287aecf07aa294ed7f76f2234270a9",
+                "MachineType": "THUMB",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.18233",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "9a33833e2407d8d25146f07e9c5c8444",
+                    "SHA1": "04243895d74611d8d91937ec718a82b8dd7fe0f9",
+                    "SHA256": "2efb0d9096d6fc172537ba8c386ba82f72b5a9bed5047e7830290bb6aafb0ff4"
+                },
+                "SHA1": "f4de49ab09ad1d3e18ba4eeef481d91cd67a4860",
+                "SHA256": "860c16809e3941bebedff0bde99c32aa77379c0be1f6b174d20038a02162d3d5",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 7.012580430527564,
+                        "Virtual Size": "0x9f3d4"
+                    },
+                    ".data": {
+                        "Entropy": 6.118785418021721,
+                        "Virtual Size": "0x35d10"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.140620718060279,
+                        "Virtual Size": "0x5ba8"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4718876307612105,
+                        "Virtual Size": "0xfce8"
+                    },
+                    ".reloc": {
+                        "Entropy": 4.723783525533069,
+                        "Virtual Size": "0x40dc"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2015-07-15 17:04:59",
+                                "ValidTo": "2016-10-15 17:04:59",
+                                "Signature": "1af26ac0cce3928cceeb0ebeb5186b1b289be1caa47cba55a0f5e23afa820ee56142a1f158d8d32c2230c6010fa04ae06caf71b10094107e15e2a73e7d6ab6ee827ab9a2dd386dfe2693fcf0e1a88ac736f48f2944a8214bda510dfc68ccbf0fc6c4f0f39036edd3f08e1449b129d7f611b7e5d6b60a97f63530ed8381a11fc8b95beb7fbc45258d4eb767a911095a27d17f613665f70600b30b88091015722e8a64fb43d975f92890d80b545e38317279e44a7071a104715796dd91d0b913c2ec106073f696a236d71979da345d469eac38e7492ac88f7ecdff68180d2dd57051d79a46b2f6ed2c810d6bd51521c3fda183dd8599f282561255ef8bde0f8ed8",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "33000000a6206efff45e063a190000000000a6",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "57c30a2d7e6573994b137079cbff34b8",
+                                    "SHA1": "08980baa201ccbfc096accff568fb2b073da66f4",
+                                    "SHA256": "19241716f05046843df5ff3c02395bf6e2ed68ad52d441a71a2edcd24ac93056"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "33000000a6206efff45e063a190000000000a6",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "a6597859-17b0-44f9-b8d8-493a0ff20ed9",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "9E08464CEF9931473C384DB77278997AE92D50368C8D2B9D6AEA6E3323A2BBE7"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "E23336EB1176965193B9733A01F8B7329DFF26D191EF427DC06ED89DD439C615",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "0e305520-6001-4144-893d-b4c38ea47886",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "1FB619FE1504EF78C8BF59294B16C6D9BF1DA741FB582DE125B6A044F6961C57"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "52D826CF8F6A0095938F7069B5F5DA22C16AE037D757BF9115AA84920BCE4EBF",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\shim-opensuse.efi } }",
+            "Description": "This was provided by SUSE Linux Products GmbH and revoked Apr-21",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "ce34babf-0f03-4d6d-969d-e063648d5dfe",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "F5E892DD6EC4C2DEFA4A495C09219B621379B64DA3D1B2E34ADF4B5F1102BD39"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "shim-opensuse.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "7B40290ADE5BA3316AFC08748CFAB5AE79FB30BB8B5972766D670C3887E3D294",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "shim-opensuse.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "05a8e372-5b24-4953-8d25-d6560076f4f4",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "C21614E207B1991D3D6DF842009718652D241A8D926E221B85D069F1615E27A2"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "4BB0A426CA2A23E05B62A3008009AAD7F184F3D24DBD65E9AA81DE341BC5326F",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "66da17c5-7c1b-43c3-8520-4d3efea91899",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "a0455533de7422bc348d8c282d26254d",
+                    "SHA1": "f8f7d3c1f985120b648ab2d7daedeb98ed618189",
+                    "SHA256": "16598ee39b716ed9e4765a44abf86906c9b25c25abf631cc78ece6f7211b0365"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2015-08-06 12:01:48",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.18006 (winblue_ltsb.150806-0600)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "5624304dd2172b7edb81741a5e7d2d06",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.18006",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "2fbc53c18b773e0990639d636825b0ba",
+                    "SHA1": "2a1d3ef0d46e4b8b403cdf0c29bcefbe41250cb3",
+                    "SHA256": "d1a38cd90fba6fb39948b1c0ee836f9542268bb74c4379963c2920d11f696f22"
+                },
+                "SHA1": "5ebb525eefc7d35d664bf29bf8fbff40832dcefb",
+                "SHA256": "0e93c368f8177bc0fe1a09d79b897a94286f3c374a18a40522c3358cb627d7e2",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 6.490130132913895,
+                        "Virtual Size": "0x169ab4"
+                    },
+                    ".data": {
+                        "Entropy": 4.538102764163199,
+                        "Virtual Size": "0x6b290"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.088085457252306,
+                        "Virtual Size": "0xa518"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4709407525928864,
+                        "Virtual Size": "0xfd10"
+                    },
+                    ".reloc": {
+                        "Entropy": 5.3873912473580265,
+                        "Virtual Size": "0x960"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2014-07-01 20:32:01",
+                                "ValidTo": "2015-10-01 20:32:01",
+                                "Signature": "8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "9da610547a25cbe89af7ecdb99229623",
+                                    "SHA1": "6841cbcbd019586d045c2e9d6d0bc3a98fee3bf7",
+                                    "SHA256": "1cfead8146399a4dfe6759e9303c30c521cff3830e7177e87e64021dc3da4931"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "d569f749-c5fe-42ff-b6f9-8966a14d06af",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "a60e4ec04f4225b91e5ba2c607fd84da",
+                    "SHA1": "164e0544942fc32310285c8e8602244194c860b2",
+                    "SHA256": "fc736034ebab004776581ce9a6c112106dfddfabb315b1f0a4d0842d67308429"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2012-09-19 23:19:05",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.2.9200.16420 (win8_gdr.120919-1813)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "9caa5988ee5678dad93374ef1f4fd184",
+                "MachineType": "THUMB",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.2.9200.16420",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "cf754bf89d7037f778daec0827acbe4e",
+                    "SHA1": "d9585e21d15cc1e8ea347a17f536f3fc9ab67510",
+                    "SHA256": "dc9623ba46d2c0c39fd89d803d9c8649f6a3b20ebc9b4218da63da3b4fe19373"
+                },
+                "SHA1": "7b09d0dd2b0e37d91ee548a205ba53f8d5b02c7b",
+                "SHA256": "79baff384ed507030cbe328a3d6c04d13e77932f08d387f76cf2422fb3b2588b",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 7.094146009062804,
+                        "Virtual Size": "0x86c9e"
+                    },
+                    "PAGER32C": {
+                        "Entropy": 6.8208156523893635,
+                        "Virtual Size": "0x2480"
+                    },
+                    "PAGE": {
+                        "Entropy": 6.9370198019728795,
+                        "Virtual Size": "0xf40"
+                    },
+                    ".rdata": {
+                        "Entropy": 5.647467240821381,
+                        "Virtual Size": "0x10504"
+                    },
+                    ".data": {
+                        "Entropy": 5.598080350898377,
+                        "Virtual Size": "0x35b50"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.104261146987598,
+                        "Virtual Size": "0x4e50"
+                    },
+                    "PAGER32R": {
+                        "Entropy": 7.631412897966042,
+                        "Virtual Size": "0x380"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.471356139350038,
+                        "Virtual Size": "0xfccc"
+                    },
+                    ".reloc": {
+                        "Entropy": 4.664264175172123,
+                        "Virtual Size": "0x3b88"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2012-04-09 20:55:50",
+                                "ValidTo": "2013-07-09 20:55:50",
+                                "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "610bbbd8000000000005",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "158438012e4dcd69b27b762c9358cfa2",
+                                    "SHA1": "684ac167849404a4101f166b759f291a43d5f749",
+                                    "SHA256": "95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "610bbbd8000000000005",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootarm.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "312efde5-1d57-4845-860d-cecb9a1af677",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "26ACA3C927095772FA26A4D63680597130AD161EEE8CBCE34B59E10C6167E92A"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootarm.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "0EC7C340AE2DAA6D5F7B261BB64A5E7E2351073FC5B893E07D03595DEE28F544",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootarm.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "4d31cfeb-3005-497a-b566-7062066398ab",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "cb9d3c514e9a2a200235c093312630ca",
+                    "SHA1": "3779679707ac8e825d6195b8106efe77ce33bfc8",
+                    "SHA256": "ce8c44e185faaa03959cf23229607854ef7e316ed0773d66d7be5e0a48061de5"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2012-09-19 23:32:48",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.2.9200.20521 (win8_ldr.120919-1813)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "02e7a063eae0c4b80a6793fd63bac013",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.2.9200.20521",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "fa6462badb7aa537a9d3ecf604e9fbd7",
+                    "SHA1": "caefdafc6f3620830b306d429c83bb077f6bdaa4",
+                    "SHA256": "4689fe3d6e35db99759219db2adef6cefa62105e8b636c0c5bd2a6bec395e471"
+                },
+                "SHA1": "c7a420758542a22c9db7c9f75a4709ac53ec8da2",
+                "SHA256": "9da10b25786d8db0167fd66c051f7e2655781bb561b99584312b439a32be4c32",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 6.641518892559521,
+                        "Virtual Size": "0xdd286"
+                    },
+                    "PAGER32C": {
+                        "Entropy": 6.572183780133045,
+                        "Virtual Size": "0x4805"
+                    },
+                    "PAGE": {
+                        "Entropy": 6.502474956779901,
+                        "Virtual Size": "0x12ab"
+                    },
+                    ".rdata": {
+                        "Entropy": 5.359664573712839,
+                        "Virtual Size": "0x122aa"
+                    },
+                    ".data": {
+                        "Entropy": 5.32099548613425,
+                        "Virtual Size": "0x54bf0"
+                    },
+                    "PAGER32R": {
+                        "Entropy": 7.631412897966042,
+                        "Virtual Size": "0x380"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4708442562161297,
+                        "Virtual Size": "0xfcf4"
+                    },
+                    ".reloc": {
+                        "Entropy": 6.124599725636047,
+                        "Virtual Size": "0x61b0"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2012-04-09 20:55:50",
+                                "ValidTo": "2013-07-09 20:55:50",
+                                "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "610bbbd8000000000005",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "158438012e4dcd69b27b762c9358cfa2",
+                                    "SHA1": "684ac167849404a4101f166b759f291a43d5f749",
+                                    "SHA256": "95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "610bbbd8000000000005",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "23d2d4cc-fb8c-43d8-b736-ae5c4fc3cd96",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "691BA3414E78622581BC519BAF0BCB16FB262D3ABBD8639F3E0ECA2A29F99406"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "C1B24EBFE119C27A2E5EDD4267EEF37B2CD14FBBD8688DE27E08AF89996DB468",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "275664b6-bb50-43c5-9d04-b100ea9fe56b",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "0a0000705bbb68e7e712da6d3e638b2c",
+                    "SHA1": "af2f6de1a213564cfcef1588b157a5ea52ee54da",
+                    "SHA256": "f1cad3ac005b57d6e22ea57b9ebe1ee9e5052bdda499f5f2c1364317de87a794"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2013-09-25 02:06:36",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.16411 (winblue_gdr.130924-1807)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "a7077726554ee791e5a4b6e20ba8d557",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.16411",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "476ff7a2afe034c2194a948f1f780094",
+                    "SHA1": "1a999ada5820fb409ce7f2ec343e215caf2e07a4",
+                    "SHA256": "802de9524cf6556e6464828cc411f87a8fb3693742c5515126eb511122e9086a"
+                },
+                "SHA1": "6d3c3476f38f447586c8fc347dd545ebf3b83a15",
+                "SHA256": "3fda721bc5007eab23af6e0c56a6942a7925a858f0d801fbb21011ccf758893b",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 6.501476254289593,
+                        "Virtual Size": "0x164d34"
+                    },
+                    ".data": {
+                        "Entropy": 4.528276048554928,
+                        "Virtual Size": "0x6b230"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.076711122380285,
+                        "Virtual Size": "0xa3d4"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4714597444382016,
+                        "Virtual Size": "0xfd10"
+                    },
+                    ".reloc": {
+                        "Entropy": 2.339034701100046,
+                        "Virtual Size": "0x2000"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2013-06-17 21:43:38",
+                                "ValidTo": "2014-09-17 21:43:38",
+                                "Signature": "78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "28b23b39f3bbd936a26a5b86451be0ac",
+                                    "SHA1": "3b16f29295d5a7c323beb479c71d3d20c6b8acc2",
+                                    "SHA256": "4383c9a796dc607ddaae1849d8e5d2e7ea211aad2c599fe1e251285ec87dd150"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\shim-15+1533136590.3beb971-0ubuntu1/shimaa64.efi } }",
+            "Description": "This was provided by Canonical Ltd and revoked Apr-21",
+            "OperatingSystem": "64-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "67ae7723-5130-48c6-b24b-22a876c9c2c0",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "339C2BCF0445BAA7345A02CDE505E172D24CC9CEA29A92EBEE3F3901693FD2C8"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "shim-15+1533136590.3beb971-0ubuntu1/shimaa64.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "C58ABF55F773FEE60CDB21D01D02229C4A3FEEB29F5D904CEB3106BC4B435EE7",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "shim-15+1533136590.3beb971-0ubuntu1/shimaa64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "6ea89297-74dd-4581-b268-475a282c9592",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "92185C264285741FA7F198CAD8F307C60891AD932D9E3C2A08D92546FF7099ED"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "9C1812CF5B1D61DC08BD6683D143511BCB5B14798116D1D2714963CD468933FF",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by EgoSecure and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "87813fcd-6a01-4452-b54c-0dc24402bbfe",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "340DA32B58331C8E2B561BAF300CA9DFD6B91CD2270EE0E2A34958B1C6259E85"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "23EBFBC7BC286CEFC68B4920784B926EC28D7965815238325FBD17892177D6F3",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "87813fcd-6a01-4452-b54c-0dc24402bbfe"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\shim-15+1552672080.a4a1fbe-0ubuntu1/shimaa64.efi } }",
+            "Description": "This was provided by Canonical Ltd and revoked Apr-21",
+            "OperatingSystem": "64-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "2e98c935-fda6-4fc9-b635-47a7d9157a02",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "A48B5E31477DA248680A8935D1E5E630E6FDE22277F9635DA7D6F7F9AA17E34A"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "shim-15+1552672080.a4a1fbe-0ubuntu1/shimaa64.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "B6F807D4488F132AB873DCDE8EDAD2875961895E503F263B86BA34958A290618",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "shim-15+1552672080.a4a1fbe-0ubuntu1/shimaa64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "79c58c75-492b-46fc-9788-59514261788a",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "E637002526221BC32E477455B12F864F20B27C44679A2E78E5C56DA1FFCE8B41"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "E1A44BDE59714FE31A77476FCF73CFB784105333F05755D8F1C05EDE4056D4C6",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\BOOTX64.EFI } }",
+            "Description": "This was provided by Red Hat Inc. and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "47020b30-de49-4937-9908-9d72b3d153d5",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "631F0857B41845362C90C6980B4B10C4B628E23DBE24B6E96C128AE3DCB0D5AC"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "BOOTX64.EFI",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "B76C5689D45E7F40F8D78468D4484074167563CB06368CBB9CB4DBED65E1192A",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "BOOTX64.EFI"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootx64.efi } }",
+            "Description": "This was provided by TeraByte Inc. and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "27ce9422-3805-4231-8142-aa0976d3686a",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "A4D978B7C4BDA15435D508F8B9592EC2A5ADFB12EA7BAD146A35ECB53094642F"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootx64.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "EEC3E281A5545CAF11EC02BB0DF159DA19698E639CBA0190A0AEC9AB09296BEB",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\shim-15+1552672080.a4a1fbe-0ubuntu1/shim64-bit.efi } }",
+            "Description": "This was provided by Canonical Ltd and revoked Apr-21",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "42952e7b-6913-40b6-bc44-5eacd9c673a7",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "E060DA09561AE00DCFB1769D6E8E846868A1E99A54B14AA5D0689F2840CEC6DF"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "shim-15+1552672080.a4a1fbe-0ubuntu1/shim64-bit.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "CE7A0A3D718747C7263D099FD1477E363ECFE75BD2F639EE47AC1271EC229D80",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "shim-15+1552672080.a4a1fbe-0ubuntu1/shim64-bit.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Unknown and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "cc9c7842-484d-4427-9ed5-75073efdad17",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "362ED31D20B1E00392281231A96F0A0ACFDE02618953E695C9EF2EB0BAC37550"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "8A73B6E52B27695C72D4776C0BCFA54D30C1340D534D5EEFF8D890377CDFDFAA",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "cc9c7842-484d-4427-9ed5-75073efdad17"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "841c43d9-b7a0-40a7-ae7c-fc1affb759af",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "57E6913AFACC5222BD76CDAF31F8ED88895464255374EF097A82D7F59AD39596"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "439983268FC8238CB2DC187B033904DBD682929852D846FB69A22DDA1561A422",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "841c43d9-b7a0-40a7-ae7c-fc1affb759af"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootia32.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "7cefffba-3701-43ff-96a7-7a66f008805e",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "50F93402B66127D87B947067E9689DF5B2B36B253833FFE1E6CECA685FAE2D85"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootia32.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "C443B4E3083BDBF2296A5E0986022520535C01ECC6CA3E0F0F83F3B683672368",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootia32.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "7489f724-a3b3-435d-b34e-9ca0a94c6ceb",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "9C259FCB301D5FC7397ED5759963E0EF6B36E42057FD73046E6BD08B149F751C"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "707BEEAE9B9CBF0D56AEE48AE398F127D3B52FD37D25B95C561CDA1DB5233C50",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "7489f724-a3b3-435d-b34e-9ca0a94c6ceb"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "94e35789-58de-436e-b04a-8a7b7ded8347",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "2B1B9ECCF585B11C5122651D7B94534BB131AA7C874E2262038B85DB3EE83E4D"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "12A9833615CAABCF4F732C8BB088C83EC18C286EEF2332CB11F18529B676BD38",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "5cb571f7-050a-40db-a196-9ad7cd8afed6",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "E808A337ED6911EF561C27CABACABF4EA6D6E20FB70F5413B121AC251ABCC10C"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "079A26143F5CD9862331F7C1850FFCF2D6E081FCFA8617F6FFA94FA212834DD1",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootaa64.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "34da0cf6-14d0-43a7-8e56-ea63c3b0c1bd",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "D465D63B0384F16A1610B0A86C5D73B36A33709828DE8FE26DBAC6DC6EFA007D"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootaa64.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "A7CEA30E7B024C8710F9AE5C1302545CEEAF23B8DEBE362FB26562ACDD807325",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootaa64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "57f3ded8-3e38-4146-88ad-92ae83c627d5",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "C0530BADC4D066D5C4B8B955023E9EFA7FB9337ECB7E1298E7CBA172D8680485"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "85C838E95601A4B1CFA64600FC4A16330CB50D575FB2E89ECAA08D6B12B50CDF",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "3a20e152-907d-41c3-8ae7-14c2a23e4880",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "3E3926F0B8A15AD5A14167BB647A843C3D4321E35DBC44DCE8C837417F2D28B0"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "299E3B66B0283E23793E03FBA6B795A2C6B6034864B6D571449945EBA0D90A20",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "3a20e152-907d-41c3-8ae7-14c2a23e4880"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "98b2c48c-eaa0-48d4-bcbd-4090cffd2fed",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "F558E04EF99B39A1012E8BC2685728D983C682CF5E6F7E4D335A660283D7C666"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "575D4DF1AFBDD514A6D293234F4493736200E657D0EB9C618CBE18B3AE8EBB3E",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "cede5464-786a-4472-9b83-cbf540f90d1e",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "D455A3C084DF64CF66DC1D2BAB352C74AAF66035058DF1143EFBDD4298AA4527"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "E9F55F39797D7ADAA99F2FE4138D413A10539C9663976B055A705A76C6A916D4",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "347957db-bbbc-4322-a736-366891a369d0",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "A9CE2969A83982F80B6B2685568A7D6F8E58BCB5FABAA2F8168092175518A0C9"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "F736ABAB18FA867218E4FBFEAA8A452C3B55F2981CC7E27E6CAF1FD9181EF294",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "e2313b7a-714a-4e2c-a692-4259f9bc3b0c",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "B344D2F33E30A25EB927E4C1A419D019ACCFA8249A5CE622B8E7C7D8D5807A00"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "C190FBE65C28E7DBCA5AAE188C368CAB9A43ADB7F3B010843086D6DA77C3A6E5",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2022-34301"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\Bootx64.efi } }",
+            "Description": "This was provided by Eurosoft and revoked Aug-22",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "b1ed132f-d99d-4616-9fa6-56b6e8e814f6",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "1e31b54463f12e9af1098295a74b4866",
+                    "SHA1": "7bc2c8f3a922fda1f6b16dd09425006a4715f7ee",
+                    "SHA256": "66d0803e2550d9e790829ae1b5f81547cc9bfbe69b51817068ecb5dabb7a89fc"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "Bootx64.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "7e05f116825f8e60072443b813e6192e",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "c9bda70cc887ceb1c4552319df909c8bca331b58",
+                "SHA256": "09f2e41661cbbd714d22986fbb36a2b5764a5544c85f9875d227f6a26e1c8c8b",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 5.947922488694373,
+                        "Virtual Size": "0x523b0"
+                    },
+                    "": {
+                        "Entropy": -0.0,
+                        "Virtual Size": "0x1df4"
+                    },
+                    ".xdata": {
+                        "Entropy": -0.0,
+                        "Virtual Size": "0x1000"
+                    },
+                    ".reloc": {
+                        "Entropy": 5.4356761952478605,
+                        "Virtual Size": "0x3268"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "ValidFrom": "2018-07-03 20:53:01",
+                                "ValidTo": "2019-07-26 20:53:01",
+                                "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "8d8a1f204c9c80213bd427fa58b387e2",
+                                    "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386",
+                                    "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "Bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "68bce846-d710-4c06-a74c-bdf24a87157b",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "8bbbe505bcaf280a57c1bbd361585c0d",
+                    "SHA1": "df47daa733f498b29d1b3daf28724cc400710a63",
+                    "SHA256": "2b21029fa033526d1dcd9e87ad8893f9b5a08987c3271b8a86716865de53d958"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2013-08-22 05:41:48",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.16384 (winblue_rtm.130821-1623)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "11ca417bc767273a9de7b1355cb2908e",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.16384",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "e754010390655ad90064d6113e5dd792",
+                    "SHA1": "235cedf98ee575630be68e22dcb4bdf096629ba4",
+                    "SHA256": "691116109e663ec85f12f05de1670ed2caa11b641bdcccb4d2a8907a46033e0e"
+                },
+                "SHA1": "8de2b54c1204ea7491174a94c1a283695952155b",
+                "SHA256": "0b16ad93ee38243d72ff0acd790107767b6d7d3563a4ba8edb7a23eec5c8d531",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 6.4695047421671195,
+                        "Virtual Size": "0x143d82"
+                    },
+                    "PAGER32C": {
+                        "Entropy": 6.359590728392211,
+                        "Virtual Size": "0x3d09"
+                    },
+                    "PAGE": {
+                        "Entropy": 6.540359913399707,
+                        "Virtual Size": "0x1669"
+                    },
+                    ".rdata": {
+                        "Entropy": 5.839311515562025,
+                        "Virtual Size": "0x1dd44"
+                    },
+                    ".data": {
+                        "Entropy": 4.568362788596972,
+                        "Virtual Size": "0x6b250"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.052020537215353,
+                        "Virtual Size": "0xa47c"
+                    },
+                    "PAGER32R": {
+                        "Entropy": 7.124151697179559,
+                        "Virtual Size": "0x100"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4707613356348475,
+                        "Virtual Size": "0xfd10"
+                    },
+                    ".reloc": {
+                        "Entropy": 2.343044695048387,
+                        "Virtual Size": "0x2028"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2013-06-17 21:43:38",
+                                "ValidTo": "2014-09-17 21:43:38",
+                                "Signature": "78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "28b23b39f3bbd936a26a5b86451be0ac",
+                                    "SHA1": "3b16f29295d5a7c323beb479c71d3d20c6b8acc2",
+                                    "SHA256": "4383c9a796dc607ddaae1849d8e5d2e7ea211aad2c599fe1e251285ec87dd150"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "cc55f472-e9c9-493c-bf44-98d528441570",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "eed20fa5bc02fa6f0c7e5082c633e31e",
+                    "SHA1": "01419f5ba84d07eaf079e2c69e8655471028081c",
+                    "SHA256": "9335c9dd7001a2ec4e322ab6a2d11e6c4cd4ef1644c00d6314b7ba5a26f9eb7d"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2012-09-13 20:16:14",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.2.9200.16416 (win8_gdr.120913-1502)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "9c77b23f662f4c5cf1da2ec62ba6fd2c",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.2.9200.16416",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "fa6462badb7aa537a9d3ecf604e9fbd7",
+                    "SHA1": "caefdafc6f3620830b306d429c83bb077f6bdaa4",
+                    "SHA256": "4689fe3d6e35db99759219db2adef6cefa62105e8b636c0c5bd2a6bec395e471"
+                },
+                "SHA1": "0f6c22e7f48505d3c4cf28edf541e69a72f4cfed",
+                "SHA256": "5f3952cba19c9f225aae8b57e57c7e20505ac617aeca845a8b5cde4994405c92",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 6.641518892559521,
+                        "Virtual Size": "0xdd286"
+                    },
+                    "PAGER32C": {
+                        "Entropy": 6.572183780133045,
+                        "Virtual Size": "0x4805"
+                    },
+                    "PAGE": {
+                        "Entropy": 6.502474956779901,
+                        "Virtual Size": "0x12ab"
+                    },
+                    ".rdata": {
+                        "Entropy": 5.359740869045908,
+                        "Virtual Size": "0x122aa"
+                    },
+                    ".data": {
+                        "Entropy": 5.32099548613425,
+                        "Virtual Size": "0x54bf0"
+                    },
+                    "PAGER32R": {
+                        "Entropy": 7.631412897966042,
+                        "Virtual Size": "0x380"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4705699295441637,
+                        "Virtual Size": "0xfcf4"
+                    },
+                    ".reloc": {
+                        "Entropy": 6.124599725636047,
+                        "Virtual Size": "0x61b0"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2012-04-09 20:55:50",
+                                "ValidTo": "2013-07-09 20:55:50",
+                                "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "610bbbd8000000000005",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "158438012e4dcd69b27b762c9358cfa2",
+                                    "SHA1": "684ac167849404a4101f166b759f291a43d5f749",
+                                    "SHA256": "95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "610bbbd8000000000005",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\HfiPcieGen3 } }",
+            "Description": "This was provided by Intel Corporation and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "3c5c1c32-6c09-4fea-863a-2e5cb48bb099",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "e599f74cf93986aafae680c20c7b3723",
+                    "SHA1": "36a6e60b2512bfd940eadb7ff3fdba23fa970a8c",
+                    "SHA256": "9fa4d5023fd43ecaff4200ba7e8d4353259d2b7e5e72b5096eff8027d66d1043"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "HfiPcieGen3",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "ffa0df6d1cb927f4cde2741d63c7125b",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "a2c8bf15abcb90da814748bb150d66f842f23a38",
+                "SHA256": "98acba206e9f3843a4a7e07c66ead4366fbe7976653b65ed0c311d4efae878ab",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 5.413383270074479,
+                        "Virtual Size": "0x3eee0"
+                    },
+                    ".data": {
+                        "Entropy": 6.816481814190404,
+                        "Virtual Size": "0x48c80"
+                    },
+                    ".reloc": {
+                        "Entropy": 6.735442193719632,
+                        "Virtual Size": "0x3a20"
+                    },
+                    ".debug": {
+                        "Entropy": 4.647938066282669,
+                        "Virtual Size": "0xc0"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+                                "ValidFrom": "2016-11-17 22:05:37",
+                                "ValidTo": "2018-02-17 22:05:37",
+                                "Signature": "0141873b6d85a37b5ac2a306448d73b6be76f7682ad14efef7ce4b377f0f7a5fbefd76377d59dc2caccd28d1be3eb180a8b66ab19a853bd14c7d5e955e8f07bc2ee0686ac3a2c9e997bd9f58de6dc9b93900c6b7824f64bf415ac51ebaa3dcfe8ad4fc2a41ad95b372c421c4f87835a59867c244e1c8df142abc4b23579f57431565eb8de6a7a0318b2fd17f93876a335c9450d2531f6a877baf43a569f83703a68e49987ca3c6dd42a595827f5be49151d3b79ea262e38ef5b37bda5b1be3462baa6ccb313193cdba21ea3cb1e9bbc751a769f354d63a0d1de3158c67d47b765b92d580ed5f1f1cdb5f61774c4b66c7deb15f4c71d605106064f33a17d31ca6",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000001e0d8474951a966ce400010000001e",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "b6f099bf203668f11a8f79ab08792ed8",
+                                    "SHA1": "4713755a345940554eada6042e90b0151591fad6",
+                                    "SHA256": "62a02001fda2712f35e5ba5f619a6403b6a2c10570eab455fdc69455535f49bb"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000001e0d8474951a966ce400010000001e",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "HfiPcieGen3"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "4a9f5a2f-87ca-4a7e-9a16-15d7e8a44c14",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "a114f82ee953917e2718ad7f4765ab20",
+                    "SHA1": "5c145f3f55a53c1db47c568cd76eff5b0092e95b",
+                    "SHA256": "f0b3d0d4c5457880e2d9b7728eb64bd288b5d4a26ec883f3c0941d8af29d9466"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2014-11-05 18:18:59",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.4.9880.0 (fbl_sec_oss3(dlinsley).140616-1123)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "e2f5112aec3a2bdc5f267c18f8a6c071",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.4.9880.0",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "a02554021493291650ba1e2951aef07f",
+                    "SHA1": "3cb0d2f0d1a2046caf0027cfd995294a09eeda72",
+                    "SHA256": "3089fe7fa4527043c200fafe2a7272e48a1f7c54725a623f22d12f2cdbb48350"
+                },
+                "SHA1": "513e0049089f66a29eb06adef56eb24f1689c24d",
+                "SHA256": "c643c3cc182443893728101f5303aaa05b08ec8616310546edc903635c692b5e",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 6.49404758790082,
+                        "Virtual Size": "0x172c64"
+                    },
+                    ".data": {
+                        "Entropy": 4.473798201663143,
+                        "Virtual Size": "0x625a0"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.087546898123127,
+                        "Virtual Size": "0xa80c"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.469828495684793,
+                        "Virtual Size": "0xfd54"
+                    },
+                    ".reloc": {
+                        "Entropy": 5.40956828432046,
+                        "Virtual Size": "0x9c8"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2014-07-01 20:32:01",
+                                "ValidTo": "2015-10-01 20:32:01",
+                                "Signature": "8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "9da610547a25cbe89af7ecdb99229623",
+                                    "SHA1": "6841cbcbd019586d045c2e9d6d0bc3a98fee3bf7",
+                                    "SHA256": "1cfead8146399a4dfe6759e9303c30c521cff3830e7177e87e64021dc3da4931"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\BOOTX64.EFI } }",
+            "Description": "This was provided by  Ciscso Systems Inc. and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "1f6808e6-5b11-4cb3-b2d7-427ea75c1f9e",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "19a8ebfdc4acec4f18411de1412ef702",
+                    "SHA1": "e91507cdff068f305c149e89d25038e3a665e461",
+                    "SHA256": "c805603c4fa038776e42f263c604b49d96840322e1922d5606a9b0bbb5bffe6f"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:08",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "BOOTX64.EFI",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "cd3a08a351a1e5286fdabeb5bbf371e7",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "55f93fee3283aa27b1d8b20d1d4d85b770e923aa",
+                "SHA256": "2df05c41acc56d0f4c9371da62ec6cb311c9afb84b4a4d8c3738583ccc874d38",
+                "Sections": {
+                    "/4": {
+                        "Entropy": 4.856630086753691,
+                        "Virtual Size": "0x189a8"
+                    },
+                    ".text": {
+                        "Entropy": 5.636654925513066,
+                        "Virtual Size": "0x94995"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    "/14": {
+                        "Entropy": 5.1850304488993615,
+                        "Virtual Size": "0xcf"
+                    },
+                    ".data": {
+                        "Entropy": 4.471969126591927,
+                        "Virtual Size": "0x29918"
+                    },
+                    "/26": {
+                        "Entropy": 7.400768349168698,
+                        "Virtual Size": "0x35e"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.8341231672694769,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".rela": {
+                        "Entropy": 2.6500576085243153,
+                        "Virtual Size": "0x1af40"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.212420010647876,
+                        "Virtual Size": "0xef88"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "ValidFrom": "2018-07-03 20:53:01",
+                                "ValidTo": "2019-07-26 20:53:01",
+                                "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "8d8a1f204c9c80213bd427fa58b387e2",
+                                    "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386",
+                                    "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "BOOTX64.EFI"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "0486fe15-0d77-4c66-9918-1278ef014f72",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "4755a94a9c24a396102236124cd43c7f",
+                    "SHA1": "e7efd492f1248e8eb94f4ee629365328cc7c7822",
+                    "SHA256": "07b6d3aa86d0a8d5f46bdd5886d8f20fa2dd9377898d1139bd74b41f5e7ae44b"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2013-08-21 21:15:47",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.16384 (winblue_rtm.130821-1623)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "c831903e223d70526791119b52eaa4df",
+                "MachineType": "THUMB",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.16384",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "55e14c81b5fe58eedc0ba4f71e3dfc38",
+                    "SHA1": "d793a26f5757c9a0c1bdd8b6a22fb8461560265d",
+                    "SHA256": "f728c141f52f30bd327d1b8522257d8095ab4e4a707f449b48560f6e17803762"
+                },
+                "SHA1": "43e01a095fe196f5f7f0f6aa4f33d79803d1fe43",
+                "SHA256": "86e5b25aa8072895e72e3d5f4beaccc1488a434fb10babe17fb9010da4ed93bc",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 7.094486381874274,
+                        "Virtual Size": "0x8a3da"
+                    },
+                    "PAGER32C": {
+                        "Entropy": 6.715799464104058,
+                        "Virtual Size": "0x18b6"
+                    },
+                    "PAGE": {
+                        "Entropy": 6.974677001292805,
+                        "Virtual Size": "0xf2c"
+                    },
+                    ".rdata": {
+                        "Entropy": 5.6876031395439375,
+                        "Virtual Size": "0x10134"
+                    },
+                    ".data": {
+                        "Entropy": 6.124598814239404,
+                        "Virtual Size": "0x35d10"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.096561187355531,
+                        "Virtual Size": "0x5b20"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.471204074592975,
+                        "Virtual Size": "0xfce8"
+                    },
+                    ".reloc": {
+                        "Entropy": 4.721187435331078,
+                        "Virtual Size": "0x4064"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2013-04-10 20:41:53",
+                                "ValidTo": "2014-07-10 20:41:53",
+                                "Signature": "cbc341b6aa9c66039f4068be8e0a48a0e38ad5c22d4a6f33e6c39817378261c73b0ac8e800662cde2333f4a79c3b75b726b7aaefc55cb467374a3804a65dd3bcf318da3699a4951225e092422aa4bb08880db7d021c4b7883ccd2452884d6e00d6ec06e6055f30218dfc376e893fdf2b0174ba323e15e0d9e480862c7132f49666ab01c246edcb9e403752b15284de32fa501cbed5bba0e45c60635520155a623bbd1b14d47e4cb8c9b2114d41de618eb6fbb022303df44f93d5d6ba60a5edc24f31c0530da52ea1392985d95b01833392c7686abf5c318308b442b5055011dfd475058a740a741ef63482b84edf9758ccfa5f3472df9c7043ca60912102c15b",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000001b40b3e1eae3b8c84600000000001b",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "2e3f888fadd3d8d498f3237752c18df9",
+                                    "SHA1": "4f3c14facbfca2505dddb77d8b8bfe71abb1d2ed",
+                                    "SHA256": "574085e964e5d1fc9d71150ef08a0e08779e1919f28d75a19dad15f69571c8f6"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000001b40b3e1eae3b8c84600000000001b",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootx64.efi } }",
+            "Description": "This was provided by TeraByte Inc. and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "63cf9ba5-5aec-4ed7-9f58-97d1eff8aa0f",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "0A75EA0B1D70EAA4D3F374246DB54FC7B43E7F596A353309B9C36B4FD975725E"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootx64.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "1BABF3FB76AE149CCB95B8E33B193CE7408B7134E0A5CC8CE1E884BCD01DFCF2",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\shimia32.efi } }",
+            "Description": "This was provided by Oracle America, Inc. and revoked Apr-21",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "7ad06c0c-5595-41e6-8049-b051fa3e931b",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "D472D0DCBA3F5DD61BE3931244717BF2230BABD30E9E2F6B2880BFCDC8FD6665"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "shimia32.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "7B9D76B66E9E3503682EB5B6CCC8F70B8B5082F140252A7F6127AD9764D8F297",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "shimia32.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "513ff7cf-418a-4405-9020-8044f5ce24cd",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "E11BDBFBAC4736918C497798D6ED018F529726A6B1894BE0658D1B9519538B22"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "4489FA289C24EC5745E69F476FEBB3FA0103501D95349E795BE481E678429DDE",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2022-34301"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\esdiags.efi } }",
+            "Description": "This was provided by Eurosoft and revoked Aug-22",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "aa02b41c-fdba-4a15-8cd0-721c8ce19b68",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "cf53d0ab33dfb190f34ec0b12fcd54d6",
+                    "SHA1": "fb0b0ee77baf7de4e8072a79bd48406c63a0bc7c",
+                    "SHA256": "e9d873cbcede3634e0a4b3644b51e1c8a0a048272992c738513ebc96cd3e3360"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "esdiags.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "77164588c1c1207395ca4a64dca19f85",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "b1d0f26d6c2ada8828889a9208529ce96b6312e4",
+                "SHA256": "1e918f170a796b4b0b1400bb9bdae75be1cf86705c2d0fc8fb9dd0c5016b933b",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 5.26426828621347,
+                        "Virtual Size": "0xb6128"
+                    },
+                    "text": {
+                        "Entropy": 4.864329193142283,
+                        "Virtual Size": "0x96"
+                    },
+                    "": {
+                        "Entropy": -0.0,
+                        "Virtual Size": "0x1d28"
+                    },
+                    ".xdata": {
+                        "Entropy": -0.0,
+                        "Virtual Size": "0x13e4"
+                    },
+                    ".reloc": {
+                        "Entropy": 5.393560756394889,
+                        "Virtual Size": "0x100c"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "??=GB, ??=Private Organization, serialNumber=01488751, C=GB, L=Bournemouth, O=Eurosoft (UK) Ltd, CN=Eurosoft (UK) Ltd",
+                                "ValidFrom": "2019-04-05 00:00:00",
+                                "ValidTo": "2022-04-13 12:00:00",
+                                "Signature": "4ad23e049278de3e46ea9bacb4869b3b787d3fb0306e9cb33621ad3ec283bca093d68b08bea449dfee9bdf1819f0bd95ce2724761856a5e2225eb38bb958c363fc54a6c47b3097894cc42d8cea7e553062f1ed7ccd15cedc0eb3a3316597ca1ac7954546f73325a8ccd9cfbf02dde71cef4684c23b22307ef3839ca5f8f7cbdbc2c6038e2ba37e8b0281de8653718a28163567d1c3617c40b1ba453b6177f31c73b515838a22871c59e8d15f9235dff874ad7a73ef0b8b10e3a123cfb7f3ac7b74fa306f21589ec29ad06f297549d387ddc369aa59e48fad5ea5ed7ec9051fa0ec96247ecb48b31a534e2ae9ad020ed0cdf25ae65cee5affec49f5ec44b5fcb7",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "09d2ecf1e18290f1ea3bf27dd1cbeb62",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "0300d0ac1873acaa7bbbfa8bb78865f8",
+                                    "SHA1": "8cf42d660984334a7f73556260861949c9c2769d",
+                                    "SHA256": "a3ec97b75a7cff80f285bdc5808873f9d4e44994661a925afdef65d8365b71f9"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA (SHA2)",
+                                "ValidFrom": "2012-04-18 12:00:00",
+                                "ValidTo": "2027-04-18 12:00:00",
+                                "Signature": "19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "03f1b4e15f3a82f1149678b3d7d8475c",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "83f5de89f641d0fbf60248e10a7b9534",
+                                    "SHA1": "382a73a059a08698d6eb98c87e1b36fc750933a4",
+                                    "SHA256": "eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "09d2ecf1e18290f1ea3bf27dd1cbeb62",
+                                "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA (SHA2)",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "esdiags.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "3f2c9d56-984f-41b4-a2b2-49bf97e6ef71",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "B632A6286C6FAA6643EC34311E0B9710A3508FC952E9A04263C33179E32814F8"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "C2BC0ADF3826972A0F8EF7E63C008C52D68215CCAE493CCEF14C3D3F4F67BDD0",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Intel Corporation and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "4f2db5df-2730-4e9e-aa70-51029d2540d1",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "2DCF8E8D817023D1E8E1451A3D68D6EC30D9BED94CBCB87F19DDC1CC0116AC1A"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "55A3628537C4FBDA0FA7D27001EB2DFCDC515D8A48649715A31E1D0065A7DA35",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "4f2db5df-2730-4e9e-aa70-51029d2540d1"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootx64.efi } }",
+            "Description": "This was provided by Unknown and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "46a49cc4-2dcb-4c79-b1d1-2c49f6df0af0",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "6178f6bbcb3eea01cc915b8a348a3637",
+                    "SHA1": "cc3d816d02da15fb70878fa6590b69c9f23f8441",
+                    "SHA256": "8e53efdc15f852cee5a6e92931bc42e6163cd30ff649cca7e87252c3a459960b"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1970-01-10 17:29:20",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootx64.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "658f77c25877b5ceb68bc7e046d37ec3",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "8276fccfe7c6ec83b5340aedcb77fb1e24cb1c4d",
+                "SHA256": "d92b8ac828b827e4e5b9e9aeb02676783cdb1884f42194823769ccf033a7b9c5",
+                "Sections": {
+                    "/4": {
+                        "Entropy": 4.8425490294878095,
+                        "Virtual Size": "0x161c0"
+                    },
+                    ".text": {
+                        "Entropy": 5.587793825009416,
+                        "Virtual Size": "0x9f942"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".data": {
+                        "Entropy": 4.520603169572745,
+                        "Virtual Size": "0x2d690"
+                    },
+                    "/14": {
+                        "Entropy": 7.114183160764015,
+                        "Virtual Size": "0x603"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.8630797231656377,
+                        "Virtual Size": "0x100"
+                    },
+                    ".rela": {
+                        "Entropy": 2.6111195899111035,
+                        "Virtual Size": "0x29598"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.207501995948057,
+                        "Virtual Size": "0xe508"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+                                "ValidFrom": "2014-10-01 18:02:10",
+                                "ValidTo": "2016-01-01 18:02:10",
+                                "Signature": "2b1b08b20674b8acbad524875a42f0b4d4ba6df424b9adb1e83c9309e657fe499f386cdf93a4f71393ab57da5eee4e346ebccdf9a7e990b44a76433af4071e90ee0e0fc8744003f9afe6bdda1cbd132fef8235d39c932bb9960f52bbea2062ed773a52beef26b333f603d8e9a0a9652c222a013cb1bd44bb5dc96c1a4135284c91784f0d66a2d7d97c59e26fd19d645e730b656d56e7a8166f228a751a745c4491f1865c8d5a4b1bf61fd4a564811e32699deff03a3328829cd888ae53fccb0819957ee499a2ad79d1c1d73ef7324562bee86575193983b41f66c12c95eb5d171df5c4beda799c4fb314e8e27bc47b195e1c8a2cd2d3bfbb29c8264ebddf95da",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "3300000010a4912943d94ce62e000100000010",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "61509fd4e01160eb7d8007dc182bee5b",
+                                    "SHA1": "febd34ec96d90e498d9b6fa54d7fab80ce1464d3",
+                                    "SHA256": "7d79e52d96bc7c571299d90c3bc4bff9d08e36eb74b7e8b0cd69114980737953"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "3300000010a4912943d94ce62e000100000010",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "2281377f-96d2-494e-91d6-86e4f2c78198",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "866e67751c0a6b90c631d03793a348bc",
+                    "SHA1": "2565b9e7e5552c7a3340f5ad2c6faab6ea42bd27",
+                    "SHA256": "ce1af9fcce6ad19c00d8236b23b03cf83c593c6184a08266e58fe95c6caa4d13"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2014-06-14 01:37:19",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.17211 (winblue_gdr.140613-1709)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "65e619f026af74b9c47c2cc77346ec40",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.17211",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "61ae12104fd32308c2c6da0ad0f4da3a",
+                    "SHA1": "5916de417c3548f9179b3fca1170571bd0615d62",
+                    "SHA256": "9d016f97efd1b99cdeec92f9010dbe2695c277306c00fe7e352588a7f6e7be26"
+                },
+                "SHA1": "9bf8d8b915968c37fb4b491f67e567d709d2a026",
+                "SHA256": "fef56f20ef6e5065ed0fde1d85fd19f1f07212403489fd1e2b63aa41f5dc600b",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 6.645095705317715,
+                        "Virtual Size": "0x12db74"
+                    },
+                    ".data": {
+                        "Entropy": 5.2729725227732045,
+                        "Virtual Size": "0x5b510"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.471313942696478,
+                        "Virtual Size": "0xfd10"
+                    },
+                    ".reloc": {
+                        "Entropy": 5.5260311577476955,
+                        "Virtual Size": "0x7fca"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2013-06-17 21:43:38",
+                                "ValidTo": "2014-09-17 21:43:38",
+                                "Signature": "78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "28b23b39f3bbd936a26a5b86451be0ac",
+                                    "SHA1": "3b16f29295d5a7c323beb479c71d3d20c6b8acc2",
+                                    "SHA256": "4383c9a796dc607ddaae1849d8e5d2e7ea211aad2c599fe1e251285ec87dd150"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootia32.efi } }",
+            "Description": "This was provided by Alt Linux LTD and revoked Jul-20",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "2ca2a15a-a3ca-44f8-a400-6ad9d6c119ce",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "376edf47c4a984324ea56fba394cc047",
+                    "SHA1": "ec85b380b74232b3a564125db01bfe11ff646040",
+                    "SHA256": "98cc8b91fec5252f62e81843d9d5d8ac2a2f253aa38152b3236a5092200ed290"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootia32.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "28e6701303a90a81dea61addc9d06329",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "00745e4a83900338ec53b231a602eb76ce3fa889",
+                "SHA256": "2f871712447dde7c3552f5aa90a2292821c6f32d92788e00dee8566f8d4de209",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 5.842861242399998,
+                        "Virtual Size": "0x931f7"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.5709505944546687,
+                        "Virtual Size": "0xa"
+                    },
+                    "/4": {
+                        "Entropy": 4.934638497318441,
+                        "Virtual Size": "0x64"
+                    },
+                    ".data": {
+                        "Entropy": 5.396610377012996,
+                        "Virtual Size": "0x2211c"
+                    },
+                    "/16": {
+                        "Entropy": 7.306150252866006,
+                        "Virtual Size": "0x414"
+                    },
+                    ".dynamic": {
+                        "Entropy": 1.38767138404284,
+                        "Virtual Size": "0x78"
+                    },
+                    ".rel": {
+                        "Entropy": 3.523619729561932,
+                        "Virtual Size": "0x9048"
+                    },
+                    ".dynsym": {
+                        "Entropy": 4.380703867207076,
+                        "Virtual Size": "0x9360"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "ValidFrom": "2018-07-03 20:53:01",
+                                "ValidTo": "2019-07-26 20:53:01",
+                                "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "8d8a1f204c9c80213bd427fa58b387e2",
+                                    "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386",
+                                    "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootia32.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "7480e25e-d4dd-4e39-b652-33861111c011",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "3153B3E305575439914605D976CF6EAD5A500E54D0B6ABCDAAFCCED1BC47E04F"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "55C6D083A4E3BE8FF842A5D39EF6F0C82D3DD29FE377C7AEA920C7B419F660D8",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\BOOTIA32.EFI } }",
+            "Description": "This was provided by Fedora Project and revoked Jul-20",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "854018eb-0eb9-4c45-8c0c-edb859445cb9",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "be4303f658c8f9c5541a6bdac9dc2c2d",
+                    "SHA1": "faa088677fbfb6eb7266526835f878855ee767d6",
+                    "SHA256": "cf3f7c24af6d46e133bb6a936902a47413394b2a8addc63a8890c75eb7c3a6c7"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "BOOTIA32.EFI",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "87e606dee08705c7ac75737a83a6e063",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "56ebc1fe5d75203a8fd8669eb86d80cda4c13d91",
+                "SHA256": "6a6f1c13eefcba07c0fc8aa0b70ab6fe2bc709a9eaf83090b735fec8e0dd576b",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 5.843735832527754,
+                        "Virtual Size": "0x94b97"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    "/4": {
+                        "Entropy": 4.855334501626881,
+                        "Virtual Size": "0x5c"
+                    },
+                    ".data": {
+                        "Entropy": 5.364024351542338,
+                        "Virtual Size": "0x2295c"
+                    },
+                    "/16": {
+                        "Entropy": 7.133596117970691,
+                        "Virtual Size": "0x4ac"
+                    },
+                    ".dynamic": {
+                        "Entropy": 1.3647139881914778,
+                        "Virtual Size": "0x78"
+                    },
+                    ".rel": {
+                        "Entropy": 3.5319998815880522,
+                        "Virtual Size": "0x9048"
+                    },
+                    ".dynsym": {
+                        "Entropy": 4.399390751124498,
+                        "Virtual Size": "0x9370"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "ValidFrom": "2017-08-11 20:20:00",
+                                "ValidTo": "2018-08-11 20:20:00",
+                                "Signature": "6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "a5052527524f4998a7bd87f396196fe8",
+                                    "SHA1": "2374a3e4f0499d106f0e4d71a22f7b0e709847c0",
+                                    "SHA256": "f5b4992e0bd1b102ae9d5aeec4bd213f5dd042bd27b9a345ad336d2dda10a138"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "BOOTIA32.EFI"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\rhel-7.9-shim-20200726-shimia32.efi } }",
+            "Description": "This was provided by Red Hat, Inc. and revoked Apr-21",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "a2e0c2d5-a9f3-43f2-83f0-41235cae223d",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "2629AE14B467DA5DF8E9EB6F1ADC1A9F50A78DBC3C246271C8530D0D35997A4C"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "rhel-7.9-shim-20200726-shimia32.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "DEF0CE090F4C6B203C317558D43D015427311475231E8CE9B2E00AC0C18D3922",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "rhel-7.9-shim-20200726-shimia32.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "f922e65f-baea-45c6-bdfa-0b6ab679bda8",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "170d26c08c0bd42cabe41e7223cf1a3b",
+                    "SHA1": "026ce5f4baea28c655be66c8ac4873ddcd2fb089",
+                    "SHA256": "8d5332b350577ab7b1987f93fda104b2090f6a62e262214264f554b6163e8050"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2012-09-19 23:32:36",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.2.9200.16420 (win8_gdr.120919-1813)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "2eb1ef37d6d0425c505df369802d5d54",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.2.9200.16420",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "fa6462badb7aa537a9d3ecf604e9fbd7",
+                    "SHA1": "caefdafc6f3620830b306d429c83bb077f6bdaa4",
+                    "SHA256": "4689fe3d6e35db99759219db2adef6cefa62105e8b636c0c5bd2a6bec395e471"
+                },
+                "SHA1": "8568540072aa5aead8d761d4baa459e4f9a222b2",
+                "SHA256": "9e14396bca7712b13a5f0b209c8633d754afc3bf577b42ef78304581ddd4e02f",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 6.641518892559521,
+                        "Virtual Size": "0xdd286"
+                    },
+                    "PAGER32C": {
+                        "Entropy": 6.572183780133045,
+                        "Virtual Size": "0x4805"
+                    },
+                    "PAGE": {
+                        "Entropy": 6.502474956779901,
+                        "Virtual Size": "0x12ab"
+                    },
+                    ".rdata": {
+                        "Entropy": 5.359718481379002,
+                        "Virtual Size": "0x122aa"
+                    },
+                    ".data": {
+                        "Entropy": 5.32099548613425,
+                        "Virtual Size": "0x54bf0"
+                    },
+                    "PAGER32R": {
+                        "Entropy": 7.631412897966042,
+                        "Virtual Size": "0x380"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4708606085287217,
+                        "Virtual Size": "0xfcf4"
+                    },
+                    ".reloc": {
+                        "Entropy": 6.124599725636047,
+                        "Virtual Size": "0x61b0"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2012-04-09 20:55:50",
+                                "ValidTo": "2013-07-09 20:55:50",
+                                "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "610bbbd8000000000005",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "158438012e4dcd69b27b762c9358cfa2",
+                                    "SHA1": "684ac167849404a4101f166b759f291a43d5f749",
+                                    "SHA256": "95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "610bbbd8000000000005",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\BOOTIA32.EFI } }",
+            "Description": "This was provided by Red Hat Inc. and revoked Jul-20",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "8cb4f77a-a709-4aa9-9563-a21d26fc900f",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "14a8d4ab1ac048531dc075cda647773e",
+                    "SHA1": "32aff74e8078b1833eba455d0c01471bfef3164c",
+                    "SHA256": "b7d3e3c4a930fffcdb184619534ef7c3d45435ef97f7988611714f5523b207e5"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "BOOTIA32.EFI",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "ee4b2aa959df5211204c6165df138ecd",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "ef1dd5153ae097116a870b6b3571aa1f2f99bfe7",
+                "SHA256": "67fe6b4b726451375e2dc3f87a0954cd01083fb4d8f4fb074bf699536450af04",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 5.774188637561653,
+                        "Virtual Size": "0x92b93"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.5709505944546687,
+                        "Virtual Size": "0xa"
+                    },
+                    "/4": {
+                        "Entropy": 5.040573517037893,
+                        "Virtual Size": "0x7e"
+                    },
+                    ".data": {
+                        "Entropy": 5.332540470834759,
+                        "Virtual Size": "0x2173c"
+                    },
+                    "/16": {
+                        "Entropy": 7.338341139988703,
+                        "Virtual Size": "0x3e2"
+                    },
+                    ".dynamic": {
+                        "Entropy": 1.4043380507095067,
+                        "Virtual Size": "0x78"
+                    },
+                    ".rel": {
+                        "Entropy": 3.546798440654089,
+                        "Virtual Size": "0x9718"
+                    },
+                    ".dynsym": {
+                        "Entropy": 4.390507192181948,
+                        "Virtual Size": "0x9380"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "ValidFrom": "2018-07-03 20:53:01",
+                                "ValidTo": "2019-07-26 20:53:01",
+                                "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "8d8a1f204c9c80213bd427fa58b387e2",
+                                    "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386",
+                                    "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "BOOTIA32.EFI"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "ea9f89dc-3143-424c-b3b3-437969245705",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "8c6a38741626834657d7c8a8efc9ba4d",
+                    "SHA1": "605ed193044333070a922ead0b80c554c8e73287",
+                    "SHA256": "71a5716decf09fe8bcbcc73225fe1e7012076cea39b49e9e72afa291b1fb717f"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2014-08-18 17:43:54",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.4.9820.0 (fbl_sec(dlinsley).140425-1225)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "1aa56b885cc8dcb37e0165fb6774acf3",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.4.9820.0",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "d94c4831d7cd65bd85851b4c2726909e",
+                    "SHA1": "e4705a5872fb945b5826084d24ee95df003b18e3",
+                    "SHA256": "e2dd71c959ee2c73c142c38d5f2a2f2566a8d421c88ef20cf4eaf567db79fd44"
+                },
+                "SHA1": "51b1b97472c99971ef217632ae7d9fee3ce3f1ad",
+                "SHA256": "2b334e6b147104306dd91f77e900c07383c0ddff77c2979ec79ea5d92944c13d",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 6.60297168599822,
+                        "Virtual Size": "0x136b24"
+                    },
+                    ".data": {
+                        "Entropy": 5.063753638456743,
+                        "Virtual Size": "0x4db30"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4698922882591594,
+                        "Virtual Size": "0xfce0"
+                    },
+                    ".reloc": {
+                        "Entropy": 6.76396764282581,
+                        "Virtual Size": "0x5e84"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2014-07-01 20:32:01",
+                                "ValidTo": "2015-10-01 20:32:01",
+                                "Signature": "8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "9da610547a25cbe89af7ecdb99229623",
+                                    "SHA1": "6841cbcbd019586d045c2e9d6d0bc3a98fee3bf7",
+                                    "SHA256": "1cfead8146399a4dfe6759e9303c30c521cff3830e7177e87e64021dc3da4931"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "5ea7cfb0-5f73-4d02-925e-8161b423fa88",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "A372DA66E15D456DC4200BD3908E0943BA4EAF864F7A35062B6B1704320D090A"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "45A04261C55E72E48C90A5C821C3A519B4A0D9B1A6C3561CE7477AC399D23C5B",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootx64.efi } }",
+            "Description": "This was provided by Alt Linux LTD and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "59b7d19b-fb7b-4641-b158-0d2f498e375d",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "19d9ca04dfe150f7ed275c0522308b48",
+                    "SHA1": "fed3c32a930572d743108d45a16103a34c0c6b73",
+                    "SHA256": "3a91f0f9e5287fa2994c7d930b2c1a5ee14ce8e1c8304ae495adc58cc4453c0c"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "2013-08-01 11:09:48",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootx64.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "aed4e671b03d6e093a423c7593d423c0",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "0795b77ff05d9365bfc1ce099e4edf239f64a073",
+                "SHA256": "5156a8ae596c06692aef13ac6524c7f1e20d52e4ea0f5a5ad43a6874edcc5e1f",
+                "Sections": {
+                    "/4": {
+                        "Entropy": 4.851927163507717,
+                        "Virtual Size": "0x176c8"
+                    },
+                    ".text": {
+                        "Entropy": 5.6438712089241685,
+                        "Virtual Size": "0xa9c81"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".data": {
+                        "Entropy": 4.778525693473229,
+                        "Virtual Size": "0x31368"
+                    },
+                    "/14": {
+                        "Entropy": 7.315232541543508,
+                        "Virtual Size": "0x40c"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.8341231672694769,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".rela": {
+                        "Entropy": 2.627040734955125,
+                        "Virtual Size": "0x2af90"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.211693622055045,
+                        "Virtual Size": "0xf168"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+                                "ValidFrom": "2013-09-24 17:54:03",
+                                "ValidTo": "2014-12-24 17:54:03",
+                                "Signature": "2a27d6bd2f34c68a9989ec856449fe4934ad5c0615ec5819664399053737a86be46c914b9478ce393534b759eec5eb6f015b706b853f1d2be51fe9807b178eaa9e0f9558d6a5d913c58c7492cbad106abb7395426801a42f363842e60bf72d046668865db5d8ce2c901c9673044d05abb74c171ac198c0f9376bb9185ec7523bb53e6d2c114642ffbfbe20efc6c2571c2006159cb70ff2c428e997f6ce83bf57ad9a47c47decce9830cf861a156471c62600a0260b44e29ea8e6e33c407c046f37be4a46dcaf38c018b24f969beb716d8e76cebc3d1d19134ed6f216cc2e357848b4998196ebd7326bca3e3ade1ba88e98612a569a46a1f45856f4e2dfa02a5d",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000000a6642f3f49fb7379600010000000a",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "c52110f552e27ebb1e3fae114abafb3f",
+                                    "SHA1": "4954e087123653ce38da4cdd31141b6a1bb999e4",
+                                    "SHA256": "1cf7d28cfb21714522a9c91dda9d899ceadb0769f14b25e770799d88365aa54c"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000000a6642f3f49fb7379600010000000a",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "f5fabb82-d43d-45ec-b057-5963c46113a0",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "8A305C5FBE7C56F9E3214D7ADB8F176341F4020F234F3C14E52335967A2D365F"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "C6C85806905E0B76C25C82A88BFF62B995F49124C55413E74D1DCC3461FE8336",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Endless OS and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "2c1b4ac9-5f4e-407f-bf05-bea2bef8d7f3",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "DD59AF56084406E38C63FBE0850F30A0CD1277462A2192590FB05BC259E61273"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "191A99A1EF854CE43E64D1CE2FDCC0C942200B88D232F8823A439CBCD7D148C1",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "2c1b4ac9-5f4e-407f-bf05-bea2bef8d7f3"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "c947ca13-4a5b-42ca-81cd-b1d1d9a4d8dd",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "BE435DF7CD28AA2A7C8DB4FC8173475B77E5ABF392F76B7C76FA3F698CB71A9A"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "83A5C9C78BC64206AAF7B7F9901867D19BB746201923D855AAE24A2B2330F113",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "c947ca13-4a5b-42ca-81cd-b1d1d9a4d8dd"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Intel Corporation and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "9be3b201-fec5-4264-b56b-81d4535b4c9a",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "29CCA4544EA330D61591C784695C149C6B040022AC7B5B89CBD72800D10840EA"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "CD0F9839C6CCBEC5CE38B882E1AB23C8AB44A8993E6B8A02026D8314EAC4EA4C",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "9be3b201-fec5-4264-b56b-81d4535b4c9a"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "41327687-8774-4304-bbda-cc7c5835b54b",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "DD5E4E9F20CE8BF8F3512261F176ECDD046C079D32585D9B259AFE0A28C973DF"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "67D204E0E5DBC0C5B2549FC2C003024525378DB4DE12E5CA1451DD996561AED5",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "29221f48-fbc7-4db4-8fc6-86f1e3e137b8",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "2A92103865FB60FC84D357180CC7DB45359B04AD419E8C4FAB74F7143FC0655A"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "3A5B30A5017105C4CB30A0793FAE4600BF4A1A442D85C79E98405DC0083DEB8C",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\shimia32.efi } }",
+            "Description": "This was provided by Oracle America, Inc. and revoked Apr-21",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "afc98e92-1064-426a-87de-35479bc19474",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "F7E4C7FB10755AC534BCDF61AA7FA18539E42E061C247891E9BA42E17290C742"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "shimia32.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "1BBE108A0DA8A6A15221BA576E985B4240AD603D7D967F710428A9CB53B97B0B",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "shimia32.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "fc53d49c-f8d1-4a46-91be-205a0ec0515a",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "5f033a228e6fd44ea0f18196d7ca57b8",
+                    "SHA1": "6ebac91cac25a80ff4130bc69da6c527da05318d",
+                    "SHA256": "52ceada58e8d14ab47e706dcd6264d82affc0f9fc62ab46f77be46f262ae1b17"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2016-09-20 08:19:20",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.18478 (winblue_ltsb.160920-0600)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "6b65628a2e6b0cf6bd54965da59a8b43",
+                "MachineType": "THUMB",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.18478",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "9a33833e2407d8d25146f07e9c5c8444",
+                    "SHA1": "04243895d74611d8d91937ec718a82b8dd7fe0f9",
+                    "SHA256": "2efb0d9096d6fc172537ba8c386ba82f72b5a9bed5047e7830290bb6aafb0ff4"
+                },
+                "SHA1": "54fccbba97f50d2b57478a1c01ad8b86a5fc737a",
+                "SHA256": "dbeb49f986ec6618e7c256d3db4e3d5378a6ee3439c5949ae57e12722a73a198",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 7.01271499061755,
+                        "Virtual Size": "0x9f3d4"
+                    },
+                    ".data": {
+                        "Entropy": 6.118785418021721,
+                        "Virtual Size": "0x35d10"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.1416406826134775,
+                        "Virtual Size": "0x5ba8"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4718938617640904,
+                        "Virtual Size": "0xfce8"
+                    },
+                    ".reloc": {
+                        "Entropy": 4.723910694609307,
+                        "Virtual Size": "0x40dc"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2015-07-15 17:04:59",
+                                "ValidTo": "2016-10-15 17:04:59",
+                                "Signature": "1af26ac0cce3928cceeb0ebeb5186b1b289be1caa47cba55a0f5e23afa820ee56142a1f158d8d32c2230c6010fa04ae06caf71b10094107e15e2a73e7d6ab6ee827ab9a2dd386dfe2693fcf0e1a88ac736f48f2944a8214bda510dfc68ccbf0fc6c4f0f39036edd3f08e1449b129d7f611b7e5d6b60a97f63530ed8381a11fc8b95beb7fbc45258d4eb767a911095a27d17f613665f70600b30b88091015722e8a64fb43d975f92890d80b545e38317279e44a7071a104715796dd91d0b913c2ec106073f696a236d71979da345d469eac38e7492ac88f7ecdff68180d2dd57051d79a46b2f6ed2c810d6bd51521c3fda183dd8599f282561255ef8bde0f8ed8",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "33000000a6206efff45e063a190000000000a6",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "57c30a2d7e6573994b137079cbff34b8",
+                                    "SHA1": "08980baa201ccbfc096accff568fb2b073da66f4",
+                                    "SHA256": "19241716f05046843df5ff3c02395bf6e2ed68ad52d441a71a2edcd24ac93056"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "33000000a6206efff45e063a190000000000a6",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "c67be7e5-8f3c-460a-b4ff-174ba2a0fb6d",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "06E3F646CEB102372E3E086D46234B06A9AF13EEF65AAD180EA2880BF8BC12A8"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "997CCF341DBCE2EB9E119803723130DA90E8F1DD167A7B75400E73CBBADA54FD",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\BOOTX64.EFI } }",
+            "Description": "This was provided by Red Hat Inc. and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "216969d0-1120-463f-a8b0-f8832f49fe39",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "947078F97C6196968C3AE99C9A5D58667E86882CF6C8C9D58967A496BB7AF43C"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "BOOTX64.EFI",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "487DF121FD496D9A443C3598DA3771FA187D408C589F4CB990041E546C529539",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "BOOTX64.EFI"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Oracle Corporation and revoked Jul-20",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "bf069911-444a-4972-8961-140fd7897324",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "A7DFCC3A8D6AB30F93F31748DBC8EA38415CF52BB9AD8085672CD9AB8938D5DE"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "5D6A0CBDAAF188974E98ACA06E664B4AE98D458327717A20B1FF6C80518EEA3D",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bf069911-444a-4972-8961-140fd7897324"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "0e36a4f3-efab-453c-b6db-fe4f613b79d8",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "9e1d88b1165fafcc8d3ba103110c4843",
+                    "SHA1": "7ae4be62af6bbe64ea43e60462403334b278fff0",
+                    "SHA256": "f923efa6615ce9a93e5d69963b30adb00f2d2059113f55babc477ba889841f29"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2014-06-14 00:22:31",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.17211 (winblue_gdr.140613-1709)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "c9b413ac0a31f9eb0a141e05654d1d52",
+                "MachineType": "THUMB",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.17211",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "bf2b2fa1725551a7b25c0d86164613a7",
+                    "SHA1": "c2527f2c2aa74dd913300d7868a0d042d10ed406",
+                    "SHA256": "3bc6dba2d4913666539154040f7a9b5b2d4bb1dda99810435b6db4dede407c03"
+                },
+                "SHA1": "70f682f3c63a4a1121c3c9afa78934aa2412c049",
+                "SHA256": "ac22c4ad2e62a3a8369a311b69e9b3dd558359cb44de8115e6bef2ae5e5e7151",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 7.052788904216757,
+                        "Virtual Size": "0x9ccf4"
+                    },
+                    ".data": {
+                        "Entropy": 6.116187398286086,
+                        "Virtual Size": "0x35d10"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.136093204344787,
+                        "Virtual Size": "0x5b50"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4716290018327003,
+                        "Virtual Size": "0xfce8"
+                    },
+                    ".reloc": {
+                        "Entropy": 4.731539389747102,
+                        "Virtual Size": "0x409c"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2013-04-10 20:41:53",
+                                "ValidTo": "2014-07-10 20:41:53",
+                                "Signature": "cbc341b6aa9c66039f4068be8e0a48a0e38ad5c22d4a6f33e6c39817378261c73b0ac8e800662cde2333f4a79c3b75b726b7aaefc55cb467374a3804a65dd3bcf318da3699a4951225e092422aa4bb08880db7d021c4b7883ccd2452884d6e00d6ec06e6055f30218dfc376e893fdf2b0174ba323e15e0d9e480862c7132f49666ab01c246edcb9e403752b15284de32fa501cbed5bba0e45c60635520155a623bbd1b14d47e4cb8c9b2114d41de618eb6fbb022303df44f93d5d6ba60a5edc24f31c0530da52ea1392985d95b01833392c7686abf5c318308b442b5055011dfd475058a740a741ef63482b84edf9758ccfa5f3472df9c7043ca60912102c15b",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000001b40b3e1eae3b8c84600000000001b",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "2e3f888fadd3d8d498f3237752c18df9",
+                                    "SHA1": "4f3c14facbfca2505dddb77d8b8bfe71abb1d2ed",
+                                    "SHA256": "574085e964e5d1fc9d71150ef08a0e08779e1919f28d75a19dad15f69571c8f6"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000001b40b3e1eae3b8c84600000000001b",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootx64.efi } }",
+            "Description": "This was provided by VMware Inc. and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "e121cfa2-ee0c-4c6d-9b1a-1f48ce500b81",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "96c7007a1ef6ec8ae43756e1e3bf9807",
+                    "SHA1": "9574b0676b8540628d0db2f89a8d8bb7b43d863b",
+                    "SHA256": "5c5805196a85e93789457017d4f9eb6828b97c41cb9ba6d3dc1fcc115f527a55"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1970-01-11 04:25:12",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootx64.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "07349cf7c406343bb9a9a9d9eec50790",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "12f8b7152bf718ee95d9d9a8ebd50c1a8fbb9621",
+                "SHA256": "ef43b4b4a755494b10b7431527aead697feab6fa48cf4684cca4fb5b8cd09035",
+                "Sections": {
+                    "/4": {
+                        "Entropy": 4.827964610163725,
+                        "Virtual Size": "0x1e8a8"
+                    },
+                    ".text": {
+                        "Entropy": 5.620340849167797,
+                        "Virtual Size": "0x9a9c0"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    "/14": {
+                        "Entropy": 5.337170840865167,
+                        "Virtual Size": "0xd7"
+                    },
+                    ".data": {
+                        "Entropy": 4.411854121188843,
+                        "Virtual Size": "0x2bad8"
+                    },
+                    "/26": {
+                        "Entropy": 7.32428121292217,
+                        "Virtual Size": "0x3e0"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.7957307370557809,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".rela": {
+                        "Entropy": 2.651762139832741,
+                        "Virtual Size": "0x1c3b0"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.2112511396406864,
+                        "Virtual Size": "0x10008"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+                                "ValidFrom": "2016-11-17 22:05:37",
+                                "ValidTo": "2018-02-17 22:05:37",
+                                "Signature": "0141873b6d85a37b5ac2a306448d73b6be76f7682ad14efef7ce4b377f0f7a5fbefd76377d59dc2caccd28d1be3eb180a8b66ab19a853bd14c7d5e955e8f07bc2ee0686ac3a2c9e997bd9f58de6dc9b93900c6b7824f64bf415ac51ebaa3dcfe8ad4fc2a41ad95b372c421c4f87835a59867c244e1c8df142abc4b23579f57431565eb8de6a7a0318b2fd17f93876a335c9450d2531f6a877baf43a569f83703a68e49987ca3c6dd42a595827f5be49151d3b79ea262e38ef5b37bda5b1be3462baa6ccb313193cdba21ea3cb1e9bbc751a769f354d63a0d1de3158c67d47b765b92d580ed5f1f1cdb5f61774c4b66c7deb15f4c71d605106064f33a17d31ca6",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000001e0d8474951a966ce400010000001e",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "b6f099bf203668f11a8f79ab08792ed8",
+                                    "SHA1": "4713755a345940554eada6042e90b0151591fad6",
+                                    "SHA256": "62a02001fda2712f35e5ba5f619a6403b6a2c10570eab455fdc69455535f49bb"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000001e0d8474951a966ce400010000001e",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootarm.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "997fb55c-0910-48f0-adf7-33f2e50473c6",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "F4D7D6F0D820F749A442DAB0A34D53A71CE47DF51DE07E6723AB848108AD1945"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootarm.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "9A7FA44AE658F9CDED2AA0CC440EAA8134FC1FAFED290ABBC8C45EC670884605",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootarm.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Canonical and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "25356276-9f23-4044-a512-863c5b3180df",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "B93F0699598F8B20FA0DACC12CFCFC1F2568793F6E779E04795E6D7C22530F75"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "96520E78051325998A6D82FFFEE0366F85289E6D8834D1F3DA9082C6EE146D26",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "25356276-9f23-4044-a512-863c5b3180df"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "d17ff559-85d0-4cc7-9327-516585723ea0",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "CBCBB8E81F1CFEE4D02D65481080ECDE62528344C5372B09FED4EE3CA1E14330"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "B81C6018141EFC89816DA4081BBC1414911125D5184108E47AB01260D84FB9B1",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "07e76cae-6513-4120-b399-3ab5ae5879a5",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "A5E0C1C1FDEBE61C4DDBB66C57EB23BCAA86C36BAB9900AD10342A4971128EAC"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "997CCF341DBCE2EB9E119803723130DA90E8F1DD167A7B75400E73CBBADA54FD",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootx64.efi } }",
+            "Description": "This was provided by TeraByte Inc. and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "f4268520-fd18-40df-aecf-b2a6e8dcf27d",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "ba5501c6998594711fe062521d0ba9de",
+                    "SHA1": "8dc43164d1742fd0e3a9590190ee7116bcfc04a8",
+                    "SHA256": "96e4509450d380dac362ff8e295589128a1f1ce55885d20d89c27ba2a9d00909"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "2013-02-28 08:15:09",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootx64.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "fbec641d8564e4e48784b2b07dd9c196",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "7ac5c5314da05d3a6e69e4213b9479a62d6f411b",
+                "SHA256": "ee39a9a3fbde8b15ce4ac34519e248ea746a52ae0ae680da5b0c7ef919e583a3",
+                "Sections": {
+                    "/4": {
+                        "Entropy": 4.829624557782118,
+                        "Virtual Size": "0x17460"
+                    },
+                    ".text": {
+                        "Entropy": 5.6400279515127,
+                        "Virtual Size": "0xaa1d1"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".data": {
+                        "Entropy": 4.774275035620183,
+                        "Virtual Size": "0x310c8"
+                    },
+                    ".dynamic": {
+                        "Entropy": 1.0259041624373757,
+                        "Virtual Size": "0x130"
+                    },
+                    ".rela": {
+                        "Entropy": 2.622559703225293,
+                        "Virtual Size": "0x2af90"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.2093022589915736,
+                        "Virtual Size": "0xf1f8"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+                                "ValidFrom": "2012-07-02 22:25:14",
+                                "ValidTo": "2013-10-02 22:25:14",
+                                "Signature": "840831439e4e63e88d00e1b0c0678d70bb89f466e9027ab28177926d5def8175b3240e729f943f1e6bd94a0f27c92e696a5001c0747f6bf7574c09e8485a5eb6d7024244ddd73236c28e9dfad58ec5098b74516234232552d9230c1d0ddae73108b0a0144bd9e9265dac56ebdcce7512cf3627a6858d41876ede19d35e0e27957a6896aae9ea150098327450fe7c72385aac6feff0616b3d066cd0be7e5a537bb18488c67db9f0731c30ac7918fe977b4250ffbfbeea81e1ba3b8a0305b9374f0d22453781cc5823b5faad5e50e84306381f83382fe0ed8b176a9c9ff1868cc6543e7f12b1f112adc62430fd1ba530d877a290f0d2e09eacce07ed37ec439c25",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "33000000081eb17e9c15fc837a000100000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "c5e24205d04c09c94d81b6935af7ec09",
+                                    "SHA1": "12622dccb5b07edfd65cae6fc018e24b80ff2c82",
+                                    "SHA256": "d6afbff1c283d7777501bd3b2adb4aadb8ce32649ee401dfbb06f884362f7507"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "33000000081eb17e9c15fc837a000100000008",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootia32.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "81f3828a-1a59-4fc2-a34e-d1f297f0f719",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "32D4BA3A03D1F2B6BC80D011C0FA107747B7B573FE96AAFFF21735ECF562D337"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootia32.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "CF960A60921EF186A0A511BECC06B264407111D2AE6875C93496121887318EDE",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootia32.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Unknown and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "a280d6df-a426-4031-8dc8-31473975f92b",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "BB01DA0333BB639C7E1C806DB0561DC98A5316F22FEF1090FB8D0BE46DAE499A"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "EC16CFB5AE2297154394D9AB6B5B749DCE676404486D72A44064CD9A716EC1F9",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "a280d6df-a426-4031-8dc8-31473975f92b"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootarm.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "35a53e95-2bf9-43c3-b7ff-c8a176b73a7e",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "91D56D765B020B99B7716582E3C380147FF0ACDDF63BB09ACDED0C0249E5CC8C"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootarm.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "641A3F8E77A42F04B0F300399F0FE6545733DB7EE00FA402358723E84BC62741",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootarm.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "52d2d179-addb-4556-a244-d085e0aefad2",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "941A51239ED416A788B5059DD647631B16E506C8F6AD87B1D5F3B8C97199A160"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "EA21E2A1F1779F77C35060CD8690D2E74116C4402DD10B6F8260DB2D00B4A9E5",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "3f7d85db-fd3c-4a8e-a83d-ac9d89dda3d8",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "A4B3FEE324D25C53FB5CB48630DC80DD7EE78C1AAC8C8DEEA927396997E33BCE"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "626AD87C1D3475B2599DFD36B430BE3ECBFED207A20D9FBAA01F7AE808C0271B",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Intel Corporation and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "a4e079d3-3919-4c47-84ba-9a7d7d1acbe0",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "D372C0D0F4FDC9F52E9E1F23FC56EE72414A17F350D0CEA6C26A35A6C3217A13"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "D8E8197BB6CB93157BAE6B4E63EFFA60BB49628DEBB6F771F154C229F4205DB3",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "a4e079d3-3919-4c47-84ba-9a7d7d1acbe0"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "57416bf8-a14e-42bb-b668-d424222ffcdd",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "6B8EEC829F0373931099F070CBD4E2E1380CD5644201D05D80D86B1E7ED0B08B"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "6E90699DC49B40F02790D085E3A1B9CEB2F81D85F55D2054163B3432FB87F59B",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Unknown and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "0f4b6460-f81b-4770-8dfb-55224983a557",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "B8D6B5E7857B45830E017C7BE3D856ADEB97C7290EB0665A3D473A4BEB51DCF3"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "8516257431A250296A10F82A4795F9CF68E5C185CEAA2F6F77CA0942CBE0C999",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "0f4b6460-f81b-4770-8dfb-55224983a557"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "db57d7a1-5937-4ba9-896e-8fdce1ff2990",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "332450890F9C8FFF7EC15C53921BF27227AB9EA06B0E1C816D819F8E21CFB55F"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "C79381B9A5D1D2B8A85B6A5B2255923FB2D3A5F500CC00FBBCBF10C6A3A0B40E",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "76724735-ec57-4c1a-8712-f0267d21f0c4",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "a7e340723a992f0a725fa1e394e5a655",
+                    "SHA1": "882ef0e748b0ba689bb0af982c499db1fb1c8ab1",
+                    "SHA256": "65625a143d220ea184dbd5cdfb1b9e9c3bd9654294eaa2b98628bc273ebc18b5"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2012-07-25 19:34:40",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.2.9200.16384 (win8_rtm.120725-1247)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "5cdb3b41abea2f625c0a632f4ad2cddb",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.2.9200.16384",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "b91ca2bc17ae097c0cea2d2fa5ca52ee",
+                    "SHA1": "1a8fb4b3991fa408332afc5f95422941ab4d33bc",
+                    "SHA256": "2cf47ce7a3c1eddb148d65b646a875561cd62faa54a32d5c903707f24f27e688"
+                },
+                "SHA1": "68041e64a6a90537c6f7d7c6c1b07ccee8fd92a3",
+                "SHA256": "4f9398592553ee138d8db48b95789eca19324b8408cafd0f0bc46d030e7b4fd4",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 6.493057126933711,
+                        "Virtual Size": "0x118fad"
+                    },
+                    "PAGER32C": {
+                        "Entropy": 6.357894622079484,
+                        "Virtual Size": "0x3d48"
+                    },
+                    "PAGE": {
+                        "Entropy": 6.4874876888292405,
+                        "Virtual Size": "0x1866"
+                    },
+                    ".rdata": {
+                        "Entropy": 5.511405489245561,
+                        "Virtual Size": "0x1a634"
+                    },
+                    ".data": {
+                        "Entropy": 4.622775810912131,
+                        "Virtual Size": "0x63d70"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.061698645716401,
+                        "Virtual Size": "0x9ce4"
+                    },
+                    "PAGER32R": {
+                        "Entropy": 7.631412897966042,
+                        "Virtual Size": "0x380"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4708865359751586,
+                        "Virtual Size": "0xfcf4"
+                    },
+                    ".reloc": {
+                        "Entropy": 2.6555924696632576,
+                        "Virtual Size": "0x1b5e"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2012-04-09 20:55:50",
+                                "ValidTo": "2013-07-09 20:55:50",
+                                "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "610bbbd8000000000005",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "158438012e4dcd69b27b762c9358cfa2",
+                                    "SHA1": "684ac167849404a4101f166b759f291a43d5f749",
+                                    "SHA256": "95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "610bbbd8000000000005",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\rhel-8.3-20200917-shimia32.efi } }",
+            "Description": "This was provided by Red Hat, Inc. and revoked Apr-21",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "7520fd68-dbc4-4182-ab8e-2cc005024183",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "4AAC0A9E089DF8E9AC6725E0DFCA3AC11A17747A2E35F43A2B38A58F8AE2A273"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "rhel-8.3-20200917-shimia32.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "3BA74313087DB77CF93A00E072A2FAE00C0A472DAC5DD6988F9C0993A0769159",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "rhel-8.3-20200917-shimia32.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Unknown and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "48c8b841-9f1e-4557-ba59-91461142b90f",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "E800395DBE0E045781E8005178B4BAF5A257F06E159121A67C595F6AE22506FD"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "571B2AA6CA8EDF6479D3472814B8CDF34A0B8544939E5CE9F50261968E382B45",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "48c8b841-9f1e-4557-ba59-91461142b90f"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootx64.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "94ba0558-c5b6-4f9f-b1fc-598e7448bf13",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "CF7F9E7D091023A1A1C3F5CBF7DDACF7B18F03A4D07961F71506FE9DF4388EEE"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootx64.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "196243A87389B47FC9033AF3884F3FF0A5C891D80E22C82D2ECD5B9A3434186E",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Cumulus Network and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "d7cc6936-4efd-40a1-bef3-ea4da008ae4c",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "EAFF8C85C208BA4D5B6B8046F5D6081747D779BADA7768E649D047FF9B1F660C"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "E4FF4E538B4758E8E49010ED16D6D5380417B146F3E8806ACB3AC40611646FDB",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "d7cc6936-4efd-40a1-bef3-ea4da008ae4c"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\shim64-bit.efi } }",
+            "Description": "This was provided by Oracle America, Inc. and revoked Apr-21",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "ca7157a0-3de8-4642-95b6-0a42c53a97b3",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "E42572AFAC720F5D4A1C7AAAF802F094DACEB682F4E92783B2BB3FA00862AF7F"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "shim64-bit.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "7395EE455BB71B4A37DD973999C875F166037E7BF5B948F812A8B45ADFC03A55",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "shim64-bit.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Unknown and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "261d9721-b41e-4711-9ec1-d46057b9c56b",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "97A51A094444620DF38CD8C6512CAC909A75FD437AE1E4D22929807661238127"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "424C636253B4EFA0C69F91505EE16D7079956B8EDE4524FFCE211A1B037FF692",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "261d9721-b41e-4711-9ec1-d46057b9c56b"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "03fbb84a-9153-4d42-aa08-c26fd8260bd1",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "C3505BF3EC10A51DACE417C76B8BD10939A065D1F34E75B8A3065EE31CC69B96"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "AD215B731A41CBE37CAFEE5280FFC282A8AC23B5E8BA25DFF3D28A6AAE1D2A0D",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "03fbb84a-9153-4d42-aa08-c26fd8260bd1"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "5d92da13-8976-4b19-871d-a9266e342121",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "19F4C7030AD74035F5BC07ACE285BD7538F231D25787755D72071EDE879C6978"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "A84526FB39B09F95A0A1CABE23D34CC28FA554242405EB653D6EAB8669B3C1BC",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Oracle Corporation and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "e0a4512e-03fa-4db8-b7e0-8c8eb6f2bc8a",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "37A480374DAF6202CE790C318A2BB8AA3797311261160A8E30558B7DEA78C7A6"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "7C2FDA323F09B9BE6269BA979A620438413EBA4A93B2BA34F9B39998268AD9CD",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "e0a4512e-03fa-4db8-b7e0-8c8eb6f2bc8a"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\Signed_13652009334930799/shim64-bit.efi } }",
+            "Description": "This was provided by Debian and revoked Apr-21",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "63cbc1a5-3884-4049-ad87-f32f77644986",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "3c80cdb2f0833095f9f77027e2431b0a",
+                    "SHA1": "21b20549df4909eeb13f64d4641ef60cd5c5a682",
+                    "SHA256": "48f4584de1c5ec650c25e6c623635ce101bd82617fc400d4150f0aee2355b4ca"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "Signed_13652009334930799/shim64-bit.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "8572a7c437a9bc92225906ce5fc04497",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "6d2ce22514e2dffca0e31eedd4804280f8c37e4c",
+                "SHA256": "cc5c7db3068d99d6271fb38ab15b78c633c92249c4d783db0cdae2b918e97969",
+                "Sections": {
+                    "/4": {
+                        "Entropy": 4.854473006421037,
+                        "Virtual Size": "0x1f020"
+                    },
+                    ".text": {
+                        "Entropy": 5.637088505235519,
+                        "Virtual Size": "0x9ffd5"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    "/14": {
+                        "Entropy": 5.064013199597692,
+                        "Virtual Size": "0x69"
+                    },
+                    ".data": {
+                        "Entropy": 4.407892310209117,
+                        "Virtual Size": "0x2d1f8"
+                    },
+                    "/26": {
+                        "Entropy": 7.405693653367437,
+                        "Virtual Size": "0x3b3"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.8630797231656377,
+                        "Virtual Size": "0x100"
+                    },
+                    ".rela": {
+                        "Entropy": 2.6590153947439474,
+                        "Virtual Size": "0x1c6c8"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.21087140465499,
+                        "Virtual Size": "0xf2e8"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "ValidFrom": "2018-07-03 20:53:01",
+                                "ValidTo": "2019-07-26 20:53:01",
+                                "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "8d8a1f204c9c80213bd427fa58b387e2",
+                                    "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386",
+                                    "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "Signed_13652009334930799/shim64-bit.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "b0db7258-fe95-4712-ae0f-fe258342295b",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "F31FD461C5E99510403FC97C1DA2D8A9CBE270597D32BADF8FD66B77495F8D94"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "862EF2D92E8E0DF128007AEF6F9E4D6A6D0DE3C656A4D72D1A19A18068C23508",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "b0db7258-fe95-4712-ae0f-fe258342295b"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "3d65bba8-925b-4fcc-849e-ddfc0bdf1c49",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "DC7CC8D1DC11E304ABDF6E6227838F35B223B780F030DE7B341E88A3F6A361B4"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "C655C36EA5160603D4134B038D732604394031E177D1C32CFD582CCE0C037887",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "44795d05-39b3-4605-a58c-cd20de64f934",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "1A74740EBBE6A0E7DD44CC3D8E29F8FCF42B642298A5C5A586D77BE0DB15C2F9"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "34776096730EB7B0CAA5415414943E2C31AAA464BB545FBCB8E341E7EBACFAB5",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Unknown and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "02e8f438-8842-4018-8592-a4fea656bd01",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "0257FF710F2A16E489B37493C07604A7CDA96129D8A8FD68D2B6AF633904315D"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "8BF4FAC6F3981D1E6180DB0CD53152AE9666DC40884090A522840062E0C926E7",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "02e8f438-8842-4018-8592-a4fea656bd01"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Now Computing LLC and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "51d3afbe-d378-492d-86fc-3afcf9396417",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "BC75F910FF320F5CB5999E66BBD4034F4AE537A42FDFEF35161C5348E366E216"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "0FB12613BC1D4AB6FBB256574EBA9347AE3A87F96E4A3C259028B55CDE1D8053",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "51d3afbe-d378-492d-86fc-3afcf9396417"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Unknown and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "dc00f1c1-898a-479d-b9a5-9caa9973e310",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "9063F5FBC5E57AB6DE6C9488146020E172B176D5AB57D4C89F0F600E17FE2DE2"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "94BDE75194960FAFF8329DCB4462BD8888B32078B0FB8FB2011C6993FDA0316A",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "dc00f1c1-898a-479d-b9a5-9caa9973e310"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Alt Linux LTD and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "5df619c2-4db7-43f4-95b6-a2e16ebf847f",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "1B909115A8D473E51328A87823BD621CE655DFAE54FA2BFA72FDC0298611D6B8"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "CEF9A1B433C4ED851EC0C373F7E1F19A2B8C306A821D114F177B14E8C070276F",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "5df619c2-4db7-43f4-95b6-a2e16ebf847f"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "ef578b44-9fd5-4d83-9609-4c955babbd69",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "87176A15E766BD06528ED91A61481C3B3CDE65EE95115403F9FFC6D3A26D43D0"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "E082E310571748B9FE6B2DFAB71550530F2452B8E7E4F7725DE7EB9E4C7B1559",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "c748db0c-0a54-4567-a733-2f803c84a914",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "6D174DC1673F7CFB6F1EA75D71739AFDE2B784E214E41AE6F5AA30F622A400C4"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "6A7CD85A11D733D1D03A01AAD914A3F22C33AD9590AB27792D2B177E0E51D896",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "0f3431ba-2b83-4020-b3ff-32eadbcb7205",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "9F2B71EC2FECC93E4EDEAE24B32F8857FA36A81A7272DEFD5435D29FA3BF828E"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "7384B867C248569C3DB81E82AF35585AB3108858E958750098F9D8298CC9B8F6",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Unknown and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "ae979b6b-32b7-42cd-b835-09215a457c01",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "C42D11C70CCF5E8CF3FB91FDF21D884021AD836CA68ADF2CBB7995C10BF588D4"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "561694642D87969C00583ED6C4BB6C41527DFF7164A079035E8C8B905A5E4B62",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "ae979b6b-32b7-42cd-b835-09215a457c01"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "9a34a20c-afea-4d1e-9109-fb7354066e06",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "F33727B54A9908CEC7ED8DB582A1482420FA257B61B559C47343110872ADF7D8"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "79193EAE46F687D00B90B3EBA361B35802BD42E2891A8A8C286B4C00119F9F94",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "406a9495-809e-4065-8c57-b6aa66dc4029",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "0CA5E602468258B0685A2B2B7F028B977354602A82ADA86C9919FC472AE4CA40"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "B6FDF73C4B54F57935671B1C6F03FF5F104F8092C72574C2DF2C6FFB1E5F2E61",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "c5c530c2-b0e2-440b-98c4-3ae3a9581479",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "FD3062358E0E1DC4C3A60380EF1BDFD4C51F4473B8600937D921DF472FBF9B65"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "24119E64BBECB849FDB3CC3EF0BEE550248B13BD5ED5AE540A9389C7D5D7C8BD",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "cf8adf07-931e-408c-a85f-d5e45b09a41e",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "D759308D047E9206006B51B5770FA25EF5C124B8ACC6B0139F5883765FE30DEA"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "A84FFCA344A000BE6FC526DA7D7F701B87EF5559A71D8E63F806276E4D3DFE27",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\rhel-7.9-shim-20200726-shim64-bit.efi } }",
+            "Description": "This was provided by Red Hat, Inc. and revoked Apr-21",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "4b37df07-e561-4581-977f-6eb984d0afbf",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "99D7ADA0D67E5233108DBD76702F4B168087CFC4EC65494D6CA8ABA858FEBADA"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "rhel-7.9-shim-20200726-shim64-bit.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "BD8020CC80D5F842DDFD5AC110C189707A83E85415EEA3386884ABDCFD7F3135",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "rhel-7.9-shim-20200726-shim64-bit.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "ce52a206-8cc9-43e4-9f5d-28b646502ac3",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "664f6508818e109fb75fbe07061638e8",
+                    "SHA1": "aecda4260dceeda535e4c967ed2fa9ae3c4d580a",
+                    "SHA256": "52a3ca4db923c0648ac04be86ce02dbc6a3aaac8312366b106205dec6e2ca2d9"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2012-08-03 21:42:57",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.2.9200.16391 (win8_gdr.120803-1608)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "de3db6ac5d9d0d31d8668a74bc3332df",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.2.9200.16391",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "fa6462badb7aa537a9d3ecf604e9fbd7",
+                    "SHA1": "caefdafc6f3620830b306d429c83bb077f6bdaa4",
+                    "SHA256": "4689fe3d6e35db99759219db2adef6cefa62105e8b636c0c5bd2a6bec395e471"
+                },
+                "SHA1": "b2851fbbc75273998a8dd1aabed09efa961c050f",
+                "SHA256": "1604f70608f964d1a835c3f3a421e58e449774f0291ff134ac298364e8e3f776",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 6.642283438119681,
+                        "Virtual Size": "0xdd276"
+                    },
+                    "PAGER32C": {
+                        "Entropy": 6.57198166568606,
+                        "Virtual Size": "0x4805"
+                    },
+                    "PAGE": {
+                        "Entropy": 6.499448286436215,
+                        "Virtual Size": "0x12ab"
+                    },
+                    ".rdata": {
+                        "Entropy": 5.359200628389931,
+                        "Virtual Size": "0x122aa"
+                    },
+                    ".data": {
+                        "Entropy": 5.324535468894605,
+                        "Virtual Size": "0x54bf0"
+                    },
+                    "PAGER32R": {
+                        "Entropy": 7.631412897966042,
+                        "Virtual Size": "0x380"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.470885485377943,
+                        "Virtual Size": "0xfcf4"
+                    },
+                    ".reloc": {
+                        "Entropy": 6.124520370323963,
+                        "Virtual Size": "0x61b0"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2012-04-09 20:55:50",
+                                "ValidTo": "2013-07-09 20:55:50",
+                                "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "610bbbd8000000000005",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "158438012e4dcd69b27b762c9358cfa2",
+                                    "SHA1": "684ac167849404a4101f166b759f291a43d5f749",
+                                    "SHA256": "95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "610bbbd8000000000005",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Red Hat Inc. and revoked Jul-20",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "8e87c22a-ea23-4f89-bee2-c301e31b4045",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "F8DD2281C67C59A08FDDC9859E9D5FF73802CAD88975242BD11486F13C6DDA6B"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "24AF7036C63F09FEBAB1B84372ECD6151BE32CDC94E80E57F52F7D2C3665FBC4",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "8e87c22a-ea23-4f89-bee2-c301e31b4045"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "d69993da-b588-4dcf-aea1-5d11d9ca4dd7",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "FB0BBC256AEA5CF93DA99CF26481CC42F4E7BA6B32DB63B827620807E79E805C"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "271A4B174838286F6D4BB9FCE91A47FBC87B28BE586744BD42CD82CEF4600B72",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "11dd8dba-8b90-413b-b2eb-bdb05f573d2b",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "ddee4ca24adecb29457fd110f5a472ed",
+                    "SHA1": "c146c31c4634aa1a51fe611ace87a75464c5e199",
+                    "SHA256": "310949b7fd26af0e2e29e1c902ac198574f096d15836376c8b3ef2dd1fb5f1c5"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2012-07-25 20:40:16",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.2.9200.16384 (win8_rtm.120725-1247)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "bootmgr.exe",
+                "MD5": "bc78920fd9f058973d63495f36203685",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.2.9200.16384",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "fa6462badb7aa537a9d3ecf604e9fbd7",
+                    "SHA1": "caefdafc6f3620830b306d429c83bb077f6bdaa4",
+                    "SHA256": "4689fe3d6e35db99759219db2adef6cefa62105e8b636c0c5bd2a6bec395e471"
+                },
+                "SHA1": "edbde6908eebb8bd3197c1634769213b22e0b1b3",
+                "SHA256": "db9643f6d78c6c5bdc29b041660174324639be8b3bc6e247c8c2026e68c4e618",
+                "Sections": {
+                    ".text": {
+                        "Entropy": 6.642283438119681,
+                        "Virtual Size": "0xdd276"
+                    },
+                    "PAGER32C": {
+                        "Entropy": 6.57198166568606,
+                        "Virtual Size": "0x4805"
+                    },
+                    "PAGE": {
+                        "Entropy": 6.499448286436215,
+                        "Virtual Size": "0x12ab"
+                    },
+                    ".rdata": {
+                        "Entropy": 5.358873830747045,
+                        "Virtual Size": "0x122b0"
+                    },
+                    ".data": {
+                        "Entropy": 5.324535468894605,
+                        "Virtual Size": "0x54bf0"
+                    },
+                    "PAGER32R": {
+                        "Entropy": 7.631412897966042,
+                        "Virtual Size": "0x380"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.470569475120354,
+                        "Virtual Size": "0xfcf4"
+                    },
+                    ".reloc": {
+                        "Entropy": 6.124520370323963,
+                        "Virtual Size": "0x61b0"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "ValidFrom": "2012-04-09 20:55:50",
+                                "ValidTo": "2013-07-09 20:55:50",
+                                "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "610bbbd8000000000005",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "158438012e4dcd69b27b762c9358cfa2",
+                                    "SHA1": "684ac167849404a4101f166b759f291a43d5f749",
+                                    "SHA256": "95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "610bbbd8000000000005",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootx64.efi } }",
+            "Description": "This was provided by Alt Linux LTD and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "cce60051-3b8f-4752-9e76-a1098bc803b6",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "cf8d4c0a11aef346e68e0187814ac953",
+                    "SHA1": "51e223e52d59a6e2e4df6614cfa47525722f127d",
+                    "SHA256": "8c0349d708571ae5aa21c11363482332073297d868f29058916529efc520ef70"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootx64.efi",
+                "ImportedFunctions": "",
+                "Imports": [],
+                "InternalName": "",
+                "MD5": "f38a930c417139cd5ccfe3ff2277b4c7",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "b304b38b615184a936502bfb705bf254ab41ee32",
+                "SHA256": "c4b5797189521611b809720ed9c4734f1dec8a2ee2597781ffe438f652a58ce5",
+                "Sections": {
+                    "/4": {
+                        "Entropy": 4.860485674278351,
+                        "Virtual Size": "0x18788"
+                    },
+                    ".text": {
+                        "Entropy": 5.6443502666559935,
+                        "Virtual Size": "0x959be"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    "/14": {
+                        "Entropy": 4.934638497318441,
+                        "Virtual Size": "0x64"
+                    },
+                    ".data": {
+                        "Entropy": 4.54595045365008,
+                        "Virtual Size": "0x2b138"
+                    },
+                    "/26": {
+                        "Entropy": 7.306150252866006,
+                        "Virtual Size": "0x414"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.7842520391300999,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".rela": {
+                        "Entropy": 2.649841454143249,
+                        "Virtual Size": "0x1b0d8"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.2037054998928167,
+                        "Virtual Size": "0xdd10"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "CertificatesInfo": "",
+                        "SignerInfo": "",
+                        "Certificates": [
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "ValidFrom": "2018-07-03 20:53:01",
+                                "ValidTo": "2019-07-26 20:53:01",
+                                "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "8d8a1f204c9c80213bd427fa58b387e2",
+                                    "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386",
+                                    "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0"
+                                }
+                            },
+                            {
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Version": 3,
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                }
+                            }
+                        ],
+                        "Signer": [
+                            {
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "Version": 1
+                            }
+                        ]
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "5466b767-bb4f-4044-a72c-1a7aab0d1d4f",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "D084AC3FCD80893B1878653C8BA9B71FB9C53E25843A989EF51A9B44C7EAFCBC"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "1EC66D5D99383D9EB6CB553965D6ADEF787ABDDEC162844AF1CC04F24EDBCE08",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "4c9eca9d-f738-4fde-99da-f5f1536910f5",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "A330FDE65C067A5F0B75C80D0A300767C301EB75E0CF9B4EE240F0D60B3DC503"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "399BDFB85E5A072F763B3692AC5B34FDB00D7C5DA4180219E99A2E0693D72B39",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "c9f24d64-ce8c-460c-a5b9-13c1082de5c5",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "3860B7C7FF6F4BCD5865843B2E86B2ECA5FF4FB071999F2129D4C7753B806F34"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "3EF9FD0B7CEF661D5AF2971DAEF1ECC44D9210D33AF8C95E2DF9EDD694BB0FE2",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"Bootloaders\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "15ca73cc-0098-429e-8191-5df17cae28aa",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "CB7BBABE6E9A118C420BE4294132A88BC494969D95B9884480BD4F68AB94FB2C"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": "",
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "C2D9AB79B0593235C5EDC3CF77C3A48FCFA740D804A0397B3D9BD9AE9EE516D4",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    }
+]
\ No newline at end of file
diff --git a/lolrmm.com/content/api/lolrmms.csv b/lolrmm.com/content/api/lolrmms.csv
new file mode 100644
index 00000000..696a68fb
--- /dev/null
+++ b/lolrmm.com/content/api/lolrmms.csv
@@ -0,0 +1,521 @@
+Id,Author,Created,Command,Description,Usecase,Category,Privileges,MitreID,OperatingSystem,Resources,bootloader Description,Person,Handle,Detection,KnownVulnerableSamples_MD5,KnownVulnerableSamples_SHA1,KnownVulnerableSamples_SHA256,KnownVulnerableSamples_Publisher,KnownVulnerableSamples_Date,KnownVulnerableSamples_Company,KnownVulnerableSamples_Description,KnownVulnerableSamples_Authentihash_MD5,KnownVulnerableSamples_Authentihash_SHA1,KnownVulnerableSamples_Authentihash_SHA256,Verified,Tags
+6ea89297-74dd-4581-b268-475a282c9592,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,9C1812CF5B1D61DC08BD6683D143511BCB5B14798116D1D2714963CD468933FF,,,,,,,92185C264285741FA7F198CAD8F307C60891AD932D9E3C2A08D92546FF7099ED,TRUE,bootmgfw.efi
+38e6bed7-1db9-4c15-8358-040edb77a39c,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,E438149CA86CF5F2FDD1318BF0D6C301593EA74B06940E031964F34561255BC8,,,,,,,6B54497FF9915A6977428BDF8F45B116D874C4F8A836B5BDFC373D05F4C0EF87,TRUE,bootx64.efi
+7550a473-863a-43f8-aad7-fff5be3977f0,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,4640438E0AAEEE87664C893198B41AA03BBF3214E181AAC4E2DE81A5400D2C27,,,,,,,199F3CF990816D710F556722CA068597C4341B7F346642339839AE30495309D0,TRUE,bootmgfw.efi
+5a1e393f-1595-4e4e-993e-7097a184ce42,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,8DA046540148E1E146DE2F96C7D860962ED059A923E9685E868DC4C6065684AA,,,,,,,3FE9F8D11EDCA3FC1899100484DE4CC2C626ABB38B73985A441B7C3A0D39CA54,TRUE,bootmgfw.efi
+518b78e7-eeb3-43b0-a377-acfa0e831ce0,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,5875DB0835E08A9189F23833B21774FDD1C4C3BD4C5D3459471A49B85CFFD1E1,,,,,,,5D1E9ACBBB4A7D024B6852DF025970E2CED66FF622EE019CD0ED7FD841CCAD02,TRUE,518b78e7-eeb3-43b0-a377-acfa0e831ce0
+4e70304f-ec00-41a5-b542-69701b5df29b,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,A6E8C6906E4845A30A036FB669BA82146E334908706778AC569DF45CBF8637F7,,,,,,,8806CF0C7BD5DF7E01D120F56734113BE916E183755577BD48026C25DB268680,TRUE,bootx64.efi
+b7f9ffcf-525f-427e-b3fd-72289f61ffd3,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,462F49B4FC9E4CE706D668042EB76F711B4292BAE2BE8DD5897182B316EF217D,,,,,,,C470161A06E6B452253A623536924979CDD11838E08D8E4DC86F763732E64B0B,TRUE,bootmgfw.efi
+32eed29e-9d32-4120-8a43-02c7dfc4ae22,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",dbed1f7ed9e19e53bfc7f43122ce3d83,765ce680a932d9f36a6b09c2191c9e2cab1a89cd,c6b0d030bb3e54294742b3914ae76c949e52a065abb28d08054fdf90d7eed628,,,Microsoft Corporation,Boot Manager,35434d7522f9aabb654847d66da05599,638291271b5b95b647a7ee324dddc79bec196616,1eaed62c4abcb2524643e1723f6aadcc31a74af4d2285d3b13880cc44c22dec5,TRUE,bootmgfw.efi
+58c24252-f076-486b-90fb-5a1c7b922efa,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,C334B9CA48819E7E408A3A3418879978828AA302BAA3ED86DE64D8AE5ACA0EAB,,,,,,,AB311E737112E4D34ABF545836BC671637663E93738CEFA37405214CE8C92A58,TRUE,bootmgfw.efi
+9308b260-6695-43ee-bddb-a90f20e035f1,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",77fefa9f6ac9273ee5edb4d19e87d348,e609f8ddc446dc27a2aec3577e2b7869126662c0,03c8c9956938147bcc81a19e580ca8b5214e82829ec0494c22b0f59013ca22b2,,,,,c62cb9b4d87523ac468bd048647eabec,57916473f391f8b25aa2497acf5c58d2eb304e2b,38909daf2fe29bbfe22303939d3904f38dca48b7f2a41f28f34de564a0242781,TRUE,BOOTIA32.EFI
+76724735-ec57-4c1a-8712-f0267d21f0c4,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",5cdb3b41abea2f625c0a632f4ad2cddb,68041e64a6a90537c6f7d7c6c1b07ccee8fd92a3,4f9398592553ee138d8db48b95789eca19324b8408cafd0f0bc46d030e7b4fd4,,,Microsoft Corporation,Boot Manager,a7e340723a992f0a725fa1e394e5a655,882ef0e748b0ba689bb0af982c499db1fb1c8ab1,65625a143d220ea184dbd5cdfb1b9e9c3bd9654294eaa2b98628bc273ebc18b5,TRUE,bootmgfw.efi
+2a4a532a-848c-4ca5-a910-357daefe32e7,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",9671f8d6de959b9d084f2a67f6dfadf3,f7df1f4af46adceea20652bc796d86b47d9eeb6c,3c430c719c9053a74d74dcc5e52b40d10f109db1dc9458a05a7a413b86a93467,,,,,e04975ca0b4139e160f03ab301fe80b6,8b736cf22a54133d32665bed98eedf76755e0b10,4cd73702d6b209ea8d57657ac4603c8127134d01973d84018af7c68335751ad9,TRUE,shim-0.9+1474479173.6c180c6-1ubuntu1/shim64-bit.efi
+87813fcd-6a01-4452-b54c-0dc24402bbfe,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,23EBFBC7BC286CEFC68B4920784B926EC28D7965815238325FBD17892177D6F3,,,,,,,340DA32B58331C8E2B561BAF300CA9DFD6B91CD2270EE0E2A34958B1C6259E85,TRUE,87813fcd-6a01-4452-b54c-0dc24402bbfe
+9be3b201-fec5-4264-b56b-81d4535b4c9a,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,CD0F9839C6CCBEC5CE38B882E1AB23C8AB44A8993E6B8A02026D8314EAC4EA4C,,,,,,,29CCA4544EA330D61591C784695C149C6B040022AC7B5B89CBD72800D10840EA,TRUE,9be3b201-fec5-4264-b56b-81d4535b4c9a
+f2418902-5951-4626-8a5f-79d4d022337f,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",41218ac4af41772dbaa3d4738e0c2bf3,4d7caebdafbc4bb3866676173dace618baa6a129,aef3e0a113345c1adca2d627c5853a11ddfc4e0e07fd28c10049a9b766c0fbc5,,,,,59ee638030fd199a10f08a99e2cecb60,e123503e3c7764b8d9e60439069505f997287914,c9ec350406f26e559affb4030de2ebde5435054c35a998605b8fcf04972d8d55,TRUE,bootnetx64.efi
+e32b7c1e-14b0-4f29-9c62-d1664d26777d,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,52A4F27CCEDCC5405D8EC128BF99861865B2273DA18A9B958ABADEFF63DF5A18,,,,,,,3765D769C05BF98B427B3511903B2137E8A49B6F859D0AF159ED6A86786AA634,TRUE,e32b7c1e-14b0-4f29-9c62-d1664d26777d
+164bcf0f-91a1-4754-9c4d-f2c1b90aea06,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,9C904F10520295D070DB9CF381101512946AB832C2BD92D4E92D42B934F40DC3,,,,,,,1D8B58C1FDB8DA8B33CCEE1E5F973AF734D90EF317E33F5DB1573C2BA088A80C,TRUE,164bcf0f-91a1-4754-9c4d-f2c1b90aea06
+f922e65f-baea-45c6-bdfa-0b6ab679bda8,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",2eb1ef37d6d0425c505df369802d5d54,8568540072aa5aead8d761d4baa459e4f9a222b2,9e14396bca7712b13a5f0b209c8633d754afc3bf577b42ef78304581ddd4e02f,,,Microsoft Corporation,Boot Manager,170d26c08c0bd42cabe41e7223cf1a3b,026ce5f4baea28c655be66c8ac4873ddcd2fb089,8d5332b350577ab7b1987f93fda104b2090f6a62e262214264f554b6163e8050,TRUE,bootmgfw.efi
+4cc6cdc2-6f4e-4b25-b3a2-383174f52460,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,24C0732D77F6BC85BE8A6CA9B0FA3BA8611F950CA4E0194E972E59A433DC05C6,,,,,,,9AF92541E63EACBC5784BB44DB66F9B60726174F4EC178C6CE32EAF647EEBCA2,TRUE,bootmgfw.efi
+22532a2a-950a-425c-b1c7-ae8f8e4faa5b,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,1CC3D6DA3017F0F1422D1B8115622EDEF65FBC497487234D17F4D356670F28EB,,,,,,,1F16078CCE009DF62EDB9E7170E66CAAE670BCE71B8F92D38280C56AA372031D,TRUE,22532a2a-950a-425c-b1c7-ae8f8e4faa5b
+55b45543-5130-4632-b2a9-12f11c8da501,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,BBD53435E3881C13F6EF3D7C17DDE9BCCF2BB2D95D303DC4623CD1AA8F51EF23,,,,,,,781764102188A8B4B173D4A8F5EC94D828647156097F99357A581E624B377509,TRUE,55b45543-5130-4632-b2a9-12f11c8da501
+a93c81ef-3f87-43cd-8d09-67e57167689c,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,C1D93E3D7F580616051BC1456083F6DCC80DB4642E7AA2909041E86F8209583C,,,,,,,825ACCE0634B91818F57CE96B8314ECEE7373BD20DA77FB08B9B96D66EB65145,TRUE,bootmgfw.efi
+163d69a7-be4d-47bf-ba9b-ad2e76271175,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,73ED112C5EE295BA56BEA8679E062EE22A5E01B23438A7B8F459AF8F61A93BF4,,,,,,,FDBE6C45F2414421562D812EB67C5FA0CFD0D40AFE2CF0CDDC5E09054ACB4FE5,TRUE,bootmgfw.efi
+ea9f89dc-3143-424c-b3b3-437969245705,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",1aa56b885cc8dcb37e0165fb6774acf3,51b1b97472c99971ef217632ae7d9fee3ce3f1ad,2b334e6b147104306dd91f77e900c07383c0ddff77c2979ec79ea5d92944c13d,,,Microsoft Corporation,Boot Manager,8c6a38741626834657d7c8a8efc9ba4d,605ed193044333070a922ead0b80c554c8e73287,71a5716decf09fe8bcbcc73225fe1e7012076cea39b49e9e72afa291b1fb717f,TRUE,bootmgfw.efi
+3a20e152-907d-41c3-8ae7-14c2a23e4880,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,299E3B66B0283E23793E03FBA6B795A2C6B6034864B6D571449945EBA0D90A20,,,,,,,3E3926F0B8A15AD5A14167BB647A843C3D4321E35DBC44DCE8C837417F2D28B0,TRUE,3a20e152-907d-41c3-8ae7-14c2a23e4880
+59b7d19b-fb7b-4641-b158-0d2f498e375d,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",aed4e671b03d6e093a423c7593d423c0,0795b77ff05d9365bfc1ce099e4edf239f64a073,5156a8ae596c06692aef13ac6524c7f1e20d52e4ea0f5a5ad43a6874edcc5e1f,,,,,19d9ca04dfe150f7ed275c0522308b48,fed3c32a930572d743108d45a16103a34c0c6b73,3a91f0f9e5287fa2994c7d930b2c1a5ee14ce8e1c8304ae495adc58cc4453c0c,TRUE,bootx64.efi
+faa5ce45-c815-4eec-a757-84e1b181afcf,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,EBF3E0F060E9ECA943F49444CC0DBF6CBE1AEC2C20AE10DFB9E757335AA26ADD,,,,,,,3E828EF5E880FE62B33D36B78F2235F1A314153899AC80469597297B9A9DD22D,TRUE,Signed_13652009334930799/shimaa64.efi
+46a49cc4-2dcb-4c79-b1d1-2c49f6df0af0,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",658f77c25877b5ceb68bc7e046d37ec3,8276fccfe7c6ec83b5340aedcb77fb1e24cb1c4d,d92b8ac828b827e4e5b9e9aeb02676783cdb1884f42194823769ccf033a7b9c5,,,,,6178f6bbcb3eea01cc915b8a348a3637,cc3d816d02da15fb70878fa6590b69c9f23f8441,8e53efdc15f852cee5a6e92931bc42e6163cd30ff649cca7e87252c3a459960b,TRUE,bootx64.efi
+3cf4dc5f-5fc3-4a44-b069-bced755a5e5d,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,C990C8BF9D0C8E5A50CAF28C9FF6E8EA1949C5DD6AAAC5AB08B3A77CC0D5F011,,,,,,,1C19A5A240A361131DCC5EC25363DA6E79C7D55B3C79C0976C947F1D04A38AAA,TRUE,bootmgfw.efi
+c5c530c2-b0e2-440b-98c4-3ae3a9581479,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,24119E64BBECB849FDB3CC3EF0BEE550248B13BD5ED5AE540A9389C7D5D7C8BD,,,,,,,FD3062358E0E1DC4C3A60380EF1BDFD4C51F4473B8600937D921DF472FBF9B65,TRUE,bootmgfw.efi
+2281377f-96d2-494e-91d6-86e4f2c78198,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",65e619f026af74b9c47c2cc77346ec40,9bf8d8b915968c37fb4b491f67e567d709d2a026,fef56f20ef6e5065ed0fde1d85fd19f1f07212403489fd1e2b63aa41f5dc600b,,,Microsoft Corporation,Boot Manager,866e67751c0a6b90c631d03793a348bc,2565b9e7e5552c7a3340f5ad2c6faab6ea42bd27,ce1af9fcce6ad19c00d8236b23b03cf83c593c6184a08266e58fe95c6caa4d13,TRUE,bootmgfw.efi
+fc53d49c-f8d1-4a46-91be-205a0ec0515a,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",6b65628a2e6b0cf6bd54965da59a8b43,54fccbba97f50d2b57478a1c01ad8b86a5fc737a,dbeb49f986ec6618e7c256d3db4e3d5378a6ee3439c5949ae57e12722a73a198,,,Microsoft Corporation,Boot Manager,5f033a228e6fd44ea0f18196d7ca57b8,6ebac91cac25a80ff4130bc69da6c527da05318d,52ceada58e8d14ab47e706dcd6264d82affc0f9fc62ab46f77be46f262ae1b17,TRUE,bootmgfw.efi
+1b134b19-47f4-4bfd-af37-40c05933168f,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",f383b5c1f0cb8806742c8df990bc7803,c1f26b124fcfb2c73ec9c9cfafe3fcfbc269d4e7,8e8addb29426d845a0101c2c1f26c2e7fe8c78128ab04f16cfcb4e06461b0101,,,,,cba477486346b0fad728f78e3542e00e,cecc72f2d1a431149d9bc47f8e21b655e980e9f2,804e354c6368bb27a90fae8e498a57052b293418259a019c4f53a2007254490f,TRUE,grubnetx64.efi
+ec0d55b6-d46c-4f5e-b467-1a8fe09e64d2,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,FB03DB013F31A9AA909B77CF510CD129B9E857A93E37BF9ABB91A79EB296C758,,,,,,,0C0C78837FA767EB045B8199E1E20AD666F90928DAEEB8F5E5253D8E7877FCB4,TRUE,bootmgfw.efi
+cb5a22b9-4471-44a3-9783-c27df207f95a,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,B1EC3A20DD620668852C057FD33023CB945D35122C079F13A59A73F8A4E4FC12,,,,,,,264CBC5765718A0BCCB0F79C0FDD133A898203FB6F4F2052CB0647FBF6000ED0,TRUE,bootmgfw.efi
+513ff7cf-418a-4405-9020-8044f5ce24cd,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,4489FA289C24EC5745E69F476FEBB3FA0103501D95349E795BE481E678429DDE,,,,,,,E11BDBFBAC4736918C497798D6ED018F529726A6B1894BE0658D1B9519538B22,TRUE,bootmgfw.efi
+c2ba98da-826c-45bb-bb56-09db34e78fe0,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",cefe4b51ab58c74a20f0302fca66bd03,e230f2632b21bdb523d214032f979104df1ee867,88c2eac45b9480cc7e423558ba1b90097e8f12dbf98f4628c7a574c6371c6030,,,Microsoft Corporation,Boot Manager,47f4be47cd0365cc9f8a6c802f5a3192,01cf7cf98149854f741a31f3a6d8071ad80ea347,a22471b1d04c11ca895e8c078c221718c96c40309d64cf84144759ca7dfbd0d0,TRUE,bootmgfw.efi
+2d78b89b-4a5d-4d38-8c20-2baf76df8699,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,83B1D2B20830EE199D8845C999D4680B1B2B6D9C1F424DD13826DA3FA7F7139E,,,,,,,386D695CDF2D4576E01BCACCF5E49E78DA51AF9955C0B8FA7606373B007994B3,TRUE,2d78b89b-4a5d-4d38-8c20-2baf76df8699
+52a629bd-deb4-4e92-aa7c-3e4c301a086a,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",ec46eab41a4c2ffd8c352d6e0dea430b,5b65a8b1427f80e9c997bbad4e66dd36742314f7,e0df7ce01e42a61228f4005fcdb9c42675ff7280a0be9ec1c32ad9d5e0493f10,,,Microsoft Corporation,Boot Manager,00a62b0feb53c1c76e1e5246aab69123,4654356766b9e062ffd65fd26bf3d0916430881c,d87817f76309b1e420547808cb573aea0c8e7de14123793a42388582184286b7,TRUE,bootmgfw.efi
+85443af0-4180-4b3e-978c-e3d8c8d35422,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",bf4168403960a0df177f58277f06250c,6a3777265403ea83fb91ab07988464303e66b172,669353cc31e65f896a755db94a045d9dc1b4a24baba14fce11d623bdfacec78c,,,Microsoft Corporation,Boot Manager,bc8921a85faf4205abd65c8b0263e795,b820221890353f2d702024c23c19cbf17ed25f20,5e67bf240b1d05f6f618908868a494c50a30ab255b06619fa28411eb260f674a,TRUE,bootmgfw.efi
+347957db-bbbc-4322-a736-366891a369d0,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,F736ABAB18FA867218E4FBFEAA8A452C3B55F2981CC7E27E6CAF1FD9181EF294,,,,,,,A9CE2969A83982F80B6B2685568A7D6F8E58BCB5FABAA2F8168092175518A0C9,TRUE,bootmgfw.efi
+025ed4ef-d8c6-492b-927f-a1eb484d7b89,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,D0A3923ED57307BBDDA1ECF0FF1C40F478DD6F439F80A072508C3551520CD52C,,,,,,,812EB0FA2DF13A889549729CADBF1720B68F6C9E21955741B72802590AF1B5CA,TRUE,bootmgfw.efi
+24b32147-9b69-40e3-a166-b0c457b3c371,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,3F8091F700DA0DD082C6C06D0D3B68DB8D51FBE03198BBD6E4FA0D4A9EACA522,,,,,,,2F9A8EB6C8E18E7E118AFE9B51E233D88EC76C0EA256FF1F2A842B3A0EA9F466,TRUE,24b32147-9b69-40e3-a166-b0c457b3c371
+9ad7a737-68be-4ce9-9595-30623e887396,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",6c1910730f135cbd5a78e3a48520e647,1d5beb0bd494d324fa663da050cc61e8f7f2ce92,77e2945b3a2b0d14e9943f90ddd7bb87dde9cc5d8be09f9693e9f4166769363d,,,Microsoft Corporation,Boot Manager,c44756dff66637b44b1180df93fecc70,502c5761b07eef8e5b1b90cd8465a36a115e339b,6582dccb8b305efe0bbbafdcc7d295a6a8bf1df0397e1a8ac736e9098a2a64c0,TRUE,bootmgfw.efi
+77a4c1f2-a194-4778-8074-4ba1d052129f,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",b93d4a486013424efe0fb34668b50b85,71ff189bcbb7e43d0793a0efb827f7225fb122b0,4f3e97e36ec05236dc378c544310a9685d57409b87020bee731d7ddbf90987c6,,,Microsoft Corporation,Boot Manager,26019df09c3d207b9be1a2f395b8645a,db3344e8cb837776d854dc6adbfa5473a19bd611,b67db8d53c925febadafce4356206c85f73e22456eae4ed6ee77f6a9e11a078c,TRUE,bootmgfw.efi
+4c9eca9d-f738-4fde-99da-f5f1536910f5,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,399BDFB85E5A072F763B3692AC5B34FDB00D7C5DA4180219E99A2E0693D72B39,,,,,,,A330FDE65C067A5F0B75C80D0A300767C301EB75E0CF9B4EE240F0D60B3DC503,TRUE,bootmgfw.efi
+51d3afbe-d378-492d-86fc-3afcf9396417,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,0FB12613BC1D4AB6FBB256574EBA9347AE3A87F96E4A3C259028B55CDE1D8053,,,,,,,BC75F910FF320F5CB5999E66BBD4034F4AE537A42FDFEF35161C5348E366E216,TRUE,51d3afbe-d378-492d-86fc-3afcf9396417
+46e2d5a7-6b08-4c8f-b90a-dac8418621e2,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",087617bd4578c903f0a66bd157217f0f,1128abbba4480920fc7a0a772239cd1d132a1910,b65fe0af8297168749dc235340cba7c08cf6b956fdd25fc2c9f16d20da536713,,,Microsoft Corporation,Boot Manager,f9dc5d54b477c66ca23b879546b650b7,6f16c59cb8e6b3febb9e73702914f06475dff19a,c3297e35c3a9efc4c051706aab77d29a26e62d9a38de256dffeb77a0eec8666a,TRUE,bootmgfw.efi
+94e35789-58de-436e-b04a-8a7b7ded8347,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,12A9833615CAABCF4F732C8BB088C83EC18C286EEF2332CB11F18529B676BD38,,,,,,,2B1B9ECCF585B11C5122651D7B94534BB131AA7C874E2262038B85DB3EE83E4D,TRUE,bootmgfw.efi
+3b215ee9-89b8-4437-bd89-dc9fa92cb727,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,21BB3AD3C8E0198CA40E2636E5C3F27EAC047C1C0B39F19D81332FCA03DC4FC0,,,,,,,09F7699631C18DB0C33491EB4B3C65B8F279238C5FC5E3AB0BA52737DBBD26F3,TRUE,bootmgfw.efi
+365019a1-7820-4c83-a483-15dfd2ca466c,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,FE09433ECE56EFB74EDFFB10BB4E2C05EF9FA3C37C5E60BD5E87FBDEEAB3EB40,,,,,,,288878F12E8B9C6CCBF601C73D5F4E985CAC0FF3FCB0C24E4414912B3EB91F15,TRUE,rhel-8.3-20200730-shim64-bit.efi
+3cddc9bb-dc68-4cd7-aee9-227b47b47966,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,413782A6CEE2CFF718F87A737CD989E2A6067E67212B575AD8A7D80B1A62F206,,,,,,,9414F5FA5853978C07FC6BB17A1CA9460FE443FFCA021FA52C8672A94460F44F,TRUE,bootmgfw.efi
+ce52a206-8cc9-43e4-9f5d-28b646502ac3,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",de3db6ac5d9d0d31d8668a74bc3332df,b2851fbbc75273998a8dd1aabed09efa961c050f,1604f70608f964d1a835c3f3a421e58e449774f0291ff134ac298364e8e3f776,,,Microsoft Corporation,Boot Manager,664f6508818e109fb75fbe07061638e8,aecda4260dceeda535e4c967ed2fa9ae3c4d580a,52a3ca4db923c0648ac04be86ce02dbc6a3aaac8312366b106205dec6e2ca2d9,TRUE,bootmgfw.efi
+9d219a02-b011-4466-8b2c-6fd725593454,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,4155DCEAAF889DE79ADB9B2130F1CF23AADD24080C2B2C1EC5F4C359C52A8D7D,,,,,,,7C7372A60D71E04879B8930C164944D96D3753E0A2924A31231D1D5FB97882F2,TRUE,bootmgfw.efi
+670b1089-ea21-40d1-ac0a-1dc0adeb7b05,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,30A947ED2F95D0E7F2746F3A4F3C458FC64554295BA5B4C302FE0EE4F8027C0C,,,,,,,D9668AB52785086786C134B5E4BDDBF72452813B6973229AB92AA1A54D201BF5,TRUE,670b1089-ea21-40d1-ac0a-1dc0adeb7b05
+9a4cfe78-97aa-4d04-a049-9f0c2d3869c1,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,D8C26A5324CA74212B59B59BEF1BC33FB5B6946DCDDE84414C60A2E315EDE741,,,,,,,3AE76C45CA70E9180C1559981F42622DD251BCA1FBE6B901C52EC11673B03514,TRUE,9a4cfe78-97aa-4d04-a049-9f0c2d3869c1
+67ae7723-5130-48c6-b24b-22a876c9c2c0,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,C58ABF55F773FEE60CDB21D01D02229C4A3FEEB29F5D904CEB3106BC4B435EE7,,,,,,,339C2BCF0445BAA7345A02CDE505E172D24CC9CEA29A92EBEE3F3901693FD2C8,TRUE,shim-15+1533136590.3beb971-0ubuntu1/shimaa64.efi
+60383f5c-6dcc-4df4-aad0-510733820a1b,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",69b63c494c676d3a1013a775b18568e8,09c724498ed275fb4a76f04700f5b2d39413405f,953a7719b50073e701730fcff79b2fee7054c72c54d1f0b0f2571d3ce7fdb925,,,,,752f28cd2893f6dc4e568c9a15f6b456,22cbe49e2494a44bf823958840b6e1291ffe6d11,3e333de87d211247b2ab00093cab48f6069d718afd29e9917a3d5f60e87557b6,TRUE,BOOTIA32.EFI
+063ad364-8db5-4bb6-a731-799b970cf900,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,96DD3FFBAB73A9DAA0CA93C34C4EDA5BD9C8AEEB0480C1A3BD93131F44CA9A29,,,,,,,FFF421A9DCD3EF38AD585E8BACA408AC2E4CDBDFA679900EC17089624E310ADA,TRUE,rhel-8.3-shim-20200726-shimia32.efi
+1a268d88-47d0-4204-ade4-ed6e4ef6028e,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,B510C9A79CB6CE1BC37912839AF57B453CC4A77C3D5DCC9935F8CCFF7C81F9FE,,,,,,,D79651AA3A0491D33B7979F5B41936F8ACEFBA99BBA10E05FD6F54E2859CC589,TRUE,bootia32.efi
+48d8feab-a988-4578-a65e-c6ba5f43ffac,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,ABF6F968CF9ACDDC04BA5F287F857551CC9D3237CE402D527279930AB5F84894,,,,,,,77CDCFC9644F8F80FF407CDE316AC235DDD1ADA9C3B6A5AA9544DB2D64B79FED,TRUE,bootmgfw.efi
+d2c1c960-2c20-4647-ba66-d3c5d3385cff,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",1854d98bc963a9a82e0d9abef6bc3873,dfd1cc6207f892703292d88a29f587db858fc0eb,dd3ca7c4bf6698e7d72f6c2fb0eb59997336c294d604062ef495ee8e1f49931c,,,Microsoft Corporation,Boot Manager,1730c4cbe167c78763e0a6e4211a55a5,62e70e5fd08037f8e32f298c8d9614535afbb331,da9943277174960b0d7d3f0d656176f3723ed2f03a90518beb3c6c202b88cc14,TRUE,bootmgfw.efi
+a34d1cd4-ad9d-4dda-8e4e-ac86e42a6d92,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,331A6D1D07B7A19AB36312AB8303C9FA5B5D2628B6EF5C593846B6F4B824059F,,,,,,,DF6EC4F50BE2A4B7657F0397BED483BE143A18883615800A65A64B7E84D9B858,TRUE,bootmgfw.efi
+e2313b7a-714a-4e2c-a692-4259f9bc3b0c,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,C190FBE65C28E7DBCA5AAE188C368CAB9A43ADB7F3B010843086D6DA77C3A6E5,,,,,,,B344D2F33E30A25EB927E4C1A419D019ACCFA8249A5CE622B8E7C7D8D5807A00,TRUE,bootmgfw.efi
+cc55f472-e9c9-493c-bf44-98d528441570,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",9c77b23f662f4c5cf1da2ec62ba6fd2c,0f6c22e7f48505d3c4cf28edf541e69a72f4cfed,5f3952cba19c9f225aae8b57e57c7e20505ac617aeca845a8b5cde4994405c92,,,Microsoft Corporation,Boot Manager,eed20fa5bc02fa6f0c7e5082c633e31e,01419f5ba84d07eaf079e2c69e8655471028081c,9335c9dd7001a2ec4e322ab6a2d11e6c4cd4ef1644c00d6314b7ba5a26f9eb7d,TRUE,bootmgfw.efi
+fbf92874-0ee4-4c8e-9dc5-ab73b6bb4010,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,1A9DDD9AF383AD81787CD7C6A6DC8C8AA86CD995157C32AD476B60D2C494F7FA,,,,,,,06C670F8572BF89ABAE13D14D81FFE80D5550F696862B1AB386E4D8C56B02016,TRUE,centos-8.3-shim-20200726-shimia32.efi
+a205120a-b99d-4e65-a96d-b8092539c1d7,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,0CE7F3FEC8BBB04E182027DD6800B7993E9F14EB579504DDECDD2F06294D7739,,,,,,,0C51D7906FC4931149765DA88682426B2CFE9E6AA4F27253EAB400111432E3A7,TRUE,BOOTX64.EFI
+82bfbd61-4cd5-490f-853a-3486090e0d3e,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,61F2D843B99AC93FA2ED40A50E5C3F0EAD7C75894BB92C32DF33052804CFB77C,,,,,,,90AEC5C4995674A849C1D1384463F3B02B5AA625A5C320FC4FE7D9BB58A62398,TRUE,miniloader.efi
+d7cc6936-4efd-40a1-bef3-ea4da008ae4c,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,E4FF4E538B4758E8E49010ED16D6D5380417B146F3E8806ACB3AC40611646FDB,,,,,,,EAFF8C85C208BA4D5B6B8046F5D6081747D779BADA7768E649D047FF9B1F660C,TRUE,d7cc6936-4efd-40a1-bef3-ea4da008ae4c
+293680d1-928e-47e7-b45b-421122787ad8,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,66CC4EE53DAE4DD746AE6D8B58B858DDDF1634A498D5EF41F50264E6F948F526,,,,,,,C05B9250BDA8E86B6E5C6A8C584F0F61B4A3D243689965B5A955A2CB198D1E99,TRUE,bootmgfw.efi
+c1e70cfa-8b21-4b51-8b94-9a06bb4b5550,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,608854C2B7A26B00A3970757C2FA176B361F74FE094F7CFA482C439071279548,,,,,,,06EB5BADD26E4FAE65F9A42358DEEF7C18E52CC05FBB7FC76776E69D1B982A14,TRUE,c1e70cfa-8b21-4b51-8b94-9a06bb4b5550
+66d407b1-5e65-4314-89c3-cc6dd5c10d59,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,EBB480F63BB81A4C88F42E97A1B40DAB2EBB926A358EACC1C52A5DB88A2BC6CA,,,,,,,28CE0DAD50730900C5D18CC58D5255293452CA37D764868C16EAA9EAF6BD7C83,TRUE,bootmgfw.efi
+34da0cf6-14d0-43a7-8e56-ea63c3b0c1bd,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,A7CEA30E7B024C8710F9AE5C1302545CEEAF23B8DEBE362FB26562ACDD807325,,,,,,,D465D63B0384F16A1610B0A86C5D73B36A33709828DE8FE26DBAC6DC6EFA007D,TRUE,bootaa64.efi
+261d9721-b41e-4711-9ec1-d46057b9c56b,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,424C636253B4EFA0C69F91505EE16D7079956B8EDE4524FFCE211A1B037FF692,,,,,,,97A51A094444620DF38CD8C6512CAC909A75FD437AE1E4D22929807661238127,TRUE,261d9721-b41e-4711-9ec1-d46057b9c56b
+635f3ff1-ab0a-468c-b6a3-6a8aa39301d5,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",83e596b8944ed413e5bbc0c51c0b64c6,fab234f84e488343ea0f65072d8785217cabef40,165a5dcdea3a7de7cfae38298597445eba59282308c7243be50f568aa610f4f2,,,Microsoft Corporation,Boot Manager,576bde13122eaba63fa0734baecf5a48,cf7b3cc939f51462213b3b05b81fbc42ee05afd8,e2cf881cf07195454505047d74810ed79ae20dfd0f1593afbbf08270a486c038,TRUE,bootmgfw.efi
+8a6aa8d7-205b-4747-aa92-8b526be3b7d2,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,29DA5912698EE1928C239D394EF95A4BEEF0DC59262B6BFFEC24FA205C4B8A10,,,,,,,45876B4DD861D45B3A94800774027A5DB45A48B2A729410908B6412F8A87E95D,TRUE,8a6aa8d7-205b-4747-aa92-8b526be3b7d2
+6f2d1488-6c25-477a-97ad-e0a570723b20,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,A8CE55447F57564F1CE95A7B3C505A7996BDAC4A06710DD101ECD5B818653E27,,,,,,,90A483526B4238C55BC5DED289D7C1D376109B9D5F3E93529EDA75C4D451523A,TRUE,bootmgfw.efi
+3939d676-6d9d-48b4-8be9-d7d7f3528c08,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,EDFFF0969567FF1C1867AA921EAA5CF4C65D20F0511BA7EE7328F7B67238DF53,,,,,,,C127F0EEFC2E451989D88E4D1DA8A3B08CA9D5884987A6157E04E9A71C01ADFC,TRUE,3939d676-6d9d-48b4-8be9-d7d7f3528c08
+b42db55a-4520-493a-81ec-42002887ea96,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",7f0de7a661590f1c33de0b80676e8827,003454b835a5ee7ee200f9cb4e68b071e2b8e69b,d1af02fca7522c8d27e053544b3b653ff2daffcae9c420e460235dacab53f7cd,,,Microsoft Corporation,Boot Manager,caa781731a9d13ac418d97ec2cccb8f1,7ac2da2861fe7b90862a27b63629d8a9ee58d97d,7fddfe06c44dc4302da54577353c18fdbe11b41cb3e6064ec1c116ee102fe080,TRUE,bootmgfw.efi
+27ce9422-3805-4231-8142-aa0976d3686a,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,EEC3E281A5545CAF11EC02BB0DF159DA19698E639CBA0190A0AEC9AB09296BEB,,,,,,,A4D978B7C4BDA15435D508F8B9592EC2A5ADFB12EA7BAD146A35ECB53094642F,TRUE,bootx64.efi
+454bb2af-6ee7-483d-8a15-73f2fec386ba,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,1B9401C47B0837F1FA315F2F29F304ED360B5B2E2843141367562B60EDB1CCA9,,,,,,,2116183BBAB5D6964C001C931A09ECA1DC0FD6651A61BE4A8A9548DC476B90B1,TRUE,bootmgfw.efi
+d0f8d27f-26e3-4500-bcb8-dab29c667c29,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,0742A120E871BBB67D6947D05E9301CDACBCCB4AF650464F996B40352CA9699B,,,,,,,400AC66D59B7B094A9E30B01A6BD013AFF1D30570F83E7592F421DBE5FF4BA8F,TRUE,d0f8d27f-26e3-4500-bcb8-dab29c667c29
+52f8c789-bc20-45cd-a1b6-8a564b18fff6,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",6d83b980fd7541fbe793a891b95d5621,224b166130e25c00ac9a6c33d7816acc6b98cde5,d57f40a0e9018765cd79393a0d57d8e6d6d880d93b95fa57cedbda5a0b4a1ae3,,,,,5557985ad6236a2e6f4dc5efcb052bd7,36f2525fb6ae3fed1191d10ae9b4a524fe5914e1,6efefe0b5b01478b7b944c10d3a8aca2cca4208888e2059f8a06cb5824d7bab0,TRUE,BOOTX64.EFI
+29221f48-fbc7-4db4-8fc6-86f1e3e137b8,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,3A5B30A5017105C4CB30A0793FAE4600BF4A1A442D85C79E98405DC0083DEB8C,,,,,,,2A92103865FB60FC84D357180CC7DB45359B04AD419E8C4FAB74F7143FC0655A,TRUE,bootmgfw.efi
+5abbd1d8-5850-4e54-9375-6a9639a8db58,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,77F55C6E07D808021F9E66017605D8B2DED6C55944693641902C4CE821E37878,,,,,,,80B4D96931BF0D02FD91A61E19D14F1DA452E66DB2408CA8604D411F92659F0A,TRUE,5abbd1d8-5850-4e54-9375-6a9639a8db58
+add3eacb-c3b2-4adc-ba76-49ddb1af2ae3,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,FCCC2A01967926437DC0F5F49C6ACEED4DC67EBD7E99169023B5F89A7264CB98,,,,,,,EE83A566496109A74F6AC6E410DF00BB29A290E0021516AE3B8A23288E7E2E72,TRUE,add3eacb-c3b2-4adc-ba76-49ddb1af2ae3
+854018eb-0eb9-4c45-8c0c-edb859445cb9,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",87e606dee08705c7ac75737a83a6e063,56ebc1fe5d75203a8fd8669eb86d80cda4c13d91,6a6f1c13eefcba07c0fc8aa0b70ab6fe2bc709a9eaf83090b735fec8e0dd576b,,,,,be4303f658c8f9c5541a6bdac9dc2c2d,faa088677fbfb6eb7266526835f878855ee767d6,cf3f7c24af6d46e133bb6a936902a47413394b2a8addc63a8890c75eb7c3a6c7,TRUE,BOOTIA32.EFI
+cb08669d-8b82-45b7-8fc7-ea815f96e336,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,BD6E8218BAF3A86090201D6A118858CFA5F63AA2732CC880DADF39A1609F12E3,,,,,,,1DA53F3A2C7C41C93099737266B5619FF616A433FB3B870234622D7AAFAB9A7A,TRUE,bootmgfw.efi
+120f5dbe-0a55-4b54-a42f-e51cb54f75c4,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,7294F03850C2084A287FAEFBA778592D9D01E5062DD2E980537E39FDBFE20316,,,,,,,7F964730CFB7B8CEA284E2E810212FF9B0EE18227F64427A095D6886493DB0C4,TRUE,bootmgfw.efi
+c8440951-fa74-42e2-bee5-4a70db2dec53,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",958ceee3668f4eff01fb29d03518b49e,0213406b236ee5c1f1e4fbf0101d24cc10ab7e24,fe26e6c2bc5ac4357e6657624180ca1e946d6dabe79cdb098d7b8b4e440851aa,,,Microsoft Corporation,Boot Manager,450c5929a254f83c3fcfa056b9ecb5f9,3f62302d8c036c7d2d4ae6a47fc8439028871808,84d75f7a8913d66db946eaf1480eaddec3063d27a6f625f040b406718abcac44,TRUE,bootmgfw.efi
+ce34babf-0f03-4d6d-969d-e063648d5dfe,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,7B40290ADE5BA3316AFC08748CFAB5AE79FB30BB8B5972766D670C3887E3D294,,,,,,,F5E892DD6EC4C2DEFA4A495C09219B621379B64DA3D1B2E34ADF4B5F1102BD39,TRUE,shim-opensuse.efi
+79c58c75-492b-46fc-9788-59514261788a,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,E1A44BDE59714FE31A77476FCF73CFB784105333F05755D8F1C05EDE4056D4C6,,,,,,,E637002526221BC32E477455B12F864F20B27C44679A2E78E5C56DA1FFCE8B41,TRUE,bootmgfw.efi
+2e98c935-fda6-4fc9-b635-47a7d9157a02,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,B6F807D4488F132AB873DCDE8EDAD2875961895E503F263B86BA34958A290618,,,,,,,A48B5E31477DA248680A8935D1E5E630E6FDE22277F9635DA7D6F7F9AA17E34A,TRUE,shim-15+1552672080.a4a1fbe-0ubuntu1/shimaa64.efi
+4c768cdf-df02-45b1-9342-63389224b997,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,593148805FC70C5FBE0299A185DD367DF00A8E7AA95242C90C6567A73C1CD259,,,,,,,7B94F0505F37B19B432ABA08BE2E3E003038C02CEB531E169D460DB60C351649,TRUE,bootmgfw.efi
+90d2feb1-4600-4854-9a4e-fbf54b14c72a,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,1E75347868FC5FDDD501E1E2B56C7D511030513B0E9F45DC074DC562F11590E7,,,,,,,C9F9C03434997FBD0FBB698DAC556264EBE967F948A97978A0C32EF85F94B188,TRUE,bootmgfw.efi
+f907fd87-1f8a-4a91-8ed1-e74bf106b15c,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,B40F5FF7030848DB736573E06A1A1C5BF49F119E66DD0BA7E48E2651E2CE7059,,,,,,,9DD2DCB72F5E741627F2E9E03AB18503A3403CF6A904A479A4DB05D97E2250A9,TRUE,f907fd87-1f8a-4a91-8ed1-e74bf106b15c
+fbb59470-8b0e-4ad8-8692-e8a3e1c4df8c,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",d55f2dc318b152d9d722021bf8376658,6b4d5fb92240528828725c87f1c2f7de1aa7e7f5,f8e2a41c0444d7da76fc1682f3eb7e2a90140e1b68b413f4426bac357cbe14bb,,,,,94dfb76b94c30266578ce327901ec791,909d4c9217388c496ccadd8e1ed5aa58766a60bd,f1863ec8b7f43f94ad14fb0b8b4a69497a8c65ecbc2a55e0bb420e772b8cdc91,TRUE,BOOTX64.EFI
+3fd56670-7eb8-406e-af51-68998459de7d,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,894C9E5370DA9DF83426F92C42CFDC5D79CE004ADBD45A7663E9F5E9A6A198C6,,,,,,,E226D6F3A332238FEE8A42A8FD57E8B009725DB5F8DF4DC1CB54F17C6F47A9C7,TRUE,bootmgfw.efi
+e7f84927-3fb4-41c9-b2fc-e87985cfbcc3,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,94F92895ED36D4EA45B0942E755640420AF5CA3B8E3EA855FC6A39C9A3661666,,,,,,,AF3BBF0C275BDD5EBD8A87F00263847485572F8A983DEF0EAE9895CD93D7FFC3,TRUE,bootarm.efi
+fcbb1d82-1e57-4ca2-8679-e366cd7cb4e8,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,355B0240DD31FAD0ED13D77B7F880F8EBB32BCC72F9667BECBA3263E099DF378,,,,,,,21F27D89F2E77DEE7CD4336E3A3ADE362A2AAE9FB2EFE2079491A518F3D51FED,TRUE,bootmgfw.efi
+1f0649ef-7118-46ab-b168-e4b9736bcea4,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,3F5AFCDADFA8F590C39764BD9A31CE160FD7A929654491154AFD6738C0523D2C,,,,,,,85255700890931C5B71A73DFF09EA5125CD702EA65F45B4054C1463E00173FDC,TRUE,bootmgfw.efi
+61d9e3c8-8cc0-4c53-b886-e6e2e676f475,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,AA909ADBB83E05F92BA2E1144C6A33CB320A760409E1015B00A9EED666063510,,,,,,,4EE45A217B38A8C13777DF0860F1255E52BAF3CF9D075373E31AD7E2C85E2CDB,TRUE,61d9e3c8-8cc0-4c53-b886-e6e2e676f475
+224dff2d-8d29-4951-b7b7-4a0cd2c18dbc,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,7429F9578205C654FC25D2FBE8B6F27D8082E049A962982EB70F55DCA02BE882,,,,,,,7F9602C123A090BB0C4C3B69662BC52D675A0A4ED444D1C1E0E26C2B0DC3760B,TRUE,bootmgfw.efi
+4feb177a-ce68-4853-9874-5b834a0b9cb6,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,3898A72298BBF39E2E9B268DA9661B47B6AC5C160518089E27BF8DF25B77D584,,,,,,,BDD4086C019F5D388453C6D93475D39A576572BAFF75612C321B46A35A5329B1,TRUE,shim64-bit.efi
+a434e53e-5631-4181-bd2e-47c546370f7b,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",7c2bf377d0edb86f010d202d48024145,5dd4309442a74a780e3e099f0625b1eed2e54c25,ec89ddd37880430cd5242f5f15d13f4cf699f50dbe04643e5b70093631608204,,,Microsoft Corporation,Boot Manager,6d00124e9f1f50bf046eb6e5151c9e97,2121406a967bcc56cfb20b53b60f255d950862d5,f51bc0b8fce1bae71b76cb3ade28b712669d4e938fd37c9f5872493acc25fae1,TRUE,bootmgfw.efi
+66da17c5-7c1b-43c3-8520-4d3efea91899,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",5624304dd2172b7edb81741a5e7d2d06,5ebb525eefc7d35d664bf29bf8fbff40832dcefb,0e93c368f8177bc0fe1a09d79b897a94286f3c374a18a40522c3358cb627d7e2,,,Microsoft Corporation,Boot Manager,a0455533de7422bc348d8c282d26254d,f8f7d3c1f985120b648ab2d7daedeb98ed618189,16598ee39b716ed9e4765a44abf86906c9b25c25abf631cc78ece6f7211b0365,TRUE,bootmgfw.efi
+ac6f3137-42fd-46e6-8cfb-a22a6785d529,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",1ee7ccaae6df60e3e850ae6c4a3b7478,810d7ecef2570772d2b70facfec1a6028e4bd611,566ae5fb2f355b2c03ecbbab4770e92856b0d1c3d659fe0c11263f1a5f8d7086,,,Microsoft Corporation,Boot Manager,de6894cde22aaa436aca77368eda64f9,da4574fc375ca85005e13c0210a0ed8397b51121,6ce1f2986f0c46683ba07d296d0a84448ecf76c69db183fe29c36eed8f8e8f2f,TRUE,bootmgfw.efi
+d50e4193-70d2-4807-9bc9-671894e82df9,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",7de3ac2823e2f7c241f2b181a8417647,c3c4d0ccdc07c03c20f133f9f65f6f12accea87a,c7d9dab91b726dea5abaa893d8f60bd4795f489894044dc56a9d3aad9cc49740,,,,,7f6637b50f8043e83815eff4f6f6425c,9519b7ba40ba48be3ef06c3b4c09169824e35bb9,7f3bdd2e92ae417b2143cc993c7fe48d9363ffa65c9cc461b6a407a779998174,TRUE,BOOTIA32.EFI
+51f20c00-6e15-4b45-852a-8f62e6f55436,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,DD33B966BE5F3882EED189E583AA4CA4D28E74B356DDEFFA164234DD7E89ABCA,,,,,,,23142E14424FB3FF4EFC75D00B63867727841ABA5005149070EE2417DF8AB799,TRUE,shim-0~20120906.bcd0a4e8-0ubuntu4/shim64-bit.efi
+3645f533-8562-4958-aaa3-7e5924aadd8e,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,A7094801F966FC5C253DBD17066AF5BBCB3AF5E281D0A4DAB24E30C7A4B0FB12,,,,,,,3BE8E7EB348D35C1928F19C769846788991641D1F6CF09514CA10269934F7359,TRUE,3645f533-8562-4958-aaa3-7e5924aadd8e
+bf069911-444a-4972-8961-140fd7897324,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,5D6A0CBDAAF188974E98ACA06E664B4AE98D458327717A20B1FF6C80518EEA3D,,,,,,,A7DFCC3A8D6AB30F93F31748DBC8EA38415CF52BB9AD8085672CD9AB8938D5DE,TRUE,bf069911-444a-4972-8961-140fd7897324
+216969d0-1120-463f-a8b0-f8832f49fe39,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,487DF121FD496D9A443C3598DA3771FA187D408C589F4CB990041E546C529539,,,,,,,947078F97C6196968C3AE99C9A5D58667E86882CF6C8C9D58967A496BB7AF43C,TRUE,BOOTX64.EFI
+2e84c348-bc0b-46e8-aad0-77b20e8c534e,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",c1feed742caf34c142f70956e0c1259b,0e2909e38cccf18e7e44be9c12d9a4856a38b512,e35cc798f138406bdc5e793574f62fe3be4c7dd6424aa6825e6ec7b2a345b591,,,Microsoft Corporation,Boot Manager,041babadd6d890113ca977dc8c8783b0,a19c725dbf32822ebedb4b356cff0eb02d6d9c8e,586898c60cff539b76d23dbf2c92e4105f6a7549e13f53d293708b793ca90d2d,TRUE,bootmgfw.efi
+a544e544-0e7e-4fcc-9195-e10564ba5674,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,3D3434BC5A18F072D4CF59D5651F9CE05B61B6FC3C21EBBCF371777AA1E1E1D5,,,,,,,7F49CCB309323B1C7AB11C93C955B8C744F0A2B75C311F495E18906070500027,TRUE,a544e544-0e7e-4fcc-9195-e10564ba5674
+ac900b72-efdd-4779-9a1f-401949c3446f,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,F4F5C82CD7BFA5294F973385F7F2FBCAF3AFD3748952B06692C085792BE146F7,,,,,,,AD16DE1E2BA27196395124683B80EFC186EE7E51D434F8FF67D973F46E8E602F,TRUE,bootmgfw.efi
+bfdc85a7-3cc9-4d18-b798-0fd82f9c5e85,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,78D6FDE56994BCF26964ED51DF446165DAD66BCB0BC6792B9EDD2850F19DEA4F,,,,,,,64CCC886EB99C30AA808E5CA9BD371577BAF9D3FA0E450118464F514B47A028A,TRUE,bootmgfw.efi
+9517d1f7-d485-4c7e-95b9-bdf297b342e1,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,BA44BD2BB872DD6C6A8687F65CC138585A963473203D6F3F64770E5365812630,,,,,,,47FF1B63B140B6FC04ED79131331E651DA5B2E2F170F5DAEF4153DC2FBC532B1,TRUE,9517d1f7-d485-4c7e-95b9-bdf297b342e1
+8cb4f77a-a709-4aa9-9563-a21d26fc900f,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",ee4b2aa959df5211204c6165df138ecd,ef1dd5153ae097116a870b6b3571aa1f2f99bfe7,67fe6b4b726451375e2dc3f87a0954cd01083fb4d8f4fb074bf699536450af04,,,,,14a8d4ab1ac048531dc075cda647773e,32aff74e8078b1833eba455d0c01471bfef3164c,b7d3e3c4a930fffcdb184619534ef7c3d45435ef97f7988611714f5523b207e5,TRUE,BOOTIA32.EFI
+d01601d7-2e46-4b78-801f-d260597e9b74,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",5692b49c53b4401e76a43c82d7d496de,6308e47e8133dfe6cf9532213c65b964acebe111,53af0ddbd3c4d33bd003403d8c9b41877e07770d3e789c781e5897858585e299,,,Microsoft Corporation,Boot Manager,a1f22c60755e8b4f85769168e7799133,0cedc7fa4d3c732832d1961814a6107a9e7aad91,b97915da9f05277fa5687f8c41132df69152517f2ba252d466395b40d4f2d155,TRUE,bootmgfw.efi
+ddecc35f-2233-4894-86d8-69e6e473943e,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",ece26d0686590a1ae0f950a412ed1a10,15634f8fd748f28e29e4b77ce899a6d561576240,52febd655c84f4557de0ca35a236d468c03fa3bd0f51f54c31b37db29673da3f,,,,,2e2ee7180f421c97f27615cef8531dab,2375db1ba66ae1873c8f31b76f305ec8bfcbf3c2,c4ebdc43048c43f5f11c59ead051a3585a07fafce985cfed8b27b73a5492f9b2,TRUE,bootia32.efi
+e950e347-4bfd-44d7-b2c6-7dbbce0f2667,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,AA8DB86BE59A48E4C525DD468119BEBA1D836CE4293C76E4B736902D1AD62F27,,,,,,,C69D64A5B839E41BA16742527E17056A18CE3C276FD26E34901A1BC7D0E32219,TRUE,e950e347-4bfd-44d7-b2c6-7dbbce0f2667
+d22cf9cb-63e3-4445-8af3-abd3537282d0,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,884A2EC5FFBB42E948401E425123DCF2557664E77B3B7474A728069FDECD46ED,,,,,,,1788D84AA61EDE6F2E96CFC900AD1CAB1C5BE86537F27212E8C291D6ADE3B1E9,TRUE,bootx64.efi
+cb2d5dcd-595c-40d2-a14f-9b80d0fefc7e,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",3f5b9c90792efc13debd32233440ad32,23b7889abdb236c8cd871733ba2ea7f91d543b99,537b428a0ad622765010c4405c1603ff464fcbb24ae4c2fbf559a10b8ea4593d,,,,,d06af20d9fe41bce9fdcc0e3ce175987,c242ab25b79c1910f451b87f5499802df249e301,0dc24c75eb1aef56b9f13ab9de60e2eca1c4510034e290bbb36cf60a549b234c,TRUE,BOOTX64.EFI
+94c6901b-e217-41cf-a4c7-b62763759d3e,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,A8FAD7CD0CC1DC152AE0880C21D91F6270FDB410D60E1129963AFCD3DF5841F1,,,,,,,839894ED391B7C88E995F845CA152F65BF881850D768E3EF3880838B52846A74,TRUE,bootmgfw.efi
+48c8b841-9f1e-4557-ba59-91461142b90f,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,571B2AA6CA8EDF6479D3472814B8CDF34A0B8544939E5CE9F50261968E382B45,,,,,,,E800395DBE0E045781E8005178B4BAF5A257F06E159121A67C595F6AE22506FD,TRUE,48c8b841-9f1e-4557-ba59-91461142b90f
+4002b7f5-487f-4822-a1bd-6fbf1167f00a,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,3142879893B677C1B25C92F9CF1DF3F90B209509992D52E9C64C3371296A9A08,,,,,,,4F93ED05AD7E20BDDE6241D24B196D6334C8C4010D92757E4868FF4BBD6A0F98,TRUE,bootarm.efi
+d1e51f20-1939-4b7c-8875-2458c9e418d9,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,FD1CD4D4A1AC691E7A0AF14C3DFB17DAF3F2E6A2B286C9E233070979EC36BB6F,,,,,,,270C84B29D86F16312B06AAAE4EBB8DFF8DE7D080D825B8839FF1766274EFF47,TRUE,d1e51f20-1939-4b7c-8875-2458c9e418d9
+bc584a7b-f352-4e0a-b86e-7954c4b63d2e,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,FA07B984FB6FDD32DB497C55225E614759BFEB7093BE1F02AB2E30BE1869B2E7,,,,,,,91721AA76266B5BB2F8009F1188510A36E54AFD56E967387EA7D0B114D782089,TRUE,shim-0.4-0ubuntu3/shim64-bit.efi
+6e1223b2-5193-4ba9-b9b5-b09c45dd4286,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,D662EF94388DB203CE52DF9902D77E9E5EFB25A202B5B096351D604FD3E63080,,,,,,,4F0214FCE4FA8897D0C80A46D6DAB4124726D136FC2492EFD01BFEDFA3887A9C,TRUE,centos-8.3-shim-20200726-shim64-bit.efi
+29bd7324-d53f-4143-acc6-d03d0e4e3aa1,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,9EABEA9AE699526AD519782DA21718DA7190490AA3436BBBD80269D4A4CC37C5,,,,,,,BDD01126E9D85710D3FE75AF1CC1702A29F081B4F6FDF6A2B2135C0297A9CEC5,TRUE,29bd7324-d53f-4143-acc6-d03d0e4e3aa1
+dd1e593d-19e6-4e29-8d3f-5b85a21bf35b,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,940A66FBDCB9A3BE16FC8FF56DB63CBFFD7283F15ECF7E50BD9BBAC7EAD303F0,,,,,,,FD4591ADD2E5B0664363720C71492982D5B223A141A6248246CD2381F67E926C,TRUE,bootmgfw.efi
+de853203-30c9-4dc4-a050-6812dc4e0113,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,BA8D25B9FA843DA5A70D38A5AA96549F2166E2F0B4C1C007AF8A07D07E98A528,,,,,,,996C1D55955DFB3698869BDC2A700E6BCC762468716B5CBDA7295CF98841220A,TRUE,bootmgfw.efi
+a9874948-be3c-49ba-b6ca-9ff18f01aa9e,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,9E1E22CBF19E9A483E6D57345959A3F8862C3C98E2A825EB995819F0CF210F48,,,,,,,1364B7B94AB2A93E79D297EBF6CE0A30F7997E5929E408EF0D3B5D54C64E7B90,TRUE,bootmgfw.efi
+8afa8fb8-bd3a-4033-9f71-3d1e574708ce,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",e297beb49756fef9d2bcad4b860426b3,1c1007b55a1e5c1ca49b0b6673fd83b0ae9a9dc3,62c6affbee1ba9a0435562db6e092a5018effeed0bd0f1d0494f34ce6cd403e9,,,,,ac8a7a2580ddb3d88ca49856664d6824,9c07457b464050230ec5376b0601e06c8cf3faaa,89f3d1f6e485c334cd059d0995e3cdfdc00571b1849854847a44dc5548e2dcfb,TRUE,BOOTX64.EFI
+a6597859-17b0-44f9-b8d8-493a0ff20ed9,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,E23336EB1176965193B9733A01F8B7329DFF26D191EF427DC06ED89DD439C615,,,,,,,9E08464CEF9931473C384DB77278997AE92D50368C8D2B9D6AEA6E3323A2BBE7,TRUE,bootmgfw.efi
+ca7157a0-3de8-4642-95b6-0a42c53a97b3,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,7395EE455BB71B4A37DD973999C875F166037E7BF5B948F812A8B45ADFC03A55,,,,,,,E42572AFAC720F5D4A1C7AAAF802F094DACEB682F4E92783B2BB3FA00862AF7F,TRUE,shim64-bit.efi
+05a8e372-5b24-4953-8d25-d6560076f4f4,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,4BB0A426CA2A23E05B62A3008009AAD7F184F3D24DBD65E9AA81DE341BC5326F,,,,,,,C21614E207B1991D3D6DF842009718652D241A8D926E221B85D069F1615E27A2,TRUE,bootmgfw.efi
+73af3c3c-dce6-48b2-bebf-ea167cbaef2a,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,A2BE1EB17E12E0A66A87342C9D1CFD4D7DB81504A16B4FCB32F15C6BAA3F589D,,,,,,,E6856F137F79992DC94FA2F43297EC32D2D9A76F7BE66114C6A13EFC3BCDF5C8,TRUE,73af3c3c-dce6-48b2-bebf-ea167cbaef2a
+d880c342-2996-430a-b850-fb372cecbef7,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,C681A40CEB9F33F435A44614FB7E0D34007F1C67B83E8C907506414950CC45EB,,,,,,,245E9B81342E45E1BAF4F8D830D18EA7FAE9FDFF05497290EA6442C4EF0FFA57,TRUE,bootmgfw.efi
+0e0c1a30-7f00-408c-94fc-b8679bfe90ee,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",87ae10260e4ba99762c952c6b1781476,d8282df774ac784f175e5954d46864fd06c28bc3,b06dc8f3de1e7e5a53dc7ad0f8028f78a843df54884b4a92bcec21071f0e649b,,,,,543a59e6a502706a4a6210c7b7f22033,70b0cb8fdadfc2cfe995adfa594d282e7ffcaa41,7bc9cb5463ce0f011fb5085eb8ba77d1acd283c43f4a57603cc113f22cebc579,TRUE,bootx64.efi
+2eba3138-0822-49f5-abb8-ea5cae849369,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",bad97e7203aec2bd026403a7f70688b9,cd3f23904459410ad9f11b26faff47ac28fa5f04,df216fa3f13f8f7472c9586da4d0a7cd11cd60a041f486a611a4667f1c3d2cc6,,,Microsoft Corporation,Boot Manager,29cf71c7b7ff3b63a229ec82bfc2708f,65bb31b71a030a3fe93ba4d64e4ae0cedabbfbcf,d5bc11fb619bfced64249b930c785ead5fca3927f0ce3c5efd3f1d9af04b37bf,TRUE,bootmgfw.efi
+2b96f3c6-afdb-4da2-84d4-601c9a71b2a8,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",69a56b18be5865ccda9ab3a5bb4987ab,ec708522ed126c2bc6b8e3306c8231351927e369,a9f6c38c2608d6f36f246e74a9fd17e915c89e54eafa2281b8ace86133df22b3,,,,,93d2db760e57e03fd6e20cc55dc4aa46,5468b9ca48c3f67380a51e4a91732fb0792eb40d,adcc0b6fd6dc5911bf42f036c033fc3e43f07a8312e91d0d8d32793b62940c7e,TRUE,BOOTia32.efi
+2b66ad2e-41d5-498c-bd23-2c88e3a74ccd,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,6DB28A61DEE4A1209B94F5C984C44D9674F69EE700373FD7BF1A3CBDAAB83FA0,,,,,,,FFD7688E7D2B8C3C3140B415E728BBE7663C54E23BD288FF2CF4617835088F39,TRUE,bootmgfw.efi
+30e370b5-bc05-4b98-96d1-8e71f41083fe,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,EE721020DB7794DE74F59992A2C6B4DCA5B9FD584BBCBDEF96930B9A7132BE1C,,,,,,,311A2AC55B50C09B30B3CC93B994A119153EEEAC54EF892FC447BBBD96101AA1,TRUE,30e370b5-bc05-4b98-96d1-8e71f41083fe
+d90f0a0a-e161-4ebb-a2e3-5dbaa75cfaaf,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,C4081B588CA3FC9965C2D04A0E8CCA3E0016566CC8A84FEB78CBF63A4ED72EED,,,,,,,5A184E740657E218D635168286F0F70BB5672E4EDB78717550C70686C232EA5B,TRUE,bootmgfw.efi
+3b905385-bf3a-4181-9c49-646bb5fb1e6d,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,65C4AAB0884825A8A2E4C114020E4FDB58A1D2B0CB68B7714A05D6CDE3F821D1,,,,,,,408B8B3DF5ABB043521A493525023175AB1261B1DE21064D6BF247CE142153B9,TRUE,3b905385-bf3a-4181-9c49-646bb5fb1e6d
+c67be7e5-8f3c-460a-b4ff-174ba2a0fb6d,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,997CCF341DBCE2EB9E119803723130DA90E8F1DD167A7B75400E73CBBADA54FD,,,,,,,06E3F646CEB102372E3E086D46234B06A9AF13EEF65AAD180EA2880BF8BC12A8,TRUE,bootmgfw.efi
+0c3bd8f7-9926-4763-98d1-7eaf036f7bf1,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,513310D70C03096167B915705C9F0CF34B2B62AC317AA3F89FA5CC385D74DB54,,,,,,,22C3867606A625048E1D9D5230F07FAE41E70BD08EA978BDB37563C0EDD9DA03,TRUE,bootmgfw.efi
+cc522d44-5de1-43fd-8d62-29b630f45f98,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",c9d595c35045f8b200f9d3142cb3d683,eabc1fcab7ce92c8dc667046c46a82ad0b2d8907,545c8c806d6a8b2ab307bf7ff5dff05dd86cfc431d3920692e15e7928ac98eed,,,Microsoft Corporation,Boot Manager,f2a111697ab3f412ae7be6354d3c63fd,47e31958625236b685c3d33cbc22fa0d9f8e3414,3b30c3e6a923cbb7cf65b539025f12b1c810d74480f25cbfcb9a7bfd633f06ed,TRUE,bootmgfw.efi
+f15d8f48-cf83-4954-a1d2-030f6dfd40a3,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",fcc89caed202cfa0f9d16b9e1c27d970,6a5c3056057baea653d533429110deb3bd7ffec1,d0eb15fe822c6239a8bb2b42fbc035d0956c72ac6fbd1429c1ab7f7e348b8f94,,,,,14d423ad7ffd78c631ebcce6c78a6c8c,872f7f79da66889049503fc77a7d3fefd25a6f55,6a0e824654b7479152058cf738a378e629483874b6dbd67e0d8c3327b2fcac64,TRUE,bootx64.efi
+bab3bdab-1013-4418-bb3c-2ec673c8b6f5,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,9F91A5AAC09BA6E514DC37A013A68589DD22C1F5A7A539F4138CBC8ABC0A45F4,,,,,,,57692FC2B80D809A3BE409B44475DDED7225C76FDD5FF09E4ED7D330A58733A5,TRUE,bootmgfw.efi
+b842b745-24ab-4f75-a302-5d4c4bf0101b,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,C33397B499368E23DDA3FD5B9CC989647442F279EE6F80B53C620721C958346D,,,,,,,C2469759C1947E14F4B65F72A9F5B3AF8B6F6E727B68BB0D91385CBF42176A8A,TRUE,b842b745-24ab-4f75-a302-5d4c4bf0101b
+536cb2d9-c5ae-4fbc-90af-4502d0f6c9c3,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,0CA03AD1A65AFE81EC23E2B20E05D80C41AAEB5D6D5F98E2D0C5661F46E0CE9F,,,,,,,47FF1B63B140B6FC04ED79131331E651DA5B2E2F170F5DAEF4153DC2FBC532B1,TRUE,536cb2d9-c5ae-4fbc-90af-4502d0f6c9c3
+72b28839-6c76-40b4-b8ec-6582be7d81eb,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,F69D87F5BC30026B00110DADD0264311D15DECE6B67F046506755284AF5EC002,,,,,,,05D87E15713454616F5B0ED7849AB5C1712AB84F02349478EC2A38F970C01489,TRUE,72b28839-6c76-40b4-b8ec-6582be7d81eb
+02e8f438-8842-4018-8592-a4fea656bd01,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,8BF4FAC6F3981D1E6180DB0CD53152AE9666DC40884090A522840062E0C926E7,,,,,,,0257FF710F2A16E489B37493C07604A7CDA96129D8A8FD68D2B6AF633904315D,TRUE,02e8f438-8842-4018-8592-a4fea656bd01
+57a68cb9-ec2e-4a8b-881b-62a8da44a03b,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,3E73CE2DF3D7B01132C2ED47BC7D1B28E421B0600F0B8D4DECF7F7C23E83EE1B,,,,,,,1DC8A3F59B23CCC411D46691FC9B5C35993BCA20E7E2299F1A95223B9F112E43,TRUE,bootmgfw.efi
+4f434341-9305-4574-9289-5bd1370108c7,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,854AD42E44FBE19122072E177080C2AA9F729BFDE223FA6EA98BE1490BB9A4C0,,,,,,,399F9DA6CF5A87839637B55F62BB2CC6A93FA5AF7FE7AD76B4AF0FB320C98127,TRUE,bootmgfw.efi
+3dfbbf26-7e19-4d38-9b5a-6e332ba5fc34,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,DA649429AA5899D242782ED21EC332A217C3D530296FC9D7A0E3F1F694EB7FE1,,,,,,,CB994B400590B66CBF55FC663555CAF0D4F1CE267464D0452C2361E05EE1CD50,TRUE,cent-8.3-20200730-shim64-bit.efi
+ef578b44-9fd5-4d83-9609-4c955babbd69,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,E082E310571748B9FE6B2DFAB71550530F2452B8E7E4F7725DE7EB9E4C7B1559,,,,,,,87176A15E766BD06528ED91A61481C3B3CDE65EE95115403F9FFC6D3A26D43D0,TRUE,bootmgfw.efi
+26ede8d7-1e62-43e2-97f4-710a4352d0ba,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,5C512E50028955AED91AF0317813C68B427A7F73A6497BDA82F4551BE1A04936,,,,,,,5C2AFE34BD8A7AEBBB439C251DFB6A424F00E535AC4DF61EC19745B6F10E893A,TRUE,centos-7.9-shim-20200726-shim64-bit.efi
+59605f2c-5575-464b-aacc-af09e949f153,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,BA0610793FAA746150C0FD5689158B01DEEEA7320E2F14B31EE9AF4F2C4D1587,,,,,,,32AD3296829BC46DCFAC5EDDCB9DBF2C1EED5C11F83B2210CF9C6E60C798D4A7,TRUE,59605f2c-5575-464b-aacc-af09e949f153
+a1a3ef63-ac2d-4613-8918-5bcfd1fc3e40,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,9A395E7EAB9E7976B1C30EC651B05658D780897BEBAB8A664C6091742E592E7B,,,,,,,250AE0BA860D6D46894491D630D58B1CA008F695C92CE2084A295486F71F985B,TRUE,bootmgfw.efi
+dfa9cb92-1691-442f-96df-9692e4ab29c4,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",3aaa631aa80579a7ec4606f002de3436,293ba261a22d2b62ac580140be62676856d48527,d038eec123e1e13ab3ad27534de697c9779e9c27c62575f06771f80d3cbb7148,,,Microsoft Corporation,Boot Manager,13c9c74d08c33a6231d859bb35a060bf,833319ae7ee8fd2da9705d51d32ef1a6fd22e2fd,6f53cd5bf434b19b4e14ca127c596752079d989fcc98bb7d7cf3155619ec347d,TRUE,bootmgfw.efi
+3f7d85db-fd3c-4a8e-a83d-ac9d89dda3d8,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,626AD87C1D3475B2599DFD36B430BE3ECBFED207A20D9FBAA01F7AE808C0271B,,,,,,,A4B3FEE324D25C53FB5CB48630DC80DD7EE78C1AAC8C8DEEA927396997E33BCE,TRUE,bootmgfw.efi
+2ca2a15a-a3ca-44f8-a400-6ad9d6c119ce,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",28e6701303a90a81dea61addc9d06329,00745e4a83900338ec53b231a602eb76ce3fa889,2f871712447dde7c3552f5aa90a2292821c6f32d92788e00dee8566f8d4de209,,,,,376edf47c4a984324ea56fba394cc047,ec85b380b74232b3a564125db01bfe11ff646040,98cc8b91fec5252f62e81843d9d5d8ac2a2f253aa38152b3236a5092200ed290,TRUE,bootia32.efi
+85ef0c80-cca4-48f1-8ace-0ab2fda03b79,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",1c9670b5add3e4d6aa442a53427f422a,11ddf040e749c8362e91c58fd17cb9c7aea4be91,c3d65e174d47d3772cb431ea599bba76b8670bfaa51081895796432e2ef6461f,,,,,431612322a95c76c8bbfb190f00aa9cc,e0b9eb89abfb711dc3600589fcdceafb74ecaaed,c55be4a2a6ac574a9d46f1e1c54cac29d29dcd7b9040389e7157bb32c4591c4c,TRUE,shdloader.efi
+2b61baf4-c396-4e1b-b487-87c1ebf4b17a,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",c3f1acb15ea4dd4002d43c5941d1a64e,31a862d073e46ffc608cfc93ffc8e18c38dfed8f,3d23947c39680b9fcf22b092b97c9d38edcc02f7ad13d3a925d1ee0b62797e73,,,,,379f249742bb47ea2d7cec2b9d3fb1b7,b678307ce3a2c6d5a2f988e7ec068590edbf1c50,7eac80a915c84cd4afec638904d94eb168a8557951a4d539b0713028552b6b8c,TRUE,grubx64.efi
+76afa72a-2b55-4649-9fc2-3dbdc27456e6,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,5AA8E7418AE78250745BE3ACFC2B8D1FC1DD4D1DEFB54F19A508BD8247CC958F,,,,,,,AF93D5A2238F01D595A1BC2092F0AB29A550B2B96BDE7356EBF64D8F04234958,TRUE,bootarm.efi
+f65396ab-3920-4a6d-9bf0-fbbf62d52999,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,6A3C1124A642244F23685B68D2E5A0AE036651AA401DE70B3912EFD044B62222,,,,,,,08BB2289E9E91B4D20FF3F1562516AB07E979B2C6CEFE2AB70C6DFC1199F8DA5,TRUE,f65396ab-3920-4a6d-9bf0-fbbf62d52999
+c632b521-0428-4bcd-b37c-3cbd25eccc0e,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,E33E9D1B1D5ADE1934AC7BD39F0BA4CEAC9459A7E2AABB8D204354D4C8652E6E,,,,,,,F48E6DD8718E953B60A24F2CBEA60A9521DEAE67DB25425B7D3ACE3C517DD9B7,TRUE,c632b521-0428-4bcd-b37c-3cbd25eccc0e
+d8aa2211-8d13-4e4e-88af-60ff17efd3cc,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,407326C7F1C837A861EE8D187170C779A9B6A25B0736761645D7E549EBFA17C2,,,,,,,DF91AC85A94FCD0CFB8155BD7CBEFAAC14B8C5EE7397FE2CC85984459E2EA14E,TRUE,d8aa2211-8d13-4e4e-88af-60ff17efd3cc
+a280d6df-a426-4031-8dc8-31473975f92b,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,EC16CFB5AE2297154394D9AB6B5B749DCE676404486D72A44064CD9A716EC1F9,,,,,,,BB01DA0333BB639C7E1C806DB0561DC98A5316F22FEF1090FB8D0BE46DAE499A,TRUE,a280d6df-a426-4031-8dc8-31473975f92b
+1f6808e6-5b11-4cb3-b2d7-427ea75c1f9e,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",cd3a08a351a1e5286fdabeb5bbf371e7,55f93fee3283aa27b1d8b20d1d4d85b770e923aa,2df05c41acc56d0f4c9371da62ec6cb311c9afb84b4a4d8c3738583ccc874d38,,,,,19a8ebfdc4acec4f18411de1412ef702,e91507cdff068f305c149e89d25038e3a665e461,c805603c4fa038776e42f263c604b49d96840322e1922d5606a9b0bbb5bffe6f,TRUE,BOOTX64.EFI
+5df619c2-4db7-43f4-95b6-a2e16ebf847f,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,CEF9A1B433C4ED851EC0C373F7E1F19A2B8C306A821D114F177B14E8C070276F,,,,,,,1B909115A8D473E51328A87823BD621CE655DFAE54FA2BFA72FDC0298611D6B8,TRUE,5df619c2-4db7-43f4-95b6-a2e16ebf847f
+64508479-d4fc-4415-b202-d787a4d094e6,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,0EF0AD66BA9A0C4E4815BFD072FE7E281DC382D8DE08A4529DF3FF997B19E705,,,,,,,F4D8EAD6C325030538D10EBB39F0EFDC2F553794C14A5E45F9555C335925D9D3,TRUE,bootmgfw.efi
+3cd9faa5-1675-4640-8304-86e162b60451,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",22f93e6ecea58e543fcffa73f5c466b3,0945ed2479004a84b2d743244ff7dacdb688aa9e,ff9f39869baafa17592820f7f5cf101b15a8423831abfa97c89cf193cdd98e89,,,,,a9a003cc7225b64519ee59289a90f3e2,dfc22f0bbe6a3ed81106a30d61010fd1510465cc,8aa509fb461c099a3c1b806d281a1e1275771eda0b0e3f7d95e0c11b3c1734eb,TRUE,Signed_13652009334930799/shimia32.efi
+cf8adf07-931e-408c-a85f-d5e45b09a41e,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,A84FFCA344A000BE6FC526DA7D7F701B87EF5559A71D8E63F806276E4D3DFE27,,,,,,,D759308D047E9206006B51B5770FA25EF5C124B8ACC6B0139F5883765FE30DEA,TRUE,bootmgfw.efi
+ce737ee6-e949-44cb-badf-3f1d775d4832,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,10368826DC89AF42B4AD7E69A9E1F4DA9486DD645C088F445998E8DCA18EB0D4,,,,,,,6DEAD13257DFC3CCC6A4B37016BA91755FE9E0EC1F415030942E5ABC47F07C88,TRUE,ce737ee6-e949-44cb-badf-3f1d775d4832
+a24fcdef-7393-4141-ae9a-f97fce196c35,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,98A4F01BD9D8A039C669C2AF9082A0EEFBCEABEA4C739E05A1D0C59C5D851AD1,,,,,,,71B601EE3746DA7177726DB84F5B417C9721583D2D88AD857BF368A54FF76BFA,TRUE,bootmgfw.efi
+b1d65631-7072-4168-b25a-5e18d41b3410,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",a27c33dada320aff0672ce32f953ffbc,412391ed50bdc33f24da222c7d79c00dcafbaddb,9be93e365a8240a03b05db26684b708b46d7585be325a3e22170cd5b324e0cb0,,,,,1d9a09ad4a977af7eb8359638d016fbf,70673742c167b615118ed8692cc0a100427c3f46,a8ddf4d0f6a7056f55b464cc79a986cce24541961263c216bedc19a7c4ca2296,TRUE,shim-13-0ubuntu2/shim64-bit.efi
+2c1b4ac9-5f4e-407f-bf05-bea2bef8d7f3,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,191A99A1EF854CE43E64D1CE2FDCC0C942200B88D232F8823A439CBCD7D148C1,,,,,,,DD59AF56084406E38C63FBE0850F30A0CD1277462A2192590FB05BC259E61273,TRUE,2c1b4ac9-5f4e-407f-bf05-bea2bef8d7f3
+7191ca91-6b37-4c4f-821c-a2df6c16e91c,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,3E964DC8AAE03D464F3DEB556C4927075AA9F3A1998C66D65EFDE178F465D7B3,,,,,,,57AEAB53DB02CCD1E307AD3BE524EB507D0339BB2AAB3BC9B653088B7E790FCC,TRUE,bootia32.efi
+c947ca13-4a5b-42ca-81cd-b1d1d9a4d8dd,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,83A5C9C78BC64206AAF7B7F9901867D19BB746201923D855AAE24A2B2330F113,,,,,,,BE435DF7CD28AA2A7C8DB4FC8173475B77E5ABF392F76B7C76FA3F698CB71A9A,TRUE,c947ca13-4a5b-42ca-81cd-b1d1d9a4d8dd
+41327687-8774-4304-bbda-cc7c5835b54b,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,67D204E0E5DBC0C5B2549FC2C003024525378DB4DE12E5CA1451DD996561AED5,,,,,,,DD5E4E9F20CE8BF8F3512261F176ECDD046C079D32585D9B259AFE0A28C973DF,TRUE,bootmgfw.efi
+e84c007a-a263-4bea-ad23-e46447001e91,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,44FD1F90799B852B3BED642DE300BCF9EF6CA81036CD5588C24D5B8E00D4B9D1,,,,,,,540801DD345DC1C33EF431B35BF4C0E68BD319B577B9ABE1A9CFF1CBC39F548F,TRUE,e84c007a-a263-4bea-ad23-e46447001e91
+34e61740-5c56-404a-b796-1db5337dd86e,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,EDE70AA6A98D8130019296CE64B5CCF634A997B26401C0E119B96BBF7ACE1C0C,,,,,,,DA3560FD0C32B54C83D4F2FF869003D2089369ACF2C89608F8AFA7436BFA4655,TRUE,34e61740-5c56-404a-b796-1db5337dd86e
+cef9f132-2635-47a6-bed7-6011eb7f04ca,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",0008d969a43a2b94edd849cdee6ae3c9,d58b60ac3b5fdd3d52a9bc8da3e73c2a13ad36f6,3f8f266488f3b888eb77b8df43582fa8124366b7d0670ed78926410f9c9f411f,,,,,d0a9c315f3180e44d8c7a202276041a7,6d3071da0d10845d4c297c11e0f71dc557981cd0,d8d4e6ddf6e42d74a6a536ea62fd1217e4290b145c9e5c3695a31b42efb5f5a4,TRUE,bootx64.efi
+84fbccc2-01e7-4a24-adbd-a1d3ca0acc50,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,574695D73FF3813C780728858B4A6D2CE6D24B41308B23281E438B66A60E4424,,,,,,,35C16AA2BB4DADF5028F4801185CD368B922C6CF7651CB7FEF30DFB95920FB99,TRUE,bootmgfw.efi
+45ac4276-741b-4e22-92bd-bb97042ed4bb,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,0CCF098A0B3F109F35C763E69DFA54190365999A78707EF63863A812C1C07F9C,,,,,,,1F535987EA7386DF6BFE75F51EFD35E4D2DA4B002DCA2999C0CB4B767BAFAFFD,TRUE,bootmgfw.efi
+c9f24d64-ce8c-460c-a5b9-13c1082de5c5,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,3EF9FD0B7CEF661D5AF2971DAEF1ECC44D9210D33AF8C95E2DF9EDD694BB0FE2,,,,,,,3860B7C7FF6F4BCD5865843B2E86B2ECA5FF4FB071999F2129D4C7753B806F34,TRUE,bootmgfw.efi
+81ea3a10-a003-4839-ae9f-52cb700d38d4,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,889337B0F67FFBDDD260CEE774DFA332DBB4EAE7D11333B2DDBAD7CA7FA773A2,,,,,,,FABC379DF395E6F52472B44FA5082F9F0E0DA480F05198C66814B7055B03F446,TRUE,shim-0.9+1465500757.14a5905-0ubuntu1/shim64-bit.efi
+9091dbdc-0263-43e1-a886-3c18c6532dd3,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,5DB10187E0E8BB8D2FF649810E03F80FB6873370F3AB1F013811B8E9670F3863,,,,,,,DDA0121DCF167DB1E2622D10F454701837AC6AF304A03EC06B3027904988C56B,TRUE,cent-7.9-20200730-shim64-bit.efi
+13ef8a27-3274-4d3d-831f-36b30bc88627,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,F2F2F729FC1B94C3B3AD210E0664FAE3351D0D7541581FE2C6DC7B087BE2B16C,,,,,,,C2CC91555617171A7D8AF57DEE529B443A41A1FAD3D4032DBDB814DAD6C2688E,TRUE,bootia32.efi
+aa9b6b05-0b51-423e-b4f7-39cb30cbc987,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",007e746f6aeff8bcb4479e6e49236260,3971fa916c03c91a66e72c58ad766724b6a5c219,62288f1f5f2f8529292eb45c2ae2a33d1057a3dec12164958e76ded36fbe712b,,,Microsoft Corporation,Boot Manager,9875bf0884ed2f18a32cefd749c60406,ecdde500ab2b06dd0c870c1f64d783f2cbd095dd,cef75d1da8e991ac96d36f8a14562849207f9dd50fc63028ba83277d5c27d00b,TRUE,bootmgfw.efi
+ae22fd08-2ecd-43b7-a5c7-3b857e0e3b71,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,20E870697471F16EAC55A9658212F83A7E443CDB3844C7D1901B4D4271828F7D,,,,,,,1F179186EFDF5EF2DE018245BA0EAE8134868601BA0D35FF3D9865C1537CED93,TRUE,ae22fd08-2ecd-43b7-a5c7-3b857e0e3b71
+35c8a2f7-287d-4251-a949-d1ad45040784,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",0887bbb1fff22018d425b56dfb642db7,db9c3757f8f341bd6be92611fbbfb3ca8bc80d6f,e352109145416e3b61dcf5e09492d24410828121e7d74c08ce0d3157b45a0831,,,,,93858168a4a5a02e0446ee0c003ecdf1,096dbcb4f3baa2a21cd0e267052430ccd175593a,badff5e4f0fea711701ca8fb22e4c43821e31e210cf52d1d4f74dd50f1d039bc,TRUE,BOOTx64.EFI
+663a9b38-509f-4a27-b2b8-13801ce4ee89,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,3E8EE29691F1F22F5B46C301EDFE411821D466E7A39672A416E387060A0EEFE0,,,,,,,B2BEAECAC1BDE409F82933D80FA3BF5FA0D1FF8D1F97E5260BB25C0FBBA35CA7,TRUE,bootmgfw.efi
+298f4996-3321-455a-bce2-919c3a73da65,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,7AFFFCAF48E9289AA0C44566C53EC0A311BF3E2ABF351E0122C685FD568D97B1,,,,,,,7836465BDFFAE768EFAEDCBAA8B5787BAF51B2792A020E80E341A3F824FF82CA,TRUE,bootmgfw.efi
+4a9f5a2f-87ca-4a7e-9a16-15d7e8a44c14,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",e2f5112aec3a2bdc5f267c18f8a6c071,513e0049089f66a29eb06adef56eb24f1689c24d,c643c3cc182443893728101f5303aaa05b08ec8616310546edc903635c692b5e,,,Microsoft Corporation,Boot Manager,a114f82ee953917e2718ad7f4765ab20,5c145f3f55a53c1db47c568cd76eff5b0092e95b,f0b3d0d4c5457880e2d9b7728eb64bd288b5d4a26ec883f3c0941d8af29d9466,TRUE,bootmgfw.efi
+9a8ab464-2a24-4329-ba2f-e9eaeb2edb90,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,98799E6AD44F2AFF3D3D7B66E482B2F4DE4438F5752D932D12C97FF56FA1942B,,,,,,,E37FF3FC0EFF20BFC1C060A4BF56885E1EFD55A8E9CE3C5F4869444CACFFAD0B,TRUE,shim-0.9+1474479173.6c180c6-0ubuntu1/shim
+934f9364-3471-415f-a502-036969a78958,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,F51C64E1690E8FADAE2C55EDE85377D6680C337DABCFC01FF6CF37D8D87892BA,,,,,,,0E44212BADF40D6B8DE3311E632045370588E0B23B7A480EB5DC10DB65D1B4B3,TRUE,bootmgfw.efi
+32544796-1bfd-476b-a4f6-8fccc5a593a3,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",f66d8bc26d38b7faaa1fbd4c4fdda3ff,7098af963c0223858f2fa56cc226ee27048f35d3,e443176d6a0621e65cadde51f4019ec7fb25e91fa87cbb6cbaf09d94e9e49918,,,Microsoft Corporation,Boot Manager,8cbc20535be05799179c23fb8354b9d3,458cad1c4b11da8201ca12a6ed0f50ec81261e1e,61535caa144761fc48cc9d7a835dfaf020b569edfc7fa628f983d58a3ac25f2a,TRUE,bootmgfw.efi
+c900de9c-b4b1-40b1-b106-db0845396462,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,C2405153F56A12F727853FD55BC9C99B81937B42A1A0BC585310DA45D35A3FAD,,,,,,,A608A87F51BDF7532B4B80FA95EADFDF1BF8B0CBB58A7D3939C9F11C12E71C85,TRUE,rhel-7.9-20200909-shim64-bit.efi
+b1ed132f-d99d-4616-9fa6-56b6e8e814f6,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",7e05f116825f8e60072443b813e6192e,c9bda70cc887ceb1c4552319df909c8bca331b58,09f2e41661cbbd714d22986fbb36a2b5764a5544c85f9875d227f6a26e1c8c8b,,,,,1e31b54463f12e9af1098295a74b4866,7bc2c8f3a922fda1f6b16dd09425006a4715f7ee,66d0803e2550d9e790829ae1b5f81547cc9bfbe69b51817068ecb5dabb7a89fc,TRUE,Bootx64.efi
+a8267643-bd8f-42e9-851a-86b986973758,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,AD1A9C1667E89214EE947D6B40D61BFFB7EA942ABCCE85319520CC3DE301FA1B,,,,,,,8EC2540CEDDD592E616AF4386DA9EAF76855EF0A792E26FC149B32E951D76C85,TRUE,a8267643-bd8f-42e9-851a-86b986973758
+b03177a4-54ec-4449-b30d-f197e75b8b3e,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",eaaa74b1ac8f59f8610a8e898de54cf6,82d315d856cf1a43ff8d22192638c8f416be591f,aa6f27b8b2ca5826f497362042c003b5e1d7ca22383d82730fbc5c45e048d839,,,,,1adb4d9d5d5c38a654581d03699efb51,120f24f0e7bfbbe0e0419060b1489921d9fd3fe5,56fb79aab26ee9d0e0ca372fb86a8bb459acbc505d0ab35e6a632a3d5f88dcb3,TRUE,bootia32.efi
+94ba0558-c5b6-4f9f-b1fc-598e7448bf13,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,196243A87389B47FC9033AF3884F3FF0A5C891D80E22C82D2ECD5B9A3434186E,,,,,,,CF7F9E7D091023A1A1C3F5CBF7DDACF7B18F03A4D07961F71506FE9DF4388EEE,TRUE,bootx64.efi
+9470ea71-b7e9-4e8e-ae73-a4b5fe32bc04,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",bc5372019b75e9e8257a83a86bd0b33d,99cd0326b914b5f6ea53cb2280d9a455bb68d70b,8310f47ba34eb1aca146a5bdb8b59138173e659fbeb57a4c89355d8c54930b6b,,,,,45e4a006c19fa21bbbec494e6d51c63c,ceca75b14c16bc19a9aafc883fcb081554f563e4,56b3da7259eb1bec44199a7ebf74c6fe912c8fe9bf4a20a7610c5e9bc0b601cd,TRUE,9470ea71-b7e9-4e8e-ae73-a4b5fe32bc04
+81f3828a-1a59-4fc2-a34e-d1f297f0f719,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,CF960A60921EF186A0A511BECC06B264407111D2AE6875C93496121887318EDE,,,,,,,32D4BA3A03D1F2B6BC80D011C0FA107747B7B573FE96AAFFF21735ECF562D337,TRUE,bootia32.efi
+406a9495-809e-4065-8c57-b6aa66dc4029,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,B6FDF73C4B54F57935671B1C6F03FF5F104F8092C72574C2DF2C6FFB1E5F2E61,,,,,,,0CA5E602468258B0685A2B2B7F028B977354602A82ADA86C9919FC472AE4CA40,TRUE,bootmgfw.efi
+989b4dda-91c9-4903-9027-6ff3e74738b2,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,87150D354E809EE266FC005B1DECA64F70A72B9505AD79062D337EEF012CA896,,,,,,,DAF87006F2653909E39A52B7ECB234484E7AC84AC21EB59354C1BAFCDDF08D9C,TRUE,bootarm.efi
+3175132e-f5d7-4d88-b395-ca30351f8c69,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",45a7c3cf799b58b886c0b4c7f6f71d32,52cad42539bc3f27a103e4a9bc0fd51a1b51a265,55a5bb13e3a985e0ab011e69b41704319de0843f9254cf91ed2964c13af345fe,,,Microsoft Corporation,Boot Manager,439f829f38523f2c1e9995474cab6030,71d6ef211cc60fe99eb7f949640dabd36759b36a,a6f13f3bb8132d248591f6762ced6d3a55efd8812db9730449e267cb6447145b,TRUE,bootia32.efi
+c368c62d-85dc-4bc7-8302-09be91700a9f,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,7CEE7E91292E5591BA4597D312BCFE9C0EEB906B18B327B8983BA497F9921BF7,,,,,,,66AA13A0EDC219384D9C425D3927E6ED4A5D1940C5E7CD4DAC88F5770103F2F1,TRUE,c368c62d-85dc-4bc7-8302-09be91700a9f
+469544ed-d70a-42d6-aca2-690d5ebecb4a,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,2B91C0C8C0F156ABC8F85274C1320C038AF0179FE4696260B1011D5361E50AEA,,,,,,,41CCE0FC467609CA368BEDBA45C292F2BE1B622FB9BE0473CF51E7A96EE65652,TRUE,469544ed-d70a-42d6-aca2-690d5ebecb4a
+04eaf4b4-a618-4d2c-8eb1-1e0065c05212,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,EA4EEC2975E4EAED0C5EE6C25C887FC8C7A0298FB613852DEC200DACD2485FD3,,,,,,,A983E73E57BDF014C9A29331290EE87DF37F97C81DBCC43C6C933FE2209C0BD5,TRUE,bootmgfw.efi
+c2d12b91-7e1e-403c-8d76-9664229a68c0,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,101EC6206BC939A389713775B3BDB405E91252FAD75509C54FA1DBBE822F4596,,,,,,,93F5233E9970A7DB1E4C9AA2DE2404636728E7C66C03F2BBE74B18B20A93BA96,TRUE,bootmgfw.efi
+db9487ab-4dc1-4c3d-a04a-70696d63bcc4,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,24357D13D3CFC29A7E83D86A6BB53FC932461B7D0A653701188D7B427C704FB1,,,,,,,D6EE8DB782E36CAFFB4D9F8207900487DE930AABCC1D196FA455FBFD6F37273D,TRUE,rhel-7.9-20200730-shim64-bit.efi
+3a74fd6f-8747-4f47-b44e-fa10af3da555,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,9EA346FCFE6DB7F3140DA8FFD5738F6CF97D6014DA61033B32049CB17696B372,,,,,,,EED7E0EFF2ED559E2A79EE361F9962AF3B1E999131E30BB7FD07546FAE0A7267,TRUE,3a74fd6f-8747-4f47-b44e-fa10af3da555
+1457ea3c-21cc-46d1-adf3-606e98b3938b,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,97BB9FD717C396231E86ECBE5A760D56DBACF4AE8E963D16D724591E45919B65,,,,,,,CC8EEC6EB9212CBF897A5ACE7E8ABEECE1079F1A6DEF0A789591CB1547F1F084,TRUE,1457ea3c-21cc-46d1-adf3-606e98b3938b
+865cadf5-d63e-438b-a8e9-44591fb69d2a,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",f512804db694f319cf51306dd2c2c618,d1bfb94ce4288f7f4e3f27ef22618991485e06ec,3f28c4f2fb32c10e5faed1debf7db6ae8c821bf286ffdb57a5b31fce0730e111,,,Microsoft Corporation,Boot Manager,3c5fa521303c8b5564f3c2ce44596d69,599dbc2acbec93f50c653471403aab7be0b978d1,736afb5df29ec9c88532be9c620ef80901bf23e72f2d3488b757aff17e734ace,TRUE,bootmgfw.efi
+897f5834-55db-41fc-a4ca-9d880ca00ec7,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,FB2F396A01911260D4035CCABF36DB99081DA3F8D98BB40549D7D5E93CE4EAA2,,,,,,,ABEE522892FA10B22208B4D1540184617BC9875C9E03E5353B4FF476577D918B,TRUE,bootmgfw.efi
+d17ff559-85d0-4cc7-9327-516585723ea0,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,B81C6018141EFC89816DA4081BBC1414911125D5184108E47AB01260D84FB9B1,,,,,,,CBCBB8E81F1CFEE4D02D65481080ECDE62528344C5372B09FED4EE3CA1E14330,TRUE,bootmgfw.efi
+b6967d5b-ea2b-4a4b-b24c-63a8eb8dedcd,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,8E5609A57BD66CC153EC2AC60CC10C2E641334C26EA5068C1FD8373A503EF1D7,,,,,,,CC7396D1C306ADFCE49E70D7DAF32D093A8F2FEBE2AC0576BA853770E11B3EF2,TRUE,bootmgfw.efi
+88e2e7f2-0a89-4a66-9f99-1a73ca3a061c,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,DD32DCC6A6E054F4FB518B3F26EE9F41D338AB5EAFFF83F3682E34728EAAECEA,,,,,,,21258FA3877177AC480CB571134BEE7BA1531DDD1274217DFF71BCD618F6C3D5,TRUE,bootmgfw.efi
+4814d421-23eb-4222-8cc1-aab6645981fb,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,103FE82E5F090184D8DB7A48801D1E503E3C6FC0726783E9A49A84F9FFD4C78A,,,,,,,9783B5EE4492E9E891C655F1F48035959DAD453C0E623AF0FE7BF2C0A57885E3,TRUE,4814d421-23eb-4222-8cc1-aab6645981fb
+bf3c5a6b-8fac-470b-a458-c84e7fed7dc7,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,BAE97EFC507382C0BDF7B1E74DBC38C0E31BF65186B7989CD9C7AF29DA27F656,,,,,,,3A4F74BEAFAE2B9383AD8215D233A6CF3D057FB3C7E213E897BEEF4255FAEE9D,TRUE,bf3c5a6b-8fac-470b-a458-c84e7fed7dc7
+a77872f7-4890-473d-887f-bfd93f46641d,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",6514d19c16df6d0d9cf75bba91350dcc,c3f69560b62f619f851df687c0adb2fa35cc0160,3bc9ed257486b68fac5899eaa19732a1340d06c8baf4b0ff53c7f5c052e6470f,,,Microsoft Corporation,Boot Manager,f5eca8462be6c481c75ec3955b47c4f8,45e97d3cfb90ad162fa8f5a14ad8e5b4710a748a,f74947590a87a005023e9ef89cdf0c38d8d582ca4173f8201cebc443ef796790,TRUE,bootmgfw.efi
+285c0ef5-dd8b-4c50-af8f-6ed20f233294,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,FC40897F668AA86E5279CA8FEB62873A06A569742967E0F243F51ED56BDB53CD,,,,,,,4380A43A7B0BE1ACE54A65B3E25ED35F340D6906365821AF139941D5D6E1EA1B,TRUE,bootarm.efi
+a252e6fc-a0e5-46b7-ae78-c11ac44dfecc,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",3827b6fa1f4022001328be9d79e33b18,3b0ef33281ba05d9d9259b1fd44bf5d43e5187a4,3927727eb2435b28d2cf0ce1757e72ce3e92a86362b87120040c744c1c08bce9,,,Microsoft Corporation,Boot Manager,d9a85920d99763cc28d796c77094f958,932efcc1a062376a53c14b3fad8f6bf34b96524f,50871141459a21faba3dbbf63da5aac8863fa3d8a9891f182ed72e3a74b64fdc,TRUE,bootmgfw.efi
+dbbed756-4f18-430e-9a68-6f0054091fa3,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,573D0A8D59DC7FDB0BE784ABE9B51DA9183848B613FF4C96B143D286043B4E43,,,,,,,EA9C72C1CE865E6044ABFF576FD712D4DF3F5114318753EFCFEFED70EE586884,TRUE,bootmgfw.efi
+ae5b655b-a592-4d17-bce2-99ef497e846c,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",5917ac93685b816492c5476071db3871,f039244623179184ac63f73797aee7f926f2132e,6e79e3d0580d244c2fc2179a4f08cb80f945ad33d8c4c325de4e35e0d41584c5,,,,,b6736f2d357c4f0b8d557c3c0c39fb54,4917df76db99a277efdb57da560e145ca3d32d35,e7c20b3ab481ec885501eca5293781d84b5a1ac24f88266b5270e7ecb4aa2538,TRUE,ae5b655b-a592-4d17-bce2-99ef497e846c
+c8d926b0-b5a4-4960-b951-1f4cfffd940e,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",09287aecf07aa294ed7f76f2234270a9,f4de49ab09ad1d3e18ba4eeef481d91cd67a4860,860c16809e3941bebedff0bde99c32aa77379c0be1f6b174d20038a02162d3d5,,,Microsoft Corporation,Boot Manager,2493adfef4cb684c76b9697cf414c95b,d05a293ae6ba3f9d4f03da5027807f2182be4c22,ee0a54e2dd9848d7a209d2c945449a0bac9a46c45e5e033c6982d2924839ac74,TRUE,bootmgfw.efi
+aa02b41c-fdba-4a15-8cd0-721c8ce19b68,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",77164588c1c1207395ca4a64dca19f85,b1d0f26d6c2ada8828889a9208529ce96b6312e4,1e918f170a796b4b0b1400bb9bdae75be1cf86705c2d0fc8fb9dd0c5016b933b,,,,,cf53d0ab33dfb190f34ec0b12fcd54d6,fb0b0ee77baf7de4e8072a79bd48406c63a0bc7c,e9d873cbcede3634e0a4b3644b51e1c8a0a048272992c738513ebc96cd3e3360,TRUE,esdiags.efi
+b3ceecb6-6bb6-43fa-9ab3-8ba2d6647443,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",d407a4d3a9887218394aa73e94ffbde5,d483cd3de769ee4a2bd69c498501e7764656fb75,9d61099de8327efeff7e4aea81d9f3396a2218e6b22e15d05032a765897c0eba,,,,,2ccccbe8e79cfaa23784d56e0edf946f,4dc601eb63e1e8d30e7ed4eede0a757630e66dc5,b3e506340fbf6b5786973393079f24b66ba46507e35e911db0362a2acde97049,TRUE,shim.efi
+4f2db5df-2730-4e9e-aa70-51029d2540d1,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,55A3628537C4FBDA0FA7D27001EB2DFCDC515D8A48649715A31E1D0065A7DA35,,,,,,,2DCF8E8D817023D1E8E1451A3D68D6EC30D9BED94CBCB87F19DDC1CC0116AC1A,TRUE,4f2db5df-2730-4e9e-aa70-51029d2540d1
+10baff75-83cd-4786-ac2b-ade269c71421,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,268CED16B53E3430A28F1713A0D155A68BED89DB264D8D8170EB6BC548C9424B,,,,,,,75E78C197FF91F574735A3A606E56862E9E0B84DF0CF69F7C7F43CBC171AB371,TRUE,bootmgfw.efi
+7cd28475-a974-4b4b-becd-b57b605d2b9e,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",aa8eae148f6ac90c370eb50c88b974e1,2f8b409981580582bfe5fd5e36f8d3e23c061966,a120f42de7b5bfcb55c40afc857b6baf4d1ac60725500c27a5b2942bda970ccf,,,,,831541e64bf58f95339e2e1fbc08b9a8,78d90cb632f7b98b3c39ef79f5a8079654b27e5b,f1b4f6513b0d544a688d13adc291efa8c59f420ca5dcb23e0b5a06fa7e0d083d,TRUE,BOOTX64.EFI
+d9cb5f15-653d-4fdc-aee2-279681f7f91f,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,F06D3E0F031A2FDC63DD2BA2BE7F32E0D432434C3515C2F840D812FFBFA530F6,,,,,,,9954A1A99D55E8B189AB1BCA414B91F6A017191F6C40A86B6F3EF368DD860031,TRUE,d9cb5f15-653d-4fdc-aee2-279681f7f91f
+ad4ed491-2e8d-4c16-9bad-4352f1ce2f67,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,339E7E433DA8002B9FFB9EEB3C768742A93953509FC02BCAF95254228914067F,,,,,,,C875AE8A8DB5441A577172869A4EC6E71DACE7A875F42A2FBBA4B52F293499DE,TRUE,bootmgfw.efi
+98b2c48c-eaa0-48d4-bcbd-4090cffd2fed,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,575D4DF1AFBDD514A6D293234F4493736200E657D0EB9C618CBE18B3AE8EBB3E,,,,,,,F558E04EF99B39A1012E8BC2685728D983C682CF5E6F7E4D335A660283D7C666,TRUE,bootmgfw.efi
+2d38a9bc-5c3e-4871-9e74-a1181a10764d,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",a1b9b882d3990b8465c7010a406ecd99,58d47e6513a61b42d4c1c2a9150cf9fd051ec435,754952ff4187789c0269982d056f6a863409963f46d870c0a8d054e0fe69857b,,,,,c5fe8d0376e90b44fd565015cd7e82c9,a69b510efc63da996aa74d11e49b6748141d2803,903d0d76ada77672c60a4d63be5f6e1b8f247cea9e7d32b6cb26e1a82815d09d,TRUE,Signed_14173467011297444/shimaa64.efi
+2682f970-000c-406a-bf2e-fa4c1ac8bbeb,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,B28C498A7CD61006A32A9EEF404AED4349CA68DC6F2240833BA4EC745D37A1DA,,,,,,,E6C63C984BC754736376564A8F9AB1B7885B9AC2F49F1EC6E4053049D26F78F9,TRUE,bootmgfw.efi
+e9785a5c-1caf-4577-85fa-9a2eadc9bfe9,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,D389EDE1F84051086D30B8C2CFC362797B129854DF1313CA474F83A143F55D11,,,,,,,788383A4C733BB87D2BF51673DC73E92DF15AB7D51DC715627AE77686D8D23BC,TRUE,e9785a5c-1caf-4577-85fa-9a2eadc9bfe9
+312efde5-1d57-4845-860d-cecb9a1af677,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,0EC7C340AE2DAA6D5F7B261BB64A5E7E2351073FC5B893E07D03595DEE28F544,,,,,,,26ACA3C927095772FA26A4D63680597130AD161EEE8CBCE34B59E10C6167E92A,TRUE,bootarm.efi
+8e051211-3998-46bf-abf0-cfba6699c4f1,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,07058C9BBCCB99D58FC93EBE2C007CFE28E1BF74E51954584AA3D3CA06689FBA,,,,,,,CF13A243C1CD2E3C8CEB7E70100387CECBFB830525BBF9D0B70C79ADF3E84128,TRUE,8e051211-3998-46bf-abf0-cfba6699c4f1
+46412487-6c24-4809-8b77-f2165d5a8395,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,DEB3FC384826610AD277DDD592F6CA8FA9D00E56457724D470DAAC32962532F9,,,,,,,2E6921DC970AAC433DE9AE4ED66B2681A4CD2BE649D2EE9A561871C335E8B1B7,TRUE,bootmgfw.efi
+0cb9b7da-f228-4e4b-a07c-06346f0d2e47,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,459728935C400CBED125A0AA12D0E618CCB6F4FDE3194BB2D06A511DAA335350,,,,,,,B9B20E933E2B6C33C9FF088E224D802028F29A4CEBE50AB5D746027911A454FF,TRUE,0cb9b7da-f228-4e4b-a07c-06346f0d2e47
+4885e5bd-31eb-4f63-af7f-efff02e753ee,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,53E9CF33ED9379862E5A5424E0C3FBE6D81D0D622368F773C81658F408A642E3,,,,,,,92F858F6A02BD2014618B05D7759E34E7781B15C34C8814BA4C930B320F8DB09,TRUE,bootmgfw.efi
+8e8db009-ddf8-4196-ac2a-99c9a0e6d9fb,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",9ea079774ed23df340ecc523ddf68045,34e4cbad02d8dd38e88bc3ab0b2dc47e91b9c02f,71083eb4f247ac78f52aa09f81054396a0dac1064e1191b5b56a43a6976c5c74,,,Microsoft Corporation,Boot Manager,6159052617b8251fa73b9137546992ca,d9196a975de3cb5f3fbed654aef1a7d87801fffc,cc202e8f2753ec75c9eeaac65c9d39eea6faed570664e930e3815976cd332d91,TRUE,bootx64.efi
+e081d394-fa4c-46c9-8a1c-c8790790aa3c,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,84A6C5F6C7AC07F1CC405F7B53B69BFF17BE0E4B9A428C21D39DCE0CDD4EF16B,,,,,,,91656AA4EF493B3824A0B7263248E4E2D657A5C8488D880CB65B01730932FB53,TRUE,e081d394-fa4c-46c9-8a1c-c8790790aa3c
+a3bbd629-976b-4804-b5ea-2e62ee592092,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",ca747f0a7e1bcbc51cf4f9cd2a17f9a5,41686992e3e8fc975674d5134909975b66b54a38,777adc7e8a3e1422b3fc9c10ce31e996c057fe801a5292f0902bd5c5365e7287,,,,,370b63db6afc64b05feadcbffb223da4,e9449d88a4154e0d1bfda7986c089f743b00e9ed,95049f0e4137c790b0d2767195e56f73807d123adcf8f6e7bf2d4d991d305f89,TRUE,bootx64.efi
+bbd79406-168c-449a-8206-9927288fefd4,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,F64F70D1D3AD35BEC25526472C51765BEB40AAF72CA8EC1242E046F62C18C11E,,,,,,,B3EAFDEB6E2809BD72730E4FC7896B9D94543CA360E9629B63C039FF91274BEB,TRUE,bootmgfw.efi
+dabe9a66-0446-43a1-b9bc-fe279702a5ab,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",24a7545dc37bc7d366b05c68752af476,63006031749d3e2d445fd952c8da201181b90593,6b6e59284750fc0e6fac4d6c2a46100e9b0dde54e000b7327edd4a4dced9e9a0,,,,,5ebf16973c90bb7a23fb44504d80f390,ccb632ec30624e6860fe361920b83d1739d9db1a,4b8668a5d465bcdd9000aa8dfcff42044fcbd0aece32fc7011a83e9160e89f09,TRUE,bootx64.efi
+b0db7258-fe95-4712-ae0f-fe258342295b,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,862EF2D92E8E0DF128007AEF6F9E4D6A6D0DE3C656A4D72D1A19A18068C23508,,,,,,,F31FD461C5E99510403FC97C1DA2D8A9CBE270597D32BADF8FD66B77495F8D94,TRUE,b0db7258-fe95-4712-ae0f-fe258342295b
+44560d47-de27-4691-bee4-6306bc160643,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,7391D51035BE75620EE4F0F597DF65F54D3518A7CFB74276D7A778AAF7B39477,,,,,,,8810B37003E7CDDA026663968AA9E1B9CCCC96EED98528CF5A975BDE7B8084B7,TRUE,bootarm.efi
+5d92da13-8976-4b19-871d-a9266e342121,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,A84526FB39B09F95A0A1CABE23D34CC28FA554242405EB653D6EAB8669B3C1BC,,,,,,,19F4C7030AD74035F5BC07ACE285BD7538F231D25787755D72071EDE879C6978,TRUE,bootmgfw.efi
+7c6d9a9a-0ec1-43b7-8e1f-053fb98e9fbf,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",a442859fd33fbf61ed0ea28bbf33bdbb,a1aee57f1fd4a6768950f74dfb2e2a97853d4733,c9f47991e981394076050cb8b5cddfcbf9fb01b6d7272b9079082e20e4875cc8,,,Microsoft Corporation,Boot Manager,9dc081d5f69234c2bbe8fbf881510703,99c709c98c1d9548ab82b298f47782597c767601,915009d1cf9d68b9e53064de82d4b70b58d2f014a03805cc406427d323d9fc35,TRUE,bootmgfw.efi
+3d65bba8-925b-4fcc-849e-ddfc0bdf1c49,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,C655C36EA5160603D4134B038D732604394031E177D1C32CFD582CCE0C037887,,,,,,,DC7CC8D1DC11E304ABDF6E6227838F35B223B780F030DE7B341E88A3F6A361B4,TRUE,bootmgfw.efi
+ae979b6b-32b7-42cd-b835-09215a457c01,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,561694642D87969C00583ED6C4BB6C41527DFF7164A079035E8C8B905A5E4B62,,,,,,,C42D11C70CCF5E8CF3FB91FDF21D884021AD836CA68ADF2CBB7995C10BF588D4,TRUE,ae979b6b-32b7-42cd-b835-09215a457c01
+c8bbda28-7392-4588-a899-755c58de432b,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",8712d45e1ae024cb45067ad5918e12da,a6aa33d40dacfcc964b01a5c18d26829d362fbce,702a10fa1541869f455143ed00425e4e9b2d533c3b639259bde6aac97eca15ed,,,,,15d38ac115b29438f9f82509f78c340a,c017bdf23c9fae3f7c66a28aaefa4ce95d174a71,1db183cf5655b2dd0ce9508273b339146c3b7dcdec0d0ac3c180c953083faf18,TRUE,shim-0.4-0ubuntu4/shim64-bit.efi
+1d193967-c24f-46c5-83ae-4bf1d5ea80ca,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,9C4A74D11888FA41A0341EE6F0B75DB69C34827851755F46506A6C0ED96CEC8D,,,,,,,23A0F1DE04EF678E621A449040CF519DDC3679FE54C9E2E0897DFE2C80D3DC26,TRUE,bootmgfw.efi
+25356276-9f23-4044-a512-863c5b3180df,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,96520E78051325998A6D82FFFEE0366F85289E6D8834D1F3DA9082C6EE146D26,,,,,,,B93F0699598F8B20FA0DACC12CFCFC1F2568793F6E779E04795E6D7C22530F75,TRUE,25356276-9f23-4044-a512-863c5b3180df
+b7909152-9a87-4045-9aca-ae18890b2b71,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,41607556B9A25F6F3AB73331589519553F83D2CB3629FB3E729303898D173023,,,,,,,3B7696DF627ADE30BB15BDC5CE3F3C27240C973353E8551E7B036C90D01280C9,TRUE,bootmgfw.efi
+9164d869-3953-40eb-91e4-26a837e3aacc,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",c6697cdbcf51cc54053438e644243327,056c3b1ab4f9b248ffc5285f299a2653839357f2,1eadf7bf5fde916884a4beb82dd68ba50be05413f00aae8571190a2eaa462640,,,Microsoft Corporation,Boot Manager,e518520c0709c922714f016a9ec3d893,3ef1fcd520f386618b77de8759b40d169b042708,05729029ef940c5e6ee96b3b1253c08783c01329bce2e9951bc22a09223fc15c,TRUE,bootmgfw.efi
+0d33abea-51fd-4453-a8a3-150328e8ce21,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,A121947909D35BB042F0049D18E4EE2B27941E10D14E4D6B1C11945CA79992E6,,,,,,,9ED33F0FBC180BC032F8909CA2C4AB3418EDC33A45A50D2521A3B5876AA3EA2C,TRUE,0d33abea-51fd-4453-a8a3-150328e8ce21
+d1d2f3cc-064e-455c-af50-3bd0d46a06f2,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",d6604f3caaa504ff3aedbade7d87fb97,a8dc3e14fb4ad8d264fdaba4ccbc89d64ee4791d,f025a519dccf1df41951c22c6dc5cafa61e21b117e174b4983b45ccc22c6375f,,,Microsoft Corporation,Boot Manager,889829fb843f0a94ac85fd363af55729,7064b8e79beeb6e7443033f51a17d7973ea424a2,7f292bce8dc97b601ef1ea72bdf7d96a12a87782bb1b1c547f85c55c7b3ff035,TRUE,bootmgfw.efi
+8d43face-8444-4bf2-ac71-c0213d06ef91,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,DA31FE4698AD3D0E30408927BE36C938BF52FA9CB8D46B12F84F5D5EC22DD1C6,,,,,,,495300790E6C9BF2510DABA59DB3D57E9D2B85D7D7640434EC75BAA3851C74E5,TRUE,8d43face-8444-4bf2-ac71-c0213d06ef91
+7cefffba-3701-43ff-96a7-7a66f008805e,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,C443B4E3083BDBF2296A5E0986022520535C01ECC6CA3E0F0F83F3B683672368,,,,,,,50F93402B66127D87B947067E9689DF5B2B36B253833FFE1E6CECA685FAE2D85,TRUE,bootia32.efi
+163602d8-2ce1-4c1a-9101-568c50a6f887,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",c815c638cba6bdc82a6b4f72204ed252,d2e758288883a7b37a46b773ec0ff61c328e8bf7,64604ea91f31b815bd0219d56563b9c2d307fc6c71ecc38d498221e0e0e9c4ad,,,Microsoft Corporation,Boot Manager,0e937bbc24f9343c32c2641a3b728ea8,3c3db26f3be97e13953510a1615c3efd05f10aea,2992068e4f616f2d7253e9d58116a97f22923f4dc1b78a58be4499b982ecf270,TRUE,bootx64.efi
+5ea7cfb0-5f73-4d02-925e-8161b423fa88,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,45A04261C55E72E48C90A5C821C3A519B4A0D9B1A6C3561CE7477AC399D23C5B,,,,,,,A372DA66E15D456DC4200BD3908E0943BA4EAF864F7A35062B6B1704320D090A,TRUE,bootmgfw.efi
+35a53e95-2bf9-43c3-b7ff-c8a176b73a7e,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,641A3F8E77A42F04B0F300399F0FE6545733DB7EE00FA402358723E84BC62741,,,,,,,91D56D765B020B99B7716582E3C380147FF0ACDDF63BB09ACDED0C0249E5CC8C,TRUE,bootarm.efi
+fd70f49d-4efd-4ebb-a889-5dbbcebe33a0,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,8C3A26B5831FF45BC3BCA44C2815951E2DA489A91BBCD295F12DFDBCED9958B9,,,,,,,398995770D21E9F66B90D69D1EDE16C9E58C0634B2F7D26B1F22501DD93FDAE5,TRUE,centos-7.9-shim-20200726-shimia32.efi
+4d2c43e5-7a66-4890-93c7-3f9ce734f78e,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",22534ca115844f647fd2698572201490,7a21dd6f0289ca16c6f2a46cd37a965721f07518,24d6b301a1268ba8b373275981538855205eb0115609800f2b5b95377483b108,,,,,757b01c0eb9ed075c6e93d2fac4b0e4e,948d8090a1f360db50a84f3cab750f95d76044b6,5b248e913d71853d3da5aedd8d9a4bc57a917126573817fb5fcb2d86a2f1c886,TRUE,bootx64.efi
+f4268520-fd18-40df-aecf-b2a6e8dcf27d,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",fbec641d8564e4e48784b2b07dd9c196,7ac5c5314da05d3a6e69e4213b9479a62d6f411b,ee39a9a3fbde8b15ce4ac34519e248ea746a52ae0ae680da5b0c7ef919e583a3,,,,,ba5501c6998594711fe062521d0ba9de,8dc43164d1742fd0e3a9590190ee7116bcfc04a8,96e4509450d380dac362ff8e295589128a1f1ce55885d20d89c27ba2a9d00909,TRUE,bootx64.efi
+7520fd68-dbc4-4182-ab8e-2cc005024183,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,3BA74313087DB77CF93A00E072A2FAE00C0A472DAC5DD6988F9C0993A0769159,,,,,,,4AAC0A9E089DF8E9AC6725E0DFCA3AC11A17747A2E35F43A2B38A58F8AE2A273,TRUE,rhel-8.3-20200917-shimia32.efi
+7662d98a-0476-48dd-b532-8e6142d251ec,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",a168299b9ced4e289f438408b6a047b6,cd0498821da3074abf0b1c44819f1bd2f3a13355,90ea447ccfdcd9771de40de9721d0256d6d8a30d68963e82485c2e92b7eb5257,,,Microsoft Corporation,Boot Manager,e2a3feaa3ac65bd8ceec1f6430f81121,80257f616bfa48d64053b0198af7280152e8243f,8ed8aa03199de7d541ccbb3009a2b1ff575219662d8b23fba7fdff02d80abd29,TRUE,bootmgfw.efi
+ca53fb23-c94b-436c-9066-079bd6480ae7,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,97C24B65A08878AEB0002FC577B717A950C0A20E60EBDFC569637EF57059A2BE,,,,,,,6730C911E6D91009420D202FB6F394568A06AA97E9F33F30C7E92AAA71332D68,TRUE,bootmgfw.efi
+5466b767-bb4f-4044-a72c-1a7aab0d1d4f,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,1EC66D5D99383D9EB6CB553965D6ADEF787ABDDEC162844AF1CC04F24EDBCE08,,,,,,,D084AC3FCD80893B1878653C8BA9B71FB9C53E25843A989EF51A9B44C7EAFCBC,TRUE,bootmgfw.efi
+312c2d35-25a3-454a-a458-a797350273b1,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,AEFCF3C2010344775B306EFA5FA4A9B7630AA95DA5B59C4E96A2524302B51E50,,,,,,,F330F23C09772A64E1478A19CE003FABCA4F52A9431A8C6803019AD532D7DDC8,TRUE,bootmgfw.efi
+8041563b-fe86-4183-9409-a479ef4f9b46,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,5E9D231F7BC2F98E9CBFBE65DA29F7B663A1E84FEE090250BD0976D65DB3FC0A,,,,,,,F5D396FC5AD8B7EAC22652129D56449DC30B6965CE3E41F5D76590E3B1ECFE62,TRUE,cent-8.3-20200730-shimia32.efi
+5cb571f7-050a-40db-a196-9ad7cd8afed6,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,079A26143F5CD9862331F7C1850FFCF2D6E081FCFA8617F6FFA94FA212834DD1,,,,,,,E808A337ED6911EF561C27CABACABF4EA6D6E20FB70F5413B121AC251ABCC10C,TRUE,bootmgfw.efi
+c045cb03-9cfb-4ef9-b058-6734090e1dda,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,34440CB45EB6EC2532EF89D6FCD7D3D9BC2A021677BEBC9D65C47A725A6845D4,,,,,,,8D93D60C691959651476E5DC464BE12A85FA5280B6F524D4A1C3FCC9D048CFAD,TRUE,c045cb03-9cfb-4ef9-b058-6734090e1dda
+ddacf4b0-e6e4-4546-b3bc-f196645266b1,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,39CEDF83BD3417A90588795CDE2BD6BAF7089997FDDB588E552952C179958D84,,,,,,,47F7A5F3821286A9C677F66CFE2A84D5CA94CB6FC1EBE8E1986E91EDD58CBE33,TRUE,bootmgfw.efi
+40f5cc74-badf-47d0-8fd7-021190a05953,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,A7BF87F519397CA73C79AB94079E0E8218661C149713A8A286DBF1079E57B4BE,,,,,,,A5BCFC748DA415BD7F00B669E1237C9898A6D03517CC80B3626F0BE326046B28,TRUE,bootmgfw.efi
+7cb68e8b-c07d-4b76-9af0-0936553f516c,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",92f1d7fd78d0353c62e5dc8e81f558e2,a63dbf2c3b022c5d70c20e674ab8066a2b3290c7,06edb9f17a9007c8b6db6ee2fc240e88e238f06c7c983f987cd9be1b80010d04,,,,,e933dba3a6ab068b91601eb1828cec97,4b496c6b76d4ddafb0e2b3c0fb27f47639005f98,2679650fe341f2cf1ea883460b3556aaaf77a70d6b8dc484c9301d1b746cf7b5,TRUE,BOOTX64.efi
+887e3ac7-c597-4327-86cc-29936e2f8cdb,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,2F1DAE62EA074FD06DBBF620009CB3E65988D15431A061EAAB4D7ED1A97A3689,,,,,,,D14EE5616DC8EC74D695AF08DACC78BBEFAFA7A97A5CFEAB9B961E86CE9EDD37,TRUE,887e3ac7-c597-4327-86cc-29936e2f8cdb
+7b45ea3e-38d4-4bac-aac7-54806c6ffb28,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,3E5206C60B696D3B81696DF457D74881F0188ADFD75404A4C0AA627688975671,,,,,,,3E1A6021B3C6066E94F7F06AD7B29E35B1BD9EE496827A290EFB9BE7A27C5D63,TRUE,bootmgfw.efi
+27c9ba50-5540-4ff3-90eb-8798c48599a1,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,127B01B1F605183BBA4D1A07B7EEFE01BA88203A6CD6686B28F3883F33C0ED42,,,,,,,1CB4DCCAF2C812CFA7B4938E1371FE2B96910FE407216FD95428672D6C7E7316,TRUE,27c9ba50-5540-4ff3-90eb-8798c48599a1
+a74084e3-94b3-4674-99c8-e314f7f6241f,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,957D8826BEE05DFEA66994C237E61BD70CC0115CC176E1D931F1D892C6C16814,,,,,,,367A31E5838831AD2C074647886A6CDFF217E6B1BA910BFF85DC7A87AE9B5E98,TRUE,a74084e3-94b3-4674-99c8-e314f7f6241f
+1456951c-e037-4508-a34f-5a6ff0065521,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",89c04150c5f5b596236e04ccf5ef6a2f,7639a4d8974693df09e8cce6d1e3d0092fa03dcd,e50f1f1e9fb9198e5b094773d1d0068cc1cb1987d06583abaca20adc1f8932a9,,,,,803bade13dfb54c31a1096787d89ab74,1076e1a25c7fe4b65b48570300c506a0317c42bb,03f64a29948a88beffdb035e0b09a7370ccf0cd9ce6bcf8e640c2107318fab87,TRUE,shim.efi
+fb78c0ab-b76a-47b5-b7ef-d64bf38611b4,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,5C39F0E5E0E7FA3BE05090813B13D161ACAF48494FDE6233B452C416D29CDDBE,,,,,,,5C39F0E5E0E7FA3BE05090813B13D161ACAF48494FDE6233B452C416D29CDDBE,TRUE,fb78c0ab-b76a-47b5-b7ef-d64bf38611b4
+9b6deeaf-b8bb-4f8e-a8b6-d174312fcb7f,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,2CAD0B454397089723959FAAFC2DB5388C50DFD5C02319703BABA6F03654561C,,,,,,,172FA584B4EEA5A5D4104FB0AC30EDE032CCD31CD2675D7003D79A2CD0C243E6,TRUE,rhel-7.9-20200730-shimia32.efi
+ac90e9e0-2035-46a5-b3fc-f0670e6d0ddd,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,2B2025F4C880166D94222A95A88FF0A525C361D7B2C8A886B4E4CE6FBDD6520D,,,,,,,A0107A564E93989C57044FD18AA85BEB1258101AC3D9F6E10BF12C1C6573BC2B,TRUE,bootmgfw.efi
+841c43d9-b7a0-40a7-ae7c-fc1affb759af,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,439983268FC8238CB2DC187B033904DBD682929852D846FB69A22DDA1561A422,,,,,,,57E6913AFACC5222BD76CDAF31F8ED88895464255374EF097A82D7F59AD39596,TRUE,841c43d9-b7a0-40a7-ae7c-fc1affb759af
+8b88b928-4717-4a30-832e-dcb3bb15b7a3,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",b1aea18419d0643fb2e4d8f6da2ae461,3085f38227977dce8dac3b29c92b0103e5b5eae8,56f9e50da4817b1de9d9291eb5f2bc63703ca3e6f4a8571bde28cf756e2c80ba,,,,,40b8a117af84ea3225963daf421eccb3,99823dd47cfe71774cb0fcc687fa1da921b6240b,bd882355bf6813cf88ec0b83b6133691100f480381ac06531c3d5909cf1fb626,TRUE,bootia32.efi
+cc9c7842-484d-4427-9ed5-75073efdad17,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,8A73B6E52B27695C72D4776C0BCFA54D30C1340D534D5EEFF8D890377CDFDFAA,,,,,,,362ED31D20B1E00392281231A96F0A0ACFDE02618953E695C9EF2EB0BAC37550,TRUE,cc9c7842-484d-4427-9ed5-75073efdad17
+db57d7a1-5937-4ba9-896e-8fdce1ff2990,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,C79381B9A5D1D2B8A85B6A5B2255923FB2D3A5F500CC00FBBCBF10C6A3A0B40E,,,,,,,332450890F9C8FFF7EC15C53921BF27227AB9EA06B0E1C816D819F8E21CFB55F,TRUE,bootmgfw.efi
+0c015961-2a7d-4fc2-99ca-5cfccf2de27f,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,F50D0AAA4875B0B609D0F796AACB77D582E0246D3FC544F76ADB73B67A156626,,,,,,,4A9B1C438BC8F114BFAA82F5D533DA31CC610C276711422C74A167B8AEED7C82,TRUE,bootarm.efi
+160959a3-8cac-43f9-a0d1-1c108375fb95,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,DBEEA13BD8FC4D613501D8CF564A129A541AEE6FB5AB82CB4A5F448B52FD1C52,,,,,,,266C1429C8DC389481B3814BC3AF8723DB28EECEB0BB026BBBEDA0CC41D36BC3,TRUE,bootmgfw.efi
+b59f1e98-72fb-4ccf-a651-bf9318f14150,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",7661abbf92a68466a3562ec887365e6a,ccdc96497a3d4cb4a616939fbf102e5faa787a9f,4b2bd93b32de4be7235c95c97af98e12bed5f0602b7b428700f9a1348cb2f731,,,,,a130bc7f90388e8f9d885f55fc7a8b8e,b7f9b5a096cd0d524da6296ace355e268cc01a9d,0fa3a29ad05130d7fe5bf4d2596563cded1d874096aacc181069932a2e49519a,TRUE,bootx64.efi
+0dc82e15-40ab-4a65-bfbe-9c8925d3cdbb,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,8DEB88A2435270BD24328760FA6FB5C77BCD5C47F7A0109F15300D644CB9A228,,,,,,,DBB424CB8AD35EE68546092645C4689D6027A97FEDF3C5AF842B9572F1276997,TRUE,bootmgfw.efi
+2e3641bb-5bd7-42d3-8353-481b4593c641,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",89805fbe6421f1d03023514f8fd7215d,f41fb5b7aaf48c05faed3e6622d2e2e70c95d2b7,561d28e0888cdb0a8fce41754742aa8eb1bf5c8dd4eacbf9af0f40e0d36013c2,,,,,2fb83ba40e7c8d9019f48dfa8269bdb8,775705904e0748bc6210e1869f20765a2f1b027b,e24b315a551671483d8b9073b32de11b4de1eb2eab211afd2d9c319ff55e08d0,TRUE,bootx64.efi
+1ab3d6b3-7bd1-477e-8127-a2be4b9a7636,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",9618221803e2befd17607ef2d957442f,1581d6767a70eb0bf596b82592440346eb00cefb,990a4dd8c86392421d680fa039af4e88d1ebdc97f61a73f8347d6b314fe8cd51,,,Microsoft Corporation,Boot Manager,f9c6e874f1efcfe3a046acceb16d86dc,4ef60851f60fb3c04c48a99e582bd5d868e91d75,e8818666b7e014b6e4820afaa84d5a84fa42cb5d2663c848d358b2913274ba21,TRUE,bootx64.efi
+cef00ef9-665c-48ed-9b4c-d383d2846e05,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,494A55C84A5A244292DB7F678D4574C7CC6E58D522F0BE270D68B0F1A41E19D3,,,,,,,7AB5FF84B7B80A432366E3BBCC198ED382C9FD592CD5DD210138D2F9297CC1F6,TRUE,bootarm.efi
+d40485d2-4fea-4d92-99e9-e1531fe4d33a,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,1275826206FEF9AA0A48A60BBC15300B3201F76F45E3CCE3FD0064DE2FC7CC5F,,,,,,,DCCC3CE1C00EE4B0B10487D372A0FA47F5C26F57A359BE7B27801E144EACBAC4,TRUE,d40485d2-4fea-4d92-99e9-e1531fe4d33a
+0e36a4f3-efab-453c-b6db-fe4f613b79d8,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",c9b413ac0a31f9eb0a141e05654d1d52,70f682f3c63a4a1121c3c9afa78934aa2412c049,ac22c4ad2e62a3a8369a311b69e9b3dd558359cb44de8115e6bef2ae5e5e7151,,,Microsoft Corporation,Boot Manager,9e1d88b1165fafcc8d3ba103110c4843,7ae4be62af6bbe64ea43e60462403334b278fff0,f923efa6615ce9a93e5d69963b30adb00f2d2059113f55babc477ba889841f29,TRUE,bootmgfw.efi
+97efcb29-1524-4142-923b-4395a39fe3ee,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,C31524CF5814D19C11611A5E5C27B2071DCB76B7EC6DC2DEC93FF9DE5CE656DE,,,,,,,4185821F6DAB5BA8347B78A22B5F9A0A7570CA5C93A74D478A793D83BAC49805,TRUE,97efcb29-1524-4142-923b-4395a39fe3ee
+43311ee4-a044-4086-9a53-ae01c3ef7f4f,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",8d9e858d7fc95bfcc3690f3bddfac320,0d0e3c0e73f5561985e6a004d8d160be88d64ee7,0b753bd95ae643b2543f501533ca54db34ddc9d20f336358067a7069240a6214,,,Microsoft Corporation,Boot Manager,2da35b95ebf3903dcaf2ec18fcd2c975,9006b56e7af152fae72c7095cf9155515a1c5a97,f8f38c4febe9d8e45e71a459c5bff171755c348d5f619f3c6ef30a3f8fd02bd1,TRUE,bootx64.efi
+f5fabb82-d43d-45ec-b057-5963c46113a0,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,C6C85806905E0B76C25C82A88BFF62B995F49124C55413E74D1DCC3461FE8336,,,,,,,8A305C5FBE7C56F9E3214D7ADB8F176341F4020F234F3C14E52335967A2D365F,TRUE,bootmgfw.efi
+9f95756f-dfcf-48ae-9c0c-8d99f4894e28,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",8000831e91c318757fa911d4c879dc02,d88ac2154cd473d25c41be40bcca918158badf94,59e4fa86b1c3bb7df3cdb79a17ec36af9ad12e153172f6d8e662fcfb9dbb37d5,,,Microsoft Corporation,Boot Manager,2298078eaeda24a91219936dfb897e5b,23760cf7521a929e9bfcaa5591ad186a18f91f87,ce65c29521cd8498fad962e5f70d55c5044366ec09c761a60cc7c4a2001776a4,TRUE,bootmgfw.efi
+8e87c22a-ea23-4f89-bee2-c301e31b4045,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,24AF7036C63F09FEBAB1B84372ECD6151BE32CDC94E80E57F52F7D2C3665FBC4,,,,,,,F8DD2281C67C59A08FDDC9859E9D5FF73802CAD88975242BD11486F13C6DDA6B,TRUE,8e87c22a-ea23-4f89-bee2-c301e31b4045
+495a811b-db1c-41f6-88db-36688933fcec,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,DF224EF3B05794CBCE084C11BAAF3D85F380A5213D9097E400D9FA42FC412933,,,,,,,CB340011AFEB0D74C4A588B36EBAA441961608E8D2FA80DCA8C13872C850796B,TRUE,495a811b-db1c-41f6-88db-36688933fcec
+2f495b21-1d43-43c5-8770-c221121a2e6a,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,6FDB5AB3815A499948DF5ED732EE275FA44CE8313287A33B2875B2A2B1D60021,,,,,,,B7EA2FBD3FEEDA309912B2767BA80DD037813E80FED17CDA79EF7F62B6D1953B,TRUE,bootia32.efi
+4b37df07-e561-4581-977f-6eb984d0afbf,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,BD8020CC80D5F842DDFD5AC110C189707A83E85415EEA3386884ABDCFD7F3135,,,,,,,99D7ADA0D67E5233108DBD76702F4B168087CFC4EC65494D6CA8ABA858FEBADA,TRUE,rhel-7.9-shim-20200726-shim64-bit.efi
+d964e229-7407-4292-88b5-505f8be99d2f,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,17F186C88052B988B4C9B62F8D7F55023AC317C82324DD5A958D05B8A1246F77,,,,,,,9E0D9074F146461F9ACEE7D27F2C7DD8BEE73EB62AC62CF87F03BEE0C4516528,TRUE,d964e229-7407-4292-88b5-505f8be99d2f
+45647cc8-3eeb-483b-97c3-170693cfea9a,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,E8E83E3E343C069277EC4C1E79C5C61D20917E0451B9A980346732EEB7B840C1,,,,,,,A109E71AE3A0376CA0059A421250508EDB2BB624B6517A291F51E249F16B5CE7,TRUE,bootarm.efi
+d457a885-6677-4118-9cf3-05bfc65e1fde,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,E3946218D523E5D20C99A9A5BB22303DDCEF958DE2A978E01AF2F46D2D7A4DDD,,,,,,,B149B29E8211E24827FBE0168D30CB2619CD3365BD6F8173E7A731C5F702DCD9,TRUE,bootmgfw.efi
+cc19dcf6-f6e2-4820-8df0-73abc96a95d8,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,4CADDFE7EB99A666652EBDA685A542612C851C732801AA5B15AB39E826D7C1D7,,,,,,,706B8A820652212D3A5F57303C9CB2B80B9E79DCF2621F29318AF2346419EDFA,TRUE,bootarm.efi
+bf8069da-0ffc-463d-b17c-3e0ee49d0585,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,5C39F0E5E0E7FA3BE05090813B13D161ACAF48494FDE6233B452C416D29CDDBE,,,,,,,C452AB846073DF5ACE25CCA64D6B7A09D906308A1A65EB5240E3C4EBCAA9CC0C,TRUE,bf8069da-0ffc-463d-b17c-3e0ee49d0585
+7e14af6f-c8b8-4c15-a2ef-bc0a2b39e085,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,88B530624B67FAA0C0C1039618958F4DE983A997A6FF762BCCA82B8201194F28,,,,,,,6DBBEAD23E8C860CF8B47F74FBFCA5204DE3E28B881313BB1D1ECCDC4747934E,TRUE,7e14af6f-c8b8-4c15-a2ef-bc0a2b39e085
+9a34a20c-afea-4d1e-9109-fb7354066e06,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,79193EAE46F687D00B90B3EBA361B35802BD42E2891A8A8C286B4C00119F9F94,,,,,,,F33727B54A9908CEC7ED8DB582A1482420FA257B61B559C47343110872ADF7D8,TRUE,bootmgfw.efi
+0f3431ba-2b83-4020-b3ff-32eadbcb7205,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,7384B867C248569C3DB81E82AF35585AB3108858E958750098F9D8298CC9B8F6,,,,,,,9F2B71EC2FECC93E4EDEAE24B32F8857FA36A81A7272DEFD5435D29FA3BF828E,TRUE,bootmgfw.efi
+0fe6f9a2-7b13-4c27-bf9a-412d9acf533f,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,9A02C839424A2DB0C3B98553C179C0583E7B8760C7A061176F76B6970746B8AC,,,,,,,AE1DCA8AAB7C4BDD21C5AA19A323F597BD1850445D76695CB2910CCCB5F163B8,TRUE,bootmgfw.efi
+d20a9d4f-d336-4400-b839-d2334be05e06,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",8273287f52ffff4624121d2926ef9df4,69b368ef62566f9b06db68ab91c736f98d0749b9,599a102b6445fa88392b8c85a31d80ece950624219d846affbfb7131d4bf550b,,,,,9d017c87755ffc16175ff7fa5dcbb175,47263679db883d7ad9adbc93d6a1fbf8095f0133,af79b14064601bc0987d4747af1e914a228c05d622ceda03b7a4f67014fee767,TRUE,Signed_14173467011297444/shim64-bit.efi
+dc63ce55-4d4d-40f7-996d-6fc85f01443f,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,76AC59211DF73F8BC0F1369CE290BFF57AD705CD1EB3B402D19E12FE5FFBD6D6,,,,,,,8FDB0851B7639B3293019BF0A8DBD6B7DD57910AC0CC0224852C3381880F2A45,TRUE,bootmgfw.efi
+da54ae14-5e4d-4280-b91e-4b78d0df036a,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,31DCD37C53CEE49C1241978CB976230EFDA89A83C3E3DBC18EDA92099055026A,,,,,,,23FCD6BF3084CEE6A9F9885E5239230B0ADDE0C870589EE461551D1CA8F4E85B,TRUE,bootmgfw.efi
+5ef6ea24-838e-4df6-b00d-3deb0ec3fa33,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,0692A9566F22F280715080EE24B8FF54ED7372A98BD4994670FCF862035281B5,,,,,,,4667BF250CD7C1A06B8474C613CDB1DF648A7F58736FBF57D05D6F755DAB67F4,TRUE,5ef6ea24-838e-4df6-b00d-3deb0ec3fa33
+b8cfe531-3969-4203-a575-fec35e4880fd,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,D2BF5E584EA2F3844B27CEF320636D1A2CD6BFB023ED65110FF6D0EF09292114,,,,,,,F2A74464235248EA2A41EA0D0256E9CDD24BB6B3E2A6F2FC7E0AADC86EC56CA1,TRUE,bootmgfw.efi
+15ca73cc-0098-429e-8191-5df17cae28aa,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,C2D9AB79B0593235C5EDC3CF77C3A48FCFA740D804A0397B3D9BD9AE9EE516D4,,,,,,,CB7BBABE6E9A118C420BE4294132A88BC494969D95B9884480BD4F68AB94FB2C,TRUE,bootmgfw.efi
+357e4bd3-4bc9-4b94-81a1-3833515e2d4e,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,9A59A2B53C8BBD2E536EADE26F26F3EE61129AB027812922B52C572364465E8C,,,,,,,7FC7196EBBFA0D7947DE66F37158DF23821F156F724FC3CC906F16E8EBFA3E9F,TRUE,bootmgfw.efi
+59b5e207-bca6-4425-b392-2fd0ed44935e,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,610D0A80FD4E876EAD581903B33C96ECC4B8BD7115FC9DF5579B3A25416FDAEF,,,,,,,9BAF4F76D76BF5D6A897BFBD5F429BA14D04E08B48C3EE8D76930A828FFF3891,TRUE,59b5e207-bca6-4425-b392-2fd0ed44935e
+2bfaff34-8a6b-486e-a308-0484d2372727,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",c453084032024e3b2dcd648c9406e760,1316e2b5fb83b29acc00c5050799afb7ccd6b6e2,fb5eebcd4100593a1b2890267037b7701c83f32c284b99908ff1c34d5693bfc2,,,,,1886fd591b86756f2823f157d197be5f,b9d3918f7829cf8308e519448712a95d58eb6ed5,02e6216acaef6401401fa555ecbed940b1a5f2569aed92956137ae58482ef1b7,TRUE,BOOTX64.EFI
+dba882ff-03d1-4cf3-9e9d-9358d6416d79,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,4759E0891A636E1A3D27472C48AF55F27BF5E3CCF474141FEFBBA2AA124AC410,,,,,,,D417C004525C7BB57523836278CEE120FD66147983BA738AAC011E24BE75E6E2,TRUE,bootmgfw.efi
+dd78a9a0-255d-4856-b9be-76b08852303a,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",d984cf8612284adc59b3b73deccb777f,61ce3d65bef674357febe866d4e922373f809219,24558c1cb417b6387e2406c70ff13f5438506e8d7560dd7b226499c872c8076f,,,,,b1e4dc9ee87d701d9aabbb52211a9ba0,ba2a769531f2cb00b2ca9c089f1668c6851b382f,bb1dd16d530008636f232303a7a86f3dff969f848815c0574b12c2d787fec93f,TRUE,BOOTX64.EFI
+0ecce400-dd9c-4291-9502-c8682a4474a4,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,891C44B16ABB7063144BBEF23BC35609FD14BB3FCD8ADFD1E804526AF344EBD4,,,,,,,9F136F152A21885D574519554C7B64C15F014E413CDE6AD160F2091EBA9E6424,TRUE,bootmgfw.efi
+52d2d179-addb-4556-a244-d085e0aefad2,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,EA21E2A1F1779F77C35060CD8690D2E74116C4402DD10B6F8260DB2D00B4A9E5,,,,,,,941A51239ED416A788B5059DD647631B16E506C8F6AD87B1D5F3B8C97199A160,TRUE,bootmgfw.efi
+fec3976c-cd0e-4929-a01d-23c584cf7e00,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",a1a05331029aa3aa0fd396897cb46e8a,5e8fe0458328bfeacd491e1c74857c526f444596,0e5eb8d0bebf089a974bc0ca85d33d73f9a0bf72ed2a5e3a62a0387b51d509ce,,,,,fb9005cf320ed99d82d5b6a98988c576,f4bc99b43ab88f15d2803b5a9de898223a380563,68ee4632c7be1c66c83e89dd93eaee1294159abf45b4c2c72d7dc7499aa2a043,TRUE,bootx64.efi
+29a5f4df-eaf4-468f-94e1-da9ba1b1c20a,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,BC5D2B2C7E7CB051D084484259095B2868CAEC001C09A6FD33302B0AA0DFA7E2,,,,,,,1BCF1611E0CC92C9D46D2A51C7ECF6EC63C562EF759324A1D9151D508A16B7B3,TRUE,bootarm.efi
+33559284-bca8-4af2-917e-d209ee8d15c5,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,A37FF7C979ED0E58633D61D00CDFF45A2488E86C740240C77834C8C8C651CB19,,,,,,,8CB4FDAE88F4F492AC6C87716602366DF1AC84224B85AB2D3949F5AEE79CEFEB,TRUE,bootmgfw.efi
+f57db2b6-025f-43fe-af3a-c50cc2bc1aec,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,2AEC3E859816EFA89AF844D6DD8CCAEA345A851CB23006D3C2928081352BEB25,,,,,,,91971C1497BF8E5BC68439ACC48D63EBB8FAABFD764DCBE82F3BA977CAC8CF6A,TRUE,f57db2b6-025f-43fe-af3a-c50cc2bc1aec
+bbc2661b-25de-4c4b-ac84-367115d44e8c,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,5E189C9D2633F0AC10ECB763A150568925884E29ED684050194D87B883B68B34,,,,,,,7803F12E7E1B7063502EB8E223A9013E2B61125A888B74D61465B51DE53276BA,TRUE,bootarm.efi
+cf486d6a-cb41-4d0b-9258-81a14e76f719,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,89C7492FAA5DFEFFE4F126764CD556A82B53520404636BD50C32405346959016,,,,,,,4B59C6D8E94428C4CBDB0F306FED75B099EA349431F001AA819C3BD0D1600812,TRUE,bootmgfw.efi
+0a9c062b-91a3-44f9-b577-0128708bf124,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",9962f9fb820e5d7f5a31b86b9d164d33,84376651061fc88774ec945b9062c112139c883e,f6208932ed98aa64f5ec0d9f59138d4c1dddbd82437315aac4aa913e5d4f825e,,,Microsoft Corporation,Boot Manager (Test),662458438867c4c20ffa9adb1dbe99da,e407452938d3438b835e875dd8c40785587a6e0b,cfd2a8f23bbce7424f4a6e27def368f17b086ffa226528900fa092736e705ef9,TRUE,bootx64.efi
+058a1317-f391-4baf-86a8-31ea7b01d6e6,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",e8b4de749b80b47640ea86b06f56429f,d79557da8528c045a204a3abf3dcd26b7fb814f3,905c2df524e664759d55a6dad4b62b58220adc59fec3e852964efc2165b0fc0c,,,Microsoft Corporation,Boot Manager,aff88198eaa921bd4c804c7b39833ff4,8c5d802f57367e3f81b341095265c6dbf0774403,459457c48e1b450d8f22858ffb392fca78bb6f4da837862889ab798bdcbdf08f,TRUE,bootmgfw.efi
+44795d05-39b3-4605-a58c-cd20de64f934,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,34776096730EB7B0CAA5415414943E2C31AAA464BB545FBCB8E341E7EBACFAB5,,,,,,,1A74740EBBE6A0E7DD44CC3D8E29F8FCF42B642298A5C5A586D77BE0DB15C2F9,TRUE,bootmgfw.efi
+c2c1c3d4-441d-4ce1-92c9-094411b3bf09,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,E299D3CA4A5A6579E863DD54488B6E804E47B20B75B7E71DC64B47F6403386B5,,,,,,,BFCAA41445F20B54AEA650D03D7C39B77CD82A7A14824DC55AA587C4C0F742A3,TRUE,bootmgfw.efi
+03fbb84a-9153-4d42-aa08-c26fd8260bd1,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,AD215B731A41CBE37CAFEE5280FFC282A8AC23B5E8BA25DFF3D28A6AAE1D2A0D,,,,,,,C3505BF3EC10A51DACE417C76B8BD10939A065D1F34E75B8A3065EE31CC69B96,TRUE,03fbb84a-9153-4d42-aa08-c26fd8260bd1
+2856fed8-45ba-4ef2-8904-8d9c9ecc6cb4,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,E28C1F6E413330EA1DE56643F344702D2962988ED72AC49DC7B33B51B2238537,,,,,,,9EBDA9554AD5BB9E3D5CE700F7C86D4F5B0D782BF1DBF30A6A7234749A5DD517,TRUE,bootmgfw.efi
+8ceef305-f81d-4d24-bb34-2adf41c5b779,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,6A412612692B81C56395EDBC4E4CB189478D15BD7474A01829ECF867C71ED871,,,,,,,BF550C6F826C96461552E665F53A4F275A14838FD64CCF773D194B78CE33E907,TRUE,bootia32.efi
+61dad3bb-db5d-497c-8aca-74ae55991a3b,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",3560dd8322a15d0e23d3747e32a04ebc,5ecee585f6f31b380d65407f6b73dbaf03388624,7c6f0f7062aca9c286fb921917747c8b65ff4a69eb71102b90c1570b4c521fea,,,Microsoft Corporation,Boot Manager,6f065bbb5d76aa5fb79975c9480b9ee6,6dc5e016421e15ec84239bf6a643dabeed536cdc,03df4500273c43189296f09d734977c882a008fc056f43c309b9d2351f31792e,TRUE,bootmgfw.efi
+568b07e2-3499-46e8-928a-843aff3217f5,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",9a3221899f456225679f8e54739100ac,19a0cfa98525d7ac0edc5b0770e5b1e5dcc4a992,fd69741dcd1bc0d9ab8a02c2a7ee8d466a58613562536aa8aab5ea260bbdf9c3,,,Microsoft Corporation,Boot Manager,d70a1a6c6f9861a0e59fdf7f22d78658,50343f4e379f1dfa6364a89d9075f5150ad481f6,7c09d8b90b72b7c2ccf1a413e335c2d1a25d75bb8541f9bc16b4c4e26bda6855,TRUE,bootmgfw.efi
+18b807f0-bafd-4f25-8f7d-e2ff15fb5691,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",c86257e19730c49e2abfbdf19e322c49,6a9e3957a060061c09a674ed338df34af8f23540,f88e92940985413acd440daa20c08df99c54613636826d9d95b898d39c44b19b,,,,,24dca2244a6220a9bb1962697f8aa2f0,2688b0ed81c02678e9884b32b6ef0fd603930cd7,148fe18f715a9fcfe1a444ce0fff7f85869eb422330dc04b314c0f295d6da79e,TRUE,bootmgfw.efi
+47601d49-9a7e-4402-b5e3-69bc03788afc,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,AA4931B170DA278A4A954FEB76CBF7310B657AB9232D1C7A4B6EB628D8A98073,,,,,,,C999EB66393506C8149C35C8A8CE87671895D65167E4B0140B54DA72A92D7C88,TRUE,bootmgfw.efi
+bcd750be-01b1-4b34-b7a5-065af773d063,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,65FFA344151D7347ABD0DEB599086063A503FB6419BE9E4358851F6B6AE96749,,,,,,,A7B788A7849607348C0DE9041989F7D67EC302F0CE8D7FDE5E434801F012B5B1,TRUE,bootmgfw.efi
+54a6f135-0fba-459b-8749-4a0764d690c1,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,8D76482F549D66048611DE6C4E67289E3B0BF051130B546E9A4B98B8DE0C4EA8,,,,,,,0A3C2072EF4FBDBF045E1876E855BB8AD5DD0809F66AD1442239A7D856AD908E,TRUE,bootmgfw.efi
+4e6a6f59-083f-4829-baa5-0c388a9a7634,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,5ED5BD6952F8E520D74AA3001BC587493AFB6D628C0A3BF80875676C63F07B75,,,,,,,6078C0FA37D9D35DADAC7AD90E90A3A95C44985A3D305BD22A5D838ED45491EE,TRUE,bootmgfw.efi
+3b7197b1-fac3-4680-b8a4-b91cc56d984b,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,E012F7C26EC6DE9D336AF7843DE0A4278D6191FA7989DDCAC40A978FD927BB6C,,,,,,,0A620707ACF23A4E6CDC357A1499E14852B605D9EB6186422F57D458E627D6C0,TRUE,bootmgfw.efi
+e774e770-0d9e-40c1-b9e1-ac09484a837f,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,DEA5BD5268B76F56B4091A20C806124DE8054FB07A652CF0E883BBA9A0938DE0,,,,,,,7490AD46B3AEA32DD21C46A7A42FF4183FFAA7C486C75C6438ADF936E512B9A5,TRUE,bootmgfw.efi
+191557da-f224-48bb-b027-94534c5637ae,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,34F107AD8F982B591FB92BCC193BFCDBFF916C720BC69D96A0E9BD22CBA1E84C,,,,,,,800423CEB7E4759621A62C729BABC81F53259D95F76457224AD601542B7B26D4,TRUE,bootmgfw.efi
+2a2e7598-1bd6-4772-a189-6421ab29af37,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,6484A487192E0B44CBD30EB7B3D436A9150D5B5AD271974764366BDC4E8677BB,,,,,,,09F98AA90F85198C0D73F89BA77E87EC6F596C491350FB8F8BBA80A62FBB914B,TRUE,2a2e7598-1bd6-4772-a189-6421ab29af37
+4936b474-694a-4b6d-b023-1c868be1b2ff,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,FDD173678810D9F9F887B428EB260CF42C837EACC41A11E89C08131E262E2C01,,,,,,,5E2BB7BC8B16E0B9DDFF75606668E69D76AF1219C17180EF0A5B9B383F00B995,TRUE,bootmgfw.efi
+9d795efb-5f1e-4db5-920d-97de9ba77753,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",c73ed000259378b96a9c57c588fc6ef0,66fe7992ab4da8a44c7b06a0b958faa9a293014b,a1111555bfde8807746c8af73deceb4bdadc52dee87004e2ad7239c038687985,,,,,2edaa19d0ac13a692d90ab976522966f,8aeae94deaffa792e788dbd6bdd27629f17e3f9d,992d359aa7a5f789d268b94c11b9485a6b1ce64362b0edb4441ccc187c39647b,TRUE,sbs.efi
+c7f3ce1c-9b48-4d6e-b769-4a2869e09bb4,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,642296E7342D651FE2FE547C1F08329777CCD44DC4F11C75FEC1F037A9B4B9B4,,,,,,,F02174BB75BC774DF2D7A63A0B0F7A040C9907399F97F642743DA97DF30104C7,TRUE,bootmgfw.efi
+89393561-f676-4029-a1ca-88a4c4fa03b9,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,8536BA8D9039C5F91752BDC45A7AD2F91FDA2334363850DCEB38FD87DB7632E4,,,,,,,958C0DB651F4E4CCD062446263618C877910E08257EC6D9BCDD8BF1E33134FFB,TRUE,bootmgfw.efi
+aeb357f2-c2cb-42f1-a37c-3f0a2a355346,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",7f0de7a661590f1c33de0b80676e8827,003454b835a5ee7ee200f9cb4e68b071e2b8e69b,d1af02fca7522c8d27e053544b3b653ff2daffcae9c420e460235dacab53f7cd,,,Microsoft Corporation,Boot Manager,caa781731a9d13ac418d97ec2cccb8f1,7ac2da2861fe7b90862a27b63629d8a9ee58d97d,7fddfe06c44dc4302da54577353c18fdbe11b41cb3e6064ec1c116ee102fe080,TRUE,bootmgfw.efi
+990b3c53-97bc-4fd8-a212-e60c6fda898c,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,B97D5B2A7A9E582652CB9A9BDE1BB68EB631C2329168A996BD19CDD1499408BA,,,,,,,1F8A0E13AADE0885A06B5D822BB21D8111664C37691F0D256EBA840277511BCA,TRUE,bootia32.efi
+c54ad511-bb85-42f4-ae87-e476854748b9,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,4B0C9083430D91770BBB629380DB3A2A89DC73BB8DF677725668F727A2C2147C,,,,,,,450EFFC827CA535A79D5C4FF3E1A3F614CA9126B3792F997D38791CA7399320C,TRUE,bootmgfw.efi
+63cbc1a5-3884-4049-ad87-f32f77644986,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",8572a7c437a9bc92225906ce5fc04497,6d2ce22514e2dffca0e31eedd4804280f8c37e4c,cc5c7db3068d99d6271fb38ab15b78c633c92249c4d783db0cdae2b918e97969,,,,,3c80cdb2f0833095f9f77027e2431b0a,21b20549df4909eeb13f64d4641ef60cd5c5a682,48f4584de1c5ec650c25e6c623635ce101bd82617fc400d4150f0aee2355b4ca,TRUE,Signed_13652009334930799/shim64-bit.efi
+fecfe761-f926-4a24-bb10-bf4b8d96750d,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",f2c580ccd60898d4aa2676249d67c171,85fa4266743ebb0262b8c1da8b01d1f26e630404,e6cb6a3dcbd85954e5123759461198af67658aa425a6186ffc9b57b772f9158f,,,,,efca75864e4fa65df7ccf2a5c124a3c5,ad9a72bdb69a17abe85d948e6bbbb89141da2543,0ce02100f67c7ef85f4eed368f02bf7092380a3c23ca91fd7f19430d94b00c19,TRUE,BOOTX64.EFI
+0cbcf08b-1870-478c-bb85-8d12308ec1c2,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,90AA7C82344C06E7657FA919AD2B7395A07F8A1ECA8C159029569BD4467CC7B2,,,,,,,C32E05EEF54D7EAA0DD89FE0F4D1A8D97671FB456F6299047C3192C3E3724BCA,TRUE,bootarm.efi
+a4e64b6f-16b8-43db-af2f-c77daf3f0ca9,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,D84AE3F1BB7B2F2C41B986E473AD424CF6F1D136B4E91AA5F73824737169D820,,,,,,,E39891F48BBCC593B8ED86CE82CE666FC1145B9FCBFD2B07BAD0A89BF4C7BFBF,TRUE,a4e64b6f-16b8-43db-af2f-c77daf3f0ca9
+5891ca2a-61e6-4938-942b-bfcc61dcb929,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,CD4A508F248776D8679ECEDB7BB1AF1752C23FDF66284522B4B36F242471B72C,,,,,,,0021B5B11CEB03402D618134800A36C54E1C4328AD389D50B40EACC1E881DCB5,TRUE,bootarm.efi
+997fb55c-0910-48f0-adf7-33f2e50473c6,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,9A7FA44AE658F9CDED2AA0CC440EAA8134FC1FAFED290ABBC8C45EC670884605,,,,,,,F4D7D6F0D820F749A442DAB0A34D53A71CE47DF51DE07E6723AB848108AD1945,TRUE,bootarm.efi
+e4cbfa0b-8b40-4ac9-b390-a566dbddd873,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,2B7A243AC2248C630A51D73889E4BAA33DA94BD58D63E364A5FEF1A0998B4F5E,,,,,,,70A1450AF2AD395569AD0AFEB1D9C125324EE90AEC39C258880134D4892D51AB,TRUE,e4cbfa0b-8b40-4ac9-b390-a566dbddd873
+b3a8852a-b702-419a-9d1c-4b371a130474,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,5613DD1553044BEF74610BC012D676375588421FF0000B69DCF62D1081451ECE,,,,,,,0928F0408BF725E61D67D87138A8EEBC52962D2847F16E3587163B160E41B6AD,TRUE,b3a8852a-b702-419a-9d1c-4b371a130474
+04cb75f3-e10f-4f9c-9f8f-97d4a310922c,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,0CCD31ED42FF79E74FBA9C064F59F698E3AE9F9E690BE296EA63936E81982000,,,,,,,E36DFC719D2114C2E39AEA88849E2845AB326F6F7FE74E0E539B7E54D81F3631,TRUE,04cb75f3-e10f-4f9c-9f8f-97d4a310922c
+af34038a-8535-46ac-8f63-bdf18bb89563,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,04A779863E698705914958CFCF521450B8D2C9AE321DFE36A2DFDA00AE75ADC1,,,,,,,1D5C15CED73845B7E968BF3ACE52C5C660AA2DA6DDEFF2CE6445A04B885A0F12,TRUE,af34038a-8535-46ac-8f63-bdf18bb89563
+5efb08ce-213c-49be-8c2b-0ae849f64b3c,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",077432d8b1ae0ceea719297360357320,d537e7c393d18329197e079601678b9b476247d3,4e371dd0448f1de869ee087b59ff88d11865463715272bcc6c29b0d5e21dbd82,,,,,9e12eb37ae8b46c4010ec3e1b7201f21,90a6b60c5051a3b00d779c03ac1e07f5df376347,f277af4f9bdc918ae89fa35cc1b34e34984c04ae9765322c3cb049574d36509c,TRUE,bootx64.efi
+57416bf8-a14e-42bb-b668-d424222ffcdd,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,6E90699DC49B40F02790D085E3A1B9CEB2F81D85F55D2054163B3432FB87F59B,,,,,,,6B8EEC829F0373931099F070CBD4E2E1380CD5644201D05D80D86B1E7ED0B08B,TRUE,bootmgfw.efi
+48eb1fa0-a607-4967-8faf-20dc68913367,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,7D092A6101832F2CF3F9DE42C66A9948751B05D3D4005FB9C0E8BDF9B8DAEC6B,,,,,,,82ACBA48D5236CCFF7659AFC14594DEE902BD6082EF1A30A0B9B508628CF34F4,TRUE,48eb1fa0-a607-4967-8faf-20dc68913367
+c748db0c-0a54-4567-a733-2f803c84a914,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,6A7CD85A11D733D1D03A01AAD914A3F22C33AD9590AB27792D2B177E0E51D896,,,,,,,6D174DC1673F7CFB6F1EA75D71739AFDE2B784E214E41AE6F5AA30F622A400C4,TRUE,bootmgfw.efi
+116c526f-a50d-4f84-b577-d52dbbde526b,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,46BA7E327D359A9B108CAFBBF2D7B6B32AA6767C2A3A472B4FFE2587FE376977,,,,,,,0B4908AD33CB2F7E87D3108B74364C5C42FA597807EEAC98DE5EC63F5896CE34,TRUE,bootmgfw.efi
+2b807893-889b-4dd8-99be-ff17aecfb58e,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,73DD7327621AA77D919473F71D3175EFA40F174D3C16060C079CEF169CC51363,,,,,,,7D0B74AE42DF73A0C2C9CA64F6C83813D3D6A5C4B02BC47F566CEDD5682C691A,TRUE,bootarm.efi
+34cf714a-cbf0-4339-afb8-bae3643a4075,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,AA38D5E097A9853A25A1DAA838ED83BC43569DB871FDF24888512A434024A866,,,,,,,FE0E58846C40717FEDE6A1E0D6A0546CBF8B8CF0B82258FC16D05BAB58107D34,TRUE,bootmgfw.efi
+7ca92d66-191e-469f-8320-a1f67a1eaa64,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,AB66D5C1C320900FC15984D7E1D44331411F2339DA9376F3E9BC2A4CB9B06014,,,,,,,DB1E5C6152A28D3EB6B1AFEAAD4974F3654AC6FBBE769D870ABB74EDE632B9E5,TRUE,bootmgfw.efi
+795fbec7-a5f6-4e5d-b2c3-c968bf758e26,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,3166EE4CE65D10105DEEE3A0163E236AC872E2C45652DC1DD78F8CE984463C12,,,,,,,040B3BC339E9B6F9ACD828B88F3482A5C3F64E67E5A714BA1DA8A70453B34AF6,TRUE,shim-sles.efi
+cce60051-3b8f-4752-9e76-a1098bc803b6,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",f38a930c417139cd5ccfe3ff2277b4c7,b304b38b615184a936502bfb705bf254ab41ee32,c4b5797189521611b809720ed9c4734f1dec8a2ee2597781ffe438f652a58ce5,,,,,cf8d4c0a11aef346e68e0187814ac953,51e223e52d59a6e2e4df6614cfa47525722f127d,8c0349d708571ae5aa21c11363482332073297d868f29058916529efc520ef70,TRUE,bootx64.efi
+bca306da-15be-48c3-8a55-3165085410b9,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,AC390194D59EC41A1A01BD96417CFE79E833CD6BBCA820B5FCB35CC3FE99653B,,,,,,,731A31CC36C5A7D7445F9644CE4E850E99CC7962EF6E2DE98721447A1438D805,TRUE,bootarm.efi
+eba694e7-6b97-4fd7-8e20-e26392cad8e7,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,07463549E9B992F78E7E64BD24BCA93754EF3674F5F5D76C4D44F462060DF0B9,,,,,,,86E9384C41F9339D9B0F80B48055D02BE5FF908860F2CEF63359E0D8B7937A27,TRUE,bootarm.efi
+68bce846-d710-4c06-a74c-bdf24a87157b,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",11ca417bc767273a9de7b1355cb2908e,8de2b54c1204ea7491174a94c1a283695952155b,0b16ad93ee38243d72ff0acd790107767b6d7d3563a4ba8edb7a23eec5c8d531,,,Microsoft Corporation,Boot Manager,8bbbe505bcaf280a57c1bbd361585c0d,df47daa733f498b29d1b3daf28724cc400710a63,2b21029fa033526d1dcd9e87ad8893f9b5a08987c3271b8a86716865de53d958,TRUE,bootmgfw.efi
+7c5fa8fd-40fd-437f-a2cd-e21aaa43336f,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,176693F4060E5330AE384BBB5470A0F3C936EC725DAABA81D5DB2B820141D282,,,,,,,633F9806BC96A831CC2C8D521D71E9EBD02180DABA1A50978EF6B72E5034E9EF,TRUE,bootmgfw.efi
+e06e3faf-46e8-4902-9bd7-69b462d292d2,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,3EBB964E2D24C5D0F2E07972A9F143B73161344790E960463BF9C229000848C1,,,,,,,B4938ED2FF001B73EF31E5BBBEBE1D6DBB7D9888A9FBE5251A52A5ED016652CF,TRUE,bootmgfw.efi
+a4e079d3-3919-4c47-84ba-9a7d7d1acbe0,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,D8E8197BB6CB93157BAE6B4E63EFFA60BB49628DEBB6F771F154C229F4205DB3,,,,,,,D372C0D0F4FDC9F52E9E1F23FC56EE72414A17F350D0CEA6C26A35A6C3217A13,TRUE,a4e079d3-3919-4c47-84ba-9a7d7d1acbe0
+84dbe789-ccc2-4988-a6f0-b4c74b74e133,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",86f6426a9b47dc73eb8c8bafbb46799f,c730aa1c864f3b802de8d123b5b883dc9b2ce81b,00550ccee4edfefd7b7fb54864d0aa5df059885e9e79ff80d4fb134b4487c05d,,,Microsoft Corporation,Boot Manager,f0056ccaf2bb46ff7e936a2e371f94b7,56b864169cb1f986f5103c248d6e83caab52154c,065d94b9ea00397a2addb747e1e0978e4de6bf175339778fb9b0760fec3d3b61,TRUE,bootmgfw.efi
+3b5b838e-359b-483e-94e9-a1c1ed3077d6,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,258C72394A0D163E9196A16682D3881E6CB24171EDA78FE026CC9CA9BEBFF22E,,,,,,,40D6CAE02973789080CF4C3A9AD11B5A0A4D8BBA4438AB96E276CC784454DEE7,TRUE,rhel-8.3-20200917-shim64-bit.efi
+b3f78afd-8a4f-444e-8561-b32a5d6015f1,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,C8AA71C72318CA43CBA4302FBAD12B474E7E4ED1B0EDA8A48CD71343A32FF155,,,,,,,CB95A4D2E0E02A5B56D059C9F223C2326753EA8C44D2E3FA6C4486629BE387A9,TRUE,bootx64.efi
+6a65ed03-95af-404a-8ac0-95fa8ac8eb99,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,0CF738DD9BEA4F3BA350C805AE7A59076147080BC46F1D6D6C994382E77F8486,,,,,,,E7D9BDBCC68B5BED590C29B72DCA2B96779B8B68B12A47DED074B8F1B32F8FBE,TRUE,bootmgfw.efi
+f901491e-f41b-4b77-8f9f-f9e5a6f03c8c,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",9c9e2e8f49820dbed91f5cae846bbadb,afc56df60e5ea5a55a1e21f76562d073a56ec46b,8844d9b3aea1568a7ff298e6dc12564c422dafae6510db377454ca6072861dde,,,,,75a7ca7cd2451ad3190c71a38c41ca02,a60d97d18e48c13e38723508639f0600aa6888f9,5bfe928eec15454be29504e8f592a4ce5908afe3284b9eeeb259b25145eea2ab,TRUE,shim-15+1533136590.3beb971-0ubuntu1/shim64-bit.efi
+1387dafb-6dad-48b4-a186-98e52cac74b7,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",36218d733c0afdd2d6dce6f616335a2f,96787a55f640b630ba6277197dbdfd14ecf3b87d,0ed1b0fae1a6e705d1b116d08b7184e0a2ee2a0e6b0c372ce69b40e9ef34579f,,,,,4dcaca83effd9b0a6fd63f766d4ec969,bd9fc7d7672f8c70045b2fc6f9029064f1030763,5890fa227121c76d90ed9e63c87e3a6533eea0f6f0a1a23f1fc445139bc6bcdf,TRUE,HfiPcieGen3
+5f398d53-d42c-4c4c-acc2-b3766bf08b97,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",4a7dcdd069fcdf8d7319ea5e135403fb,f48de3320923666bd1a9690f993a6d83ed420c24,0ac2943abf5ef953b939247b74331fb2c437e405a81dd5569d9cff1d6183d53a,,,,,5b234f54fbe2396c8248e75ee4f691d2,ba379da7ab2c2c99c24e004f4357da5cb6acaa6d,e7681f153121ea1e67f74bbcb0cdc5e502702c1b8cc55fb65d702dfba948b5f4,TRUE,gcdx64.efi
+fa8ffd8e-ef04-4510-bf93-34fe1fadc156,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,E21231BE8A60E9FE94AD0D2202ED01C36E4AFC731A30659B8AC44C22B7377FBD,,,,,,,1510988D3DCCE120F22696A9E87B02E7FAD6367EF4AE8BFD54CDB528A5C48E99,TRUE,bootmgfw.efi
+af2bf5be-c938-4852-a9b2-14ecff96c414,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,D19F5CAC6AA761C1F66C71B9B7A2D44DFF216B97BE10F66180F5E4EF084C9811,,,,,,,13A1F37BEDFB5417B6B737E2A3816C8FD587D74D836914B2B2EDC9FD6CA30E58,TRUE,bootx64.efi
+7489f724-a3b3-435d-b34e-9ca0a94c6ceb,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,707BEEAE9B9CBF0D56AEE48AE398F127D3B52FD37D25B95C561CDA1DB5233C50,,,,,,,9C259FCB301D5FC7397ED5759963E0EF6B36E42057FD73046E6BD08B149F751C,TRUE,7489f724-a3b3-435d-b34e-9ca0a94c6ceb
+11dd8dba-8b90-413b-b2eb-bdb05f573d2b,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",bc78920fd9f058973d63495f36203685,edbde6908eebb8bd3197c1634769213b22e0b1b3,db9643f6d78c6c5bdc29b041660174324639be8b3bc6e247c8c2026e68c4e618,,,Microsoft Corporation,Boot Manager,ddee4ca24adecb29457fd110f5a472ed,c146c31c4634aa1a51fe611ace87a75464c5e199,310949b7fd26af0e2e29e1c902ac198574f096d15836376c8b3ef2dd1fb5f1c5,TRUE,bootmgfw.efi
+57f3ded8-3e38-4146-88ad-92ae83c627d5,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,85C838E95601A4B1CFA64600FC4A16330CB50D575FB2E89ECAA08D6B12B50CDF,,,,,,,C0530BADC4D066D5C4B8B955023E9EFA7FB9337ECB7E1298E7CBA172D8680485,TRUE,bootmgfw.efi
+e12666fa-d6b3-449e-b3c3-18cf7a3d5b69,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,764D5B7F15EF539E0C8685DF62AB7CC7DBA3FCA50A08A8F7643D108A0A7FF757,,,,,,,815D98AEE498CF27FD6648C7E02CFC0A4A88AA73237CBB2352FE38384A72683D,TRUE,bootmgfw.efi
+7a216607-3204-4536-9507-a3beccc529a8,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",87b6d22295a16073d8d456fc574441a8,0c26596b3297d5e5a06f8d3788579edc7895a622,783d088ce72996a064c0da796579475e0aef23c5e6e0e5905c98571bf8620e20,,,Microsoft Corporation,Boot Manager,dd9b5d03a87f0e8ddba5df77f7a98999,a18abd2b659c6d0eb756052a05e463f4c2eab7cd,8ede7732284dab4aa384606ca07be29e72fded094597261a2f6473494a8aca0a,TRUE,bootmgfw.efi
+b089a9fd-d664-400b-b66c-158cd1848428,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,D4D97AEAB61079D3EB0E55794504991DD1BEB0F200315718FFE44BAE89F8F330,,,,,,,81A8B2C9751AEB1FABA7DBDE5EE9691DC0EAEE2A31C38B1491A8146756A6B770,TRUE,b089a9fd-d664-400b-b66c-158cd1848428
+58907c65-5be5-4821-9c87-8d27b5a8840d,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,376E727A97432EE289CE9485988E24C0E20321DDC45443D7916D20D9C8824883,,,,,,,17C2B5B96693CDC2951C89DDE641D14716063F5FC8795CEBC635378B73044E8B,TRUE,bootmgfw.efi
+eff3ed05-f849-4ea0-9f4f-1af40e48c368,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",1feeb7cf14b7809b43c9044ff910afd2,5a9676753387c0f2b6bf9bae87605b78667df8f1,45ec69179be0f20088f10be909fc8b6104f85607db0a556482fee9384eb4d52b,,,,,e5569162d84d9553c5cb32345e717a9e,64a3960e247176d3389e64a2a61a3be0782dde88,e6ed1aaa082e63c15be118462ad2d14cee3bd9cdd81db5c8801b33ade2183d50,TRUE,shim-0.8-0ubuntu2/shim64-bit.efi
+3e375fd6-edc4-48ff-801e-cf5d4fef7d2e,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,10914C967939CA831D9D39B87332A6E8882FE99901DC0E4DE4931CA5A065B9FF,,,,,,,1142A0CC7C9004DFF64C5948484D6A7EC3514E176F5CA6BDEED7A093940B93CC,TRUE,shim64-bit.efi
+cede5464-786a-4472-9b83-cbf540f90d1e,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,E9F55F39797D7ADAA99F2FE4138D413A10539C9663976B055A705A76C6A916D4,,,,,,,D455A3C084DF64CF66DC1D2BAB352C74AAF66035058DF1143EFBDD4298AA4527,TRUE,bootmgfw.efi
+9ae39650-46fc-402d-a4dc-569ce8411039,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",e2be3deb5a33615e127a7b2930bb544a,608df8090d9d8b9aa3ef02b395415edb65d9be6d,7b5dfe4f9e4ee68e3cdd9c91bcae26db334d49ae4c1f9525cecd834de48df110,,,,,fcc5a83e211d451fcb6f8082cc598ea0,20ad14d6ff96fc1dde5df105e0b71cebc77f5b48,e051b788ecbaeda53046c70e6af6058f95222c046157b8c4c1b9c2cfc65f46e5,TRUE,bootx64.efi
+463dc6a9-273b-448d-b189-ec577fc29317,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,C2B1E1BB8F016D310FEA7225EEF9DC6B6F0E33E5C9DD74E9F24835DF6287296E,,,,,,,E9C71B7CD5A4DF0BA48D2CA48E6C468E657257F73F66017DE45E18EE746ED7D5,TRUE,bootmgfw.efi
+d159a67f-5512-4922-bc1e-5c675a73d0cb,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",d0be4e86a7eaa87c849e3e137c3471dd,1ed0450060202cea44d69a503da1b33004a963dc,df4e1cf6eaf602f99849ddb6802bd91fb13cd5c3f9fb420250d8a3d750642efa,,,,,69843fea4e1051a4614a17f5bc8daf97,84958a487eb9b1c6d55883e3c32361132c1fe214,3ece27cbb3ec4438cce523b927c4f05fdc5c593a3766db984c5e437a3ff6a16b,TRUE,BOOTX64.EFI
+146ba6ae-683a-4c91-b076-c267a77bbd47,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,FE924700AC79DC4689ADD5F7C6761E0D60E665A65F9572B43915010881B0BFBC,,,,,,,2B7A7A4DAFC35E49D03CBE7118E6BA4582401E1776B9C18A2597725B05A605F1,TRUE,rhel-7.9-20200909-shimia32.efi
+cfec0cca-c6b7-4327-a2d8-7dca0515e161,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,C1136125F38F6B76285AE4F1A0068F49819CBB5B57F6AB85960640F93FEC21BD,,,,,,,36B7CDB6564C58CB54895B6D2C73F88D2908BCBD693BFD253945BD31E3EE81BC,TRUE,bootmgfw.efi
+dbc9e79d-2655-4892-81fe-830383602432,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,E1DC3EF55626A4CF6DDC425A353208F309271B8A9FDBF8964082FB08DFB7A170,,,,,,,2B2298EAA26B9DC4A4558AE92E7BB0E4F85CF34BF848FDF636C0C11FBEC49897,TRUE,dbc9e79d-2655-4892-81fe-830383602432
+afc98e92-1064-426a-87de-35479bc19474,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,1BBE108A0DA8A6A15221BA576E985B4240AD603D7D967F710428A9CB53B97B0B,,,,,,,F7E4C7FB10755AC534BCDF61AA7FA18539E42E061C247891E9BA42E17290C742,TRUE,shimia32.efi
+23d2d4cc-fb8c-43d8-b736-ae5c4fc3cd96,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,C1B24EBFE119C27A2E5EDD4267EEF37B2CD14FBBD8688DE27E08AF89996DB468,,,,,,,691BA3414E78622581BC519BAF0BCB16FB262D3ABBD8639F3E0ECA2A29F99406,TRUE,bootmgfw.efi
+cab29561-a4b4-4cb1-b6c6-115700991af8,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",16e6180b7edfa353678a459079afa5db,a9874a4b39d64c5116a663883834c2e789b87f99,50484376441815f7f85aa294290a9b6072a6a9e8feae79447c5c4de855c5a3d3,,,,,df444af8d4fa4d4b0bf54cdd266ea4b6,358f886257db7011d5a38b1e1bc7908a302392d5,ad3be589c0474e97de5bb2bf33534948b76bb80376dfdc58b1fed767b5a15bfc,TRUE,BOOTx64.efi
+e1e05cba-138a-4879-84c6-0ab872d03ea5,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",aad10724a4a2b676a69459a61124efec,e41e22000179036196670a70b71dc199f503f803,25933d1597ead1c390abc59433aec7c8f955c588551024c88c6388afbc84ed40,,,Microsoft Corporation,Boot Manager,34dc51ef7732132306a90266b0dcaf95,4f92bc4253c99fb31787f7b1501b0f3af801534a,0328f7dd12b552efa7a9e083730333b85f3f4e83d39387fc531863b422f75cc8,TRUE,bootmgfw.efi
+c348343b-faea-4c60-a0bd-c140a51ca9f0,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,4A62256316FBC805231420BAA4668B26023AE08B1BC7203A71C28905D19C817A,,,,,,,9DEBCA159F7892D56C94614C469CF37C8DA035683B1251FC4E6EC0EF2EEE720E,TRUE,bootmgfw.efi
+b262ea41-bb3c-4682-9a8d-a4e52e495c6c,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",7f5843d48a960315b047e5231470e1b6,a9f1a7c49b57694d6f44de42e7675ccf07e0a57e,81199ecb7a384d04f4e0f5541af731ca6ab0a04f1e2d692b4c386e0f02f15009,,,Microsoft Corporation,Boot Manager,9ac88694e8ed9aee8005b00700994fd1,f1fcc53669caf87c89c1acec550dc9b989d5f4a8,7a0294ba07a2aee3648afc0daf2efd526a5b76349ec906f819c03bc217257638,TRUE,bootmgfw.efi
+c7e48901-5dda-4d9a-b064-9ec8e51efc06,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,0876FD237955DB876744D5AEFBBF0DB3771AA2603233E123B39F4E772FC3B457,,,,,,,6CFDDB6203F254D38A5BCDD4173D51647A487CA70AB21326ACA0A03BB3D2BAC0,TRUE,bootmgfw.efi
+73fc4a00-2d2f-46c4-a597-bd0cc015dfdc,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,690B765C38BE3FBA65B829677D98A67943F92E24E9860EE2A13273F5932B8A0A,,,,,,,BEF7663BE5EA4DBFD8686E24701E036F4C03FB7FCD67A6C566ED94CE09C44470,TRUE,73fc4a00-2d2f-46c4-a597-bd0cc015dfdc
+2cb09869-230c-4114-a4ec-a744b3181282,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",390218e8b12b9b5a8985baf49e163930,d8f34bcb62883019182a69e25f0b71caa3fcabdc,0e99607b20d537497169c506c6893243d3f1bd5960505c1566bd97c0a741adfb,,,,,418f5f26299f7eb90d5659caff5388a3,d076bcca3841b8c400b4ae3317ea65de33782094,9f1863ed5717c394b42ef10a6607b144a65ba11fb6579df94b8eb2f0c4cd60c1,TRUE,BOOTX64.EFI
+e314abb1-31d1-460f-9df0-f437263d9e71,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",c2d60556e72219f9d4dd063a6843aa37,83720b7f32ce09df641395f39a86bc48b3e8a9b8,d809eddc88a14239e8a069fa71f81f3e4af4dc293f7575d71d597c80f8767816,,,,,50588d1cf5701594eefb3eb90f401614,8a6738664c7dd6a99dbbd32c0c43432e9f88c85a,9d00ae4cd47a41c783dc48f342c076c2c16f3413f4d2df50d181ca3bb5ad859d,TRUE,bootx64.efi
+a7cc38fb-91b2-4e2c-a0a9-2a6051c31cb5,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,E785D139C9F008F9135EDFAD44492D11D09B83373ABE74AD45B7CADD25EBB464,,,,,,,8A03960BDEA6A4953AC50A2BBF9317BE228C2EBBC299E1E90CC7C6EB18F43B94,TRUE,bootmgfw.efi
+07ce0c22-0e7a-4f68-91e2-61a9d9cd566f,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,6A86152DF323185DCD535369C94B9226FEB6AAB4479C00A4A916B4E82E4A85FE,,,,,,,65F3C0A01B8402D362B9722E98F75E5E991E6C186E934F7B2B2E6BE6DEC800EC,TRUE,07ce0c22-0e7a-4f68-91e2-61a9d9cd566f
+2297fba2-2316-41a2-93f7-20ea8c9f6b98,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,2674036BC5EE2446739FBBBE21F8480DA23AD5E98A6768754B4C9B9FC37EF2E2,,,,,,,A1A59CC2784246AD693B1DF151454642324E89C898566A59906891F48089ECE9,TRUE,bootaa64.efi
+40519b35-c303-4cb2-aa20-c08545506e08,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",c77a847cc9c46de840d61ec8e3453f29,cba6f1df00f5220288d92686d84ae7e10c950c32,a80b37c9749d6f2c2fdf64922a3142eb0fd63c72fd2989d7e75dcb4be367299a,,,,,b857ca99527ef8704d481f4901948705,e4e5ede245103cde830e02c847c59abeeea32025,a8a3300e33a0a2692839ccba84803c5e742d12501b6d58c46eb87f32017f2cff,TRUE,Signed_14173467011297444/shimia32.efi
+b429b35f-a9c3-4de9-a7be-da2b2c688a02,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,02FF707BE8808663B2CC33286630839DD7B14AC8E2340F4661870B18A9621D9D,,,,,,,B420509D0D69B294633FD7AE2C36B2B549D45A6A863EF16843A1116A11127F56,TRUE,bootmgfw.efi
+a2e0c2d5-a9f3-43f2-83f0-41235cae223d,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,DEF0CE090F4C6B203C317558D43D015427311475231E8CE9B2E00AC0C18D3922,,,,,,,2629AE14B467DA5DF8E9EB6F1ADC1A9F50A78DBC3C246271C8530D0D35997A4C,TRUE,rhel-7.9-shim-20200726-shimia32.efi
+73fcc470-7c81-4385-8c78-933467e404cf,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,35F731A87345B78EAC85100D339ED77CE83B7DF6151B401B446A79D9FEBCD36D,,,,,,,DE7F766E4454DA118A6C42BEE476C4BB66F660BFDB88DB572C4621C43EC1836E,TRUE,bootmgfw.efi
+aa7f07a3-cedd-4752-b1fd-0e8043dd54e6,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,7C783057C245A34DFF5A9497C3CD4181FC80D06439884E12AD5D67A4F5266CD6,,,,,,,97A8C5BA11D61FEFBB5D6A05DA4E15BA472DC4C6CD4972FC1A035DE321342FE4,TRUE,aa7f07a3-cedd-4752-b1fd-0e8043dd54e6
+d0acb6e2-2647-424d-b438-eff9f1b605fd,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,1B9A8D23FFC211EFF6F12D17037EB076EA46562DEC937F44CC49D4AF1C119BA0,,,,,,,1B9A8D23FFC211EFF6F12D17037EB076EA46562DEC937F44CC49D4AF1C119BA0,TRUE,bootmgfw.efi
+c4189bae-54f2-4fe5-8978-dc3e1ddc20ee,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,9E5773C34073B8473BD1EBC9D4D50780A7CDF9EB767750107D4B0F45BC8EABE8,,,,,,,78B4EDCAABC8D9093E20E217802CAEB4F09E23A3394C4ACC6E87E8F35395310F,TRUE,c4189bae-54f2-4fe5-8978-dc3e1ddc20ee
+09476ffd-a0fd-4510-9e36-a20727c16b8c,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,A97E2E39DA89F16E0AFB9CF3A213205ED00BF2200A573812B5C5F56FDB8B2402,,,,,,,5AAFC9F5F98DB75F8519D8652924932939760F00DF8827FA2A6E36DB265F21F8,TRUE,bootmgfw.efi
+d569f749-c5fe-42ff-b6f9-8966a14d06af,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",9caa5988ee5678dad93374ef1f4fd184,7b09d0dd2b0e37d91ee548a205ba53f8d5b02c7b,79baff384ed507030cbe328a3d6c04d13e77932f08d387f76cf2422fb3b2588b,,,Microsoft Corporation,Boot Manager,a60e4ec04f4225b91e5ba2c607fd84da,164e0544942fc32310285c8e8602244194c860b2,fc736034ebab004776581ce9a6c112106dfddfabb315b1f0a4d0842d67308429,TRUE,bootmgfw.efi
+275664b6-bb50-43c5-9d04-b100ea9fe56b,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",a7077726554ee791e5a4b6e20ba8d557,6d3c3476f38f447586c8fc347dd545ebf3b83a15,3fda721bc5007eab23af6e0c56a6942a7925a858f0d801fbb21011ccf758893b,,,Microsoft Corporation,Boot Manager,0a0000705bbb68e7e712da6d3e638b2c,af2f6de1a213564cfcef1588b157a5ea52ee54da,f1cad3ac005b57d6e22ea57b9ebe1ee9e5052bdda499f5f2c1364317de87a794,TRUE,bootmgfw.efi
+e0432a67-4ec8-4281-b4c1-a800e1b615be,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,84897E4405319DAB2822D63147F3DA90AC2A436A7D24EC5DD91B277AB6528FAB,,,,,,,6A16ADA3FE0C5468F0A43FB2F597A42F3DA3218C88EE819BF799110CF7A79B6C,TRUE,bootia32.efi
+465c1250-966d-4d32-b168-3b2c614e17f2,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",1bdc36814a6f20464e94616f0d98a521,093660339cf8e3fc1d8a80855e4f3a72e9a92f30,17864e719e9c61d84e29a3cedf2b63aeaecfc10867211efc3077dd216b0a4965,,,,,2f0397316df4c2f34530fa28716256ae,0c4ed758c59239c84740373a3a1da56d5d4b400b,dd8f3f048db46f3983348d35cd77d121f56d856cf33234857073e25a7f450b2c,TRUE,shim-0.7-0ubuntu4/shim64-bit.efi
+e0a4512e-03fa-4db8-b7e0-8c8eb6f2bc8a,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,7C2FDA323F09B9BE6269BA979A620438413EBA4A93B2BA34F9B39998268AD9CD,,,,,,,37A480374DAF6202CE790C318A2BB8AA3797311261160A8E30558B7DEA78C7A6,TRUE,e0a4512e-03fa-4db8-b7e0-8c8eb6f2bc8a
+d69993da-b588-4dcf-aea1-5d11d9ca4dd7,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,271A4B174838286F6D4BB9FCE91A47FBC87B28BE586744BD42CD82CEF4600B72,,,,,,,FB0BBC256AEA5CF93DA99CF26481CC42F4E7BA6B32DB63B827620807E79E805C,TRUE,bootmgfw.efi
+5b0c97fd-1a72-4f30-af67-1f398fef3675,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,37CAA54424C152D84DE63C288DF7CE27BA97B8671CF27DE4101066EEAE8BE90C,,,,,,,F3D38950A3CACF61C94DB9153576194E953B5785637159B3AA6F1E923220EAD4,TRUE,bootmgfw.efi
+cd328e2d-3b59-4c94-a0e0-60b7f793db09,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,D6D10836B79E28ACE9E2BEC7EF9B67DC736ED6C1C8EA24D395DDAAF05B76CEBD,,,,,,,13DBA28447FDBE3C8A24FEE3EB88638CE1D8F97CD4925056C0AD0E91CA51237D,TRUE,bootmgfw.efi
+f4e945a8-aa6f-48dc-822c-ff44ce513b70,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,561EEF7131FFB079F75F6EC3E5738354A3C0EEB204863E7A4018B6409B7D26D0,,,,,,,D4241190CD5A369D8C344C660E24F3027FB8E7064FAB33770E93FA765FFB152E,TRUE,shim-0~20120906.bcd0a4e8-0ubuntu3/shim64-bit.efi
+70316201-97eb-4739-a72b-abdcd208e20b,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,EFA5CA12CFC70DEA81EB71088B4BDBD44D5B45A8F8D81B7DB243D6A03A7F11C4,,,,,,,5EB2C76843B253ACBCECBB84767697128F000C18358C78C5BAF135A5996C037F,TRUE,bootmgfw.efi
+e121cfa2-ee0c-4c6d-9b1a-1f48ce500b81,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",07349cf7c406343bb9a9a9d9eec50790,12f8b7152bf718ee95d9d9a8ebd50c1a8fbb9621,ef43b4b4a755494b10b7431527aead697feab6fa48cf4684cca4fb5b8cd09035,,,,,96c7007a1ef6ec8ae43756e1e3bf9807,9574b0676b8540628d0db2f89a8d8bb7b43d863b,5c5805196a85e93789457017d4f9eb6828b97c41cb9ba6d3dc1fcc115f527a55,TRUE,bootx64.efi
+4750d526-693a-4831-991f-4ace2cbe92ad,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,D764AC6251FD2641EEBBFBF7A5A95E212DF5997875990D90562CA65D5D966BAE,,,,,,,0D85DAAA481B1BE84320E12B5078794DA29628ACB43B69C8909D291BB995CA72,TRUE,4750d526-693a-4831-991f-4ace2cbe92ad
+96d26340-d5ec-43a8-b1e7-068f46a2aeaa,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,A739C0624B7608F40645D417E79CE0B22FA568D885ACEBE51949F268565098B4,,,,,,,65B2E7CC18D903C331DF1152DF73CA0DC932D29F17997481C56F3087B2DD3147,TRUE,96d26340-d5ec-43a8-b1e7-068f46a2aeaa
+c818cbe0-bc64-4557-a266-570214ebaaa8,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,57B017C3A6AC4676B1852E407297158D1D471373DC299CF557832D9E3F13577A,,,,,,,8055EDEEB18561927DD5956BE9070C4503FEC783AA96F166F5F93FDBC3C2AB43,TRUE,bootmgfw.efi
+0f4b6460-f81b-4770-8dfb-55224983a557,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,8516257431A250296A10F82A4795F9CF68E5C185CEAA2F6F77CA0942CBE0C999,,,,,,,B8D6B5E7857B45830E017C7BE3D856ADEB97C7290EB0665A3D473A4BEB51DCF3,TRUE,0f4b6460-f81b-4770-8dfb-55224983a557
+064e9fe7-c5dc-4858-9006-e9b1e0e3001b,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,AECD34387179AFF5CE02103679312CDEB1DA835015A8548FCE93765E7219612E,,,,,,,F2A16D35B554694187A70D40CA682959F4F35C2CE0EAB8FD64F7AC2AB9F5C24A,TRUE,064e9fe7-c5dc-4858-9006-e9b1e0e3001b
+e9402a67-21ec-4fdb-b0a3-7f1700f1ede7,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",670eb63cbc05c4a4fa62f3c63d5b5f0a,4c53e7cd05e537f0f730ed2b079200c7e1543a72,132d59d83c29be7351d35c44b846dfc3f37b3c62bc40eac6aec3fd68e7cfcfde,,,Microsoft Corporation,Boot Manager,40b3933716925a99d7457268b098c42e,f2ffc38ed784f8938830012818332db0e4bebfe3,4f94f40c6b4bac7bf219c73dafd0870879f1db10de6c8620f6f1333d7aa5455a,TRUE,bootia32.efi
+3f6b5528-2fd7-427f-967e-e89cd9e77182,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,540CABD0862F121CE200DCEBB6C9D3B209B266F0CD413CEA2385886F965E5062,,,,,,,D860D3DC4D9A412E8FE8036100BDA7637B57A0168CA811781ED4A00815A97E0C,TRUE,bootmgfw.efi
+60aaedd4-4eb0-485b-a534-82645695a185,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,A0946E9C77C27E5E9D19BCEEFE4DC147F97BF1CA7FE12F15280D390BA7A0D67A,,,,,,,4A4873A319A3A3DE35EA325771DFFCBB31EC14550A4E029CF0FEB9CD686B8C92,TRUE,bootmgfw.efi
+bcda745b-c931-494a-bf26-4dfd7c824ee9,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,A09DBE91C9743163A3DC26BB7E51398C751DF7140D5DA4DD6D43B1915FA906EC,,,,,,,324CBE75EF34E09A98C71B186F535F9091A1FF257BEA93DFEAF199EB352CA0F6,TRUE,bootmgfw.efi
+ff057f2b-0bc9-4318-a017-66307880a7c6,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",28196e29d41524919202b6bd1e38f35c,ed2c4554266084506d2e514797b3dfc86a50118a,f4c53c0b054413691ba25a2d162bcde9c9e35b5e706272f70bff96ed5c05a7b8,,,Microsoft Corporation,Boot Manager,4d7e341b788c22d2ffd0a6e8d7c27190,2ab7a9fc3312a502e9178fe76930d65d07480b31,21554d1f3bf9f52d3cd297d27df56215c0fd08a0bf673868f3d8c6c064dc5609,TRUE,bootmgfw.efi
+78f886c7-28cd-4686-ac8f-ee82f3e0fbcb,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,A95666BFAF48FD9C4CAF2F3ED4EB593145C48BD3C93E4B00638088CE7EE962CF,,,,,,,D89A11D16C488DD4FBBC541D4B07FAF8670D660994488FE54B1FBFF2704E4288,TRUE,78f886c7-28cd-4686-ac8f-ee82f3e0fbcb
+0acd4573-d0e2-4f57-8c94-3d6e57a391e7,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,3C6318DC79E5CE66F7DCCC71DF01C4E4ACC53F14D978011A29033D59D43D9233,,,,,,,62B79FB4A04052FCB498A97F22A3567642D4BC47D1C2FF9A06311C8C6148E907,TRUE,shimaa64.efi
+837d8bdc-6458-4eba-87cf-c82a32d1eca6,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,106E99968A816752C4A0F5DF6AEACC0400C688DE35832798029040CDB41E1F09,,,,,,,F254087746FDB5D9D9EAE6DF458485752BEB0FCF295C36D273511B45F7480287,TRUE,bootx64.efi
+c10b8a2d-9bdd-46c5-bbdb-177f88c7794f,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,8CC2B48C79FBF5654B28B7BEEC51A3266E4CBB4FBE3A84F843EA0957683A1E93,,,,,,,F4DC5A40D2A9DBDAB210BAE0C508E053AE986C4DA42D68760A1655D6FBAEC051,TRUE,mboot-official_arm64.efi
+9e382fdf-568a-4b81-b4ce-58c25f3b2d80,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,CB5C370B7BDC87A2153425852F477916BA3B13E4C62EA419AD93DBDD34780BEC,,,,,,,9A22818E84CA5CDEC6F7FDF0A10B9FF230A53A5C18F4E9179C90A3FD268CD622,TRUE,bootmgfw.efi
+329800cf-dad0-4ca8-bdc9-6ec18ff01421,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",c748cde9827385f9832a4f0ab1f02550,6436ae30f3f189f70f9043d91ede90058fbeb00a,338b89190177e950151a198823fd9d5f4ea25c1faf73e56ca5d9cf69d373fd66,,,,,eff2e129dcbf0ddc1e70c9ae8b5d0c6f,c5997af577c074aac5cf0fb290f24bec27618d73,835881f2a5572d7059b5c8635018552892e945626f115fc9ca07acf7bde857a4,TRUE,BOOTX64.EFI
+42952e7b-6913-40b6-bc44-5eacd9c673a7,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,CE7A0A3D718747C7263D099FD1477E363ECFE75BD2F639EE47AC1271EC229D80,,,,,,,E060DA09561AE00DCFB1769D6E8E846868A1E99A54B14AA5D0689F2840CEC6DF,TRUE,shim-15+1552672080.a4a1fbe-0ubuntu1/shim64-bit.efi
+8c855009-8e77-4446-acf1-17ce8b445b01,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",37d03ef09bf90e11e07eed536a7fed7e,97e4998bff2642bafef802b3d909e89f69b1046e,b7313be4901f1a80f84e4e8a6636f090e7125b97fc845d4454d5e4bef3d40ca7,,,Microsoft Corporation,Boot Manager,f1fe210387316d9b4c40f31214cea418,51d44ad13402af95119844f7da407090702e764e,5a47b0b11d2fd9cd39c627d1e6bf4afed9601aa15d6a5d84fb10f39755d2d323,TRUE,bootmgfw.efi
+dc00f1c1-898a-479d-b9a5-9caa9973e310,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,94BDE75194960FAFF8329DCB4462BD8888B32078B0FB8FB2011C6993FDA0316A,,,,,,,9063F5FBC5E57AB6DE6C9488146020E172B176D5AB57D4C89F0F600E17FE2DE2,TRUE,dc00f1c1-898a-479d-b9a5-9caa9973e310
+c8069469-51c7-44c5-8032-1d2fde34f8d3,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,D76281DD69E992EFB55604A1B4E6171E552F3B7E1411D75368F98EF91ED69E21,,,,,,,48CDB31A16D891124BE77490FBC2AD13CB355A18CB0007258CA4BCEA44F288EF,TRUE,bootmgfw.efi
+33ce2528-8820-4680-bc5d-b48fcc1f9d2d,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",53663cb5fea6bde711171523a2206e45,b0adec5a51e018cc50ef0497126ef4a8d9fd037c,899afe09e356003605b30dc209a5ba4ef6910baef23fac268bcac6db3cfee98d,,,,,925441e09c4b9c8e30a467a29c16ee49,7a26f6d09fcc80e5be03b7a6e5f8fe2a3652f29f,894d7839368f3298cc915ae8742ef330d7a26699f459478cf22c2b6bb2850166,TRUE,BOOTX64.EFI
+9b9f7199-24ed-4372-8247-e420ab0b7937,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,4E00B1C1CC2BFCB1FF2FDB4184D13CEA5A2617BACC3623C3DF52C50158065E73,,,,,,,49465D4AD701642C7BCB5EF30A0807A3CD438AB42BF8D62D68038C3FCBBE8605,TRUE,bootia32.efi
+71999c6f-6195-4944-ad16-105579c98549,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,50A8B3CD4F80C8C27FA47242869FDE8B6B7709A8AD1AF0EF0A726D20623007D8,,,,,,,CB6722995D4821AEAA9871C1B9782A02ED2F3D2BC6C1AAFD3E6B7673A210A8FB,TRUE,bootmgfw.efi
+3c5c1c32-6c09-4fea-863a-2e5cb48bb099,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",ffa0df6d1cb927f4cde2741d63c7125b,a2c8bf15abcb90da814748bb150d66f842f23a38,98acba206e9f3843a4a7e07c66ead4366fbe7976653b65ed0c311d4efae878ab,,,,,e599f74cf93986aafae680c20c7b3723,36a6e60b2512bfd940eadb7ff3fdba23fa970a8c,9fa4d5023fd43ecaff4200ba7e8d4353259d2b7e5e72b5096eff8027d66d1043,TRUE,HfiPcieGen3
+25025124-0a03-422d-8fe8-530afd16951c,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,372968218A3CBA11D964EF1B1E8CFF3804EDF96481B96B929208D1B483ADB30C,,,,,,,D28AEC97E28A38D94BE65369E43D01F6266195D6113E7ED17A6930A309288800,TRUE,bootarm.efi
+0486fe15-0d77-4c66-9918-1278ef014f72,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",c831903e223d70526791119b52eaa4df,43e01a095fe196f5f7f0f6aa4f33d79803d1fe43,86e5b25aa8072895e72e3d5f4beaccc1488a434fb10babe17fb9010da4ed93bc,,,Microsoft Corporation,Boot Manager,4755a94a9c24a396102236124cd43c7f,e7efd492f1248e8eb94f4ee629365328cc7c7822,07b6d3aa86d0a8d5f46bdd5886d8f20fa2dd9377898d1139bd74b41f5e7ae44b,TRUE,bootmgfw.efi
+0c0db73b-9d53-4fa1-93fe-cab2b3cabf9f,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,918871DEC65B4D8A8D0E29B221351DFEA3A1D9212A4E0D7EE692CC1696E9AFC6,,,,,,,CA65A9B2915D9A055A407BC0698936349A04E3DB691E178419FBA701AAD8DE55,TRUE,mboot-official_em64t.efi
+4d31cfeb-3005-497a-b566-7062066398ab,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",02e7a063eae0c4b80a6793fd63bac013,c7a420758542a22c9db7c9f75a4709ac53ec8da2,9da10b25786d8db0167fd66c051f7e2655781bb561b99584312b439a32be4c32,,,Microsoft Corporation,Boot Manager,cb9d3c514e9a2a200235c093312630ca,3779679707ac8e825d6195b8106efe77ce33bfc8,ce8c44e185faaa03959cf23229607854ef7e316ed0773d66d7be5e0a48061de5,TRUE,bootmgfw.efi
+3598ca7a-27b3-4c09-aaca-cb5108eca19f,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,1B455F745A6397C1B4FDFA43E634462EE1414DB21EF5A3391142B0F988F31FFE,,,,,,,39ABED2935891EEF96E2B733BBC6951DAFAD1A4C6B500D2D9B28C358355A6AB8,TRUE,bootmgfw.efi
+7480e25e-d4dd-4e39-b652-33861111c011,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,55C6D083A4E3BE8FF842A5D39EF6F0C82D3DD29FE377C7AEA920C7B419F660D8,,,,,,,3153B3E305575439914605D976CF6EAD5A500E54D0B6ABCDAAFCCED1BC47E04F,TRUE,bootmgfw.efi
+7ad06c0c-5595-41e6-8049-b051fa3e931b,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,7B9D76B66E9E3503682EB5B6CCC8F70B8B5082F140252A7F6127AD9764D8F297,,,,,,,D472D0DCBA3F5DD61BE3931244717BF2230BABD30E9E2F6B2880BFCDC8FD6665,TRUE,shimia32.efi
+b2be4369-0672-4a82-96df-ee4d208d3352,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,79631821A585BFC9A9A5D2D92D37714EFD84A3D856284A0897654461EC1C137D,,,,,,,54061FF50D91296F2F44D8B338AEEDFBBE86DF49DB5DE8A45191AAA931F5BCF6,TRUE,bootmgfw.efi
+2a9c12a2-bc01-4af2-bb23-a5f1fcba5bdc,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,B15095CBB09505C8354657EF7DF0FA4046F5F9DC74B26EF12A7D83E82A718322,,,,,,,C1547CF902570207A9694B6B8E353FE41419DB6A3802221DDF10FB8F86947804,TRUE,bootmgfw.efi
+a1062c3c-45c5-4c75-bbd2-d744c8e3fcb8,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,A1DD22421CC934E050572520A026985AE8C5FC5AD73816510713F1E1D4DFF575,,,,,,,01E2DA8EC5A6929DDBBBEB2E9807586FACDDCA6A7EF62BFEBB581BDC2D7274D6,TRUE,rhel-8.3-20200730-shimia32.efi
+1ca07dec-812e-46a2-ada4-141584aa0c12,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,6E5D8278A7A4A58DBBA2F5D01B09B9DE4BB20ACD2DD4890846C8125A65136BF8,,,,,,,6873D2F61C29BD52E954EEFF5977AA8367439997811A62FF212C948133C68D97,TRUE,1ca07dec-812e-46a2-ada4-141584aa0c12
+07e76cae-6513-4120-b399-3ab5ae5879a5,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,997CCF341DBCE2EB9E119803723130DA90E8F1DD167A7B75400E73CBBADA54FD,,,,,,,A5E0C1C1FDEBE61C4DDBB66C57EB23BCAA86C36BAB9900AD10342A4971128EAC,TRUE,bootmgfw.efi
+530ab1a9-d9a6-4f01-986a-5b69c99400b4,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,51BD59697B4E1DF61DF32AD57CEBE394BE54E3E9DBFEB8DC00A3A176D13A5767,,,,,,,284153E7D04A9F187E5C3DBFE17B2672AD2FBDD119F27BEC789417B7919853EC,TRUE,shim.efi
+077ccbb7-5e3d-455d-abbf-317e3ee73abd,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,DB67C1601CC3B3313B9F6E8F12E76627E7BC6F3936BD8147FCAFAF5FB6556966,,,,,,,A5E476C4BA2ED8EF8C30F247F3E13AFA5C7E3A5A952E4B8325C22F33F7F23621,TRUE,bootmgfw.efi
+0bbd943d-7d16-4fe7-ac8b-f9d12daba1f4,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,26A8EBB3EF412AA70D4AB4486EBEE8DB42656AE7F2EC868FA95FA656090F01BE,,,,,,,B52531C84351EB695A8AFF0B7A5BDF93972CDEDFAF4067745425D75E21CD0CBB,TRUE,0bbd943d-7d16-4fe7-ac8b-f9d12daba1f4
+7e81b1d7-7526-4958-98cf-688b36cf8ea0,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,FE4B7349F21EE077096B6986693C3F250758C5DDF96C14AF4BBFD96EE74A70A0,,,,,,,3A9E49E6E644C0ABEC17D32D020339D171439ABA327409A7797E6686BD0F641C,TRUE,bootmgfw.efi
+cc89429d-d9b6-412c-8083-4879ab57f589,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,98721004CFF6B89B3E5A9267D29250710E6A6C8AFAE06EEF29F92745CD70E079,,,,,,,EF87BE89A413657DE8721498552CF9E0F3C1F71BC62DFA63B9F25BBC66E86494,TRUE,rhel-8.3-shim-20200726-shim64-bit.efi
+cd9dcfdd-25a1-42d5-bd95-3778087060b5,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,4B6C8947CAA89BE6077E2964C4F97425C663AEFEBCDFC373CAFD982367FB5CFF,,,,,,,73BAEB8EB0B64056A7BC309642FDC589BF219928A906666D107E65E8B0DBF496,TRUE,bootia32.efi
+0e46bd88-7635-4162-a02e-85d9bd33be3a,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,30CF3AD2DF14F05D89BC321744559E857055A5C84D7F0834B3DBD261ACE1CF5D,,,,,,,EDD2CB55726E10ABEDEC9DE8CA5DED289AD793AB3B6919D163C875FEC1209CD5,TRUE,miniloader.efi
+f651508a-842a-4af6-b332-559fc9897806,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,9CD99CEFF9B7496E7B6720AF4C561668D6993376EC18593E3F54B1540E5B31A0,,,,,,,D069A07B5ACDE004FE7286558041F1F123DD88BB1395E5E453F62F48EF37D199,TRUE,bootmgfw.efi
+0e305520-6001-4144-893d-b4c38ea47886,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,52D826CF8F6A0095938F7069B5F5DA22C16AE037D757BF9115AA84920BCE4EBF,,,,,,,1FB619FE1504EF78C8BF59294B16C6D9BF1DA741FB582DE125B6A044F6961C57,TRUE,bootmgfw.efi
+99b952f7-5438-417b-9dab-c318bdcd75e6,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,B6C36B2B18A3E73EA007173F8669D9A9A861FDDF27C3E3C0C3F1315E2AE5B43F,,,,,,,61CEC4A377BF5902C0FEAEE37034BF97D5BC6E0615E23A1CDFBAE6E3F5FB3CFD,TRUE,99b952f7-5438-417b-9dab-c318bdcd75e6
+a950cc79-4054-4d02-bd8d-3de2165a3721,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,169D0AC3DA1DDA382812F7F221B8C9CD55961A05D876E3D812641313297848BA,,,,,,,992820E6EC8C41DAAE4BD8AB48F58268E943A670D35CA5E2BDCD3E7C4C94A072,TRUE,a950cc79-4054-4d02-bd8d-3de2165a3721
+66314d3b-bec0-4042-94f3-2744b5a337ee,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",e7ae8ab50eae0f2730780d6e87a165cc,339702656fbb6e001e9a283dbd54567323f0332f,88582f3cae30afd77990944709ac4e272d68cdc009d9c3ff6f7c2e19e74f5975,,,Microsoft Corporation,Boot Manager,61dcd3b5b1b343f78cdba79267151107,f62b5d4321be185905a65037dfcdeb277a4f6169,490c927242cc6227ca439a7e9aa9d771ad4d1686eede1f331cbb6c69e9be746e,TRUE,bootmgfw.efi
+5cab3a24-4bf3-427a-887e-92ec2ed8f1a7,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",cd78242cb85f016a3ea62002c8f07c0d,1df5dc38345eee82fcb606f8c5140c619f187946,4628ec2698cfbca38d3bb4872df8e65a370ed4591e3fbd613a28b394942b8976,,,Microsoft Corporation,Boot Manager,7f11c44bb3fd9f28c453ed0545ce1fd2,e5e7294536819a91f69d03c57425ad2576a1055d,74b39c206dc8a11cd196d5998d2996b6ad477d72eaf86e19a3dc14ec0eab0f1e,TRUE,bootmgfw.efi
+63cf9ba5-5aec-4ed7-9f58-97d1eff8aa0f,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,1BABF3FB76AE149CCB95B8E33B193CE7408B7134E0A5CC8CE1E884BCD01DFCF2,,,,,,,0A75EA0B1D70EAA4D3F374246DB54FC7B43E7F596A353309B9C36B4FD975725E,TRUE,bootx64.efi
+28fb8eaa-e498-44f7-8f1f-1dcf1dad47d7,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,0E0D94096278CEDCF333D4902F64ADE7815ED4000A1F6EA45EB93D2DBE18E496,,,,,,,22B5A88D79B8146598613B3701B0D2AD3E1D2BC215D3A613A30356953239485C,TRUE,bootarm.efi
+e638d650-dd39-49a9-a737-b02670064e45,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",9bdc83ad343e8745e1f3d55c36cf2df6,095b16e4a405e6d6dbdfc1475c941c64201d41b5,84e680f95cd31db85663a5482a68778dd236503d88e8a6d8e3c4a6c9ba201102,,,,,2906120c5459cec104e70135cc2c7ffb,e0a77a7cdefc31ecba261fcd6181b97efce9cc49,273d4432af53f07f8fb2013bb13d70bd46ea49c6c1c9de6c631ae4d75c98baf0,TRUE,shim64-bit.efi
+64c9ea42-80a1-425d-ae59-d9ee4eadf4ba,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,BDD96B78F3AA4B123851342995451880CB2498E785ED12E48CEB36F1A3F49B2B,,,,,,,A924D3CAD6DA42B7399B96A095A06F18F6B1ABA5B873B0D5F3A0EE2173B48B6C,TRUE,BOOTX64.EFI
+aa0019cf-ba6c-4a6b-8ea9-3e4494562744,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",f3c14ba5c3670afacd47f0574922b98f,a4ede25f03e0ce65fa4a840c454c73019275d8de,5052ce3b96db73a909bf0e54355e357f8ab7284fa48f9b21c85efedbb886c100,,,Microsoft Corporation,Boot Manager,aa60f3f1fa0e30a28c2b0bd0ee4fc806,55c991c8563ae11352ae9d0c24644853fceac18a,54c7d9c28672a1306e43ed7feed38b295f8eec279251f996fa293f68fc6cfb12,TRUE,bootmgfw.efi
+0072a990-7f8a-484c-8727-bd0912dd2ce6,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,DF01F567CF2C2A7B872EB750F12EC534B6F207E760D1ACA6795DB7CB12CFD92D,,,,,,,E6236DC1EE074C077C7A1C9B3965947430847BE125F7AEB71D91A128133AEA7F,TRUE,shim64-bit.efi
+90e05866-5975-498c-bab9-1a71dd286011,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,6AE5984A47CCE9129498E534DB84F0FD33FE9AEE2860462414416282EB0CF34A,,,,,,,DF02AAB48387A9E1D4C65228089CB6ABE196C8F4B396C7E4BBC395DE136977F6,TRUE,90e05866-5975-498c-bab9-1a71dd286011
+47020b30-de49-4937-9908-9d72b3d153d5,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,B76C5689D45E7F40F8D78468D4484074167563CB06368CBB9CB4DBED65E1192A,,,,,,,631F0857B41845362C90C6980B4B10C4B628E23DBE24B6E96C128AE3DCB0D5AC,TRUE,BOOTX64.EFI
+a7bf3e37-f600-48ff-82d4-4f1e82c199d2,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,2D07ABD75C154055A858D4461A1B1B76D763E9ED294E2E10244C20601E072A29,,,,,,,DDF3E4261419944F7C2F8B92F6D14C35060B4F94818CC4183F0C072706DEF726,TRUE,cent-7.9-20200730-shimia32.efi
+ccef0d61-ad41-4f54-8ce1-9197ccf0e44d,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,3AE3DA82C39C6BEEFD251265370D57D5BFC67181662736C62F2E6F687409C81B,,,,,,,72C26F827CEB92989798961BC6AE748D141E05D3EBCFB65D9041B266C920BE82,TRUE,ccef0d61-ad41-4f54-8ce1-9197ccf0e44d
+3f2c9d56-984f-41b4-a2b2-49bf97e6ef71,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,C2BC0ADF3826972A0F8EF7E63C008C52D68215CCAE493CCEF14C3D3F4F67BDD0,,,,,,,B632A6286C6FAA6643EC34311E0B9710A3508FC952E9A04263C33179E32814F8,TRUE,bootmgfw.efi
+46629c02-f2d8-440a-bc46-d67ad73ea772,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,3141C6EF9FCE61084D16F0659A9596B0156F24D6F4B03837C4B7543CFB378D61,,,,,,,147730B42F11FE493FE902B6251E97CD2B6F34D36AF59330F11D02A42F940D07,TRUE,46629c02-f2d8-440a-bc46-d67ad73ea772
+b3b0f086-0c9c-4e10-b65c-47509c6f0dfb,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}, {'type': 'yara_signature', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar'}, {'type': 'sigma_hash', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml'}, {'type': 'sigma_names', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml'}, {'type': 'sysmon_hash_detect', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml'}, {'type': 'sysmon_hash_block', 'value': 'https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml'}]",fe08109ce34ae68fed49348549b9ead1,7fb211ce3088f2e657c72dcc80574310becde3e7,d8732eb8bd7240f17d90656424aabc0669c3d13e3117efc4805bb59dd21ceb1d,,,Microsoft Corporation,Boot Manager,724bc2c9091c4dd631e113c32702d9f4,f8799b5f344ad92948a1468937cd9255e6873dac,f197a171a09ab640aa8ac4ff7ddfc88377a89fdbb3fee014abb9097d92575b67,TRUE,bootmgfw.efi
+696a399a-9f49-485d-9753-63edd677f144,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,944E6F803D3E1B0C1AA767B14B0F4D960A45F80F0A0A459253CA65147E947F72,,,,,,,99B2BD1FCF17B52C64E8506B97FA10CF8B6397C9D05D8D543F86893B210DBA62,TRUE,bootmgfw.efi
+e91a68c8-807d-4b65-a86b-c51335730c55,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",abd377408acc02ee7f2f16320ee9b49a,b72252c1c92cac65c4a4637816b0a84428d16681,475552c7476ad45e42344eee8b30d44c264d200ac2468428aa86fc8795fb6e34,,,,,fb4d9da53892bb0152dcfd7a4a150fe0,a070bfbb64dc542d7b6b22de52d9b4d994b0d2f1,dbaf9e056d3d5b38b68553304abc88827ebc00f80cb9c7e197cdbc5822cd316c,TRUE,bootx64.efi
+2ca3cf24-b271-4a27-a228-ca91cab34b93,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",9a795b1affc7cb4650bbd99b9a2cd819,586bf5d3fb1fb21159338701e324d9d26b6aa0e4,0dd832075d552da3d29b1ef471fc23b47c0d54b9fd1541935b23f1c5813da08c,,,,,86e7e6f737ed657dda5423a10319d41c,450ccd6553c679f4d87bbf3507780efc17a466c4,c452ab846073df5ace25cca64d6b7a09d906308a1a65eb5240e3c4ebcaa9cc0c,TRUE,BOOTX64.EFI
+4e4ca92c-52eb-4289-a935-f6ec64b79e3a,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,DA9C62E148457AFB0629FAB0C2D58623F9AC35A9A95EF23388ECFE85451C60C0,,,,,,,326967C7FFC1B86DB8B32B0570E88A89CC1534CFCF300B98C077E473F9B18FA1,TRUE,bootmgfw.efi
+ad6add2d-fe39-4ffb-b31d-7dffaf3ef28c,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,CF61636CEFDF20CF4B35382124800E047F5886952888BD41D1B8426BF34D2D29,,,,,,,BB44FD8CD04ABC3B54E5CCEA97EF81E70FD3933C34288D8B86F6ECB4F3ED1FDE,TRUE,bootmgfw.efi
+a2a7bdd7-c7bd-4195-97d5-a7b127691dfe,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,DE1CB8E571EEF26A3C4BABCEC97BA41894AE9DE7528A35BFF5FDDFF5C025CEED,,,,,,,5348075329A1087EBB689FCFC775304B09C6786A523F83E7BB90E26DE0E61FF7,TRUE,bootmgfw.efi
+24c0575d-dfa7-4f1b-8503-e136cf8fcf3a,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,B334937090AC1D2DB8FFFA7D6BB72F97FDE42712300524E2C89F0E7DCA5EF4D5,,,,,,,9141EA1A4E6BF1F4D72C28A1D0D124A928D5A7D36B14FC7E7E53EF442360FF99,TRUE,bootmgfw.efi
+eefbdef0-8570-4a68-9824-042e17b71f98,Michael Haag,2023-05-22,,,,Revoked Bootloaders,,T1542,,"['https://uefi.org/revocationlistfile', 'https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca']",,,,"[{'type': '', 'value': ''}]",,,CB9E3E372C5F707858E1DE6421C2D3407C240F9D7BC43A9B9F3BA1F6037615B9,,,,,,,41D1EEB177C0324E17DD6557F384E532DE0CF51A019A446B01EFB351BC259D77,TRUE,eefbdef0-8570-4a68-9824-042e17b71f98
diff --git a/lolrmm.com/content/api/lolrmms.json b/lolrmm.com/content/api/lolrmms.json
new file mode 100644
index 00000000..6a636569
--- /dev/null
+++ b/lolrmm.com/content/api/lolrmms.json
@@ -0,0 +1,47693 @@
+[
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "6ea89297-74dd-4581-b268-475a282c9592",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "92185C264285741FA7F198CAD8F307C60891AD932D9E3C2A08D92546FF7099ED"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "9C1812CF5B1D61DC08BD6683D143511BCB5B14798116D1D2714963CD468933FF",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootx64.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "38e6bed7-1db9-4c15-8358-040edb77a39c",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "6B54497FF9915A6977428BDF8F45B116D874C4F8A836B5BDFC373D05F4C0EF87"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootx64.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "E438149CA86CF5F2FDD1318BF0D6C301593EA74B06940E031964F34561255BC8",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "7550a473-863a-43f8-aad7-fff5be3977f0",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "199F3CF990816D710F556722CA068597C4341B7F346642339839AE30495309D0"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "4640438E0AAEEE87664C893198B41AA03BBF3214E181AAC4E2DE81A5400D2C27",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "5a1e393f-1595-4e4e-993e-7097a184ce42",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "3FE9F8D11EDCA3FC1899100484DE4CC2C626ABB38B73985A441B7C3A0D39CA54"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "8DA046540148E1E146DE2F96C7D860962ED059A923E9685E868DC4C6065684AA",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Intel Corporation and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "518b78e7-eeb3-43b0-a377-acfa0e831ce0",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "5D1E9ACBBB4A7D024B6852DF025970E2CED66FF622EE019CD0ED7FD841CCAD02"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "5875DB0835E08A9189F23833B21774FDD1C4C3BD4C5D3459471A49B85CFFD1E1",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "518b78e7-eeb3-43b0-a377-acfa0e831ce0"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootx64.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "4e70304f-ec00-41a5-b542-69701b5df29b",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "8806CF0C7BD5DF7E01D120F56734113BE916E183755577BD48026C25DB268680"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootx64.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "A6E8C6906E4845A30A036FB669BA82146E334908706778AC569DF45CBF8637F7",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "b7f9ffcf-525f-427e-b3fd-72289f61ffd3",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "C470161A06E6B452253A623536924979CDD11838E08D8E4DC86F763732E64B0B"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "462F49B4FC9E4CE706D668042EB76F711B4292BAE2BE8DD5897182B316EF217D",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "32eed29e-9d32-4120-8a43-02c7dfc4ae22",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "35434d7522f9aabb654847d66da05599",
+                    "SHA1": "638291271b5b95b647a7ee324dddc79bec196616",
+                    "SHA256": "1eaed62c4abcb2524643e1723f6aadcc31a74af4d2285d3b13880cc44c22dec5"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2012-09-20 00:13:01",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.2.9200.16420 (win8_gdr.120919-1813)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "dbed1f7ed9e19e53bfc7f43122ce3d83",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.2.9200.16420",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "a387b0075e977009a7bb74d24fc388de",
+                    "SHA1": "345e019b25904c911be9e3b6a9e2b0bb18652b04",
+                    "SHA256": "e04ed5674c66abbab401efb6e21e2481d4cbc485e5c8a6d34419bd7c8cc9fdad"
+                },
+                "SHA1": "765ce680a932d9f36a6b09c2191c9e2cab1a89cd",
+                "SHA256": "c6b0d030bb3e54294742b3914ae76c949e52a065abb28d08054fdf90d7eed628",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.628310210600715,
+                        "Virtual Size": "0x63cf0"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.014681487785778,
+                        "Virtual Size": "0x8e8c"
+                    },
+                    ".rdata": {
+                        "Entropy": 5.421235290994017,
+                        "Virtual Size": "0x19b34"
+                    },
+                    ".reloc": {
+                        "Entropy": 2.70744089792279,
+                        "Virtual Size": "0x1ab4"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4710594887067385,
+                        "Virtual Size": "0xfcf4"
+                    },
+                    ".text": {
+                        "Entropy": 6.484872015753315,
+                        "Virtual Size": "0x109ee2"
+                    },
+                    "PAGE": {
+                        "Entropy": 6.514825397638524,
+                        "Virtual Size": "0x169e"
+                    },
+                    "PAGER32C": {
+                        "Entropy": 6.353319232465821,
+                        "Virtual Size": "0x3d48"
+                    },
+                    "PAGER32R": {
+                        "Entropy": 7.631412897966042,
+                        "Virtual Size": "0x380"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "610bbbd8000000000005",
+                                "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "158438012e4dcd69b27b762c9358cfa2",
+                                    "SHA1": "684ac167849404a4101f166b759f291a43d5f749",
+                                    "SHA256": "95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c"
+                                },
+                                "ValidFrom": "2012-04-09 20:55:50",
+                                "ValidTo": "2013-07-09 20:55:50",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "610bbbd8000000000005",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "58c24252-f076-486b-90fb-5a1c7b922efa",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "AB311E737112E4D34ABF545836BC671637663E93738CEFA37405214CE8C92A58"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "C334B9CA48819E7E408A3A3418879978828AA302BAA3ED86DE64D8AE5ACA0EAB",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\BOOTIA32.EFI } }",
+            "Description": "This was provided by Red Hat Inc. and revoked Jul-20",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "9308b260-6695-43ee-bddb-a90f20e035f1",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "c62cb9b4d87523ac468bd048647eabec",
+                    "SHA1": "57916473f391f8b25aa2497acf5c58d2eb304e2b",
+                    "SHA256": "38909daf2fe29bbfe22303939d3904f38dca48b7f2a41f28f34de564a0242781"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1970-01-09 09:45:32",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "BOOTIA32.EFI",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "77fefa9f6ac9273ee5edb4d19e87d348",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "e609f8ddc446dc27a2aec3577e2b7869126662c0",
+                "SHA256": "03c8c9956938147bcc81a19e580ca8b5214e82829ec0494c22b0f59013ca22b2",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 5.335958404758759,
+                        "Virtual Size": "0x216dc"
+                    },
+                    ".dynamic": {
+                        "Entropy": 1.4043380507095067,
+                        "Virtual Size": "0x78"
+                    },
+                    ".dynsym": {
+                        "Entropy": 4.3951515278569575,
+                        "Virtual Size": "0x9380"
+                    },
+                    ".rel": {
+                        "Entropy": 3.5471242189199925,
+                        "Virtual Size": "0x9718"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.5709505944546687,
+                        "Virtual Size": "0xa"
+                    },
+                    ".text": {
+                        "Entropy": 5.773526636331647,
+                        "Virtual Size": "0x92ba3"
+                    },
+                    "/16": {
+                        "Entropy": 7.338341139988703,
+                        "Virtual Size": "0x3e2"
+                    },
+                    "/4": {
+                        "Entropy": 5.070551147779766,
+                        "Virtual Size": "0x7e"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+                                "Signature": "6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "TBS": {
+                                    "MD5": "a5052527524f4998a7bd87f396196fe8",
+                                    "SHA1": "2374a3e4f0499d106f0e4d71a22f7b0e709847c0",
+                                    "SHA256": "f5b4992e0bd1b102ae9d5aeec4bd213f5dd042bd27b9a345ad336d2dda10a138"
+                                },
+                                "ValidFrom": "2017-08-11 20:20:00",
+                                "ValidTo": "2018-08-11 20:20:00",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                },
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "BOOTIA32.EFI"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "76724735-ec57-4c1a-8712-f0267d21f0c4",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "a7e340723a992f0a725fa1e394e5a655",
+                    "SHA1": "882ef0e748b0ba689bb0af982c499db1fb1c8ab1",
+                    "SHA256": "65625a143d220ea184dbd5cdfb1b9e9c3bd9654294eaa2b98628bc273ebc18b5"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2012-07-25 19:34:40",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.2.9200.16384 (win8_rtm.120725-1247)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "5cdb3b41abea2f625c0a632f4ad2cddb",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.2.9200.16384",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "b91ca2bc17ae097c0cea2d2fa5ca52ee",
+                    "SHA1": "1a8fb4b3991fa408332afc5f95422941ab4d33bc",
+                    "SHA256": "2cf47ce7a3c1eddb148d65b646a875561cd62faa54a32d5c903707f24f27e688"
+                },
+                "SHA1": "68041e64a6a90537c6f7d7c6c1b07ccee8fd92a3",
+                "SHA256": "4f9398592553ee138d8db48b95789eca19324b8408cafd0f0bc46d030e7b4fd4",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.622775810912131,
+                        "Virtual Size": "0x63d70"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.061698645716401,
+                        "Virtual Size": "0x9ce4"
+                    },
+                    ".rdata": {
+                        "Entropy": 5.511405489245561,
+                        "Virtual Size": "0x1a634"
+                    },
+                    ".reloc": {
+                        "Entropy": 2.6555924696632576,
+                        "Virtual Size": "0x1b5e"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4708865359751586,
+                        "Virtual Size": "0xfcf4"
+                    },
+                    ".text": {
+                        "Entropy": 6.493057126933711,
+                        "Virtual Size": "0x118fad"
+                    },
+                    "PAGE": {
+                        "Entropy": 6.4874876888292405,
+                        "Virtual Size": "0x1866"
+                    },
+                    "PAGER32C": {
+                        "Entropy": 6.357894622079484,
+                        "Virtual Size": "0x3d48"
+                    },
+                    "PAGER32R": {
+                        "Entropy": 7.631412897966042,
+                        "Virtual Size": "0x380"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "610bbbd8000000000005",
+                                "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "158438012e4dcd69b27b762c9358cfa2",
+                                    "SHA1": "684ac167849404a4101f166b759f291a43d5f749",
+                                    "SHA256": "95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c"
+                                },
+                                "ValidFrom": "2012-04-09 20:55:50",
+                                "ValidTo": "2013-07-09 20:55:50",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "610bbbd8000000000005",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\shim-0.9+1474479173.6c180c6-1ubuntu1/shim64-bit.efi } }",
+            "Description": "This was provided by Canonical Ltd and revoked Apr-21",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "2a4a532a-848c-4ca5-a910-357daefe32e7",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "e04975ca0b4139e160f03ab301fe80b6",
+                    "SHA1": "8b736cf22a54133d32665bed98eedf76755e0b10",
+                    "SHA256": "4cd73702d6b209ea8d57657ac4603c8127134d01973d84018af7c68335751ad9"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "shim-0.9+1474479173.6c180c6-1ubuntu1/shim64-bit.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "9671f8d6de959b9d084f2a67f6dfadf3",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "f7df1f4af46adceea20652bc796d86b47d9eeb6c",
+                "SHA256": "3c430c719c9053a74d74dcc5e52b40d10f109db1dc9458a05a7a413b86a93467",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.421216580279309,
+                        "Virtual Size": "0x28848"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.8630797231656377,
+                        "Virtual Size": "0x100"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.2051544492157,
+                        "Virtual Size": "0xea78"
+                    },
+                    ".rela": {
+                        "Entropy": 2.646133679930085,
+                        "Virtual Size": "0x1ae50"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".text": {
+                        "Entropy": 5.624855658077438,
+                        "Virtual Size": "0x91898"
+                    },
+                    "/14": {
+                        "Entropy": 7.322772708526002,
+                        "Virtual Size": "0x449"
+                    },
+                    "/4": {
+                        "Entropy": 4.843946446868365,
+                        "Virtual Size": "0x18118"
+                    }
+                },
+                "Signature": "",
+                "Signatures": {}
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "shim-0.9+1474479173.6c180c6-1ubuntu1/shim64-bit.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by EgoSecure and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "87813fcd-6a01-4452-b54c-0dc24402bbfe",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "340DA32B58331C8E2B561BAF300CA9DFD6B91CD2270EE0E2A34958B1C6259E85"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "23EBFBC7BC286CEFC68B4920784B926EC28D7965815238325FBD17892177D6F3",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "87813fcd-6a01-4452-b54c-0dc24402bbfe"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Intel Corporation and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "9be3b201-fec5-4264-b56b-81d4535b4c9a",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "29CCA4544EA330D61591C784695C149C6B040022AC7B5B89CBD72800D10840EA"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "CD0F9839C6CCBEC5CE38B882E1AB23C8AB44A8993E6B8A02026D8314EAC4EA4C",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "9be3b201-fec5-4264-b56b-81d4535b4c9a"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootnetx64.efi } }",
+            "Description": "This was provided by Debian Project and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "f2418902-5951-4626-8a5f-79d4d022337f",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "59ee638030fd199a10f08a99e2cecb60",
+                    "SHA1": "e123503e3c7764b8d9e60439069505f997287914",
+                    "SHA256": "c9ec350406f26e559affb4030de2ebde5435054c35a998605b8fcf04972d8d55"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1970-01-10 22:48:48",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootnetx64.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "41218ac4af41772dbaa3d4738e0c2bf3",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "4d7caebdafbc4bb3866676173dace618baa6a129",
+                "SHA256": "aef3e0a113345c1adca2d627c5853a11ddfc4e0e07fd28c10049a9b766c0fbc5",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.423207936399988,
+                        "Virtual Size": "0x28828"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.8341231672694769,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.210346535035395,
+                        "Virtual Size": "0xea78"
+                    },
+                    ".rela": {
+                        "Entropy": 2.6464824623251326,
+                        "Virtual Size": "0x1ae50"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".text": {
+                        "Entropy": 5.625262326816911,
+                        "Virtual Size": "0x91828"
+                    },
+                    "/14": {
+                        "Entropy": 7.405693653367437,
+                        "Virtual Size": "0x3b3"
+                    },
+                    "/4": {
+                        "Entropy": 4.844299269362631,
+                        "Virtual Size": "0x18118"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000001e0d8474951a966ce400010000001e",
+                                "Signature": "0141873b6d85a37b5ac2a306448d73b6be76f7682ad14efef7ce4b377f0f7a5fbefd76377d59dc2caccd28d1be3eb180a8b66ab19a853bd14c7d5e955e8f07bc2ee0686ac3a2c9e997bd9f58de6dc9b93900c6b7824f64bf415ac51ebaa3dcfe8ad4fc2a41ad95b372c421c4f87835a59867c244e1c8df142abc4b23579f57431565eb8de6a7a0318b2fd17f93876a335c9450d2531f6a877baf43a569f83703a68e49987ca3c6dd42a595827f5be49151d3b79ea262e38ef5b37bda5b1be3462baa6ccb313193cdba21ea3cb1e9bbc751a769f354d63a0d1de3158c67d47b765b92d580ed5f1f1cdb5f61774c4b66c7deb15f4c71d605106064f33a17d31ca6",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+                                "TBS": {
+                                    "MD5": "b6f099bf203668f11a8f79ab08792ed8",
+                                    "SHA1": "4713755a345940554eada6042e90b0151591fad6",
+                                    "SHA256": "62a02001fda2712f35e5ba5f619a6403b6a2c10570eab455fdc69455535f49bb"
+                                },
+                                "ValidFrom": "2016-11-17 22:05:37",
+                                "ValidTo": "2018-02-17 22:05:37",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                },
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "SerialNumber": "330000001e0d8474951a966ce400010000001e",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootnetx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Fedora Project and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "e32b7c1e-14b0-4f29-9c62-d1664d26777d",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "3765D769C05BF98B427B3511903B2137E8A49B6F859D0AF159ED6A86786AA634"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "52A4F27CCEDCC5405D8EC128BF99861865B2273DA18A9B958ABADEFF63DF5A18",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "e32b7c1e-14b0-4f29-9c62-d1664d26777d"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "164bcf0f-91a1-4754-9c4d-f2c1b90aea06",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "1D8B58C1FDB8DA8B33CCEE1E5F973AF734D90EF317E33F5DB1573C2BA088A80C"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "9C904F10520295D070DB9CF381101512946AB832C2BD92D4E92D42B934F40DC3",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "164bcf0f-91a1-4754-9c4d-f2c1b90aea06"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "f922e65f-baea-45c6-bdfa-0b6ab679bda8",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "170d26c08c0bd42cabe41e7223cf1a3b",
+                    "SHA1": "026ce5f4baea28c655be66c8ac4873ddcd2fb089",
+                    "SHA256": "8d5332b350577ab7b1987f93fda104b2090f6a62e262214264f554b6163e8050"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2012-09-19 23:32:36",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.2.9200.16420 (win8_gdr.120919-1813)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "2eb1ef37d6d0425c505df369802d5d54",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.2.9200.16420",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "fa6462badb7aa537a9d3ecf604e9fbd7",
+                    "SHA1": "caefdafc6f3620830b306d429c83bb077f6bdaa4",
+                    "SHA256": "4689fe3d6e35db99759219db2adef6cefa62105e8b636c0c5bd2a6bec395e471"
+                },
+                "SHA1": "8568540072aa5aead8d761d4baa459e4f9a222b2",
+                "SHA256": "9e14396bca7712b13a5f0b209c8633d754afc3bf577b42ef78304581ddd4e02f",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 5.32099548613425,
+                        "Virtual Size": "0x54bf0"
+                    },
+                    ".rdata": {
+                        "Entropy": 5.359718481379002,
+                        "Virtual Size": "0x122aa"
+                    },
+                    ".reloc": {
+                        "Entropy": 6.124599725636047,
+                        "Virtual Size": "0x61b0"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4708606085287217,
+                        "Virtual Size": "0xfcf4"
+                    },
+                    ".text": {
+                        "Entropy": 6.641518892559521,
+                        "Virtual Size": "0xdd286"
+                    },
+                    "PAGE": {
+                        "Entropy": 6.502474956779901,
+                        "Virtual Size": "0x12ab"
+                    },
+                    "PAGER32C": {
+                        "Entropy": 6.572183780133045,
+                        "Virtual Size": "0x4805"
+                    },
+                    "PAGER32R": {
+                        "Entropy": 7.631412897966042,
+                        "Virtual Size": "0x380"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "610bbbd8000000000005",
+                                "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "158438012e4dcd69b27b762c9358cfa2",
+                                    "SHA1": "684ac167849404a4101f166b759f291a43d5f749",
+                                    "SHA256": "95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c"
+                                },
+                                "ValidFrom": "2012-04-09 20:55:50",
+                                "ValidTo": "2013-07-09 20:55:50",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "610bbbd8000000000005",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "4cc6cdc2-6f4e-4b25-b3a2-383174f52460",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "9AF92541E63EACBC5784BB44DB66F9B60726174F4EC178C6CE32EAF647EEBCA2"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "24C0732D77F6BC85BE8A6CA9B0FA3BA8611F950CA4E0194E972E59A433DC05C6",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Oracle Corporation and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "22532a2a-950a-425c-b1c7-ae8f8e4faa5b",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "1F16078CCE009DF62EDB9E7170E66CAAE670BCE71B8F92D38280C56AA372031D"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "1CC3D6DA3017F0F1422D1B8115622EDEF65FBC497487234D17F4D356670F28EB",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "22532a2a-950a-425c-b1c7-ae8f8e4faa5b"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by HP and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "55b45543-5130-4632-b2a9-12f11c8da501",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "781764102188A8B4B173D4A8F5EC94D828647156097F99357A581E624B377509"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "BBD53435E3881C13F6EF3D7C17DDE9BCCF2BB2D95D303DC4623CD1AA8F51EF23",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "55b45543-5130-4632-b2a9-12f11c8da501"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "a93c81ef-3f87-43cd-8d09-67e57167689c",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "825ACCE0634B91818F57CE96B8314ECEE7373BD20DA77FB08B9B96D66EB65145"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "C1D93E3D7F580616051BC1456083F6DCC80DB4642E7AA2909041E86F8209583C",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "163d69a7-be4d-47bf-ba9b-ad2e76271175",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "FDBE6C45F2414421562D812EB67C5FA0CFD0D40AFE2CF0CDDC5E09054ACB4FE5"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "73ED112C5EE295BA56BEA8679E062EE22A5E01B23438A7B8F459AF8F61A93BF4",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "ea9f89dc-3143-424c-b3b3-437969245705",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "8c6a38741626834657d7c8a8efc9ba4d",
+                    "SHA1": "605ed193044333070a922ead0b80c554c8e73287",
+                    "SHA256": "71a5716decf09fe8bcbcc73225fe1e7012076cea39b49e9e72afa291b1fb717f"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2014-08-18 17:43:54",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.4.9820.0 (fbl_sec(dlinsley).140425-1225)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "1aa56b885cc8dcb37e0165fb6774acf3",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.4.9820.0",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "d94c4831d7cd65bd85851b4c2726909e",
+                    "SHA1": "e4705a5872fb945b5826084d24ee95df003b18e3",
+                    "SHA256": "e2dd71c959ee2c73c142c38d5f2a2f2566a8d421c88ef20cf4eaf567db79fd44"
+                },
+                "SHA1": "51b1b97472c99971ef217632ae7d9fee3ce3f1ad",
+                "SHA256": "2b334e6b147104306dd91f77e900c07383c0ddff77c2979ec79ea5d92944c13d",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 5.063753638456743,
+                        "Virtual Size": "0x4db30"
+                    },
+                    ".reloc": {
+                        "Entropy": 6.76396764282581,
+                        "Virtual Size": "0x5e84"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4698922882591594,
+                        "Virtual Size": "0xfce0"
+                    },
+                    ".text": {
+                        "Entropy": 6.60297168599822,
+                        "Virtual Size": "0x136b24"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+                                "Signature": "8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "9da610547a25cbe89af7ecdb99229623",
+                                    "SHA1": "6841cbcbd019586d045c2e9d6d0bc3a98fee3bf7",
+                                    "SHA256": "1cfead8146399a4dfe6759e9303c30c521cff3830e7177e87e64021dc3da4931"
+                                },
+                                "ValidFrom": "2014-07-01 20:32:01",
+                                "ValidTo": "2015-10-01 20:32:01",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "3a20e152-907d-41c3-8ae7-14c2a23e4880",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "3E3926F0B8A15AD5A14167BB647A843C3D4321E35DBC44DCE8C837417F2D28B0"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "299E3B66B0283E23793E03FBA6B795A2C6B6034864B6D571449945EBA0D90A20",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "3a20e152-907d-41c3-8ae7-14c2a23e4880"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootx64.efi } }",
+            "Description": "This was provided by Alt Linux LTD and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "59b7d19b-fb7b-4641-b158-0d2f498e375d",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "19d9ca04dfe150f7ed275c0522308b48",
+                    "SHA1": "fed3c32a930572d743108d45a16103a34c0c6b73",
+                    "SHA256": "3a91f0f9e5287fa2994c7d930b2c1a5ee14ce8e1c8304ae495adc58cc4453c0c"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "2013-08-01 11:09:48",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootx64.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "aed4e671b03d6e093a423c7593d423c0",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "0795b77ff05d9365bfc1ce099e4edf239f64a073",
+                "SHA256": "5156a8ae596c06692aef13ac6524c7f1e20d52e4ea0f5a5ad43a6874edcc5e1f",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.778525693473229,
+                        "Virtual Size": "0x31368"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.8341231672694769,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.211693622055045,
+                        "Virtual Size": "0xf168"
+                    },
+                    ".rela": {
+                        "Entropy": 2.627040734955125,
+                        "Virtual Size": "0x2af90"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".text": {
+                        "Entropy": 5.6438712089241685,
+                        "Virtual Size": "0xa9c81"
+                    },
+                    "/14": {
+                        "Entropy": 7.315232541543508,
+                        "Virtual Size": "0x40c"
+                    },
+                    "/4": {
+                        "Entropy": 4.851927163507717,
+                        "Virtual Size": "0x176c8"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000000a6642f3f49fb7379600010000000a",
+                                "Signature": "2a27d6bd2f34c68a9989ec856449fe4934ad5c0615ec5819664399053737a86be46c914b9478ce393534b759eec5eb6f015b706b853f1d2be51fe9807b178eaa9e0f9558d6a5d913c58c7492cbad106abb7395426801a42f363842e60bf72d046668865db5d8ce2c901c9673044d05abb74c171ac198c0f9376bb9185ec7523bb53e6d2c114642ffbfbe20efc6c2571c2006159cb70ff2c428e997f6ce83bf57ad9a47c47decce9830cf861a156471c62600a0260b44e29ea8e6e33c407c046f37be4a46dcaf38c018b24f969beb716d8e76cebc3d1d19134ed6f216cc2e357848b4998196ebd7326bca3e3ade1ba88e98612a569a46a1f45856f4e2dfa02a5d",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+                                "TBS": {
+                                    "MD5": "c52110f552e27ebb1e3fae114abafb3f",
+                                    "SHA1": "4954e087123653ce38da4cdd31141b6a1bb999e4",
+                                    "SHA256": "1cf7d28cfb21714522a9c91dda9d899ceadb0769f14b25e770799d88365aa54c"
+                                },
+                                "ValidFrom": "2013-09-24 17:54:03",
+                                "ValidTo": "2014-12-24 17:54:03",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                },
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "SerialNumber": "330000000a6642f3f49fb7379600010000000a",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\Signed_13652009334930799/shimaa64.efi } }",
+            "Description": "This was provided by Debian and revoked Apr-21",
+            "OperatingSystem": "64-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "faa5ce45-c815-4eec-a757-84e1b181afcf",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "3E828EF5E880FE62B33D36B78F2235F1A314153899AC80469597297B9A9DD22D"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "Signed_13652009334930799/shimaa64.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "EBF3E0F060E9ECA943F49444CC0DBF6CBE1AEC2C20AE10DFB9E757335AA26ADD",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "Signed_13652009334930799/shimaa64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootx64.efi } }",
+            "Description": "This was provided by Unknown and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "46a49cc4-2dcb-4c79-b1d1-2c49f6df0af0",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "6178f6bbcb3eea01cc915b8a348a3637",
+                    "SHA1": "cc3d816d02da15fb70878fa6590b69c9f23f8441",
+                    "SHA256": "8e53efdc15f852cee5a6e92931bc42e6163cd30ff649cca7e87252c3a459960b"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1970-01-10 17:29:20",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootx64.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "658f77c25877b5ceb68bc7e046d37ec3",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "8276fccfe7c6ec83b5340aedcb77fb1e24cb1c4d",
+                "SHA256": "d92b8ac828b827e4e5b9e9aeb02676783cdb1884f42194823769ccf033a7b9c5",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.520603169572745,
+                        "Virtual Size": "0x2d690"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.8630797231656377,
+                        "Virtual Size": "0x100"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.207501995948057,
+                        "Virtual Size": "0xe508"
+                    },
+                    ".rela": {
+                        "Entropy": 2.6111195899111035,
+                        "Virtual Size": "0x29598"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".text": {
+                        "Entropy": 5.587793825009416,
+                        "Virtual Size": "0x9f942"
+                    },
+                    "/14": {
+                        "Entropy": 7.114183160764015,
+                        "Virtual Size": "0x603"
+                    },
+                    "/4": {
+                        "Entropy": 4.8425490294878095,
+                        "Virtual Size": "0x161c0"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "3300000010a4912943d94ce62e000100000010",
+                                "Signature": "2b1b08b20674b8acbad524875a42f0b4d4ba6df424b9adb1e83c9309e657fe499f386cdf93a4f71393ab57da5eee4e346ebccdf9a7e990b44a76433af4071e90ee0e0fc8744003f9afe6bdda1cbd132fef8235d39c932bb9960f52bbea2062ed773a52beef26b333f603d8e9a0a9652c222a013cb1bd44bb5dc96c1a4135284c91784f0d66a2d7d97c59e26fd19d645e730b656d56e7a8166f228a751a745c4491f1865c8d5a4b1bf61fd4a564811e32699deff03a3328829cd888ae53fccb0819957ee499a2ad79d1c1d73ef7324562bee86575193983b41f66c12c95eb5d171df5c4beda799c4fb314e8e27bc47b195e1c8a2cd2d3bfbb29c8264ebddf95da",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+                                "TBS": {
+                                    "MD5": "61509fd4e01160eb7d8007dc182bee5b",
+                                    "SHA1": "febd34ec96d90e498d9b6fa54d7fab80ce1464d3",
+                                    "SHA256": "7d79e52d96bc7c571299d90c3bc4bff9d08e36eb74b7e8b0cd69114980737953"
+                                },
+                                "ValidFrom": "2014-10-01 18:02:10",
+                                "ValidTo": "2016-01-01 18:02:10",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                },
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "SerialNumber": "3300000010a4912943d94ce62e000100000010",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "3cf4dc5f-5fc3-4a44-b069-bced755a5e5d",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "1C19A5A240A361131DCC5EC25363DA6E79C7D55B3C79C0976C947F1D04A38AAA"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "C990C8BF9D0C8E5A50CAF28C9FF6E8EA1949C5DD6AAAC5AB08B3A77CC0D5F011",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "c5c530c2-b0e2-440b-98c4-3ae3a9581479",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "FD3062358E0E1DC4C3A60380EF1BDFD4C51F4473B8600937D921DF472FBF9B65"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "24119E64BBECB849FDB3CC3EF0BEE550248B13BD5ED5AE540A9389C7D5D7C8BD",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "2281377f-96d2-494e-91d6-86e4f2c78198",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "866e67751c0a6b90c631d03793a348bc",
+                    "SHA1": "2565b9e7e5552c7a3340f5ad2c6faab6ea42bd27",
+                    "SHA256": "ce1af9fcce6ad19c00d8236b23b03cf83c593c6184a08266e58fe95c6caa4d13"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2014-06-14 01:37:19",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.17211 (winblue_gdr.140613-1709)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "65e619f026af74b9c47c2cc77346ec40",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.17211",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "61ae12104fd32308c2c6da0ad0f4da3a",
+                    "SHA1": "5916de417c3548f9179b3fca1170571bd0615d62",
+                    "SHA256": "9d016f97efd1b99cdeec92f9010dbe2695c277306c00fe7e352588a7f6e7be26"
+                },
+                "SHA1": "9bf8d8b915968c37fb4b491f67e567d709d2a026",
+                "SHA256": "fef56f20ef6e5065ed0fde1d85fd19f1f07212403489fd1e2b63aa41f5dc600b",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 5.2729725227732045,
+                        "Virtual Size": "0x5b510"
+                    },
+                    ".reloc": {
+                        "Entropy": 5.5260311577476955,
+                        "Virtual Size": "0x7fca"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.471313942696478,
+                        "Virtual Size": "0xfd10"
+                    },
+                    ".text": {
+                        "Entropy": 6.645095705317715,
+                        "Virtual Size": "0x12db74"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+                                "Signature": "78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "28b23b39f3bbd936a26a5b86451be0ac",
+                                    "SHA1": "3b16f29295d5a7c323beb479c71d3d20c6b8acc2",
+                                    "SHA256": "4383c9a796dc607ddaae1849d8e5d2e7ea211aad2c599fe1e251285ec87dd150"
+                                },
+                                "ValidFrom": "2013-06-17 21:43:38",
+                                "ValidTo": "2014-09-17 21:43:38",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "fc53d49c-f8d1-4a46-91be-205a0ec0515a",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "5f033a228e6fd44ea0f18196d7ca57b8",
+                    "SHA1": "6ebac91cac25a80ff4130bc69da6c527da05318d",
+                    "SHA256": "52ceada58e8d14ab47e706dcd6264d82affc0f9fc62ab46f77be46f262ae1b17"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2016-09-20 08:19:20",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.18478 (winblue_ltsb.160920-0600)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "6b65628a2e6b0cf6bd54965da59a8b43",
+                "MachineType": "THUMB",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.18478",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "9a33833e2407d8d25146f07e9c5c8444",
+                    "SHA1": "04243895d74611d8d91937ec718a82b8dd7fe0f9",
+                    "SHA256": "2efb0d9096d6fc172537ba8c386ba82f72b5a9bed5047e7830290bb6aafb0ff4"
+                },
+                "SHA1": "54fccbba97f50d2b57478a1c01ad8b86a5fc737a",
+                "SHA256": "dbeb49f986ec6618e7c256d3db4e3d5378a6ee3439c5949ae57e12722a73a198",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 6.118785418021721,
+                        "Virtual Size": "0x35d10"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.1416406826134775,
+                        "Virtual Size": "0x5ba8"
+                    },
+                    ".reloc": {
+                        "Entropy": 4.723910694609307,
+                        "Virtual Size": "0x40dc"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4718938617640904,
+                        "Virtual Size": "0xfce8"
+                    },
+                    ".text": {
+                        "Entropy": 7.01271499061755,
+                        "Virtual Size": "0x9f3d4"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "33000000a6206efff45e063a190000000000a6",
+                                "Signature": "1af26ac0cce3928cceeb0ebeb5186b1b289be1caa47cba55a0f5e23afa820ee56142a1f158d8d32c2230c6010fa04ae06caf71b10094107e15e2a73e7d6ab6ee827ab9a2dd386dfe2693fcf0e1a88ac736f48f2944a8214bda510dfc68ccbf0fc6c4f0f39036edd3f08e1449b129d7f611b7e5d6b60a97f63530ed8381a11fc8b95beb7fbc45258d4eb767a911095a27d17f613665f70600b30b88091015722e8a64fb43d975f92890d80b545e38317279e44a7071a104715796dd91d0b913c2ec106073f696a236d71979da345d469eac38e7492ac88f7ecdff68180d2dd57051d79a46b2f6ed2c810d6bd51521c3fda183dd8599f282561255ef8bde0f8ed8",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "57c30a2d7e6573994b137079cbff34b8",
+                                    "SHA1": "08980baa201ccbfc096accff568fb2b073da66f4",
+                                    "SHA256": "19241716f05046843df5ff3c02395bf6e2ed68ad52d441a71a2edcd24ac93056"
+                                },
+                                "ValidFrom": "2015-07-15 17:04:59",
+                                "ValidTo": "2016-10-15 17:04:59",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "33000000a6206efff45e063a190000000000a6",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\grubnetx64.efi } }",
+            "Description": "This was provided by Canonical and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "1b134b19-47f4-4bfd-af37-40c05933168f",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "cba477486346b0fad728f78e3542e00e",
+                    "SHA1": "cecc72f2d1a431149d9bc47f8e21b655e980e9f2",
+                    "SHA256": "804e354c6368bb27a90fae8e498a57052b293418259a019c4f53a2007254490f"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "2014-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "grubnetx64.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "f383b5c1f0cb8806742c8df990bc7803",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "c1f26b124fcfb2c73ec9c9cfafe3fcfbc269d4e7",
+                "SHA256": "8e8addb29426d845a0101c2c1f26c2e7fe8c78128ab04f16cfcb4e06461b0101",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 1.2839449201733235,
+                        "Virtual Size": "0xf000"
+                    },
+                    ".reloc": {
+                        "Entropy": 5.904300253815697,
+                        "Virtual Size": "0x1000"
+                    },
+                    ".text": {
+                        "Entropy": 5.571601531682557,
+                        "Virtual Size": "0xb000"
+                    },
+                    "mods": {
+                        "Entropy": 4.318730379441639,
+                        "Virtual Size": "0x142000"
+                    }
+                },
+                "Signature": "",
+                "Signatures": {}
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "grubnetx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "ec0d55b6-d46c-4f5e-b467-1a8fe09e64d2",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "0C0C78837FA767EB045B8199E1E20AD666F90928DAEEB8F5E5253D8E7877FCB4"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "FB03DB013F31A9AA909B77CF510CD129B9E857A93E37BF9ABB91A79EB296C758",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "cb5a22b9-4471-44a3-9783-c27df207f95a",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "264CBC5765718A0BCCB0F79C0FDD133A898203FB6F4F2052CB0647FBF6000ED0"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "B1EC3A20DD620668852C057FD33023CB945D35122C079F13A59A73F8A4E4FC12",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "513ff7cf-418a-4405-9020-8044f5ce24cd",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "E11BDBFBAC4736918C497798D6ED018F529726A6B1894BE0658D1B9519538B22"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "4489FA289C24EC5745E69F476FEBB3FA0103501D95349E795BE481E678429DDE",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "c2ba98da-826c-45bb-bb56-09db34e78fe0",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "47f4be47cd0365cc9f8a6c802f5a3192",
+                    "SHA1": "01cf7cf98149854f741a31f3a6d8071ad80ea347",
+                    "SHA256": "a22471b1d04c11ca895e8c078c221718c96c40309d64cf84144759ca7dfbd0d0"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2013-09-28 22:53:54",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.16415 (winblue_gdr.130928-1658)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "cefe4b51ab58c74a20f0302fca66bd03",
+                "MachineType": "THUMB",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.16415",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "958a6622f7bc1063a804ffe24cc2dfbc",
+                    "SHA1": "2149d5b311e880738eb501393113a37d1bd511b1",
+                    "SHA256": "ed29968ce0c75d2e0327cfa0c2ecb6492b2c8f590877e9cb6e6d3360e0e8992d"
+                },
+                "SHA1": "e230f2632b21bdb523d214032f979104df1ee867",
+                "SHA256": "88c2eac45b9480cc7e423558ba1b90097e8f12dbf98f4628c7a574c6371c6030",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 6.106175836191492,
+                        "Virtual Size": "0x35cf0"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.141258232502104,
+                        "Virtual Size": "0x5ab0"
+                    },
+                    ".reloc": {
+                        "Entropy": 4.719816616755866,
+                        "Virtual Size": "0x4020"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.471815692049393,
+                        "Virtual Size": "0xfce8"
+                    },
+                    ".text": {
+                        "Entropy": 7.049152498387783,
+                        "Virtual Size": "0x9b114"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000001b40b3e1eae3b8c84600000000001b",
+                                "Signature": "cbc341b6aa9c66039f4068be8e0a48a0e38ad5c22d4a6f33e6c39817378261c73b0ac8e800662cde2333f4a79c3b75b726b7aaefc55cb467374a3804a65dd3bcf318da3699a4951225e092422aa4bb08880db7d021c4b7883ccd2452884d6e00d6ec06e6055f30218dfc376e893fdf2b0174ba323e15e0d9e480862c7132f49666ab01c246edcb9e403752b15284de32fa501cbed5bba0e45c60635520155a623bbd1b14d47e4cb8c9b2114d41de618eb6fbb022303df44f93d5d6ba60a5edc24f31c0530da52ea1392985d95b01833392c7686abf5c318308b442b5055011dfd475058a740a741ef63482b84edf9758ccfa5f3472df9c7043ca60912102c15b",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "2e3f888fadd3d8d498f3237752c18df9",
+                                    "SHA1": "4f3c14facbfca2505dddb77d8b8bfe71abb1d2ed",
+                                    "SHA256": "574085e964e5d1fc9d71150ef08a0e08779e1919f28d75a19dad15f69571c8f6"
+                                },
+                                "ValidFrom": "2013-04-10 20:41:53",
+                                "ValidTo": "2014-07-10 20:41:53",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "330000001b40b3e1eae3b8c84600000000001b",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by The Broadband Computer Co and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "2d78b89b-4a5d-4d38-8c20-2baf76df8699",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "386D695CDF2D4576E01BCACCF5E49E78DA51AF9955C0B8FA7606373B007994B3"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "83B1D2B20830EE199D8845C999D4680B1B2B6D9C1F424DD13826DA3FA7F7139E",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "2d78b89b-4a5d-4d38-8c20-2baf76df8699"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "52a629bd-deb4-4e92-aa7c-3e4c301a086a",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "00a62b0feb53c1c76e1e5246aab69123",
+                    "SHA1": "4654356766b9e062ffd65fd26bf3d0916430881c",
+                    "SHA256": "d87817f76309b1e420547808cb573aea0c8e7de14123793a42388582184286b7"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2014-09-18 12:30:36",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.4.9840.0 (fbl_sec_oss3(dlinsley).140616-1123)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "ec46eab41a4c2ffd8c352d6e0dea430b",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.4.9840.0",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "2777dfee3c799f841a25c53df5d11e39",
+                    "SHA1": "6a4457a8f18e185baf0a0352666728176d377faf",
+                    "SHA256": "1ae942cee9560dc7ed300190c7efbe6312d44ec378914f3c09554d816a51b45e"
+                },
+                "SHA1": "5b65a8b1427f80e9c997bbad4e66dd36742314f7",
+                "SHA256": "e0df7ce01e42a61228f4005fcdb9c42675ff7280a0be9ec1c32ad9d5e0493f10",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.473253546138282,
+                        "Virtual Size": "0x620c0"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.082213472250921,
+                        "Virtual Size": "0xa7c4"
+                    },
+                    ".reloc": {
+                        "Entropy": 5.415490038570185,
+                        "Virtual Size": "0x99c"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.47008160921905,
+                        "Virtual Size": "0xfce8"
+                    },
+                    ".text": {
+                        "Entropy": 6.474331847803071,
+                        "Virtual Size": "0x171504"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+                                "Signature": "8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "9da610547a25cbe89af7ecdb99229623",
+                                    "SHA1": "6841cbcbd019586d045c2e9d6d0bc3a98fee3bf7",
+                                    "SHA256": "1cfead8146399a4dfe6759e9303c30c521cff3830e7177e87e64021dc3da4931"
+                                },
+                                "ValidFrom": "2014-07-01 20:32:01",
+                                "ValidTo": "2015-10-01 20:32:01",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "85443af0-4180-4b3e-978c-e3d8c8d35422",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "bc8921a85faf4205abd65c8b0263e795",
+                    "SHA1": "b820221890353f2d702024c23c19cbf17ed25f20",
+                    "SHA256": "5e67bf240b1d05f6f618908868a494c50a30ab255b06619fa28411eb260f674a"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2013-09-28 23:57:09",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.16415 (winblue_gdr.130928-1658)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "bf4168403960a0df177f58277f06250c",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.16415",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "7c1182353e1a18467ac8596eb17c533e",
+                    "SHA1": "3dbd444a114f18bb9cfb639f095ee5a0915ba297",
+                    "SHA256": "3556b638af47e65fa07578b156ff85afa0145f715fc594c65a97aab98841c601"
+                },
+                "SHA1": "6a3777265403ea83fb91ab07988464303e66b172",
+                "SHA256": "669353cc31e65f896a755db94a045d9dc1b4a24baba14fce11d623bdfacec78c",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 5.269091289979136,
+                        "Virtual Size": "0x564f0"
+                    },
+                    ".reloc": {
+                        "Entropy": 5.536154915453736,
+                        "Virtual Size": "0x7f10"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.470992478914469,
+                        "Virtual Size": "0xfd10"
+                    },
+                    ".text": {
+                        "Entropy": 6.6503504605349155,
+                        "Virtual Size": "0x12a444"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+                                "Signature": "78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "28b23b39f3bbd936a26a5b86451be0ac",
+                                    "SHA1": "3b16f29295d5a7c323beb479c71d3d20c6b8acc2",
+                                    "SHA256": "4383c9a796dc607ddaae1849d8e5d2e7ea211aad2c599fe1e251285ec87dd150"
+                                },
+                                "ValidFrom": "2013-06-17 21:43:38",
+                                "ValidTo": "2014-09-17 21:43:38",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "347957db-bbbc-4322-a736-366891a369d0",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "A9CE2969A83982F80B6B2685568A7D6F8E58BCB5FABAA2F8168092175518A0C9"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "F736ABAB18FA867218E4FBFEAA8A452C3B55F2981CC7E27E6CAF1FD9181EF294",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "025ed4ef-d8c6-492b-927f-a1eb484d7b89",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "812EB0FA2DF13A889549729CADBF1720B68F6C9E21955741B72802590AF1B5CA"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "D0A3923ED57307BBDDA1ECF0FF1C40F478DD6F439F80A072508C3551520CD52C",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Novell Systems and revoked Jul-20",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "24b32147-9b69-40e3-a166-b0c457b3c371",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "2F9A8EB6C8E18E7E118AFE9B51E233D88EC76C0EA256FF1F2A842B3A0EA9F466"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "3F8091F700DA0DD082C6C06D0D3B68DB8D51FBE03198BBD6E4FA0D4A9EACA522",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "24b32147-9b69-40e3-a166-b0c457b3c371"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "9ad7a737-68be-4ce9-9595-30623e887396",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "c44756dff66637b44b1180df93fecc70",
+                    "SHA1": "502c5761b07eef8e5b1b90cd8465a36a115e339b",
+                    "SHA256": "6582dccb8b305efe0bbbafdcc7d295a6a8bf1df0397e1a8ac736e9098a2a64c0"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2022-06-27 22:58:31",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.20476 (winblue_ltsb_escrow.220627-1731)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "6c1910730f135cbd5a78e3a48520e647",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.20476",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "aaf18af925d829095e017c505f1a0039",
+                    "SHA1": "c3d13f7d96127a3b16c7a8c0a3dd98fd9f22c3cf",
+                    "SHA256": "05367ecae4cf78cc575048fb931468b1d210df8c38ff8ca05481124b1a1a6917"
+                },
+                "SHA1": "1d5beb0bd494d324fa663da050cc61e8f7f2ce92",
+                "SHA256": "77e2945b3a2b0d14e9943f90ddd7bb87dde9cc5d8be09f9693e9f4166769363d",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 5.413862912163844,
+                        "Virtual Size": "0x6c830"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.079086771447321,
+                        "Virtual Size": "0xa734"
+                    },
+                    ".reloc": {
+                        "Entropy": 5.410822163532266,
+                        "Virtual Size": "0x998"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4723930407949566,
+                        "Virtual Size": "0xfd40"
+                    },
+                    ".text": {
+                        "Entropy": 6.493411591352979,
+                        "Virtual Size": "0x16dcf4"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c",
+                                "Signature": "699045742c403812de1bdf9ea2be22132e82a7c006ab278e0c9f460bd435386348031a6b5cbdf450ae5a243331dcb2cc7eace8371cf71ec35a6f663147bd211ea357614e6a611eeacca6486a778d4cd788106ade12d6625574e7a89ecab4eb0bb99295c498dd5f565680a2d26bf2545e727c4204023c48d8021b608fd901c6fefd16ce0c3a669fb0ce758dc671f2cdd7434c163f9de9453e5523d94a78205c828a4615e50330d9f52a8a77f7683d2b61ff1324382d40d31001c518b56b286fbb8c754f6940590c2071385ed0a9387b529c06bf71fff89c74634550fc331b389d558696ace05787144e5af53d20a75a84981bf8380ddac3743f407d8ff27c089e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "46f57c3b860b08484cb79066ac1014ad",
+                                    "SHA1": "c1fe3ab97b834a98460e4ae92fe2468d16f61a92",
+                                    "SHA256": "d78e6b22fec42de5200f6c56731dd6742c79fa2bf7c01c8dc04d3d5738474c9b"
+                                },
+                                "ValidFrom": "2021-09-02 18:23:41",
+                                "ValidTo": "2022-09-01 18:23:41",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "77a4c1f2-a194-4778-8074-4ba1d052129f",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "26019df09c3d207b9be1a2f395b8645a",
+                    "SHA1": "db3344e8cb837776d854dc6adbfa5473a19bd611",
+                    "SHA256": "b67db8d53c925febadafce4356206c85f73e22456eae4ed6ee77f6a9e11a078c"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2016-09-20 08:10:54",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.18478 (winblue_ltsb.160920-0600)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "b93d4a486013424efe0fb34668b50b85",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.18478",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "95c181375ef93e118f930024df1bff96",
+                    "SHA1": "e3a24ad3c9b07df2a4fb39a1432ba3597faa48f7",
+                    "SHA256": "0708c72d17d4892e2deab31b567c830ee261f5e5730997a47366c0e1e58dec0e"
+                },
+                "SHA1": "71ff189bcbb7e43d0793a0efb827f7225fb122b0",
+                "SHA256": "4f3e97e36ec05236dc378c544310a9685d57409b87020bee731d7ddbf90987c6",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 5.287095365347617,
+                        "Virtual Size": "0x5b510"
+                    },
+                    ".reloc": {
+                        "Entropy": 6.7662012546004755,
+                        "Virtual Size": "0x5d00"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.471496237401348,
+                        "Virtual Size": "0xfd10"
+                    },
+                    ".text": {
+                        "Entropy": 6.632108331411666,
+                        "Virtual Size": "0x130264"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+                                "Signature": "60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "f31f8c784e5d3986ccacb9c88c6d7044",
+                                    "SHA1": "833498af9a41da339c83e0d384b521f72d053331",
+                                    "SHA256": "1f47e616b2810165968d76ef4f6587611c276f4b52901bd6aa5822f9c6e52976"
+                                },
+                                "ValidFrom": "2015-08-18 17:15:28",
+                                "ValidTo": "2016-11-18 17:15:28",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "4c9eca9d-f738-4fde-99da-f5f1536910f5",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "A330FDE65C067A5F0B75C80D0A300767C301EB75E0CF9B4EE240F0D60B3DC503"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "399BDFB85E5A072F763B3692AC5B34FDB00D7C5DA4180219E99A2E0693D72B39",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Now Computing LLC and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "51d3afbe-d378-492d-86fc-3afcf9396417",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "BC75F910FF320F5CB5999E66BBD4034F4AE537A42FDFEF35161C5348E366E216"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "0FB12613BC1D4AB6FBB256574EBA9347AE3A87F96E4A3C259028B55CDE1D8053",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "51d3afbe-d378-492d-86fc-3afcf9396417"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "46e2d5a7-6b08-4c8f-b90a-dac8418621e2",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "f9dc5d54b477c66ca23b879546b650b7",
+                    "SHA1": "6f16c59cb8e6b3febb9e73702914f06475dff19a",
+                    "SHA256": "c3297e35c3a9efc4c051706aab77d29a26e62d9a38de256dffeb77a0eec8666a"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2012-09-18 01:24:19",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.2.9200.16418 (win8_gdr.120917-1921)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "087617bd4578c903f0a66bd157217f0f",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.2.9200.16418",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "a387b0075e977009a7bb74d24fc388de",
+                    "SHA1": "345e019b25904c911be9e3b6a9e2b0bb18652b04",
+                    "SHA256": "e04ed5674c66abbab401efb6e21e2481d4cbc485e5c8a6d34419bd7c8cc9fdad"
+                },
+                "SHA1": "1128abbba4480920fc7a0a772239cd1d132a1910",
+                "SHA256": "b65fe0af8297168749dc235340cba7c08cf6b956fdd25fc2c9f16d20da536713",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.628310210600715,
+                        "Virtual Size": "0x63cf0"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.014681487785778,
+                        "Virtual Size": "0x8e8c"
+                    },
+                    ".rdata": {
+                        "Entropy": 5.421083425321203,
+                        "Virtual Size": "0x19b34"
+                    },
+                    ".reloc": {
+                        "Entropy": 2.70744089792279,
+                        "Virtual Size": "0x1ab4"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4707832631070623,
+                        "Virtual Size": "0xfcf4"
+                    },
+                    ".text": {
+                        "Entropy": 6.484872015753315,
+                        "Virtual Size": "0x109ee2"
+                    },
+                    "PAGE": {
+                        "Entropy": 6.514825397638524,
+                        "Virtual Size": "0x169e"
+                    },
+                    "PAGER32C": {
+                        "Entropy": 6.353319232465821,
+                        "Virtual Size": "0x3d48"
+                    },
+                    "PAGER32R": {
+                        "Entropy": 7.631412897966042,
+                        "Virtual Size": "0x380"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "610bbbd8000000000005",
+                                "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "158438012e4dcd69b27b762c9358cfa2",
+                                    "SHA1": "684ac167849404a4101f166b759f291a43d5f749",
+                                    "SHA256": "95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c"
+                                },
+                                "ValidFrom": "2012-04-09 20:55:50",
+                                "ValidTo": "2013-07-09 20:55:50",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "610bbbd8000000000005",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "94e35789-58de-436e-b04a-8a7b7ded8347",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "2B1B9ECCF585B11C5122651D7B94534BB131AA7C874E2262038B85DB3EE83E4D"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "12A9833615CAABCF4F732C8BB088C83EC18C286EEF2332CB11F18529B676BD38",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "3b215ee9-89b8-4437-bd89-dc9fa92cb727",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "09F7699631C18DB0C33491EB4B3C65B8F279238C5FC5E3AB0BA52737DBBD26F3"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "21BB3AD3C8E0198CA40E2636E5C3F27EAC047C1C0B39F19D81332FCA03DC4FC0",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\rhel-8.3-20200730-shim64-bit.efi } }",
+            "Description": "This was provided by Red Hat, Inc. and revoked Apr-21",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "365019a1-7820-4c83-a483-15dfd2ca466c",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "288878F12E8B9C6CCBF601C73D5F4E985CAC0FF3FCB0C24E4414912B3EB91F15"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "rhel-8.3-20200730-shim64-bit.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "FE09433ECE56EFB74EDFFB10BB4E2C05EF9FA3C37C5E60BD5E87FBDEEAB3EB40",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "rhel-8.3-20200730-shim64-bit.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "3cddc9bb-dc68-4cd7-aee9-227b47b47966",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "9414F5FA5853978C07FC6BB17A1CA9460FE443FFCA021FA52C8672A94460F44F"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "413782A6CEE2CFF718F87A737CD989E2A6067E67212B575AD8A7D80B1A62F206",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "ce52a206-8cc9-43e4-9f5d-28b646502ac3",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "664f6508818e109fb75fbe07061638e8",
+                    "SHA1": "aecda4260dceeda535e4c967ed2fa9ae3c4d580a",
+                    "SHA256": "52a3ca4db923c0648ac04be86ce02dbc6a3aaac8312366b106205dec6e2ca2d9"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2012-08-03 21:42:57",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.2.9200.16391 (win8_gdr.120803-1608)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "de3db6ac5d9d0d31d8668a74bc3332df",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.2.9200.16391",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "fa6462badb7aa537a9d3ecf604e9fbd7",
+                    "SHA1": "caefdafc6f3620830b306d429c83bb077f6bdaa4",
+                    "SHA256": "4689fe3d6e35db99759219db2adef6cefa62105e8b636c0c5bd2a6bec395e471"
+                },
+                "SHA1": "b2851fbbc75273998a8dd1aabed09efa961c050f",
+                "SHA256": "1604f70608f964d1a835c3f3a421e58e449774f0291ff134ac298364e8e3f776",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 5.324535468894605,
+                        "Virtual Size": "0x54bf0"
+                    },
+                    ".rdata": {
+                        "Entropy": 5.359200628389931,
+                        "Virtual Size": "0x122aa"
+                    },
+                    ".reloc": {
+                        "Entropy": 6.124520370323963,
+                        "Virtual Size": "0x61b0"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.470885485377943,
+                        "Virtual Size": "0xfcf4"
+                    },
+                    ".text": {
+                        "Entropy": 6.642283438119681,
+                        "Virtual Size": "0xdd276"
+                    },
+                    "PAGE": {
+                        "Entropy": 6.499448286436215,
+                        "Virtual Size": "0x12ab"
+                    },
+                    "PAGER32C": {
+                        "Entropy": 6.57198166568606,
+                        "Virtual Size": "0x4805"
+                    },
+                    "PAGER32R": {
+                        "Entropy": 7.631412897966042,
+                        "Virtual Size": "0x380"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "610bbbd8000000000005",
+                                "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "158438012e4dcd69b27b762c9358cfa2",
+                                    "SHA1": "684ac167849404a4101f166b759f291a43d5f749",
+                                    "SHA256": "95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c"
+                                },
+                                "ValidFrom": "2012-04-09 20:55:50",
+                                "ValidTo": "2013-07-09 20:55:50",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "610bbbd8000000000005",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "9d219a02-b011-4466-8b2c-6fd725593454",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "7C7372A60D71E04879B8930C164944D96D3753E0A2924A31231D1D5FB97882F2"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "4155DCEAAF889DE79ADB9B2130F1CF23AADD24080C2B2C1EC5F4C359C52A8D7D",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Unknown and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "670b1089-ea21-40d1-ac0a-1dc0adeb7b05",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "D9668AB52785086786C134B5E4BDDBF72452813B6973229AB92AA1A54D201BF5"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "30A947ED2F95D0E7F2746F3A4F3C458FC64554295BA5B4C302FE0EE4F8027C0C",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "670b1089-ea21-40d1-ac0a-1dc0adeb7b05"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "9a4cfe78-97aa-4d04-a049-9f0c2d3869c1",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "3AE76C45CA70E9180C1559981F42622DD251BCA1FBE6B901C52EC11673B03514"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "D8C26A5324CA74212B59B59BEF1BC33FB5B6946DCDDE84414C60A2E315EDE741",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "9a4cfe78-97aa-4d04-a049-9f0c2d3869c1"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\shim-15+1533136590.3beb971-0ubuntu1/shimaa64.efi } }",
+            "Description": "This was provided by Canonical Ltd and revoked Apr-21",
+            "OperatingSystem": "64-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "67ae7723-5130-48c6-b24b-22a876c9c2c0",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "339C2BCF0445BAA7345A02CDE505E172D24CC9CEA29A92EBEE3F3901693FD2C8"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "shim-15+1533136590.3beb971-0ubuntu1/shimaa64.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "C58ABF55F773FEE60CDB21D01D02229C4A3FEEB29F5D904CEB3106BC4B435EE7",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "shim-15+1533136590.3beb971-0ubuntu1/shimaa64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\BOOTIA32.EFI } }",
+            "Description": "This was provided by Red Hat Inc. and revoked Jul-20",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "60383f5c-6dcc-4df4-aad0-510733820a1b",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "752f28cd2893f6dc4e568c9a15f6b456",
+                    "SHA1": "22cbe49e2494a44bf823958840b6e1291ffe6d11",
+                    "SHA256": "3e333de87d211247b2ab00093cab48f6069d718afd29e9917a3d5f60e87557b6"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:39",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "BOOTIA32.EFI",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "69b63c494c676d3a1013a775b18568e8",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "09c724498ed275fb4a76f04700f5b2d39413405f",
+                "SHA256": "953a7719b50073e701730fcff79b2fee7054c72c54d1f0b0f2571d3ce7fdb925",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 5.297966843937964,
+                        "Virtual Size": "0x22bbc"
+                    },
+                    ".dynamic": {
+                        "Entropy": 1.3813806548581444,
+                        "Virtual Size": "0x78"
+                    },
+                    ".dynsym": {
+                        "Entropy": 4.40137747298349,
+                        "Virtual Size": "0xac10"
+                    },
+                    ".rel": {
+                        "Entropy": 3.630273097903543,
+                        "Virtual Size": "0x9720"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".text": {
+                        "Entropy": 5.791450448387524,
+                        "Virtual Size": "0x9a39a"
+                    },
+                    "/16": {
+                        "Entropy": 7.338341139988703,
+                        "Virtual Size": "0x3e2"
+                    },
+                    "/4": {
+                        "Entropy": 5.2274469074374705,
+                        "Virtual Size": "0xde"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000001e0d8474951a966ce400010000001e",
+                                "Signature": "0141873b6d85a37b5ac2a306448d73b6be76f7682ad14efef7ce4b377f0f7a5fbefd76377d59dc2caccd28d1be3eb180a8b66ab19a853bd14c7d5e955e8f07bc2ee0686ac3a2c9e997bd9f58de6dc9b93900c6b7824f64bf415ac51ebaa3dcfe8ad4fc2a41ad95b372c421c4f87835a59867c244e1c8df142abc4b23579f57431565eb8de6a7a0318b2fd17f93876a335c9450d2531f6a877baf43a569f83703a68e49987ca3c6dd42a595827f5be49151d3b79ea262e38ef5b37bda5b1be3462baa6ccb313193cdba21ea3cb1e9bbc751a769f354d63a0d1de3158c67d47b765b92d580ed5f1f1cdb5f61774c4b66c7deb15f4c71d605106064f33a17d31ca6",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+                                "TBS": {
+                                    "MD5": "b6f099bf203668f11a8f79ab08792ed8",
+                                    "SHA1": "4713755a345940554eada6042e90b0151591fad6",
+                                    "SHA256": "62a02001fda2712f35e5ba5f619a6403b6a2c10570eab455fdc69455535f49bb"
+                                },
+                                "ValidFrom": "2016-11-17 22:05:37",
+                                "ValidTo": "2018-02-17 22:05:37",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                },
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "SerialNumber": "330000001e0d8474951a966ce400010000001e",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "BOOTIA32.EFI"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\rhel-8.3-shim-20200726-shimia32.efi } }",
+            "Description": "This was provided by Red Hat, Inc. and revoked Apr-21",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "063ad364-8db5-4bb6-a731-799b970cf900",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "FFF421A9DCD3EF38AD585E8BACA408AC2E4CDBDFA679900EC17089624E310ADA"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "rhel-8.3-shim-20200726-shimia32.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "96DD3FFBAB73A9DAA0CA93C34C4EDA5BD9C8AEEB0480C1A3BD93131F44CA9A29",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "rhel-8.3-shim-20200726-shimia32.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootia32.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "1a268d88-47d0-4204-ade4-ed6e4ef6028e",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "D79651AA3A0491D33B7979F5B41936F8ACEFBA99BBA10E05FD6F54E2859CC589"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootia32.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "B510C9A79CB6CE1BC37912839AF57B453CC4A77C3D5DCC9935F8CCFF7C81F9FE",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootia32.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "48d8feab-a988-4578-a65e-c6ba5f43ffac",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "77CDCFC9644F8F80FF407CDE316AC235DDD1ADA9C3B6A5AA9544DB2D64B79FED"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "ABF6F968CF9ACDDC04BA5F287F857551CC9D3237CE402D527279930AB5F84894",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "d2c1c960-2c20-4647-ba66-d3c5d3385cff",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "1730c4cbe167c78763e0a6e4211a55a5",
+                    "SHA1": "62e70e5fd08037f8e32f298c8d9614535afbb331",
+                    "SHA256": "da9943277174960b0d7d3f0d656176f3723ed2f03a90518beb3c6c202b88cc14"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2016-09-20 08:18:08",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.18478 (winblue_ltsb.160920-0600)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "1854d98bc963a9a82e0d9abef6bc3873",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.18478",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "85fa20421a65e83905361d389b335669",
+                    "SHA1": "fad704c4353c271f61f7ffcecc3bc5aceb3a15b7",
+                    "SHA256": "60bb1a6f5f679831418c16a7c2000159d31507690560194ca357bfd0b4018f9c"
+                },
+                "SHA1": "dfd1cc6207f892703292d88a29f587db858fc0eb",
+                "SHA256": "dd3ca7c4bf6698e7d72f6c2fb0eb59997336c294d604062ef495ee8e1f49931c",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.536862186949299,
+                        "Virtual Size": "0x6b290"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.113198153724958,
+                        "Virtual Size": "0xa53c"
+                    },
+                    ".reloc": {
+                        "Entropy": 5.391748979025571,
+                        "Virtual Size": "0x960"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.470966782245555,
+                        "Virtual Size": "0xfd10"
+                    },
+                    ".text": {
+                        "Entropy": 6.491145372503799,
+                        "Virtual Size": "0x16a6a4"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+                                "Signature": "60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "f31f8c784e5d3986ccacb9c88c6d7044",
+                                    "SHA1": "833498af9a41da339c83e0d384b521f72d053331",
+                                    "SHA256": "1f47e616b2810165968d76ef4f6587611c276f4b52901bd6aa5822f9c6e52976"
+                                },
+                                "ValidFrom": "2015-08-18 17:15:28",
+                                "ValidTo": "2016-11-18 17:15:28",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "a34d1cd4-ad9d-4dda-8e4e-ac86e42a6d92",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "DF6EC4F50BE2A4B7657F0397BED483BE143A18883615800A65A64B7E84D9B858"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "331A6D1D07B7A19AB36312AB8303C9FA5B5D2628B6EF5C593846B6F4B824059F",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "e2313b7a-714a-4e2c-a692-4259f9bc3b0c",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "B344D2F33E30A25EB927E4C1A419D019ACCFA8249A5CE622B8E7C7D8D5807A00"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "C190FBE65C28E7DBCA5AAE188C368CAB9A43ADB7F3B010843086D6DA77C3A6E5",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "cc55f472-e9c9-493c-bf44-98d528441570",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "eed20fa5bc02fa6f0c7e5082c633e31e",
+                    "SHA1": "01419f5ba84d07eaf079e2c69e8655471028081c",
+                    "SHA256": "9335c9dd7001a2ec4e322ab6a2d11e6c4cd4ef1644c00d6314b7ba5a26f9eb7d"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2012-09-13 20:16:14",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.2.9200.16416 (win8_gdr.120913-1502)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "9c77b23f662f4c5cf1da2ec62ba6fd2c",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.2.9200.16416",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "fa6462badb7aa537a9d3ecf604e9fbd7",
+                    "SHA1": "caefdafc6f3620830b306d429c83bb077f6bdaa4",
+                    "SHA256": "4689fe3d6e35db99759219db2adef6cefa62105e8b636c0c5bd2a6bec395e471"
+                },
+                "SHA1": "0f6c22e7f48505d3c4cf28edf541e69a72f4cfed",
+                "SHA256": "5f3952cba19c9f225aae8b57e57c7e20505ac617aeca845a8b5cde4994405c92",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 5.32099548613425,
+                        "Virtual Size": "0x54bf0"
+                    },
+                    ".rdata": {
+                        "Entropy": 5.359740869045908,
+                        "Virtual Size": "0x122aa"
+                    },
+                    ".reloc": {
+                        "Entropy": 6.124599725636047,
+                        "Virtual Size": "0x61b0"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4705699295441637,
+                        "Virtual Size": "0xfcf4"
+                    },
+                    ".text": {
+                        "Entropy": 6.641518892559521,
+                        "Virtual Size": "0xdd286"
+                    },
+                    "PAGE": {
+                        "Entropy": 6.502474956779901,
+                        "Virtual Size": "0x12ab"
+                    },
+                    "PAGER32C": {
+                        "Entropy": 6.572183780133045,
+                        "Virtual Size": "0x4805"
+                    },
+                    "PAGER32R": {
+                        "Entropy": 7.631412897966042,
+                        "Virtual Size": "0x380"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "610bbbd8000000000005",
+                                "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "158438012e4dcd69b27b762c9358cfa2",
+                                    "SHA1": "684ac167849404a4101f166b759f291a43d5f749",
+                                    "SHA256": "95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c"
+                                },
+                                "ValidFrom": "2012-04-09 20:55:50",
+                                "ValidTo": "2013-07-09 20:55:50",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "610bbbd8000000000005",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\centos-8.3-shim-20200726-shimia32.efi } }",
+            "Description": "This was provided by Red Hat, Inc. and revoked Apr-21",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "fbf92874-0ee4-4c8e-9dc5-ab73b6bb4010",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "06C670F8572BF89ABAE13D14D81FFE80D5550F696862B1AB386E4D8C56B02016"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "centos-8.3-shim-20200726-shimia32.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "1A9DDD9AF383AD81787CD7C6A6DC8C8AA86CD995157C32AD476B60D2C494F7FA",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "centos-8.3-shim-20200726-shimia32.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\BOOTX64.EFI } }",
+            "Description": "This was provided by Red Hat Inc. and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "a205120a-b99d-4e65-a96d-b8092539c1d7",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "0C51D7906FC4931149765DA88682426B2CFE9E6AA4F27253EAB400111432E3A7"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "BOOTX64.EFI",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "0CE7F3FEC8BBB04E182027DD6800B7993E9F14EB579504DDECDD2F06294D7739",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "BOOTX64.EFI"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2022-34303"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\miniloader.efi } }",
+            "Description": "This was provided by CPSD and revoked Aug-22",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "82bfbd61-4cd5-490f-853a-3486090e0d3e",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "90AEC5C4995674A849C1D1384463F3B02B5AA625A5C320FC4FE7D9BB58A62398"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "miniloader.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "61F2D843B99AC93FA2ED40A50E5C3F0EAD7C75894BB92C32DF33052804CFB77C",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "miniloader.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Cumulus Network and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "d7cc6936-4efd-40a1-bef3-ea4da008ae4c",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "EAFF8C85C208BA4D5B6B8046F5D6081747D779BADA7768E649D047FF9B1F660C"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "E4FF4E538B4758E8E49010ED16D6D5380417B146F3E8806ACB3AC40611646FDB",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "d7cc6936-4efd-40a1-bef3-ea4da008ae4c"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "293680d1-928e-47e7-b45b-421122787ad8",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "C05B9250BDA8E86B6E5C6A8C584F0F61B4A3D243689965B5A955A2CB198D1E99"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "66CC4EE53DAE4DD746AE6D8B58B858DDDF1634A498D5EF41F50264E6F948F526",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "c1e70cfa-8b21-4b51-8b94-9a06bb4b5550",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "06EB5BADD26E4FAE65F9A42358DEEF7C18E52CC05FBB7FC76776E69D1B982A14"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "608854C2B7A26B00A3970757C2FA176B361F74FE094F7CFA482C439071279548",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "c1e70cfa-8b21-4b51-8b94-9a06bb4b5550"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "66d407b1-5e65-4314-89c3-cc6dd5c10d59",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "28CE0DAD50730900C5D18CC58D5255293452CA37D764868C16EAA9EAF6BD7C83"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "EBB480F63BB81A4C88F42E97A1B40DAB2EBB926A358EACC1C52A5DB88A2BC6CA",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootaa64.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "34da0cf6-14d0-43a7-8e56-ea63c3b0c1bd",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "D465D63B0384F16A1610B0A86C5D73B36A33709828DE8FE26DBAC6DC6EFA007D"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootaa64.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "A7CEA30E7B024C8710F9AE5C1302545CEEAF23B8DEBE362FB26562ACDD807325",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootaa64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Unknown and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "261d9721-b41e-4711-9ec1-d46057b9c56b",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "97A51A094444620DF38CD8C6512CAC909A75FD437AE1E4D22929807661238127"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "424C636253B4EFA0C69F91505EE16D7079956B8EDE4524FFCE211A1B037FF692",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "261d9721-b41e-4711-9ec1-d46057b9c56b"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "635f3ff1-ab0a-468c-b6a3-6a8aa39301d5",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "576bde13122eaba63fa0734baecf5a48",
+                    "SHA1": "cf7b3cc939f51462213b3b05b81fbc42ee05afd8",
+                    "SHA256": "e2cf881cf07195454505047d74810ed79ae20dfd0f1593afbbf08270a486c038"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2017-03-25 11:35:17",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.18639 (winblue_ltsb.170325-0600)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "83e596b8944ed413e5bbc0c51c0b64c6",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.18639",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "95c181375ef93e118f930024df1bff96",
+                    "SHA1": "e3a24ad3c9b07df2a4fb39a1432ba3597faa48f7",
+                    "SHA256": "0708c72d17d4892e2deab31b567c830ee261f5e5730997a47366c0e1e58dec0e"
+                },
+                "SHA1": "fab234f84e488343ea0f65072d8785217cabef40",
+                "SHA256": "165a5dcdea3a7de7cfae38298597445eba59282308c7243be50f568aa610f4f2",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 6.142432235727058,
+                        "Virtual Size": "0x5c7f0"
+                    },
+                    ".reloc": {
+                        "Entropy": 6.764072371259567,
+                        "Virtual Size": "0x5d44"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4724787157502846,
+                        "Virtual Size": "0xfd30"
+                    },
+                    ".text": {
+                        "Entropy": 6.635628506909973,
+                        "Virtual Size": "0x130364"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "33000001066ec325c431c9180e000000000106",
+                                "Signature": "bd80b589ac202a8c57028b505da374963d49e555f4d7fba7ec9c9b645e2c3cc1b869ca054fce40a3953a4cae404cf07bc8f52e9408afa7cf74f03c131aa37e26eea21fe524bc06fe6bf59c1d510cc505cae5e385344eb27a4500ac119b30d5a54c5ae9c249665539cbf51fb8680a5311ee884d3d4a2c38a8e6e170f7c9f94aa821f889f4ef7733ca24c6ecc56105ec5b39f8609dc897a2e7deca1c32d696208e8b92a92419b386e3714c104f01a54b619de5afb79db9618e7f90852b33228d4ae67d6e74b3c55ad9f6f41b86952aed4d73efe4e09f36d2ce97679ce82ca30d073a1dc401342b1b255abaa86b506d8344fa287e2a1214e2d3b98dfdb9c6d85fda",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "dde4566ad877cdd7257537c5a15caff8",
+                                    "SHA1": "61ccf092df4eb7534ffc8df983b362e10eb895c2",
+                                    "SHA256": "0ae3a29cfb54cd16c853b2246cc428219bb87f7e4ea299b0374b2ac43f2a61d8"
+                                },
+                                "ValidFrom": "2016-10-11 20:39:31",
+                                "ValidTo": "2018-01-11 20:39:31",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "33000001066ec325c431c9180e000000000106",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Intel Corporation and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "8a6aa8d7-205b-4747-aa92-8b526be3b7d2",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "45876B4DD861D45B3A94800774027A5DB45A48B2A729410908B6412F8A87E95D"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "29DA5912698EE1928C239D394EF95A4BEEF0DC59262B6BFFEC24FA205C4B8A10",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "8a6aa8d7-205b-4747-aa92-8b526be3b7d2"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "6f2d1488-6c25-477a-97ad-e0a570723b20",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "90A483526B4238C55BC5DED289D7C1D376109B9D5F3E93529EDA75C4D451523A"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "A8CE55447F57564F1CE95A7B3C505A7996BDAC4A06710DD101ECD5B818653E27",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "3939d676-6d9d-48b4-8be9-d7d7f3528c08",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "C127F0EEFC2E451989D88E4D1DA8A3B08CA9D5884987A6157E04E9A71C01ADFC"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "EDFFF0969567FF1C1867AA921EAA5CF4C65D20F0511BA7EE7328F7B67238DF53",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "3939d676-6d9d-48b4-8be9-d7d7f3528c08"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "b42db55a-4520-493a-81ec-42002887ea96",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "caa781731a9d13ac418d97ec2cccb8f1",
+                    "SHA1": "7ac2da2861fe7b90862a27b63629d8a9ee58d97d",
+                    "SHA256": "7fddfe06c44dc4302da54577353c18fdbe11b41cb3e6064ec1c116ee102fe080"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2016-10-05 14:24:09",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.2.9200.22004 (win8_ldr.161005-0600)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "7f0de7a661590f1c33de0b80676e8827",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.2.9200.22004",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "a387b0075e977009a7bb74d24fc388de",
+                    "SHA1": "345e019b25904c911be9e3b6a9e2b0bb18652b04",
+                    "SHA256": "e04ed5674c66abbab401efb6e21e2481d4cbc485e5c8a6d34419bd7c8cc9fdad"
+                },
+                "SHA1": "003454b835a5ee7ee200f9cb4e68b071e2b8e69b",
+                "SHA256": "d1af02fca7522c8d27e053544b3b653ff2daffcae9c420e460235dacab53f7cd",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 5.464601076751779,
+                        "Virtual Size": "0x65010"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.017575781905406,
+                        "Virtual Size": "0x8eb0"
+                    },
+                    ".rdata": {
+                        "Entropy": 5.427514584005019,
+                        "Virtual Size": "0x19b14"
+                    },
+                    ".reloc": {
+                        "Entropy": 2.715757042100683,
+                        "Virtual Size": "0x1ad6"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.47211306543629,
+                        "Virtual Size": "0xfd14"
+                    },
+                    ".text": {
+                        "Entropy": 6.481657238537085,
+                        "Virtual Size": "0x10a5e2"
+                    },
+                    "PAGE": {
+                        "Entropy": 6.514627558721207,
+                        "Virtual Size": "0x169e"
+                    },
+                    "PAGER32C": {
+                        "Entropy": 6.357861791329596,
+                        "Virtual Size": "0x3d48"
+                    },
+                    "PAGER32R": {
+                        "Entropy": 7.631412897966042,
+                        "Virtual Size": "0x380"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+                                "Signature": "60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "f31f8c784e5d3986ccacb9c88c6d7044",
+                                    "SHA1": "833498af9a41da339c83e0d384b521f72d053331",
+                                    "SHA256": "1f47e616b2810165968d76ef4f6587611c276f4b52901bd6aa5822f9c6e52976"
+                                },
+                                "ValidFrom": "2015-08-18 17:15:28",
+                                "ValidTo": "2016-11-18 17:15:28",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootx64.efi } }",
+            "Description": "This was provided by TeraByte Inc. and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "27ce9422-3805-4231-8142-aa0976d3686a",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "A4D978B7C4BDA15435D508F8B9592EC2A5ADFB12EA7BAD146A35ECB53094642F"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootx64.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "EEC3E281A5545CAF11EC02BB0DF159DA19698E639CBA0190A0AEC9AB09296BEB",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "454bb2af-6ee7-483d-8a15-73f2fec386ba",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "2116183BBAB5D6964C001C931A09ECA1DC0FD6651A61BE4A8A9548DC476B90B1"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "1B9401C47B0837F1FA315F2F29F304ED360B5B2E2843141367562B60EDB1CCA9",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "d0f8d27f-26e3-4500-bcb8-dab29c667c29",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "400AC66D59B7B094A9E30B01A6BD013AFF1D30570F83E7592F421DBE5FF4BA8F"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "0742A120E871BBB67D6947D05E9301CDACBCCB4AF650464F996B40352CA9699B",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "d0f8d27f-26e3-4500-bcb8-dab29c667c29"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\BOOTX64.EFI } }",
+            "Description": "This was provided by Red Hat Inc. and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "52f8c789-bc20-45cd-a1b6-8a564b18fff6",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "5557985ad6236a2e6f4dc5efcb052bd7",
+                    "SHA1": "36f2525fb6ae3fed1191d10ae9b4a524fe5914e1",
+                    "SHA256": "6efefe0b5b01478b7b944c10d3a8aca2cca4208888e2059f8a06cb5824d7bab0"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1970-01-10 02:40:12",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "BOOTX64.EFI",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "6d83b980fd7541fbe793a891b95d5621",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "224b166130e25c00ac9a6c33d7816acc6b98cde5",
+                "SHA256": "d57f40a0e9018765cd79393a0d57d8e6d6d880d93b95fa57cedbda5a0b4a1ae3",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.419173693560442,
+                        "Virtual Size": "0x2c518"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.7957307370557809,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.2164293589099726,
+                        "Virtual Size": "0x10230"
+                    },
+                    ".rela": {
+                        "Entropy": 2.655945791385897,
+                        "Virtual Size": "0x1c548"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".text": {
+                        "Entropy": 5.61945309796477,
+                        "Virtual Size": "0x9be5f"
+                    },
+                    "/14": {
+                        "Entropy": 5.255022427055196,
+                        "Virtual Size": "0xe4"
+                    },
+                    "/26": {
+                        "Entropy": 7.338341139988703,
+                        "Virtual Size": "0x3e2"
+                    },
+                    "/4": {
+                        "Entropy": 4.837270867662857,
+                        "Virtual Size": "0x1ebf8"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000001e0d8474951a966ce400010000001e",
+                                "Signature": "0141873b6d85a37b5ac2a306448d73b6be76f7682ad14efef7ce4b377f0f7a5fbefd76377d59dc2caccd28d1be3eb180a8b66ab19a853bd14c7d5e955e8f07bc2ee0686ac3a2c9e997bd9f58de6dc9b93900c6b7824f64bf415ac51ebaa3dcfe8ad4fc2a41ad95b372c421c4f87835a59867c244e1c8df142abc4b23579f57431565eb8de6a7a0318b2fd17f93876a335c9450d2531f6a877baf43a569f83703a68e49987ca3c6dd42a595827f5be49151d3b79ea262e38ef5b37bda5b1be3462baa6ccb313193cdba21ea3cb1e9bbc751a769f354d63a0d1de3158c67d47b765b92d580ed5f1f1cdb5f61774c4b66c7deb15f4c71d605106064f33a17d31ca6",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+                                "TBS": {
+                                    "MD5": "b6f099bf203668f11a8f79ab08792ed8",
+                                    "SHA1": "4713755a345940554eada6042e90b0151591fad6",
+                                    "SHA256": "62a02001fda2712f35e5ba5f619a6403b6a2c10570eab455fdc69455535f49bb"
+                                },
+                                "ValidFrom": "2016-11-17 22:05:37",
+                                "ValidTo": "2018-02-17 22:05:37",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                },
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "SerialNumber": "330000001e0d8474951a966ce400010000001e",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "BOOTX64.EFI"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "29221f48-fbc7-4db4-8fc6-86f1e3e137b8",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "2A92103865FB60FC84D357180CC7DB45359B04AD419E8C4FAB74F7143FC0655A"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "3A5B30A5017105C4CB30A0793FAE4600BF4A1A442D85C79E98405DC0083DEB8C",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by TrueCrypt Foundation and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "5abbd1d8-5850-4e54-9375-6a9639a8db58",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "80B4D96931BF0D02FD91A61E19D14F1DA452E66DB2408CA8604D411F92659F0A"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "77F55C6E07D808021F9E66017605D8B2DED6C55944693641902C4CE821E37878",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "5abbd1d8-5850-4e54-9375-6a9639a8db58"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "add3eacb-c3b2-4adc-ba76-49ddb1af2ae3",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "EE83A566496109A74F6AC6E410DF00BB29A290E0021516AE3B8A23288E7E2E72"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "FCCC2A01967926437DC0F5F49C6ACEED4DC67EBD7E99169023B5F89A7264CB98",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "add3eacb-c3b2-4adc-ba76-49ddb1af2ae3"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\BOOTIA32.EFI } }",
+            "Description": "This was provided by Fedora Project and revoked Jul-20",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "854018eb-0eb9-4c45-8c0c-edb859445cb9",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "be4303f658c8f9c5541a6bdac9dc2c2d",
+                    "SHA1": "faa088677fbfb6eb7266526835f878855ee767d6",
+                    "SHA256": "cf3f7c24af6d46e133bb6a936902a47413394b2a8addc63a8890c75eb7c3a6c7"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "BOOTIA32.EFI",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "87e606dee08705c7ac75737a83a6e063",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "56ebc1fe5d75203a8fd8669eb86d80cda4c13d91",
+                "SHA256": "6a6f1c13eefcba07c0fc8aa0b70ab6fe2bc709a9eaf83090b735fec8e0dd576b",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 5.364024351542338,
+                        "Virtual Size": "0x2295c"
+                    },
+                    ".dynamic": {
+                        "Entropy": 1.3647139881914778,
+                        "Virtual Size": "0x78"
+                    },
+                    ".dynsym": {
+                        "Entropy": 4.399390751124498,
+                        "Virtual Size": "0x9370"
+                    },
+                    ".rel": {
+                        "Entropy": 3.5319998815880522,
+                        "Virtual Size": "0x9048"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".text": {
+                        "Entropy": 5.843735832527754,
+                        "Virtual Size": "0x94b97"
+                    },
+                    "/16": {
+                        "Entropy": 7.133596117970691,
+                        "Virtual Size": "0x4ac"
+                    },
+                    "/4": {
+                        "Entropy": 4.855334501626881,
+                        "Virtual Size": "0x5c"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+                                "Signature": "6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "TBS": {
+                                    "MD5": "a5052527524f4998a7bd87f396196fe8",
+                                    "SHA1": "2374a3e4f0499d106f0e4d71a22f7b0e709847c0",
+                                    "SHA256": "f5b4992e0bd1b102ae9d5aeec4bd213f5dd042bd27b9a345ad336d2dda10a138"
+                                },
+                                "ValidFrom": "2017-08-11 20:20:00",
+                                "ValidTo": "2018-08-11 20:20:00",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                },
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "BOOTIA32.EFI"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "cb08669d-8b82-45b7-8fc7-ea815f96e336",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "1DA53F3A2C7C41C93099737266B5619FF616A433FB3B870234622D7AAFAB9A7A"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "BD6E8218BAF3A86090201D6A118858CFA5F63AA2732CC880DADF39A1609F12E3",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "120f5dbe-0a55-4b54-a42f-e51cb54f75c4",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "7F964730CFB7B8CEA284E2E810212FF9B0EE18227F64427A095D6886493DB0C4"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "7294F03850C2084A287FAEFBA778592D9D01E5062DD2E980537E39FDBFE20316",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "c8440951-fa74-42e2-bee5-4a70db2dec53",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "450c5929a254f83c3fcfa056b9ecb5f9",
+                    "SHA1": "3f62302d8c036c7d2d4ae6a47fc8439028871808",
+                    "SHA256": "84d75f7a8913d66db946eaf1480eaddec3063d27a6f625f040b406718abcac44"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2017-03-25 12:33:45",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.18639 (winblue_ltsb.170325-0600)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "958ceee3668f4eff01fb29d03518b49e",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.18639",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "85fa20421a65e83905361d389b335669",
+                    "SHA1": "fad704c4353c271f61f7ffcecc3bc5aceb3a15b7",
+                    "SHA256": "60bb1a6f5f679831418c16a7c2000159d31507690560194ca357bfd0b4018f9c"
+                },
+                "SHA1": "0213406b236ee5c1f1e4fbf0101d24cc10ab7e24",
+                "SHA256": "fe26e6c2bc5ac4357e6657624180ca1e946d6dabe79cdb098d7b8b4e440851aa",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 5.389366981443705,
+                        "Virtual Size": "0x6c590"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.102700785324201,
+                        "Virtual Size": "0xa554"
+                    },
+                    ".reloc": {
+                        "Entropy": 5.400761827022373,
+                        "Virtual Size": "0x968"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.472082202305419,
+                        "Virtual Size": "0xfd30"
+                    },
+                    ".text": {
+                        "Entropy": 6.4910310466732115,
+                        "Virtual Size": "0x16acf4"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "33000001066ec325c431c9180e000000000106",
+                                "Signature": "bd80b589ac202a8c57028b505da374963d49e555f4d7fba7ec9c9b645e2c3cc1b869ca054fce40a3953a4cae404cf07bc8f52e9408afa7cf74f03c131aa37e26eea21fe524bc06fe6bf59c1d510cc505cae5e385344eb27a4500ac119b30d5a54c5ae9c249665539cbf51fb8680a5311ee884d3d4a2c38a8e6e170f7c9f94aa821f889f4ef7733ca24c6ecc56105ec5b39f8609dc897a2e7deca1c32d696208e8b92a92419b386e3714c104f01a54b619de5afb79db9618e7f90852b33228d4ae67d6e74b3c55ad9f6f41b86952aed4d73efe4e09f36d2ce97679ce82ca30d073a1dc401342b1b255abaa86b506d8344fa287e2a1214e2d3b98dfdb9c6d85fda",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "dde4566ad877cdd7257537c5a15caff8",
+                                    "SHA1": "61ccf092df4eb7534ffc8df983b362e10eb895c2",
+                                    "SHA256": "0ae3a29cfb54cd16c853b2246cc428219bb87f7e4ea299b0374b2ac43f2a61d8"
+                                },
+                                "ValidFrom": "2016-10-11 20:39:31",
+                                "ValidTo": "2018-01-11 20:39:31",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "33000001066ec325c431c9180e000000000106",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\shim-opensuse.efi } }",
+            "Description": "This was provided by SUSE Linux Products GmbH and revoked Apr-21",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "ce34babf-0f03-4d6d-969d-e063648d5dfe",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "F5E892DD6EC4C2DEFA4A495C09219B621379B64DA3D1B2E34ADF4B5F1102BD39"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "shim-opensuse.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "7B40290ADE5BA3316AFC08748CFAB5AE79FB30BB8B5972766D670C3887E3D294",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "shim-opensuse.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "79c58c75-492b-46fc-9788-59514261788a",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "E637002526221BC32E477455B12F864F20B27C44679A2E78E5C56DA1FFCE8B41"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "E1A44BDE59714FE31A77476FCF73CFB784105333F05755D8F1C05EDE4056D4C6",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\shim-15+1552672080.a4a1fbe-0ubuntu1/shimaa64.efi } }",
+            "Description": "This was provided by Canonical Ltd and revoked Apr-21",
+            "OperatingSystem": "64-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "2e98c935-fda6-4fc9-b635-47a7d9157a02",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "A48B5E31477DA248680A8935D1E5E630E6FDE22277F9635DA7D6F7F9AA17E34A"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "shim-15+1552672080.a4a1fbe-0ubuntu1/shimaa64.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "B6F807D4488F132AB873DCDE8EDAD2875961895E503F263B86BA34958A290618",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "shim-15+1552672080.a4a1fbe-0ubuntu1/shimaa64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "4c768cdf-df02-45b1-9342-63389224b997",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "7B94F0505F37B19B432ABA08BE2E3E003038C02CEB531E169D460DB60C351649"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "593148805FC70C5FBE0299A185DD367DF00A8E7AA95242C90C6567A73C1CD259",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "90d2feb1-4600-4854-9a4e-fbf54b14c72a",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "C9F9C03434997FBD0FBB698DAC556264EBE967F948A97978A0C32EF85F94B188"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "1E75347868FC5FDDD501E1E2B56C7D511030513B0E9F45DC074DC562F11590E7",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "f907fd87-1f8a-4a91-8ed1-e74bf106b15c",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "9DD2DCB72F5E741627F2E9E03AB18503A3403CF6A904A479A4DB05D97E2250A9"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "B40F5FF7030848DB736573E06A1A1C5BF49F119E66DD0BA7E48E2651E2CE7059",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "f907fd87-1f8a-4a91-8ed1-e74bf106b15c"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\BOOTX64.EFI } }",
+            "Description": "This was provided by HP and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "fbb59470-8b0e-4ad8-8692-e8a3e1c4df8c",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "94dfb76b94c30266578ce327901ec791",
+                    "SHA1": "909d4c9217388c496ccadd8e1ed5aa58766a60bd",
+                    "SHA256": "f1863ec8b7f43f94ad14fb0b8b4a69497a8c65ecbc2a55e0bb420e772b8cdc91"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "BOOTX64.EFI",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "d55f2dc318b152d9d722021bf8376658",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "6b4d5fb92240528828725c87f1c2f7de1aa7e7f5",
+                "SHA256": "f8e2a41c0444d7da76fc1682f3eb7e2a90140e1b68b413f4426bac357cbe14bb",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.464961714868577,
+                        "Virtual Size": "0x295e8"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.8257898339361436,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.21037984522559,
+                        "Virtual Size": "0xeda8"
+                    },
+                    ".rela": {
+                        "Entropy": 2.6505568397234684,
+                        "Virtual Size": "0x1adc0"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".text": {
+                        "Entropy": 5.639710840411351,
+                        "Virtual Size": "0x94dab"
+                    },
+                    "/14": {
+                        "Entropy": 5.2645431551668285,
+                        "Virtual Size": "0xc9"
+                    },
+                    "/26": {
+                        "Entropy": 7.349457523109135,
+                        "Virtual Size": "0x35f"
+                    },
+                    "/4": {
+                        "Entropy": 4.84673389141427,
+                        "Virtual Size": "0x18858"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "TBS": {
+                                    "MD5": "8d8a1f204c9c80213bd427fa58b387e2",
+                                    "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386",
+                                    "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0"
+                                },
+                                "ValidFrom": "2018-07-03 20:53:01",
+                                "ValidTo": "2019-07-26 20:53:01",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                },
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "BOOTX64.EFI"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "3fd56670-7eb8-406e-af51-68998459de7d",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "E226D6F3A332238FEE8A42A8FD57E8B009725DB5F8DF4DC1CB54F17C6F47A9C7"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "894C9E5370DA9DF83426F92C42CFDC5D79CE004ADBD45A7663E9F5E9A6A198C6",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootarm.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "e7f84927-3fb4-41c9-b2fc-e87985cfbcc3",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "AF3BBF0C275BDD5EBD8A87F00263847485572F8A983DEF0EAE9895CD93D7FFC3"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootarm.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "94F92895ED36D4EA45B0942E755640420AF5CA3B8E3EA855FC6A39C9A3661666",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootarm.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "fcbb1d82-1e57-4ca2-8679-e366cd7cb4e8",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "21F27D89F2E77DEE7CD4336E3A3ADE362A2AAE9FB2EFE2079491A518F3D51FED"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "355B0240DD31FAD0ED13D77B7F880F8EBB32BCC72F9667BECBA3263E099DF378",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "1f0649ef-7118-46ab-b168-e4b9736bcea4",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "85255700890931C5B71A73DFF09EA5125CD702EA65F45B4054C1463E00173FDC"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "3F5AFCDADFA8F590C39764BD9A31CE160FD7A929654491154AFD6738C0523D2C",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Unknown and revoked Jul-20",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "61d9e3c8-8cc0-4c53-b886-e6e2e676f475",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "4EE45A217B38A8C13777DF0860F1255E52BAF3CF9D075373E31AD7E2C85E2CDB"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "AA909ADBB83E05F92BA2E1144C6A33CB320A760409E1015B00A9EED666063510",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "61d9e3c8-8cc0-4c53-b886-e6e2e676f475"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "224dff2d-8d29-4951-b7b7-4a0cd2c18dbc",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "7F9602C123A090BB0C4C3B69662BC52D675A0A4ED444D1C1E0E26C2B0DC3760B"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "7429F9578205C654FC25D2FBE8B6F27D8082E049A962982EB70F55DCA02BE882",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\shim64-bit.efi } }",
+            "Description": "This was provided by Oracle America, Inc. and revoked Apr-21",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "4feb177a-ce68-4853-9874-5b834a0b9cb6",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "BDD4086C019F5D388453C6D93475D39A576572BAFF75612C321B46A35A5329B1"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "shim64-bit.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "3898A72298BBF39E2E9B268DA9661B47B6AC5C160518089E27BF8DF25B77D584",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "shim64-bit.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "a434e53e-5631-4181-bd2e-47c546370f7b",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "6d00124e9f1f50bf046eb6e5151c9e97",
+                    "SHA1": "2121406a967bcc56cfb20b53b60f255d950862d5",
+                    "SHA256": "f51bc0b8fce1bae71b76cb3ade28b712669d4e938fd37c9f5872493acc25fae1"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2012-09-20 00:11:29",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.2.9200.20521 (win8_ldr.120919-1813)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "7c2bf377d0edb86f010d202d48024145",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.2.9200.20521",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "a387b0075e977009a7bb74d24fc388de",
+                    "SHA1": "345e019b25904c911be9e3b6a9e2b0bb18652b04",
+                    "SHA256": "e04ed5674c66abbab401efb6e21e2481d4cbc485e5c8a6d34419bd7c8cc9fdad"
+                },
+                "SHA1": "5dd4309442a74a780e3e099f0625b1eed2e54c25",
+                "SHA256": "ec89ddd37880430cd5242f5f15d13f4cf699f50dbe04643e5b70093631608204",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.628310210600715,
+                        "Virtual Size": "0x63cf0"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.014681487785778,
+                        "Virtual Size": "0x8e8c"
+                    },
+                    ".rdata": {
+                        "Entropy": 5.4212846406362525,
+                        "Virtual Size": "0x19b34"
+                    },
+                    ".reloc": {
+                        "Entropy": 2.70744089792279,
+                        "Virtual Size": "0x1ab4"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.471043136394146,
+                        "Virtual Size": "0xfcf4"
+                    },
+                    ".text": {
+                        "Entropy": 6.484872015753315,
+                        "Virtual Size": "0x109ee2"
+                    },
+                    "PAGE": {
+                        "Entropy": 6.514825397638524,
+                        "Virtual Size": "0x169e"
+                    },
+                    "PAGER32C": {
+                        "Entropy": 6.353319232465821,
+                        "Virtual Size": "0x3d48"
+                    },
+                    "PAGER32R": {
+                        "Entropy": 7.631412897966042,
+                        "Virtual Size": "0x380"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "610bbbd8000000000005",
+                                "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "158438012e4dcd69b27b762c9358cfa2",
+                                    "SHA1": "684ac167849404a4101f166b759f291a43d5f749",
+                                    "SHA256": "95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c"
+                                },
+                                "ValidFrom": "2012-04-09 20:55:50",
+                                "ValidTo": "2013-07-09 20:55:50",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "610bbbd8000000000005",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "66da17c5-7c1b-43c3-8520-4d3efea91899",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "a0455533de7422bc348d8c282d26254d",
+                    "SHA1": "f8f7d3c1f985120b648ab2d7daedeb98ed618189",
+                    "SHA256": "16598ee39b716ed9e4765a44abf86906c9b25c25abf631cc78ece6f7211b0365"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2015-08-06 12:01:48",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.18006 (winblue_ltsb.150806-0600)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "5624304dd2172b7edb81741a5e7d2d06",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.18006",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "2fbc53c18b773e0990639d636825b0ba",
+                    "SHA1": "2a1d3ef0d46e4b8b403cdf0c29bcefbe41250cb3",
+                    "SHA256": "d1a38cd90fba6fb39948b1c0ee836f9542268bb74c4379963c2920d11f696f22"
+                },
+                "SHA1": "5ebb525eefc7d35d664bf29bf8fbff40832dcefb",
+                "SHA256": "0e93c368f8177bc0fe1a09d79b897a94286f3c374a18a40522c3358cb627d7e2",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.538102764163199,
+                        "Virtual Size": "0x6b290"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.088085457252306,
+                        "Virtual Size": "0xa518"
+                    },
+                    ".reloc": {
+                        "Entropy": 5.3873912473580265,
+                        "Virtual Size": "0x960"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4709407525928864,
+                        "Virtual Size": "0xfd10"
+                    },
+                    ".text": {
+                        "Entropy": 6.490130132913895,
+                        "Virtual Size": "0x169ab4"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+                                "Signature": "8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "9da610547a25cbe89af7ecdb99229623",
+                                    "SHA1": "6841cbcbd019586d045c2e9d6d0bc3a98fee3bf7",
+                                    "SHA256": "1cfead8146399a4dfe6759e9303c30c521cff3830e7177e87e64021dc3da4931"
+                                },
+                                "ValidFrom": "2014-07-01 20:32:01",
+                                "ValidTo": "2015-10-01 20:32:01",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "ac6f3137-42fd-46e6-8cfb-a22a6785d529",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "de6894cde22aaa436aca77368eda64f9",
+                    "SHA1": "da4574fc375ca85005e13c0210a0ed8397b51121",
+                    "SHA256": "6ce1f2986f0c46683ba07d296d0a84448ecf76c69db183fe29c36eed8f8e8f2f"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2016-02-10 07:49:58",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.18233 (winblue_ltsb.160210-0600)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "1ee7ccaae6df60e3e850ae6c4a3b7478",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.18233",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "95c181375ef93e118f930024df1bff96",
+                    "SHA1": "e3a24ad3c9b07df2a4fb39a1432ba3597faa48f7",
+                    "SHA256": "0708c72d17d4892e2deab31b567c830ee261f5e5730997a47366c0e1e58dec0e"
+                },
+                "SHA1": "810d7ecef2570772d2b70facfec1a6028e4bd611",
+                "SHA256": "566ae5fb2f355b2c03ecbbab4770e92856b0d1c3d659fe0c11263f1a5f8d7086",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 5.28434417329483,
+                        "Virtual Size": "0x5b4f0"
+                    },
+                    ".reloc": {
+                        "Entropy": 6.762930538535226,
+                        "Virtual Size": "0x5d10"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.471459084643445,
+                        "Virtual Size": "0xfd10"
+                    },
+                    ".text": {
+                        "Entropy": 6.632717954879298,
+                        "Virtual Size": "0x12fe54"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+                                "Signature": "60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "f31f8c784e5d3986ccacb9c88c6d7044",
+                                    "SHA1": "833498af9a41da339c83e0d384b521f72d053331",
+                                    "SHA256": "1f47e616b2810165968d76ef4f6587611c276f4b52901bd6aa5822f9c6e52976"
+                                },
+                                "ValidFrom": "2015-08-18 17:15:28",
+                                "ValidTo": "2016-11-18 17:15:28",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\BOOTIA32.EFI } }",
+            "Description": "This was provided by Red Hat Inc. and revoked Jul-20",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "d50e4193-70d2-4807-9bc9-671894e82df9",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "7f6637b50f8043e83815eff4f6f6425c",
+                    "SHA1": "9519b7ba40ba48be3ef06c3b4c09169824e35bb9",
+                    "SHA256": "7f3bdd2e92ae417b2143cc993c7fe48d9363ffa65c9cc461b6a407a779998174"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "BOOTIA32.EFI",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "7de3ac2823e2f7c241f2b181a8417647",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "c3c4d0ccdc07c03c20f133f9f65f6f12accea87a",
+                "SHA256": "c7d9dab91b726dea5abaa893d8f60bd4795f489894044dc56a9d3aad9cc49740",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 5.362038159088457,
+                        "Virtual Size": "0x229bc"
+                    },
+                    ".dynamic": {
+                        "Entropy": 1.3647139881914778,
+                        "Virtual Size": "0x78"
+                    },
+                    ".dynsym": {
+                        "Entropy": 4.405087128822569,
+                        "Virtual Size": "0x9370"
+                    },
+                    ".rel": {
+                        "Entropy": 3.534994670132211,
+                        "Virtual Size": "0x9048"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".text": {
+                        "Entropy": 5.844138421048036,
+                        "Virtual Size": "0x94d37"
+                    },
+                    "/16": {
+                        "Entropy": 7.340161985642677,
+                        "Virtual Size": "0x3e1"
+                    },
+                    "/4": {
+                        "Entropy": 4.855334501626881,
+                        "Virtual Size": "0x5c"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "TBS": {
+                                    "MD5": "8d8a1f204c9c80213bd427fa58b387e2",
+                                    "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386",
+                                    "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0"
+                                },
+                                "ValidFrom": "2018-07-03 20:53:01",
+                                "ValidTo": "2019-07-26 20:53:01",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                },
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "BOOTIA32.EFI"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\shim-0~20120906.bcd0a4e8-0ubuntu4/shim64-bit.efi } }",
+            "Description": "This was provided by Canonical Ltd and revoked Apr-21",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "51f20c00-6e15-4b45-852a-8f62e6f55436",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "23142E14424FB3FF4EFC75D00B63867727841ABA5005149070EE2417DF8AB799"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "shim-0~20120906.bcd0a4e8-0ubuntu4/shim64-bit.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "DD33B966BE5F3882EED189E583AA4CA4D28E74B356DDEFFA164234DD7E89ABCA",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "shim-0~20120906.bcd0a4e8-0ubuntu4/shim64-bit.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "3645f533-8562-4958-aaa3-7e5924aadd8e",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "3BE8E7EB348D35C1928F19C769846788991641D1F6CF09514CA10269934F7359"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "A7094801F966FC5C253DBD17066AF5BBCB3AF5E281D0A4DAB24E30C7A4B0FB12",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "3645f533-8562-4958-aaa3-7e5924aadd8e"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Oracle Corporation and revoked Jul-20",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "bf069911-444a-4972-8961-140fd7897324",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "A7DFCC3A8D6AB30F93F31748DBC8EA38415CF52BB9AD8085672CD9AB8938D5DE"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "5D6A0CBDAAF188974E98ACA06E664B4AE98D458327717A20B1FF6C80518EEA3D",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bf069911-444a-4972-8961-140fd7897324"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\BOOTX64.EFI } }",
+            "Description": "This was provided by Red Hat Inc. and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "216969d0-1120-463f-a8b0-f8832f49fe39",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "947078F97C6196968C3AE99C9A5D58667E86882CF6C8C9D58967A496BB7AF43C"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "BOOTX64.EFI",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "487DF121FD496D9A443C3598DA3771FA187D408C589F4CB990041E546C529539",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "BOOTX64.EFI"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "2e84c348-bc0b-46e8-aad0-77b20e8c534e",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "041babadd6d890113ca977dc8c8783b0",
+                    "SHA1": "a19c725dbf32822ebedb4b356cff0eb02d6d9c8e",
+                    "SHA256": "586898c60cff539b76d23dbf2c92e4105f6a7549e13f53d293708b793ca90d2d"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2015-09-29 07:59:36",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.18067 (winblue_ltsb.150929-0600)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "c1feed742caf34c142f70956e0c1259b",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.18067",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "bea299106bb70032737ee0f38109e096",
+                    "SHA1": "65f3332d76faa2a5ae73e63d26bfa69503b6c134",
+                    "SHA256": "b6ad69793fc6b368aec09ba17c870dca193917afe40f10691983732cb4f36a5b"
+                },
+                "SHA1": "0e2909e38cccf18e7e44be9c12d9a4856a38b512",
+                "SHA256": "e35cc798f138406bdc5e793574f62fe3be4c7dd6424aa6825e6ec7b2a345b591",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 5.285987336724433,
+                        "Virtual Size": "0x5b4f0"
+                    },
+                    ".reloc": {
+                        "Entropy": 6.762931731511957,
+                        "Virtual Size": "0x5d00"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4716181867603395,
+                        "Virtual Size": "0xfd10"
+                    },
+                    ".text": {
+                        "Entropy": 6.631975040652875,
+                        "Virtual Size": "0x12f284"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+                                "Signature": "60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "f31f8c784e5d3986ccacb9c88c6d7044",
+                                    "SHA1": "833498af9a41da339c83e0d384b521f72d053331",
+                                    "SHA256": "1f47e616b2810165968d76ef4f6587611c276f4b52901bd6aa5822f9c6e52976"
+                                },
+                                "ValidFrom": "2015-08-18 17:15:28",
+                                "ValidTo": "2016-11-18 17:15:28",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "a544e544-0e7e-4fcc-9195-e10564ba5674",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "7F49CCB309323B1C7AB11C93C955B8C744F0A2B75C311F495E18906070500027"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "3D3434BC5A18F072D4CF59D5651F9CE05B61B6FC3C21EBBCF371777AA1E1E1D5",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "a544e544-0e7e-4fcc-9195-e10564ba5674"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "ac900b72-efdd-4779-9a1f-401949c3446f",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "AD16DE1E2BA27196395124683B80EFC186EE7E51D434F8FF67D973F46E8E602F"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "F4F5C82CD7BFA5294F973385F7F2FBCAF3AFD3748952B06692C085792BE146F7",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "bfdc85a7-3cc9-4d18-b798-0fd82f9c5e85",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "64CCC886EB99C30AA808E5CA9BD371577BAF9D3FA0E450118464F514B47A028A"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "78D6FDE56994BCF26964ED51DF446165DAD66BCB0BC6792B9EDD2850F19DEA4F",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Oracle Corporation and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "9517d1f7-d485-4c7e-95b9-bdf297b342e1",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "47FF1B63B140B6FC04ED79131331E651DA5B2E2F170F5DAEF4153DC2FBC532B1"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "BA44BD2BB872DD6C6A8687F65CC138585A963473203D6F3F64770E5365812630",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "9517d1f7-d485-4c7e-95b9-bdf297b342e1"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\BOOTIA32.EFI } }",
+            "Description": "This was provided by Red Hat Inc. and revoked Jul-20",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "8cb4f77a-a709-4aa9-9563-a21d26fc900f",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "14a8d4ab1ac048531dc075cda647773e",
+                    "SHA1": "32aff74e8078b1833eba455d0c01471bfef3164c",
+                    "SHA256": "b7d3e3c4a930fffcdb184619534ef7c3d45435ef97f7988611714f5523b207e5"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "BOOTIA32.EFI",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "ee4b2aa959df5211204c6165df138ecd",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "ef1dd5153ae097116a870b6b3571aa1f2f99bfe7",
+                "SHA256": "67fe6b4b726451375e2dc3f87a0954cd01083fb4d8f4fb074bf699536450af04",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 5.332540470834759,
+                        "Virtual Size": "0x2173c"
+                    },
+                    ".dynamic": {
+                        "Entropy": 1.4043380507095067,
+                        "Virtual Size": "0x78"
+                    },
+                    ".dynsym": {
+                        "Entropy": 4.390507192181948,
+                        "Virtual Size": "0x9380"
+                    },
+                    ".rel": {
+                        "Entropy": 3.546798440654089,
+                        "Virtual Size": "0x9718"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.5709505944546687,
+                        "Virtual Size": "0xa"
+                    },
+                    ".text": {
+                        "Entropy": 5.774188637561653,
+                        "Virtual Size": "0x92b93"
+                    },
+                    "/16": {
+                        "Entropy": 7.338341139988703,
+                        "Virtual Size": "0x3e2"
+                    },
+                    "/4": {
+                        "Entropy": 5.040573517037893,
+                        "Virtual Size": "0x7e"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "TBS": {
+                                    "MD5": "8d8a1f204c9c80213bd427fa58b387e2",
+                                    "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386",
+                                    "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0"
+                                },
+                                "ValidFrom": "2018-07-03 20:53:01",
+                                "ValidTo": "2019-07-26 20:53:01",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                },
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "BOOTIA32.EFI"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "d01601d7-2e46-4b78-801f-d260597e9b74",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "a1f22c60755e8b4f85769168e7799133",
+                    "SHA1": "0cedc7fa4d3c732832d1961814a6107a9e7aad91",
+                    "SHA256": "b97915da9f05277fa5687f8c41132df69152517f2ba252d466395b40d4f2d155"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2013-09-29 01:04:04",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.16415 (winblue_gdr.130928-1658)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "5692b49c53b4401e76a43c82d7d496de",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.16415",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "476ff7a2afe034c2194a948f1f780094",
+                    "SHA1": "1a999ada5820fb409ce7f2ec343e215caf2e07a4",
+                    "SHA256": "802de9524cf6556e6464828cc411f87a8fb3693742c5515126eb511122e9086a"
+                },
+                "SHA1": "6308e47e8133dfe6cf9532213c65b964acebe111",
+                "SHA256": "53af0ddbd3c4d33bd003403d8c9b41877e07770d3e789c781e5897858585e299",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.529158876011279,
+                        "Virtual Size": "0x6b230"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.077805756878547,
+                        "Virtual Size": "0xa3c8"
+                    },
+                    ".reloc": {
+                        "Entropy": 2.3400563322102284,
+                        "Virtual Size": "0x2000"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4716247871437864,
+                        "Virtual Size": "0xfd10"
+                    },
+                    ".text": {
+                        "Entropy": 6.501382294444077,
+                        "Virtual Size": "0x164d34"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+                                "Signature": "78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "28b23b39f3bbd936a26a5b86451be0ac",
+                                    "SHA1": "3b16f29295d5a7c323beb479c71d3d20c6b8acc2",
+                                    "SHA256": "4383c9a796dc607ddaae1849d8e5d2e7ea211aad2c599fe1e251285ec87dd150"
+                                },
+                                "ValidFrom": "2013-06-17 21:43:38",
+                                "ValidTo": "2014-09-17 21:43:38",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2023-28005"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootia32.efi } }",
+            "Description": "This was provided by Trend Micro and revoked Mar-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "ddecc35f-2233-4894-86d8-69e6e473943e",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "2e2ee7180f421c97f27615cef8531dab",
+                    "SHA1": "2375db1ba66ae1873c8f31b76f305ec8bfcbf3c2",
+                    "SHA256": "c4ebdc43048c43f5f11c59ead051a3585a07fafce985cfed8b27b73a5492f9b2"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootia32.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "ece26d0686590a1ae0f950a412ed1a10",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "15634f8fd748f28e29e4b77ce899a6d561576240",
+                "SHA256": "52febd655c84f4557de0ca35a236d468c03fa3bd0f51f54c31b37db29673da3f",
+                "Sections": {
+                    ".reloc": {
+                        "Entropy": 6.810300778659803,
+                        "Virtual Size": "0x18f0"
+                    },
+                    ".text": {
+                        "Entropy": 5.757847859456988,
+                        "Virtual Size": "0x232a0"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000001e0d8474951a966ce400010000001e",
+                                "Signature": "0141873b6d85a37b5ac2a306448d73b6be76f7682ad14efef7ce4b377f0f7a5fbefd76377d59dc2caccd28d1be3eb180a8b66ab19a853bd14c7d5e955e8f07bc2ee0686ac3a2c9e997bd9f58de6dc9b93900c6b7824f64bf415ac51ebaa3dcfe8ad4fc2a41ad95b372c421c4f87835a59867c244e1c8df142abc4b23579f57431565eb8de6a7a0318b2fd17f93876a335c9450d2531f6a877baf43a569f83703a68e49987ca3c6dd42a595827f5be49151d3b79ea262e38ef5b37bda5b1be3462baa6ccb313193cdba21ea3cb1e9bbc751a769f354d63a0d1de3158c67d47b765b92d580ed5f1f1cdb5f61774c4b66c7deb15f4c71d605106064f33a17d31ca6",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+                                "TBS": {
+                                    "MD5": "b6f099bf203668f11a8f79ab08792ed8",
+                                    "SHA1": "4713755a345940554eada6042e90b0151591fad6",
+                                    "SHA256": "62a02001fda2712f35e5ba5f619a6403b6a2c10570eab455fdc69455535f49bb"
+                                },
+                                "ValidFrom": "2016-11-17 22:05:37",
+                                "ValidTo": "2018-02-17 22:05:37",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                },
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "SerialNumber": "330000001e0d8474951a966ce400010000001e",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootia32.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Unknown and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "e950e347-4bfd-44d7-b2c6-7dbbce0f2667",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "C69D64A5B839E41BA16742527E17056A18CE3C276FD26E34901A1BC7D0E32219"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "AA8DB86BE59A48E4C525DD468119BEBA1D836CE4293C76E4B736902D1AD62F27",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "e950e347-4bfd-44d7-b2c6-7dbbce0f2667"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2023-28005"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootx64.efi } }",
+            "Description": "This was provided by Trend Micro and revoked Mar-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "d22cf9cb-63e3-4445-8af3-abd3537282d0",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "1788D84AA61EDE6F2E96CFC900AD1CAB1C5BE86537F27212E8C291D6ADE3B1E9"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootx64.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "884A2EC5FFBB42E948401E425123DCF2557664E77B3B7474A728069FDECD46ED",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\BOOTX64.EFI } }",
+            "Description": "This was provided by Red Hat Inc. and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "cb2d5dcd-595c-40d2-a14f-9b80d0fefc7e",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "d06af20d9fe41bce9fdcc0e3ce175987",
+                    "SHA1": "c242ab25b79c1910f451b87f5499802df249e301",
+                    "SHA256": "0dc24c75eb1aef56b9f13ab9de60e2eca1c4510034e290bbb36cf60a549b234c"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "BOOTX64.EFI",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "3f5b9c90792efc13debd32233440ad32",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "23b7889abdb236c8cd871733ba2ea7f91d543b99",
+                "SHA256": "537b428a0ad622765010c4405c1603ff464fcbb24ae4c2fbf559a10b8ea4593d",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.461532819567069,
+                        "Virtual Size": "0x2a3b8"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.809123167269477,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.207599033482772,
+                        "Virtual Size": "0xdd40"
+                    },
+                    ".rela": {
+                        "Entropy": 2.6503742316211305,
+                        "Virtual Size": "0x1b0d8"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".text": {
+                        "Entropy": 5.6393589178613786,
+                        "Virtual Size": "0x96b83"
+                    },
+                    "/14": {
+                        "Entropy": 5.124924534645108,
+                        "Virtual Size": "0x84"
+                    },
+                    "/26": {
+                        "Entropy": 7.338341139988703,
+                        "Virtual Size": "0x3e2"
+                    },
+                    "/4": {
+                        "Entropy": 4.853673837012988,
+                        "Virtual Size": "0x18c48"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "TBS": {
+                                    "MD5": "8d8a1f204c9c80213bd427fa58b387e2",
+                                    "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386",
+                                    "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0"
+                                },
+                                "ValidFrom": "2018-07-03 20:53:01",
+                                "ValidTo": "2019-07-26 20:53:01",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                },
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "BOOTX64.EFI"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "94c6901b-e217-41cf-a4c7-b62763759d3e",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "839894ED391B7C88E995F845CA152F65BF881850D768E3EF3880838B52846A74"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "A8FAD7CD0CC1DC152AE0880C21D91F6270FDB410D60E1129963AFCD3DF5841F1",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Unknown and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "48c8b841-9f1e-4557-ba59-91461142b90f",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "E800395DBE0E045781E8005178B4BAF5A257F06E159121A67C595F6AE22506FD"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "571B2AA6CA8EDF6479D3472814B8CDF34A0B8544939E5CE9F50261968E382B45",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "48c8b841-9f1e-4557-ba59-91461142b90f"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootarm.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "4002b7f5-487f-4822-a1bd-6fbf1167f00a",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "4F93ED05AD7E20BDDE6241D24B196D6334C8C4010D92757E4868FF4BBD6A0F98"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootarm.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "3142879893B677C1B25C92F9CF1DF3F90B209509992D52E9C64C3371296A9A08",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootarm.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "d1e51f20-1939-4b7c-8875-2458c9e418d9",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "270C84B29D86F16312B06AAAE4EBB8DFF8DE7D080D825B8839FF1766274EFF47"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "FD1CD4D4A1AC691E7A0AF14C3DFB17DAF3F2E6A2B286C9E233070979EC36BB6F",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "d1e51f20-1939-4b7c-8875-2458c9e418d9"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\shim-0.4-0ubuntu3/shim64-bit.efi } }",
+            "Description": "This was provided by Canonical Ltd and revoked Apr-21",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "bc584a7b-f352-4e0a-b86e-7954c4b63d2e",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "91721AA76266B5BB2F8009F1188510A36E54AFD56E967387EA7D0B114D782089"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "shim-0.4-0ubuntu3/shim64-bit.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "FA07B984FB6FDD32DB497C55225E614759BFEB7093BE1F02AB2E30BE1869B2E7",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "shim-0.4-0ubuntu3/shim64-bit.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\centos-8.3-shim-20200726-shim64-bit.efi } }",
+            "Description": "This was provided by Red Hat, Inc. and revoked Apr-21",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "6e1223b2-5193-4ba9-b9b5-b09c45dd4286",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "4F0214FCE4FA8897D0C80A46D6DAB4124726D136FC2492EFD01BFEDFA3887A9C"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "centos-8.3-shim-20200726-shim64-bit.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "D662EF94388DB203CE52DF9902D77E9E5EFB25A202B5B096351D604FD3E63080",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "centos-8.3-shim-20200726-shim64-bit.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "29bd7324-d53f-4143-acc6-d03d0e4e3aa1",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "BDD01126E9D85710D3FE75AF1CC1702A29F081B4F6FDF6A2B2135C0297A9CEC5"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "9EABEA9AE699526AD519782DA21718DA7190490AA3436BBBD80269D4A4CC37C5",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "29bd7324-d53f-4143-acc6-d03d0e4e3aa1"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "dd1e593d-19e6-4e29-8d3f-5b85a21bf35b",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "FD4591ADD2E5B0664363720C71492982D5B223A141A6248246CD2381F67E926C"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "940A66FBDCB9A3BE16FC8FF56DB63CBFFD7283F15ECF7E50BD9BBAC7EAD303F0",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "de853203-30c9-4dc4-a050-6812dc4e0113",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "996C1D55955DFB3698869BDC2A700E6BCC762468716B5CBDA7295CF98841220A"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "BA8D25B9FA843DA5A70D38A5AA96549F2166E2F0B4C1C007AF8A07D07E98A528",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "a9874948-be3c-49ba-b6ca-9ff18f01aa9e",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "1364B7B94AB2A93E79D297EBF6CE0A30F7997E5929E408EF0D3B5D54C64E7B90"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "9E1E22CBF19E9A483E6D57345959A3F8862C3C98E2A825EB995819F0CF210F48",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\BOOTX64.EFI } }",
+            "Description": "This was provided by Red Hat Inc. and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "8afa8fb8-bd3a-4033-9f71-3d1e574708ce",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "ac8a7a2580ddb3d88ca49856664d6824",
+                    "SHA1": "9c07457b464050230ec5376b0601e06c8cf3faaa",
+                    "SHA256": "89f3d1f6e485c334cd059d0995e3cdfdc00571b1849854847a44dc5548e2dcfb"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1970-01-10 14:01:04",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "BOOTX64.EFI",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "e297beb49756fef9d2bcad4b860426b3",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "1c1007b55a1e5c1ca49b0b6673fd83b0ae9a9dc3",
+                "SHA256": "62c6affbee1ba9a0435562db6e092a5018effeed0bd0f1d0494f34ce6cd403e9",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.4625470240437215,
+                        "Virtual Size": "0x2a358"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.809123167269477,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.202575116995807,
+                        "Virtual Size": "0xdd88"
+                    },
+                    ".rela": {
+                        "Entropy": 2.6480533598999405,
+                        "Virtual Size": "0x1b0a8"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".text": {
+                        "Entropy": 5.640692113472777,
+                        "Virtual Size": "0x96d03"
+                    },
+                    "/14": {
+                        "Entropy": 5.18628715184291,
+                        "Virtual Size": "0x84"
+                    },
+                    "/26": {
+                        "Entropy": 7.339046392262435,
+                        "Virtual Size": "0x9c7"
+                    },
+                    "/4": {
+                        "Entropy": 4.8520727981082565,
+                        "Virtual Size": "0x18c28"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "TBS": {
+                                    "MD5": "8d8a1f204c9c80213bd427fa58b387e2",
+                                    "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386",
+                                    "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0"
+                                },
+                                "ValidFrom": "2018-07-03 20:53:01",
+                                "ValidTo": "2019-07-26 20:53:01",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                },
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "BOOTX64.EFI"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "a6597859-17b0-44f9-b8d8-493a0ff20ed9",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "9E08464CEF9931473C384DB77278997AE92D50368C8D2B9D6AEA6E3323A2BBE7"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "E23336EB1176965193B9733A01F8B7329DFF26D191EF427DC06ED89DD439C615",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\shim64-bit.efi } }",
+            "Description": "This was provided by Oracle America, Inc. and revoked Apr-21",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "ca7157a0-3de8-4642-95b6-0a42c53a97b3",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "E42572AFAC720F5D4A1C7AAAF802F094DACEB682F4E92783B2BB3FA00862AF7F"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "shim64-bit.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "7395EE455BB71B4A37DD973999C875F166037E7BF5B948F812A8B45ADFC03A55",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "shim64-bit.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "05a8e372-5b24-4953-8d25-d6560076f4f4",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "C21614E207B1991D3D6DF842009718652D241A8D926E221B85D069F1615E27A2"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "4BB0A426CA2A23E05B62A3008009AAD7F184F3D24DBD65E9AA81DE341BC5326F",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by HP and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "73af3c3c-dce6-48b2-bebf-ea167cbaef2a",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "E6856F137F79992DC94FA2F43297EC32D2D9A76F7BE66114C6A13EFC3BCDF5C8"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "A2BE1EB17E12E0A66A87342C9D1CFD4D7DB81504A16B4FCB32F15C6BAA3F589D",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "73af3c3c-dce6-48b2-bebf-ea167cbaef2a"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "d880c342-2996-430a-b850-fb372cecbef7",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "245E9B81342E45E1BAF4F8D830D18EA7FAE9FDFF05497290EA6442C4EF0FFA57"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "C681A40CEB9F33F435A44614FB7E0D34007F1C67B83E8C907506414950CC45EB",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootx64.efi } }",
+            "Description": "This was provided by NTI Corporation and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "0e0c1a30-7f00-408c-94fc-b8679bfe90ee",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "543a59e6a502706a4a6210c7b7f22033",
+                    "SHA1": "70b0cb8fdadfc2cfe995adfa594d282e7ffcaa41",
+                    "SHA256": "7bc9cb5463ce0f011fb5085eb8ba77d1acd283c43f4a57603cc113f22cebc579"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "2013-10-24 20:30:19",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootx64.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "87ae10260e4ba99762c952c6b1781476",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "d8282df774ac784f175e5954d46864fd06c28bc3",
+                "SHA256": "b06dc8f3de1e7e5a53dc7ad0f8028f78a843df54884b4a92bcec21071f0e649b",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.77616587395717,
+                        "Virtual Size": "0x31528"
+                    },
+                    ".dynamic": {
+                        "Entropy": 1.0259041624373757,
+                        "Virtual Size": "0x130"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.210966719000789,
+                        "Virtual Size": "0xf210"
+                    },
+                    ".rela": {
+                        "Entropy": 2.6207035651809227,
+                        "Virtual Size": "0x2af90"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".text": {
+                        "Entropy": 5.64000824439747,
+                        "Virtual Size": "0xaa4f1"
+                    },
+                    "/14": {
+                        "Entropy": -0.0,
+                        "Virtual Size": "0xa"
+                    },
+                    "/4": {
+                        "Entropy": 4.8275795242762225,
+                        "Virtual Size": "0x174e0"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000000a6642f3f49fb7379600010000000a",
+                                "Signature": "2a27d6bd2f34c68a9989ec856449fe4934ad5c0615ec5819664399053737a86be46c914b9478ce393534b759eec5eb6f015b706b853f1d2be51fe9807b178eaa9e0f9558d6a5d913c58c7492cbad106abb7395426801a42f363842e60bf72d046668865db5d8ce2c901c9673044d05abb74c171ac198c0f9376bb9185ec7523bb53e6d2c114642ffbfbe20efc6c2571c2006159cb70ff2c428e997f6ce83bf57ad9a47c47decce9830cf861a156471c62600a0260b44e29ea8e6e33c407c046f37be4a46dcaf38c018b24f969beb716d8e76cebc3d1d19134ed6f216cc2e357848b4998196ebd7326bca3e3ade1ba88e98612a569a46a1f45856f4e2dfa02a5d",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+                                "TBS": {
+                                    "MD5": "c52110f552e27ebb1e3fae114abafb3f",
+                                    "SHA1": "4954e087123653ce38da4cdd31141b6a1bb999e4",
+                                    "SHA256": "1cf7d28cfb21714522a9c91dda9d899ceadb0769f14b25e770799d88365aa54c"
+                                },
+                                "ValidFrom": "2013-09-24 17:54:03",
+                                "ValidTo": "2014-12-24 17:54:03",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                },
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "SerialNumber": "330000000a6642f3f49fb7379600010000000a",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "2eba3138-0822-49f5-abb8-ea5cae849369",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "29cf71c7b7ff3b63a229ec82bfc2708f",
+                    "SHA1": "65bb31b71a030a3fe93ba4d64e4ae0cedabbfbcf",
+                    "SHA256": "d5bc11fb619bfced64249b930c785ead5fca3927f0ce3c5efd3f1d9af04b37bf"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2014-06-14 02:32:56",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.17211 (winblue_gdr.140613-1709)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "bad97e7203aec2bd026403a7f70688b9",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.17211",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "f946cf9d5023059fc9f2140cd5b159d7",
+                    "SHA1": "13ecec12054fd579ab92638fb336a8a17c1264db",
+                    "SHA256": "f699df0555e9fe0fb7019c00aa9f4c2da8abeacc45ef7f11dd65541052afb896"
+                },
+                "SHA1": "cd3f23904459410ad9f11b26faff47ac28fa5f04",
+                "SHA256": "df216fa3f13f8f7472c9586da4d0a7cd11cd60a041f486a611a4667f1c3d2cc6",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.530096794223056,
+                        "Virtual Size": "0x6b290"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.107728899214702,
+                        "Virtual Size": "0xa4a0"
+                    },
+                    ".reloc": {
+                        "Entropy": 2.329099853080047,
+                        "Virtual Size": "0x2020"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4710227926789994,
+                        "Virtual Size": "0xfd10"
+                    },
+                    ".text": {
+                        "Entropy": 6.50474071717545,
+                        "Virtual Size": "0x167954"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+                                "Signature": "78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "28b23b39f3bbd936a26a5b86451be0ac",
+                                    "SHA1": "3b16f29295d5a7c323beb479c71d3d20c6b8acc2",
+                                    "SHA256": "4383c9a796dc607ddaae1849d8e5d2e7ea211aad2c599fe1e251285ec87dd150"
+                                },
+                                "ValidFrom": "2013-06-17 21:43:38",
+                                "ValidTo": "2014-09-17 21:43:38",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\BOOTia32.efi } }",
+            "Description": "This was provided by whitecanyon and revoked Jul-20",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "2b96f3c6-afdb-4da2-84d4-601c9a71b2a8",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "93d2db760e57e03fd6e20cc55dc4aa46",
+                    "SHA1": "5468b9ca48c3f67380a51e4a91732fb0792eb40d",
+                    "SHA256": "adcc0b6fd6dc5911bf42f036c033fc3e43f07a8312e91d0d8d32793b62940c7e"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1970-01-09 08:27:36",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "BOOTia32.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "69a56b18be5865ccda9ab3a5bb4987ab",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "ec708522ed126c2bc6b8e3306c8231351927e369",
+                "SHA256": "a9f6c38c2608d6f36f246e74a9fd17e915c89e54eafa2281b8ace86133df22b3",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 5.335073549417548,
+                        "Virtual Size": "0x20adc"
+                    },
+                    ".dynamic": {
+                        "Entropy": 1.337010437462914,
+                        "Virtual Size": "0x78"
+                    },
+                    ".dynsym": {
+                        "Entropy": 4.38880926502971,
+                        "Virtual Size": "0x9280"
+                    },
+                    ".rel": {
+                        "Entropy": 3.5663663055705634,
+                        "Virtual Size": "0x8fa0"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.5709505944546687,
+                        "Virtual Size": "0xa"
+                    },
+                    ".text": {
+                        "Entropy": 5.839449556174616,
+                        "Virtual Size": "0x92f08"
+                    },
+                    "/16": {
+                        "Entropy": 7.287209418645642,
+                        "Virtual Size": "0x415"
+                    },
+                    "/4": {
+                        "Entropy": 5.2339069016332305,
+                        "Virtual Size": "0xc9"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+                                "Signature": "6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "TBS": {
+                                    "MD5": "a5052527524f4998a7bd87f396196fe8",
+                                    "SHA1": "2374a3e4f0499d106f0e4d71a22f7b0e709847c0",
+                                    "SHA256": "f5b4992e0bd1b102ae9d5aeec4bd213f5dd042bd27b9a345ad336d2dda10a138"
+                                },
+                                "ValidFrom": "2017-08-11 20:20:00",
+                                "ValidTo": "2018-08-11 20:20:00",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                },
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "BOOTia32.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "2b66ad2e-41d5-498c-bd23-2c88e3a74ccd",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "FFD7688E7D2B8C3C3140B415E728BBE7663C54E23BD288FF2CF4617835088F39"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "6DB28A61DEE4A1209B94F5C984C44D9674F69EE700373FD7BF1A3CBDAAB83FA0",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "30e370b5-bc05-4b98-96d1-8e71f41083fe",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "311A2AC55B50C09B30B3CC93B994A119153EEEAC54EF892FC447BBBD96101AA1"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "EE721020DB7794DE74F59992A2C6B4DCA5B9FD584BBCBDEF96930B9A7132BE1C",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "30e370b5-bc05-4b98-96d1-8e71f41083fe"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "d90f0a0a-e161-4ebb-a2e3-5dbaa75cfaaf",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "5A184E740657E218D635168286F0F70BB5672E4EDB78717550C70686C232EA5B"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "C4081B588CA3FC9965C2D04A0E8CCA3E0016566CC8A84FEB78CBF63A4ED72EED",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Oracle Corporation and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "3b905385-bf3a-4181-9c49-646bb5fb1e6d",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "408B8B3DF5ABB043521A493525023175AB1261B1DE21064D6BF247CE142153B9"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "65C4AAB0884825A8A2E4C114020E4FDB58A1D2B0CB68B7714A05D6CDE3F821D1",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "3b905385-bf3a-4181-9c49-646bb5fb1e6d"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "c67be7e5-8f3c-460a-b4ff-174ba2a0fb6d",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "06E3F646CEB102372E3E086D46234B06A9AF13EEF65AAD180EA2880BF8BC12A8"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "997CCF341DBCE2EB9E119803723130DA90E8F1DD167A7B75400E73CBBADA54FD",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "0c3bd8f7-9926-4763-98d1-7eaf036f7bf1",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "22C3867606A625048E1D9D5230F07FAE41E70BD08EA978BDB37563C0EDD9DA03"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "513310D70C03096167B915705C9F0CF34B2B62AC317AA3F89FA5CC385D74DB54",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "cc522d44-5de1-43fd-8d62-29b630f45f98",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "f2a111697ab3f412ae7be6354d3c63fd",
+                    "SHA1": "47e31958625236b685c3d33cbc22fa0d9f8e3414",
+                    "SHA256": "3b30c3e6a923cbb7cf65b539025f12b1c810d74480f25cbfcb9a7bfd633f06ed"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2012-09-18 01:21:36",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.2.9200.20519 (win8_ldr.120917-1922)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "c9d595c35045f8b200f9d3142cb3d683",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.2.9200.20519",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "a387b0075e977009a7bb74d24fc388de",
+                    "SHA1": "345e019b25904c911be9e3b6a9e2b0bb18652b04",
+                    "SHA256": "e04ed5674c66abbab401efb6e21e2481d4cbc485e5c8a6d34419bd7c8cc9fdad"
+                },
+                "SHA1": "eabc1fcab7ce92c8dc667046c46a82ad0b2d8907",
+                "SHA256": "545c8c806d6a8b2ab307bf7ff5dff05dd86cfc431d3920692e15e7928ac98eed",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.628310210600715,
+                        "Virtual Size": "0x63cf0"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.014681487785778,
+                        "Virtual Size": "0x8e8c"
+                    },
+                    ".rdata": {
+                        "Entropy": 5.420997475066845,
+                        "Virtual Size": "0x19b34"
+                    },
+                    ".reloc": {
+                        "Entropy": 2.70744089792279,
+                        "Virtual Size": "0x1ab4"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4710726954860402,
+                        "Virtual Size": "0xfcf4"
+                    },
+                    ".text": {
+                        "Entropy": 6.484872015753315,
+                        "Virtual Size": "0x109ee2"
+                    },
+                    "PAGE": {
+                        "Entropy": 6.514825397638524,
+                        "Virtual Size": "0x169e"
+                    },
+                    "PAGER32C": {
+                        "Entropy": 6.353319232465821,
+                        "Virtual Size": "0x3d48"
+                    },
+                    "PAGER32R": {
+                        "Entropy": 7.631412897966042,
+                        "Virtual Size": "0x380"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "610bbbd8000000000005",
+                                "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "158438012e4dcd69b27b762c9358cfa2",
+                                    "SHA1": "684ac167849404a4101f166b759f291a43d5f749",
+                                    "SHA256": "95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c"
+                                },
+                                "ValidFrom": "2012-04-09 20:55:50",
+                                "ValidTo": "2013-07-09 20:55:50",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "610bbbd8000000000005",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2023-28005"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootx64.efi } }",
+            "Description": "This was provided by Trend Micro and revoked Mar-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "f15d8f48-cf83-4954-a1d2-030f6dfd40a3",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "14d423ad7ffd78c631ebcce6c78a6c8c",
+                    "SHA1": "872f7f79da66889049503fc77a7d3fefd25a6f55",
+                    "SHA256": "6a0e824654b7479152058cf738a378e629483874b6dbd67e0d8c3327b2fcac64"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootx64.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "fcc89caed202cfa0f9d16b9e1c27d970",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "6a5c3056057baea653d533429110deb3bd7ffec1",
+                "SHA256": "d0eb15fe822c6239a8bb2b42fbc035d0956c72ac6fbd1429c1ab7f7e348b8f94",
+                "Sections": {
+                    "": {
+                        "Entropy": -0.0,
+                        "Virtual Size": "0x7c8"
+                    },
+                    ".reloc": {
+                        "Entropy": 3.9187065172114592,
+                        "Virtual Size": "0x58"
+                    },
+                    ".text": {
+                        "Entropy": 5.627092104649462,
+                        "Virtual Size": "0x1d8c0"
+                    },
+                    ".xdata": {
+                        "Entropy": -0.0,
+                        "Virtual Size": "0xa00"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000001e0d8474951a966ce400010000001e",
+                                "Signature": "0141873b6d85a37b5ac2a306448d73b6be76f7682ad14efef7ce4b377f0f7a5fbefd76377d59dc2caccd28d1be3eb180a8b66ab19a853bd14c7d5e955e8f07bc2ee0686ac3a2c9e997bd9f58de6dc9b93900c6b7824f64bf415ac51ebaa3dcfe8ad4fc2a41ad95b372c421c4f87835a59867c244e1c8df142abc4b23579f57431565eb8de6a7a0318b2fd17f93876a335c9450d2531f6a877baf43a569f83703a68e49987ca3c6dd42a595827f5be49151d3b79ea262e38ef5b37bda5b1be3462baa6ccb313193cdba21ea3cb1e9bbc751a769f354d63a0d1de3158c67d47b765b92d580ed5f1f1cdb5f61774c4b66c7deb15f4c71d605106064f33a17d31ca6",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+                                "TBS": {
+                                    "MD5": "b6f099bf203668f11a8f79ab08792ed8",
+                                    "SHA1": "4713755a345940554eada6042e90b0151591fad6",
+                                    "SHA256": "62a02001fda2712f35e5ba5f619a6403b6a2c10570eab455fdc69455535f49bb"
+                                },
+                                "ValidFrom": "2016-11-17 22:05:37",
+                                "ValidTo": "2018-02-17 22:05:37",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                },
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "SerialNumber": "330000001e0d8474951a966ce400010000001e",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "bab3bdab-1013-4418-bb3c-2ec673c8b6f5",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "57692FC2B80D809A3BE409B44475DDED7225C76FDD5FF09E4ED7D330A58733A5"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "9F91A5AAC09BA6E514DC37A013A68589DD22C1F5A7A539F4138CBC8ABC0A45F4",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Unknown and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "b842b745-24ab-4f75-a302-5d4c4bf0101b",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "C2469759C1947E14F4B65F72A9F5B3AF8B6F6E727B68BB0D91385CBF42176A8A"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "C33397B499368E23DDA3FD5B9CC989647442F279EE6F80B53C620721C958346D",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "b842b745-24ab-4f75-a302-5d4c4bf0101b"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Oracle Corporation and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "536cb2d9-c5ae-4fbc-90af-4502d0f6c9c3",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "47FF1B63B140B6FC04ED79131331E651DA5B2E2F170F5DAEF4153DC2FBC532B1"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "0CA03AD1A65AFE81EC23E2B20E05D80C41AAEB5D6D5F98E2D0C5661F46E0CE9F",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "536cb2d9-c5ae-4fbc-90af-4502d0f6c9c3"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Unknown and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "72b28839-6c76-40b4-b8ec-6582be7d81eb",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "05D87E15713454616F5B0ED7849AB5C1712AB84F02349478EC2A38F970C01489"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "F69D87F5BC30026B00110DADD0264311D15DECE6B67F046506755284AF5EC002",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "72b28839-6c76-40b4-b8ec-6582be7d81eb"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Unknown and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "02e8f438-8842-4018-8592-a4fea656bd01",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "0257FF710F2A16E489B37493C07604A7CDA96129D8A8FD68D2B6AF633904315D"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "8BF4FAC6F3981D1E6180DB0CD53152AE9666DC40884090A522840062E0C926E7",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "02e8f438-8842-4018-8592-a4fea656bd01"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "57a68cb9-ec2e-4a8b-881b-62a8da44a03b",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "1DC8A3F59B23CCC411D46691FC9B5C35993BCA20E7E2299F1A95223B9F112E43"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "3E73CE2DF3D7B01132C2ED47BC7D1B28E421B0600F0B8D4DECF7F7C23E83EE1B",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "4f434341-9305-4574-9289-5bd1370108c7",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "399F9DA6CF5A87839637B55F62BB2CC6A93FA5AF7FE7AD76B4AF0FB320C98127"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "854AD42E44FBE19122072E177080C2AA9F729BFDE223FA6EA98BE1490BB9A4C0",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\cent-8.3-20200730-shim64-bit.efi } }",
+            "Description": "This was provided by Red Hat, Inc. and revoked Apr-21",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "3dfbbf26-7e19-4d38-9b5a-6e332ba5fc34",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "CB994B400590B66CBF55FC663555CAF0D4F1CE267464D0452C2361E05EE1CD50"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "cent-8.3-20200730-shim64-bit.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "DA649429AA5899D242782ED21EC332A217C3D530296FC9D7A0E3F1F694EB7FE1",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "cent-8.3-20200730-shim64-bit.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "ef578b44-9fd5-4d83-9609-4c955babbd69",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "87176A15E766BD06528ED91A61481C3B3CDE65EE95115403F9FFC6D3A26D43D0"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "E082E310571748B9FE6B2DFAB71550530F2452B8E7E4F7725DE7EB9E4C7B1559",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\centos-7.9-shim-20200726-shim64-bit.efi } }",
+            "Description": "This was provided by Red Hat, Inc. and revoked Apr-21",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "26ede8d7-1e62-43e2-97f4-710a4352d0ba",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "5C2AFE34BD8A7AEBBB439C251DFB6A424F00E535AC4DF61EC19745B6F10E893A"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "centos-7.9-shim-20200726-shim64-bit.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "5C512E50028955AED91AF0317813C68B427A7F73A6497BDA82F4551BE1A04936",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "centos-7.9-shim-20200726-shim64-bit.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "59605f2c-5575-464b-aacc-af09e949f153",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "32AD3296829BC46DCFAC5EDDCB9DBF2C1EED5C11F83B2210CF9C6E60C798D4A7"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "BA0610793FAA746150C0FD5689158B01DEEEA7320E2F14B31EE9AF4F2C4D1587",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "59605f2c-5575-464b-aacc-af09e949f153"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "a1a3ef63-ac2d-4613-8918-5bcfd1fc3e40",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "250AE0BA860D6D46894491D630D58B1CA008F695C92CE2084A295486F71F985B"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "9A395E7EAB9E7976B1C30EC651B05658D780897BEBAB8A664C6091742E592E7B",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "dfa9cb92-1691-442f-96df-9692e4ab29c4",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "13c9c74d08c33a6231d859bb35a060bf",
+                    "SHA1": "833319ae7ee8fd2da9705d51d32ef1a6fd22e2fd",
+                    "SHA256": "6f53cd5bf434b19b4e14ca127c596752079d989fcc98bb7d7cf3155619ec347d"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2022-04-11 22:46:30",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.20366 (winblue_ltsb_escrow.220411-1722)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "3aaa631aa80579a7ec4606f002de3436",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.20366",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "aaf18af925d829095e017c505f1a0039",
+                    "SHA1": "c3d13f7d96127a3b16c7a8c0a3dd98fd9f22c3cf",
+                    "SHA256": "05367ecae4cf78cc575048fb931468b1d210df8c38ff8ca05481124b1a1a6917"
+                },
+                "SHA1": "293ba261a22d2b62ac580140be62676856d48527",
+                "SHA256": "d038eec123e1e13ab3ad27534de697c9779e9c27c62575f06771f80d3cbb7148",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 5.414272117838945,
+                        "Virtual Size": "0x6c7f0"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.090094273963687,
+                        "Virtual Size": "0xa710"
+                    },
+                    ".reloc": {
+                        "Entropy": 5.4026611513435014,
+                        "Virtual Size": "0x98c"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4723693660714603,
+                        "Virtual Size": "0xfd40"
+                    },
+                    ".text": {
+                        "Entropy": 6.492763350625338,
+                        "Virtual Size": "0x16dae4"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c",
+                                "Signature": "699045742c403812de1bdf9ea2be22132e82a7c006ab278e0c9f460bd435386348031a6b5cbdf450ae5a243331dcb2cc7eace8371cf71ec35a6f663147bd211ea357614e6a611eeacca6486a778d4cd788106ade12d6625574e7a89ecab4eb0bb99295c498dd5f565680a2d26bf2545e727c4204023c48d8021b608fd901c6fefd16ce0c3a669fb0ce758dc671f2cdd7434c163f9de9453e5523d94a78205c828a4615e50330d9f52a8a77f7683d2b61ff1324382d40d31001c518b56b286fbb8c754f6940590c2071385ed0a9387b529c06bf71fff89c74634550fc331b389d558696ace05787144e5af53d20a75a84981bf8380ddac3743f407d8ff27c089e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "46f57c3b860b08484cb79066ac1014ad",
+                                    "SHA1": "c1fe3ab97b834a98460e4ae92fe2468d16f61a92",
+                                    "SHA256": "d78e6b22fec42de5200f6c56731dd6742c79fa2bf7c01c8dc04d3d5738474c9b"
+                                },
+                                "ValidFrom": "2021-09-02 18:23:41",
+                                "ValidTo": "2022-09-01 18:23:41",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "3f7d85db-fd3c-4a8e-a83d-ac9d89dda3d8",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "A4B3FEE324D25C53FB5CB48630DC80DD7EE78C1AAC8C8DEEA927396997E33BCE"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "626AD87C1D3475B2599DFD36B430BE3ECBFED207A20D9FBAA01F7AE808C0271B",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootia32.efi } }",
+            "Description": "This was provided by Alt Linux LTD and revoked Jul-20",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "2ca2a15a-a3ca-44f8-a400-6ad9d6c119ce",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "376edf47c4a984324ea56fba394cc047",
+                    "SHA1": "ec85b380b74232b3a564125db01bfe11ff646040",
+                    "SHA256": "98cc8b91fec5252f62e81843d9d5d8ac2a2f253aa38152b3236a5092200ed290"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootia32.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "28e6701303a90a81dea61addc9d06329",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "00745e4a83900338ec53b231a602eb76ce3fa889",
+                "SHA256": "2f871712447dde7c3552f5aa90a2292821c6f32d92788e00dee8566f8d4de209",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 5.396610377012996,
+                        "Virtual Size": "0x2211c"
+                    },
+                    ".dynamic": {
+                        "Entropy": 1.38767138404284,
+                        "Virtual Size": "0x78"
+                    },
+                    ".dynsym": {
+                        "Entropy": 4.380703867207076,
+                        "Virtual Size": "0x9360"
+                    },
+                    ".rel": {
+                        "Entropy": 3.523619729561932,
+                        "Virtual Size": "0x9048"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.5709505944546687,
+                        "Virtual Size": "0xa"
+                    },
+                    ".text": {
+                        "Entropy": 5.842861242399998,
+                        "Virtual Size": "0x931f7"
+                    },
+                    "/16": {
+                        "Entropy": 7.306150252866006,
+                        "Virtual Size": "0x414"
+                    },
+                    "/4": {
+                        "Entropy": 4.934638497318441,
+                        "Virtual Size": "0x64"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "TBS": {
+                                    "MD5": "8d8a1f204c9c80213bd427fa58b387e2",
+                                    "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386",
+                                    "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0"
+                                },
+                                "ValidFrom": "2018-07-03 20:53:01",
+                                "ValidTo": "2019-07-26 20:53:01",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                },
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootia32.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2022-34302"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\shdloader.efi } }",
+            "Description": "This was provided by New Horizon Datasys Inc and revoked Aug-22",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "85ef0c80-cca4-48f1-8ace-0ab2fda03b79",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "431612322a95c76c8bbfb190f00aa9cc",
+                    "SHA1": "e0b9eb89abfb711dc3600589fcdceafb74ecaaed",
+                    "SHA256": "c55be4a2a6ac574a9d46f1e1c54cac29d29dcd7b9040389e7157bb32c4591c4c"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "2013-06-16 02:13:10",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "shdloader.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "1c9670b5add3e4d6aa442a53427f422a",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "11ddf040e749c8362e91c58fd17cb9c7aea4be91",
+                "SHA256": "c3d65e174d47d3772cb431ea599bba76b8670bfaa51081895796432e2ef6461f",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.005064003834089,
+                        "Virtual Size": "0x2098"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.903083847405932,
+                        "Virtual Size": "0x130"
+                    },
+                    ".dynsym": {
+                        "Entropy": 2.618034288058892,
+                        "Virtual Size": "0x1668"
+                    },
+                    ".rela": {
+                        "Entropy": 1.8366456660065942,
+                        "Virtual Size": "0xfc0"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.3567796494470397,
+                        "Virtual Size": "0xa"
+                    },
+                    ".text": {
+                        "Entropy": 5.9651561169269165,
+                        "Virtual Size": "0x7962"
+                    },
+                    "/4": {
+                        "Entropy": 4.513510764209654,
+                        "Virtual Size": "0x18f0"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "33000000081eb17e9c15fc837a000100000008",
+                                "Signature": "840831439e4e63e88d00e1b0c0678d70bb89f466e9027ab28177926d5def8175b3240e729f943f1e6bd94a0f27c92e696a5001c0747f6bf7574c09e8485a5eb6d7024244ddd73236c28e9dfad58ec5098b74516234232552d9230c1d0ddae73108b0a0144bd9e9265dac56ebdcce7512cf3627a6858d41876ede19d35e0e27957a6896aae9ea150098327450fe7c72385aac6feff0616b3d066cd0be7e5a537bb18488c67db9f0731c30ac7918fe977b4250ffbfbeea81e1ba3b8a0305b9374f0d22453781cc5823b5faad5e50e84306381f83382fe0ed8b176a9c9ff1868cc6543e7f12b1f112adc62430fd1ba530d877a290f0d2e09eacce07ed37ec439c25",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+                                "TBS": {
+                                    "MD5": "c5e24205d04c09c94d81b6935af7ec09",
+                                    "SHA1": "12622dccb5b07edfd65cae6fc018e24b80ff2c82",
+                                    "SHA256": "d6afbff1c283d7777501bd3b2adb4aadb8ce32649ee401dfbb06f884362f7507"
+                                },
+                                "ValidFrom": "2012-07-02 22:25:14",
+                                "ValidTo": "2013-10-02 22:25:14",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                },
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "SerialNumber": "33000000081eb17e9c15fc837a000100000008",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "shdloader.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\grubx64.efi } }",
+            "Description": "This was provided by Canonical and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "2b61baf4-c396-4e1b-b487-87c1ebf4b17a",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "379f249742bb47ea2d7cec2b9d3fb1b7",
+                    "SHA1": "b678307ce3a2c6d5a2f988e7ec068590edbf1c50",
+                    "SHA256": "7eac80a915c84cd4afec638904d94eb168a8557951a4d539b0713028552b6b8c"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "2014-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "grubx64.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "c3f1acb15ea4dd4002d43c5941d1a64e",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "31a862d073e46ffc608cfc93ffc8e18c38dfed8f",
+                "SHA256": "3d23947c39680b9fcf22b092b97c9d38edcc02f7ad13d3a925d1ee0b62797e73",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 1.2839449201733235,
+                        "Virtual Size": "0xf000"
+                    },
+                    ".reloc": {
+                        "Entropy": 5.904300253815697,
+                        "Virtual Size": "0x1000"
+                    },
+                    ".text": {
+                        "Entropy": 5.571601531682557,
+                        "Virtual Size": "0xb000"
+                    },
+                    "mods": {
+                        "Entropy": 4.796361582647025,
+                        "Virtual Size": "0x17d000"
+                    }
+                },
+                "Signature": "",
+                "Signatures": {}
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "grubx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootarm.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "76afa72a-2b55-4649-9fc2-3dbdc27456e6",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "AF93D5A2238F01D595A1BC2092F0AB29A550B2B96BDE7356EBF64D8F04234958"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootarm.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "5AA8E7418AE78250745BE3ACFC2B8D1FC1DD4D1DEFB54F19A508BD8247CC958F",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootarm.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Unknown and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "f65396ab-3920-4a6d-9bf0-fbbf62d52999",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "08BB2289E9E91B4D20FF3F1562516AB07E979B2C6CEFE2AB70C6DFC1199F8DA5"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "6A3C1124A642244F23685B68D2E5A0AE036651AA401DE70B3912EFD044B62222",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "f65396ab-3920-4a6d-9bf0-fbbf62d52999"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "c632b521-0428-4bcd-b37c-3cbd25eccc0e",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "F48E6DD8718E953B60A24F2CBEA60A9521DEAE67DB25425B7D3ACE3C517DD9B7"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "E33E9D1B1D5ADE1934AC7BD39F0BA4CEAC9459A7E2AABB8D204354D4C8652E6E",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "c632b521-0428-4bcd-b37c-3cbd25eccc0e"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Intel Corporation and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "d8aa2211-8d13-4e4e-88af-60ff17efd3cc",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "DF91AC85A94FCD0CFB8155BD7CBEFAAC14B8C5EE7397FE2CC85984459E2EA14E"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "407326C7F1C837A861EE8D187170C779A9B6A25B0736761645D7E549EBFA17C2",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "d8aa2211-8d13-4e4e-88af-60ff17efd3cc"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Unknown and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "a280d6df-a426-4031-8dc8-31473975f92b",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "BB01DA0333BB639C7E1C806DB0561DC98A5316F22FEF1090FB8D0BE46DAE499A"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "EC16CFB5AE2297154394D9AB6B5B749DCE676404486D72A44064CD9A716EC1F9",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "a280d6df-a426-4031-8dc8-31473975f92b"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\BOOTX64.EFI } }",
+            "Description": "This was provided by  Ciscso Systems Inc. and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "1f6808e6-5b11-4cb3-b2d7-427ea75c1f9e",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "19a8ebfdc4acec4f18411de1412ef702",
+                    "SHA1": "e91507cdff068f305c149e89d25038e3a665e461",
+                    "SHA256": "c805603c4fa038776e42f263c604b49d96840322e1922d5606a9b0bbb5bffe6f"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:08",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "BOOTX64.EFI",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "cd3a08a351a1e5286fdabeb5bbf371e7",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "55f93fee3283aa27b1d8b20d1d4d85b770e923aa",
+                "SHA256": "2df05c41acc56d0f4c9371da62ec6cb311c9afb84b4a4d8c3738583ccc874d38",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.471969126591927,
+                        "Virtual Size": "0x29918"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.8341231672694769,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.212420010647876,
+                        "Virtual Size": "0xef88"
+                    },
+                    ".rela": {
+                        "Entropy": 2.6500576085243153,
+                        "Virtual Size": "0x1af40"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".text": {
+                        "Entropy": 5.636654925513066,
+                        "Virtual Size": "0x94995"
+                    },
+                    "/14": {
+                        "Entropy": 5.1850304488993615,
+                        "Virtual Size": "0xcf"
+                    },
+                    "/26": {
+                        "Entropy": 7.400768349168698,
+                        "Virtual Size": "0x35e"
+                    },
+                    "/4": {
+                        "Entropy": 4.856630086753691,
+                        "Virtual Size": "0x189a8"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "TBS": {
+                                    "MD5": "8d8a1f204c9c80213bd427fa58b387e2",
+                                    "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386",
+                                    "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0"
+                                },
+                                "ValidFrom": "2018-07-03 20:53:01",
+                                "ValidTo": "2019-07-26 20:53:01",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                },
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "BOOTX64.EFI"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Alt Linux LTD and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "5df619c2-4db7-43f4-95b6-a2e16ebf847f",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "1B909115A8D473E51328A87823BD621CE655DFAE54FA2BFA72FDC0298611D6B8"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "CEF9A1B433C4ED851EC0C373F7E1F19A2B8C306A821D114F177B14E8C070276F",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "5df619c2-4db7-43f4-95b6-a2e16ebf847f"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "64508479-d4fc-4415-b202-d787a4d094e6",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "F4D8EAD6C325030538D10EBB39F0EFDC2F553794C14A5E45F9555C335925D9D3"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "0EF0AD66BA9A0C4E4815BFD072FE7E281DC382D8DE08A4529DF3FF997B19E705",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\Signed_13652009334930799/shimia32.efi } }",
+            "Description": "This was provided by Debian and revoked Apr-21",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "3cd9faa5-1675-4640-8304-86e162b60451",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "a9a003cc7225b64519ee59289a90f3e2",
+                    "SHA1": "dfc22f0bbe6a3ed81106a30d61010fd1510465cc",
+                    "SHA256": "8aa509fb461c099a3c1b806d281a1e1275771eda0b0e3f7d95e0c11b3c1734eb"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "Signed_13652009334930799/shimia32.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "22f93e6ecea58e543fcffa73f5c466b3",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "0945ed2479004a84b2d743244ff7dacdb688aa9e",
+                "SHA256": "ff9f39869baafa17592820f7f5cf101b15a8423831abfa97c89cf193cdd98e89",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 5.281820466264779,
+                        "Virtual Size": "0x23764"
+                    },
+                    ".dynamic": {
+                        "Entropy": 1.4765954737895086,
+                        "Virtual Size": "0x80"
+                    },
+                    ".dynsym": {
+                        "Entropy": 4.413842774423678,
+                        "Virtual Size": "0xa1f0"
+                    },
+                    ".rel": {
+                        "Entropy": 3.5626097123135003,
+                        "Virtual Size": "0x9798"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".text": {
+                        "Entropy": 5.8537436588293055,
+                        "Virtual Size": "0xa0617"
+                    },
+                    "/16": {
+                        "Entropy": 7.405693653367437,
+                        "Virtual Size": "0x3b3"
+                    },
+                    "/4": {
+                        "Entropy": 5.064013199597692,
+                        "Virtual Size": "0x69"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "TBS": {
+                                    "MD5": "8d8a1f204c9c80213bd427fa58b387e2",
+                                    "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386",
+                                    "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0"
+                                },
+                                "ValidFrom": "2018-07-03 20:53:01",
+                                "ValidTo": "2019-07-26 20:53:01",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                },
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "Signed_13652009334930799/shimia32.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "cf8adf07-931e-408c-a85f-d5e45b09a41e",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "D759308D047E9206006B51B5770FA25EF5C124B8ACC6B0139F5883765FE30DEA"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "A84FFCA344A000BE6FC526DA7D7F701B87EF5559A71D8E63F806276E4D3DFE27",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Intel Corporation and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "ce737ee6-e949-44cb-badf-3f1d775d4832",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "6DEAD13257DFC3CCC6A4B37016BA91755FE9E0EC1F415030942E5ABC47F07C88"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "10368826DC89AF42B4AD7E69A9E1F4DA9486DD645C088F445998E8DCA18EB0D4",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "ce737ee6-e949-44cb-badf-3f1d775d4832"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "a24fcdef-7393-4141-ae9a-f97fce196c35",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "71B601EE3746DA7177726DB84F5B417C9721583D2D88AD857BF368A54FF76BFA"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "98A4F01BD9D8A039C669C2AF9082A0EEFBCEABEA4C739E05A1D0C59C5D851AD1",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\shim-13-0ubuntu2/shim64-bit.efi } }",
+            "Description": "This was provided by Canonical Ltd and revoked Apr-21",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "b1d65631-7072-4168-b25a-5e18d41b3410",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "1d9a09ad4a977af7eb8359638d016fbf",
+                    "SHA1": "70673742c167b615118ed8692cc0a100427c3f46",
+                    "SHA256": "a8ddf4d0f6a7056f55b464cc79a986cce24541961263c216bedc19a7c4ca2296"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "shim-13-0ubuntu2/shim64-bit.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "a27c33dada320aff0672ce32f953ffbc",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "412391ed50bdc33f24da222c7d79c00dcafbaddb",
+                "SHA256": "9be93e365a8240a03b05db26684b708b46d7585be325a3e22170cd5b324e0cb0",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.5618243060977575,
+                        "Virtual Size": "0x2a688"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.8630797231656377,
+                        "Virtual Size": "0x100"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.212807020759649,
+                        "Virtual Size": "0xedf0"
+                    },
+                    ".rela": {
+                        "Entropy": 2.6508835902550336,
+                        "Virtual Size": "0x1ae80"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".text": {
+                        "Entropy": 5.636950908142091,
+                        "Virtual Size": "0x94f6a"
+                    },
+                    "/14": {
+                        "Entropy": 5.317320051092131,
+                        "Virtual Size": "0xd2"
+                    },
+                    "/26": {
+                        "Entropy": 7.322772708526002,
+                        "Virtual Size": "0x449"
+                    },
+                    "/4": {
+                        "Entropy": 4.859071012200417,
+                        "Virtual Size": "0x18680"
+                    }
+                },
+                "Signature": "",
+                "Signatures": {}
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "shim-13-0ubuntu2/shim64-bit.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Endless OS and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "2c1b4ac9-5f4e-407f-bf05-bea2bef8d7f3",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "DD59AF56084406E38C63FBE0850F30A0CD1277462A2192590FB05BC259E61273"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "191A99A1EF854CE43E64D1CE2FDCC0C942200B88D232F8823A439CBCD7D148C1",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "2c1b4ac9-5f4e-407f-bf05-bea2bef8d7f3"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootia32.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "7191ca91-6b37-4c4f-821c-a2df6c16e91c",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "57AEAB53DB02CCD1E307AD3BE524EB507D0339BB2AAB3BC9B653088B7E790FCC"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootia32.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "3E964DC8AAE03D464F3DEB556C4927075AA9F3A1998C66D65EFDE178F465D7B3",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootia32.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "c947ca13-4a5b-42ca-81cd-b1d1d9a4d8dd",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "BE435DF7CD28AA2A7C8DB4FC8173475B77E5ABF392F76B7C76FA3F698CB71A9A"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "83A5C9C78BC64206AAF7B7F9901867D19BB746201923D855AAE24A2B2330F113",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "c947ca13-4a5b-42ca-81cd-b1d1d9a4d8dd"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "41327687-8774-4304-bbda-cc7c5835b54b",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "DD5E4E9F20CE8BF8F3512261F176ECDD046C079D32585D9B259AFE0A28C973DF"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "67D204E0E5DBC0C5B2549FC2C003024525378DB4DE12E5CA1451DD996561AED5",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Oracle Corporation and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "e84c007a-a263-4bea-ad23-e46447001e91",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "540801DD345DC1C33EF431B35BF4C0E68BD319B577B9ABE1A9CFF1CBC39F548F"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "44FD1F90799B852B3BED642DE300BCF9EF6CA81036CD5588C24D5B8E00D4B9D1",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "e84c007a-a263-4bea-ad23-e46447001e91"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "34e61740-5c56-404a-b796-1db5337dd86e",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "DA3560FD0C32B54C83D4F2FF869003D2089369ACF2C89608F8AFA7436BFA4655"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "EDE70AA6A98D8130019296CE64B5CCF634A997B26401C0E119B96BBF7ACE1C0C",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "34e61740-5c56-404a-b796-1db5337dd86e"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootx64.efi } }",
+            "Description": "This was provided by Neverware and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "cef9f132-2635-47a6-bed7-6011eb7f04ca",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "d0a9c315f3180e44d8c7a202276041a7",
+                    "SHA1": "6d3071da0d10845d4c297c11e0f71dc557981cd0",
+                    "SHA256": "d8d4e6ddf6e42d74a6a536ea62fd1217e4290b145c9e5c3695a31b42efb5f5a4"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootx64.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "0008d969a43a2b94edd849cdee6ae3c9",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "d58b60ac3b5fdd3d52a9bc8da3e73c2a13ad36f6",
+                "SHA256": "3f8f266488f3b888eb77b8df43582fa8124366b7d0670ed78926410f9c9f411f",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.510419511401317,
+                        "Virtual Size": "0x2aad8"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.7842520391300999,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.2106323395732113,
+                        "Virtual Size": "0xdd10"
+                    },
+                    ".rela": {
+                        "Entropy": 2.652342087574957,
+                        "Virtual Size": "0x1b0d8"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".text": {
+                        "Entropy": 5.644091890418596,
+                        "Virtual Size": "0x9599e"
+                    },
+                    "/14": {
+                        "Entropy": 4.946577948119573,
+                        "Virtual Size": "0x62"
+                    },
+                    "/26": {
+                        "Entropy": 7.20273225550972,
+                        "Virtual Size": "0xb79"
+                    },
+                    "/4": {
+                        "Entropy": 4.862207156121677,
+                        "Virtual Size": "0x187d0"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "TBS": {
+                                    "MD5": "8d8a1f204c9c80213bd427fa58b387e2",
+                                    "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386",
+                                    "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0"
+                                },
+                                "ValidFrom": "2018-07-03 20:53:01",
+                                "ValidTo": "2019-07-26 20:53:01",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                },
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "84fbccc2-01e7-4a24-adbd-a1d3ca0acc50",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "35C16AA2BB4DADF5028F4801185CD368B922C6CF7651CB7FEF30DFB95920FB99"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "574695D73FF3813C780728858B4A6D2CE6D24B41308B23281E438B66A60E4424",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "45ac4276-741b-4e22-92bd-bb97042ed4bb",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "1F535987EA7386DF6BFE75F51EFD35E4D2DA4B002DCA2999C0CB4B767BAFAFFD"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "0CCF098A0B3F109F35C763E69DFA54190365999A78707EF63863A812C1C07F9C",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "c9f24d64-ce8c-460c-a5b9-13c1082de5c5",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "3860B7C7FF6F4BCD5865843B2E86B2ECA5FF4FB071999F2129D4C7753B806F34"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "3EF9FD0B7CEF661D5AF2971DAEF1ECC44D9210D33AF8C95E2DF9EDD694BB0FE2",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\shim-0.9+1465500757.14a5905-0ubuntu1/shim64-bit.efi } }",
+            "Description": "This was provided by Canonical Ltd and revoked Apr-21",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "81ea3a10-a003-4839-ae9f-52cb700d38d4",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "FABC379DF395E6F52472B44FA5082F9F0E0DA480F05198C66814B7055B03F446"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "shim-0.9+1465500757.14a5905-0ubuntu1/shim64-bit.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "889337B0F67FFBDDD260CEE774DFA332DBB4EAE7D11333B2DDBAD7CA7FA773A2",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "shim-0.9+1465500757.14a5905-0ubuntu1/shim64-bit.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\cent-7.9-20200730-shim64-bit.efi } }",
+            "Description": "This was provided by Red Hat, Inc. and revoked Apr-21",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "9091dbdc-0263-43e1-a886-3c18c6532dd3",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "DDA0121DCF167DB1E2622D10F454701837AC6AF304A03EC06B3027904988C56B"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "cent-7.9-20200730-shim64-bit.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "5DB10187E0E8BB8D2FF649810E03F80FB6873370F3AB1F013811B8E9670F3863",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "cent-7.9-20200730-shim64-bit.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootia32.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "13ef8a27-3274-4d3d-831f-36b30bc88627",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "C2CC91555617171A7D8AF57DEE529B443A41A1FAD3D4032DBDB814DAD6C2688E"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootia32.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "F2F2F729FC1B94C3B3AD210E0664FAE3351D0D7541581FE2C6DC7B087BE2B16C",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootia32.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "aa9b6b05-0b51-423e-b4f7-39cb30cbc987",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "9875bf0884ed2f18a32cefd749c60406",
+                    "SHA1": "ecdde500ab2b06dd0c870c1f64d783f2cbd095dd",
+                    "SHA256": "cef75d1da8e991ac96d36f8a14562849207f9dd50fc63028ba83277d5c27d00b"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2021-12-04 22:14:22",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.20227 (winblue_ltsb.211204-1700)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "007e746f6aeff8bcb4479e6e49236260",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.20227",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "aaf18af925d829095e017c505f1a0039",
+                    "SHA1": "c3d13f7d96127a3b16c7a8c0a3dd98fd9f22c3cf",
+                    "SHA256": "05367ecae4cf78cc575048fb931468b1d210df8c38ff8ca05481124b1a1a6917"
+                },
+                "SHA1": "3971fa916c03c91a66e72c58ad766724b6a5c219",
+                "SHA256": "62288f1f5f2f8529292eb45c2ae2a33d1057a3dec12164958e76ded36fbe712b",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 5.416154317517693,
+                        "Virtual Size": "0x6c7f0"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.082245001282489,
+                        "Virtual Size": "0xa704"
+                    },
+                    ".reloc": {
+                        "Entropy": 5.406889572520271,
+                        "Virtual Size": "0x994"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4720882192142506,
+                        "Virtual Size": "0xfd30"
+                    },
+                    ".text": {
+                        "Entropy": 6.492974348184544,
+                        "Virtual Size": "0x16d9e4"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c",
+                                "Signature": "699045742c403812de1bdf9ea2be22132e82a7c006ab278e0c9f460bd435386348031a6b5cbdf450ae5a243331dcb2cc7eace8371cf71ec35a6f663147bd211ea357614e6a611eeacca6486a778d4cd788106ade12d6625574e7a89ecab4eb0bb99295c498dd5f565680a2d26bf2545e727c4204023c48d8021b608fd901c6fefd16ce0c3a669fb0ce758dc671f2cdd7434c163f9de9453e5523d94a78205c828a4615e50330d9f52a8a77f7683d2b61ff1324382d40d31001c518b56b286fbb8c754f6940590c2071385ed0a9387b529c06bf71fff89c74634550fc331b389d558696ace05787144e5af53d20a75a84981bf8380ddac3743f407d8ff27c089e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "46f57c3b860b08484cb79066ac1014ad",
+                                    "SHA1": "c1fe3ab97b834a98460e4ae92fe2468d16f61a92",
+                                    "SHA256": "d78e6b22fec42de5200f6c56731dd6742c79fa2bf7c01c8dc04d3d5738474c9b"
+                                },
+                                "ValidFrom": "2021-09-02 18:23:41",
+                                "ValidTo": "2022-09-01 18:23:41",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Unknown and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "ae22fd08-2ecd-43b7-a5c7-3b857e0e3b71",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "1F179186EFDF5EF2DE018245BA0EAE8134868601BA0D35FF3D9865C1537CED93"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "20E870697471F16EAC55A9658212F83A7E443CDB3844C7D1901B4D4271828F7D",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "ae22fd08-2ecd-43b7-a5c7-3b857e0e3b71"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\BOOTx64.EFI } }",
+            "Description": "This was provided by BITDEFENDER and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "35c8a2f7-287d-4251-a949-d1ad45040784",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "93858168a4a5a02e0446ee0c003ecdf1",
+                    "SHA1": "096dbcb4f3baa2a21cd0e267052430ccd175593a",
+                    "SHA256": "badff5e4f0fea711701ca8fb22e4c43821e31e210cf52d1d4f74dd50f1d039bc"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:08",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "BOOTx64.EFI",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "0887bbb1fff22018d425b56dfb642db7",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "db9c3757f8f341bd6be92611fbbfb3ca8bc80d6f",
+                "SHA256": "e352109145416e3b61dcf5e09492d24410828121e7d74c08ce0d3157b45a0831",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.800117402438687,
+                        "Virtual Size": "0x31eb8"
+                    },
+                    ".dynamic": {
+                        "Entropy": 1.177741779247768,
+                        "Virtual Size": "0x140"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.2171085714056926,
+                        "Virtual Size": "0xf570"
+                    },
+                    ".rela": {
+                        "Entropy": 2.6309115175747873,
+                        "Virtual Size": "0x29d78"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".text": {
+                        "Entropy": 5.634144687504991,
+                        "Virtual Size": "0xab58b"
+                    },
+                    "/4": {
+                        "Entropy": 0.6143694458867568,
+                        "Virtual Size": "0x12"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000000a6642f3f49fb7379600010000000a",
+                                "Signature": "2a27d6bd2f34c68a9989ec856449fe4934ad5c0615ec5819664399053737a86be46c914b9478ce393534b759eec5eb6f015b706b853f1d2be51fe9807b178eaa9e0f9558d6a5d913c58c7492cbad106abb7395426801a42f363842e60bf72d046668865db5d8ce2c901c9673044d05abb74c171ac198c0f9376bb9185ec7523bb53e6d2c114642ffbfbe20efc6c2571c2006159cb70ff2c428e997f6ce83bf57ad9a47c47decce9830cf861a156471c62600a0260b44e29ea8e6e33c407c046f37be4a46dcaf38c018b24f969beb716d8e76cebc3d1d19134ed6f216cc2e357848b4998196ebd7326bca3e3ade1ba88e98612a569a46a1f45856f4e2dfa02a5d",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+                                "TBS": {
+                                    "MD5": "c52110f552e27ebb1e3fae114abafb3f",
+                                    "SHA1": "4954e087123653ce38da4cdd31141b6a1bb999e4",
+                                    "SHA256": "1cf7d28cfb21714522a9c91dda9d899ceadb0769f14b25e770799d88365aa54c"
+                                },
+                                "ValidFrom": "2013-09-24 17:54:03",
+                                "ValidTo": "2014-12-24 17:54:03",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                },
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "SerialNumber": "330000000a6642f3f49fb7379600010000000a",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "BOOTx64.EFI"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "663a9b38-509f-4a27-b2b8-13801ce4ee89",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "B2BEAECAC1BDE409F82933D80FA3BF5FA0D1FF8D1F97E5260BB25C0FBBA35CA7"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "3E8EE29691F1F22F5B46C301EDFE411821D466E7A39672A416E387060A0EEFE0",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "298f4996-3321-455a-bce2-919c3a73da65",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "7836465BDFFAE768EFAEDCBAA8B5787BAF51B2792A020E80E341A3F824FF82CA"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "7AFFFCAF48E9289AA0C44566C53EC0A311BF3E2ABF351E0122C685FD568D97B1",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "4a9f5a2f-87ca-4a7e-9a16-15d7e8a44c14",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "a114f82ee953917e2718ad7f4765ab20",
+                    "SHA1": "5c145f3f55a53c1db47c568cd76eff5b0092e95b",
+                    "SHA256": "f0b3d0d4c5457880e2d9b7728eb64bd288b5d4a26ec883f3c0941d8af29d9466"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2014-11-05 18:18:59",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.4.9880.0 (fbl_sec_oss3(dlinsley).140616-1123)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "e2f5112aec3a2bdc5f267c18f8a6c071",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.4.9880.0",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "a02554021493291650ba1e2951aef07f",
+                    "SHA1": "3cb0d2f0d1a2046caf0027cfd995294a09eeda72",
+                    "SHA256": "3089fe7fa4527043c200fafe2a7272e48a1f7c54725a623f22d12f2cdbb48350"
+                },
+                "SHA1": "513e0049089f66a29eb06adef56eb24f1689c24d",
+                "SHA256": "c643c3cc182443893728101f5303aaa05b08ec8616310546edc903635c692b5e",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.473798201663143,
+                        "Virtual Size": "0x625a0"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.087546898123127,
+                        "Virtual Size": "0xa80c"
+                    },
+                    ".reloc": {
+                        "Entropy": 5.40956828432046,
+                        "Virtual Size": "0x9c8"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.469828495684793,
+                        "Virtual Size": "0xfd54"
+                    },
+                    ".text": {
+                        "Entropy": 6.49404758790082,
+                        "Virtual Size": "0x172c64"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+                                "Signature": "8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "9da610547a25cbe89af7ecdb99229623",
+                                    "SHA1": "6841cbcbd019586d045c2e9d6d0bc3a98fee3bf7",
+                                    "SHA256": "1cfead8146399a4dfe6759e9303c30c521cff3830e7177e87e64021dc3da4931"
+                                },
+                                "ValidFrom": "2014-07-01 20:32:01",
+                                "ValidTo": "2015-10-01 20:32:01",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\shim-0.9+1474479173.6c180c6-0ubuntu1/shim } }",
+            "Description": "This was provided by Canonical Ltd and revoked Apr-21",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "9a8ab464-2a24-4329-ba2f-e9eaeb2edb90",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "E37FF3FC0EFF20BFC1C060A4BF56885E1EFD55A8E9CE3C5F4869444CACFFAD0B"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "shim-0.9+1474479173.6c180c6-0ubuntu1/shim",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "98799E6AD44F2AFF3D3D7B66E482B2F4DE4438F5752D932D12C97FF56FA1942B",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "shim-0.9+1474479173.6c180c6-0ubuntu1/shim"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "934f9364-3471-415f-a502-036969a78958",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "0E44212BADF40D6B8DE3311E632045370588E0B23B7A480EB5DC10DB65D1B4B3"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "F51C64E1690E8FADAE2C55EDE85377D6680C337DABCFC01FF6CF37D8D87892BA",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "32544796-1bfd-476b-a4f6-8fccc5a593a3",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "8cbc20535be05799179c23fb8354b9d3",
+                    "SHA1": "458cad1c4b11da8201ca12a6ed0f50ec81261e1e",
+                    "SHA256": "61535caa144761fc48cc9d7a835dfaf020b569edfc7fa628f983d58a3ac25f2a"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2014-02-22 04:25:22",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.17031 (winblue_gdr.140221-1952)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "f66d8bc26d38b7faaa1fbd4c4fdda3ff",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.17031",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "61ae12104fd32308c2c6da0ad0f4da3a",
+                    "SHA1": "5916de417c3548f9179b3fca1170571bd0615d62",
+                    "SHA256": "9d016f97efd1b99cdeec92f9010dbe2695c277306c00fe7e352588a7f6e7be26"
+                },
+                "SHA1": "7098af963c0223858f2fa56cc226ee27048f35d3",
+                "SHA256": "e443176d6a0621e65cadde51f4019ec7fb25e91fa87cbb6cbaf09d94e9e49918",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 5.271385172760688,
+                        "Virtual Size": "0x5b510"
+                    },
+                    ".reloc": {
+                        "Entropy": 5.537342833364972,
+                        "Virtual Size": "0x7fb8"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.471468768902206,
+                        "Virtual Size": "0xfd10"
+                    },
+                    ".text": {
+                        "Entropy": 6.644560099017493,
+                        "Virtual Size": "0x12d8f4"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+                                "Signature": "78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "28b23b39f3bbd936a26a5b86451be0ac",
+                                    "SHA1": "3b16f29295d5a7c323beb479c71d3d20c6b8acc2",
+                                    "SHA256": "4383c9a796dc607ddaae1849d8e5d2e7ea211aad2c599fe1e251285ec87dd150"
+                                },
+                                "ValidFrom": "2013-06-17 21:43:38",
+                                "ValidTo": "2014-09-17 21:43:38",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\rhel-7.9-20200909-shim64-bit.efi } }",
+            "Description": "This was provided by Red Hat, Inc. and revoked Apr-21",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "c900de9c-b4b1-40b1-b106-db0845396462",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "A608A87F51BDF7532B4B80FA95EADFDF1BF8B0CBB58A7D3939C9F11C12E71C85"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "rhel-7.9-20200909-shim64-bit.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "C2405153F56A12F727853FD55BC9C99B81937B42A1A0BC585310DA45D35A3FAD",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "rhel-7.9-20200909-shim64-bit.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2022-34301"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\Bootx64.efi } }",
+            "Description": "This was provided by Eurosoft and revoked Aug-22",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "b1ed132f-d99d-4616-9fa6-56b6e8e814f6",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "1e31b54463f12e9af1098295a74b4866",
+                    "SHA1": "7bc2c8f3a922fda1f6b16dd09425006a4715f7ee",
+                    "SHA256": "66d0803e2550d9e790829ae1b5f81547cc9bfbe69b51817068ecb5dabb7a89fc"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "Bootx64.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "7e05f116825f8e60072443b813e6192e",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "c9bda70cc887ceb1c4552319df909c8bca331b58",
+                "SHA256": "09f2e41661cbbd714d22986fbb36a2b5764a5544c85f9875d227f6a26e1c8c8b",
+                "Sections": {
+                    "": {
+                        "Entropy": -0.0,
+                        "Virtual Size": "0x1df4"
+                    },
+                    ".reloc": {
+                        "Entropy": 5.4356761952478605,
+                        "Virtual Size": "0x3268"
+                    },
+                    ".text": {
+                        "Entropy": 5.947922488694373,
+                        "Virtual Size": "0x523b0"
+                    },
+                    ".xdata": {
+                        "Entropy": -0.0,
+                        "Virtual Size": "0x1000"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "TBS": {
+                                    "MD5": "8d8a1f204c9c80213bd427fa58b387e2",
+                                    "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386",
+                                    "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0"
+                                },
+                                "ValidFrom": "2018-07-03 20:53:01",
+                                "ValidTo": "2019-07-26 20:53:01",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                },
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "Bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Oracle Corporation and revoked Jul-20",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "a8267643-bd8f-42e9-851a-86b986973758",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "8EC2540CEDDD592E616AF4386DA9EAF76855EF0A792E26FC149B32E951D76C85"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "AD1A9C1667E89214EE947D6B40D61BFFB7EA942ABCCE85319520CC3DE301FA1B",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "a8267643-bd8f-42e9-851a-86b986973758"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootia32.efi } }",
+            "Description": "This was provided by Neverware and revoked Jul-20",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "b03177a4-54ec-4449-b30d-f197e75b8b3e",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "1adb4d9d5d5c38a654581d03699efb51",
+                    "SHA1": "120f24f0e7bfbbe0e0419060b1489921d9fd3fe5",
+                    "SHA256": "56fb79aab26ee9d0e0ca372fb86a8bb459acbc505d0ab35e6a632a3d5f88dcb3"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootia32.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "eaaa74b1ac8f59f8610a8e898de54cf6",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "82d315d856cf1a43ff8d22192638c8f416be591f",
+                "SHA256": "aa6f27b8b2ca5826f497362042c003b5e1d7ca22383d82730fbc5c45e048d839",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 5.369085585418017,
+                        "Virtual Size": "0x21a7c"
+                    },
+                    ".dynamic": {
+                        "Entropy": 1.38767138404284,
+                        "Virtual Size": "0x78"
+                    },
+                    ".dynsym": {
+                        "Entropy": 4.388630978541453,
+                        "Virtual Size": "0x9360"
+                    },
+                    ".rel": {
+                        "Entropy": 3.537809435563718,
+                        "Virtual Size": "0x9048"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".text": {
+                        "Entropy": 5.841766513831158,
+                        "Virtual Size": "0x93147"
+                    },
+                    "/16": {
+                        "Entropy": 7.20273225550972,
+                        "Virtual Size": "0xb79"
+                    },
+                    "/4": {
+                        "Entropy": 4.946577948119573,
+                        "Virtual Size": "0x62"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "TBS": {
+                                    "MD5": "8d8a1f204c9c80213bd427fa58b387e2",
+                                    "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386",
+                                    "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0"
+                                },
+                                "ValidFrom": "2018-07-03 20:53:01",
+                                "ValidTo": "2019-07-26 20:53:01",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                },
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootia32.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootx64.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "94ba0558-c5b6-4f9f-b1fc-598e7448bf13",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "CF7F9E7D091023A1A1C3F5CBF7DDACF7B18F03A4D07961F71506FE9DF4388EEE"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootx64.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "196243A87389B47FC9033AF3884F3FF0A5C891D80E22C82D2ECD5B9A3434186E",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Oracle Corporation and revoked Jul-20",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "9470ea71-b7e9-4e8e-ae73-a4b5fe32bc04",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "45e4a006c19fa21bbbec494e6d51c63c",
+                    "SHA1": "ceca75b14c16bc19a9aafc883fcb081554f563e4",
+                    "SHA256": "56b3da7259eb1bec44199a7ebf74c6fe912c8fe9bf4a20a7610c5e9bc0b601cd"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "bc5372019b75e9e8257a83a86bd0b33d",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "99cd0326b914b5f6ea53cb2280d9a455bb68d70b",
+                "SHA256": "8310f47ba34eb1aca146a5bdb8b59138173e659fbeb57a4c89355d8c54930b6b",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 5.3361211360622445,
+                        "Virtual Size": "0x216dc"
+                    },
+                    ".dynamic": {
+                        "Entropy": 1.4043380507095067,
+                        "Virtual Size": "0x78"
+                    },
+                    ".dynsym": {
+                        "Entropy": 4.395499383245927,
+                        "Virtual Size": "0x9380"
+                    },
+                    ".rel": {
+                        "Entropy": 3.5471242189199925,
+                        "Virtual Size": "0x9718"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.5709505944546687,
+                        "Virtual Size": "0xa"
+                    },
+                    ".text": {
+                        "Entropy": 5.774216074421671,
+                        "Virtual Size": "0x92ab3"
+                    },
+                    "/16": {
+                        "Entropy": 7.130706042544344,
+                        "Virtual Size": "0x5f0"
+                    },
+                    "/4": {
+                        "Entropy": 5.040573517037893,
+                        "Virtual Size": "0x7e"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "3300000034a76221f066806d9d000100000034",
+                                "Signature": "977d904632387b183cd2f5257baa329d7f537c6f4fc8debcd79358d1e293dc413472d9570abf3aa27047041d96b6c77b855466e096ddc99417584c171ff4c239619a185d80f52131622bbd527228a0229f00a878bf53b3b79dd2e65b0ce48d17c209e27a0e77f1eddc0fd85a8fcb0e66cddefd40bf8afc73830971be672e3245869e219a3902283f00f4a5c1bf6357400fe3d38e2c3e74433e158deff1733e5249b246ab66481e983dbe60a4274286b00d96fe28e794a5823e658cd0c83603769d96a4c4f766e3f5f0a173889eab9da0cfd9517f42d7e9d12b089214c09f21ee561dde677f28cd7ea82b5846fff64be02f195ee75ff499f67821369241536406",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "TBS": {
+                                    "MD5": "981b2766a6b1467da361c3f6158b5efb",
+                                    "SHA1": "2de358273a7fab18d9e8359579e78544e4f90e45",
+                                    "SHA256": "c9b4b474a8cf82bb390bee17e0eb009360599aafc792dca2c161926e2b9c7f7f"
+                                },
+                                "ValidFrom": "2019-05-02 21:31:23",
+                                "ValidTo": "2020-05-02 21:31:23",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                },
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "SerialNumber": "3300000034a76221f066806d9d000100000034",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "9470ea71-b7e9-4e8e-ae73-a4b5fe32bc04"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootia32.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "81f3828a-1a59-4fc2-a34e-d1f297f0f719",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "32D4BA3A03D1F2B6BC80D011C0FA107747B7B573FE96AAFFF21735ECF562D337"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootia32.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "CF960A60921EF186A0A511BECC06B264407111D2AE6875C93496121887318EDE",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootia32.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "406a9495-809e-4065-8c57-b6aa66dc4029",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "0CA5E602468258B0685A2B2B7F028B977354602A82ADA86C9919FC472AE4CA40"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "B6FDF73C4B54F57935671B1C6F03FF5F104F8092C72574C2DF2C6FFB1E5F2E61",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootarm.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "989b4dda-91c9-4903-9027-6ff3e74738b2",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "DAF87006F2653909E39A52B7ECB234484E7AC84AC21EB59354C1BAFCDDF08D9C"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootarm.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "87150D354E809EE266FC005B1DECA64F70A72B9505AD79062D337EEF012CA896",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootarm.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootia32.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "3175132e-f5d7-4d88-b395-ca30351f8c69",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "439f829f38523f2c1e9995474cab6030",
+                    "SHA1": "71d6ef211cc60fe99eb7f949640dabd36759b36a",
+                    "SHA256": "a6f13f3bb8132d248591f6762ced6d3a55efd8812db9730449e267cb6447145b"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2015-05-13 15:26:53",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "10.0.10121.0 (fbl_sec_oss3.140523-1156)",
+                "Filename": "bootia32.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "45a7c3cf799b58b886c0b4c7f6f71d32",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "10.0.10121.0",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "6bea06624768875081a9a967c3b37e7a",
+                    "SHA1": "7e16bd7ca20e183f5a6c2098ce732e7f91fde530",
+                    "SHA256": "61cb375839f46ec38deee3a50e5790ebde67d13cc9e41b745ca3368b5fe02620"
+                },
+                "SHA1": "52cad42539bc3f27a103e4a9bc0fd51a1b51a265",
+                "SHA256": "55a5bb13e3a985e0ab011e69b41704319de0843f9254cf91ed2964c13af345fe",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.443254562769542,
+                        "Virtual Size": "0x37f90"
+                    },
+                    ".rdata": {
+                        "Entropy": 5.278688704736593,
+                        "Virtual Size": "0x12934"
+                    },
+                    ".reloc": {
+                        "Entropy": 6.780898828243956,
+                        "Virtual Size": "0x60f4"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.469109462754718,
+                        "Virtual Size": "0xfe50"
+                    },
+                    ".text": {
+                        "Entropy": 6.707639927172937,
+                        "Virtual Size": "0xbf6e0"
+                    },
+                    "PAGE": {
+                        "Entropy": 6.553305479665424,
+                        "Virtual Size": "0x13bf"
+                    },
+                    "PAGER32C": {
+                        "Entropy": 5.781085769559349,
+                        "Virtual Size": "0x1eaf"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+                                "Signature": "8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "9da610547a25cbe89af7ecdb99229623",
+                                    "SHA1": "6841cbcbd019586d045c2e9d6d0bc3a98fee3bf7",
+                                    "SHA256": "1cfead8146399a4dfe6759e9303c30c521cff3830e7177e87e64021dc3da4931"
+                                },
+                                "ValidFrom": "2014-07-01 20:32:01",
+                                "ValidTo": "2015-10-01 20:32:01",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootia32.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by VMware Inc. and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "c368c62d-85dc-4bc7-8302-09be91700a9f",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "66AA13A0EDC219384D9C425D3927E6ED4A5D1940C5E7CD4DAC88F5770103F2F1"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "7CEE7E91292E5591BA4597D312BCFE9C0EEB906B18B327B8983BA497F9921BF7",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "c368c62d-85dc-4bc7-8302-09be91700a9f"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Microsoft and revoked Jul-20",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "469544ed-d70a-42d6-aca2-690d5ebecb4a",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "41CCE0FC467609CA368BEDBA45C292F2BE1B622FB9BE0473CF51E7A96EE65652"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "2B91C0C8C0F156ABC8F85274C1320C038AF0179FE4696260B1011D5361E50AEA",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "469544ed-d70a-42d6-aca2-690d5ebecb4a"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "04eaf4b4-a618-4d2c-8eb1-1e0065c05212",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "A983E73E57BDF014C9A29331290EE87DF37F97C81DBCC43C6C933FE2209C0BD5"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "EA4EEC2975E4EAED0C5EE6C25C887FC8C7A0298FB613852DEC200DACD2485FD3",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "c2d12b91-7e1e-403c-8d76-9664229a68c0",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "93F5233E9970A7DB1E4C9AA2DE2404636728E7C66C03F2BBE74B18B20A93BA96"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "101EC6206BC939A389713775B3BDB405E91252FAD75509C54FA1DBBE822F4596",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\rhel-7.9-20200730-shim64-bit.efi } }",
+            "Description": "This was provided by Red Hat, Inc. and revoked Apr-21",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "db9487ab-4dc1-4c3d-a04a-70696d63bcc4",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "D6EE8DB782E36CAFFB4D9F8207900487DE930AABCC1D196FA455FBFD6F37273D"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "rhel-7.9-20200730-shim64-bit.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "24357D13D3CFC29A7E83D86A6BB53FC932461B7D0A653701188D7B427C704FB1",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "rhel-7.9-20200730-shim64-bit.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Alt Linux LTD and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "3a74fd6f-8747-4f47-b44e-fa10af3da555",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "EED7E0EFF2ED559E2A79EE361F9962AF3B1E999131E30BB7FD07546FAE0A7267"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "9EA346FCFE6DB7F3140DA8FFD5738F6CF97D6014DA61033B32049CB17696B372",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "3a74fd6f-8747-4f47-b44e-fa10af3da555"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "1457ea3c-21cc-46d1-adf3-606e98b3938b",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "CC8EEC6EB9212CBF897A5ACE7E8ABEECE1079F1A6DEF0A789591CB1547F1F084"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "97BB9FD717C396231E86ECBE5A760D56DBACF4AE8E963D16D724591E45919B65",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "1457ea3c-21cc-46d1-adf3-606e98b3938b"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "865cadf5-d63e-438b-a8e9-44591fb69d2a",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "3c5fa521303c8b5564f3c2ce44596d69",
+                    "SHA1": "599dbc2acbec93f50c653471403aab7be0b978d1",
+                    "SHA256": "736afb5df29ec9c88532be9c620ef80901bf23e72f2d3488b757aff17e734ace"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2013-09-25 01:06:47",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.16411 (winblue_gdr.130924-1807)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "f512804db694f319cf51306dd2c2c618",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.16411",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "7c1182353e1a18467ac8596eb17c533e",
+                    "SHA1": "3dbd444a114f18bb9cfb639f095ee5a0915ba297",
+                    "SHA256": "3556b638af47e65fa07578b156ff85afa0145f715fc594c65a97aab98841c601"
+                },
+                "SHA1": "d1bfb94ce4288f7f4e3f27ef22618991485e06ec",
+                "SHA256": "3f28c4f2fb32c10e5faed1debf7db6ae8c821bf286ffdb57a5b31fce0730e111",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 5.268881641959374,
+                        "Virtual Size": "0x564f0"
+                    },
+                    ".reloc": {
+                        "Entropy": 5.533455631907051,
+                        "Virtual Size": "0x7f10"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.470826687572494,
+                        "Virtual Size": "0xfd10"
+                    },
+                    ".text": {
+                        "Entropy": 6.650572748526797,
+                        "Virtual Size": "0x12a4a4"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+                                "Signature": "78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "28b23b39f3bbd936a26a5b86451be0ac",
+                                    "SHA1": "3b16f29295d5a7c323beb479c71d3d20c6b8acc2",
+                                    "SHA256": "4383c9a796dc607ddaae1849d8e5d2e7ea211aad2c599fe1e251285ec87dd150"
+                                },
+                                "ValidFrom": "2013-06-17 21:43:38",
+                                "ValidTo": "2014-09-17 21:43:38",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "897f5834-55db-41fc-a4ca-9d880ca00ec7",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "ABEE522892FA10B22208B4D1540184617BC9875C9E03E5353B4FF476577D918B"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "FB2F396A01911260D4035CCABF36DB99081DA3F8D98BB40549D7D5E93CE4EAA2",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "d17ff559-85d0-4cc7-9327-516585723ea0",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "CBCBB8E81F1CFEE4D02D65481080ECDE62528344C5372B09FED4EE3CA1E14330"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "B81C6018141EFC89816DA4081BBC1414911125D5184108E47AB01260D84FB9B1",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "b6967d5b-ea2b-4a4b-b24c-63a8eb8dedcd",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "CC7396D1C306ADFCE49E70D7DAF32D093A8F2FEBE2AC0576BA853770E11B3EF2"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "8E5609A57BD66CC153EC2AC60CC10C2E641334C26EA5068C1FD8373A503EF1D7",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "88e2e7f2-0a89-4a66-9f99-1a73ca3a061c",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "21258FA3877177AC480CB571134BEE7BA1531DDD1274217DFF71BCD618F6C3D5"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "DD32DCC6A6E054F4FB518B3F26EE9F41D338AB5EAFFF83F3682E34728EAAECEA",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "4814d421-23eb-4222-8cc1-aab6645981fb",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "9783B5EE4492E9E891C655F1F48035959DAD453C0E623AF0FE7BF2C0A57885E3"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "103FE82E5F090184D8DB7A48801D1E503E3C6FC0726783E9A49A84F9FFD4C78A",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "4814d421-23eb-4222-8cc1-aab6645981fb"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Intel Corporation and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "bf3c5a6b-8fac-470b-a458-c84e7fed7dc7",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "3A4F74BEAFAE2B9383AD8215D233A6CF3D057FB3C7E213E897BEEF4255FAEE9D"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "BAE97EFC507382C0BDF7B1E74DBC38C0E31BF65186B7989CD9C7AF29DA27F656",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bf3c5a6b-8fac-470b-a458-c84e7fed7dc7"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "a77872f7-4890-473d-887f-bfd93f46641d",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "f5eca8462be6c481c75ec3955b47c4f8",
+                    "SHA1": "45e97d3cfb90ad162fa8f5a14ad8e5b4710a748a",
+                    "SHA256": "f74947590a87a005023e9ef89cdf0c38d8d582ca4173f8201cebc443ef796790"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2014-02-22 05:17:10",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.17031 (winblue_gdr.140221-1952)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "6514d19c16df6d0d9cf75bba91350dcc",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.17031",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "f946cf9d5023059fc9f2140cd5b159d7",
+                    "SHA1": "13ecec12054fd579ab92638fb336a8a17c1264db",
+                    "SHA256": "f699df0555e9fe0fb7019c00aa9f4c2da8abeacc45ef7f11dd65541052afb896"
+                },
+                "SHA1": "c3f69560b62f619f851df687c0adb2fa35cc0160",
+                "SHA256": "3bc9ed257486b68fac5899eaa19732a1340d06c8baf4b0ff53c7f5c052e6470f",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.530485730893638,
+                        "Virtual Size": "0x6b2b0"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.106107637688331,
+                        "Virtual Size": "0xa494"
+                    },
+                    ".reloc": {
+                        "Entropy": 2.3270407806858406,
+                        "Virtual Size": "0x2020"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.471177246677347,
+                        "Virtual Size": "0xfd10"
+                    },
+                    ".text": {
+                        "Entropy": 6.505313659869744,
+                        "Virtual Size": "0x167784"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+                                "Signature": "78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "28b23b39f3bbd936a26a5b86451be0ac",
+                                    "SHA1": "3b16f29295d5a7c323beb479c71d3d20c6b8acc2",
+                                    "SHA256": "4383c9a796dc607ddaae1849d8e5d2e7ea211aad2c599fe1e251285ec87dd150"
+                                },
+                                "ValidFrom": "2013-06-17 21:43:38",
+                                "ValidTo": "2014-09-17 21:43:38",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootarm.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "285c0ef5-dd8b-4c50-af8f-6ed20f233294",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "4380A43A7B0BE1ACE54A65B3E25ED35F340D6906365821AF139941D5D6E1EA1B"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootarm.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "FC40897F668AA86E5279CA8FEB62873A06A569742967E0F243F51ED56BDB53CD",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootarm.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "a252e6fc-a0e5-46b7-ae78-c11ac44dfecc",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "d9a85920d99763cc28d796c77094f958",
+                    "SHA1": "932efcc1a062376a53c14b3fad8f6bf34b96524f",
+                    "SHA256": "50871141459a21faba3dbbf63da5aac8863fa3d8a9891f182ed72e3a74b64fdc"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2022-12-14 23:34:14",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.20772 (winblue_ltsb_escrow.221214-1721)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "3827b6fa1f4022001328be9d79e33b18",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.20772",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "aaf18af925d829095e017c505f1a0039",
+                    "SHA1": "c3d13f7d96127a3b16c7a8c0a3dd98fd9f22c3cf",
+                    "SHA256": "05367ecae4cf78cc575048fb931468b1d210df8c38ff8ca05481124b1a1a6917"
+                },
+                "SHA1": "3b0ef33281ba05d9d9259b1fd44bf5d43e5187a4",
+                "SHA256": "3927727eb2435b28d2cf0ce1757e72ce3e92a86362b87120040c744c1c08bce9",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 5.4138887164260945,
+                        "Virtual Size": "0x6c850"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.087141441925473,
+                        "Virtual Size": "0xa740"
+                    },
+                    ".reloc": {
+                        "Entropy": 5.408759919158508,
+                        "Virtual Size": "0x998"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.472769777929499,
+                        "Virtual Size": "0xfd40"
+                    },
+                    ".text": {
+                        "Entropy": 6.493463299563896,
+                        "Virtual Size": "0x16e004"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000038db0bfe1b0ca33b3d400000000038d",
+                                "Signature": "7aa4402e28e909a6f7ff198a87c8f546fd868da5adf65529e8ced9b8ff16f56d03704671b64454a21437cdc6b47d83ea130e55b30ed223fda526676f6034a0d649e924cdf96d3c26386378d2ab91da329e3ddecbfe21c7f32764df6409a7f82f67c90ab5d9d7c167376487b3579fc1d99201098d2124f91f6558fb03285a49159fcc6d6ff6f8bbbc51f5209689963bebbc504c08089fa7c13e3bbae4f3c77a3a083548f8c95a1504b66fd5cfa658f9353ca231fd085e94f9bdb9bf68e302cae1bb6d483f97b5d4a2d26486fcab72ebe5fd0b555066edd3d894531f836130e309ccf4e98d1b44950efb0812a2190d4b0df3c5bf7ee8123a1d57410cd797dc0ccf",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "74a1035aa6d38ec0a7a35a6d143cc612",
+                                    "SHA1": "62c5627f7d38759edce84eace5ae41fc7a54d6f8",
+                                    "SHA256": "b6319137740477c564fb2beb1d50929a333f092aa362ce5129085a2c9d4bf489"
+                                },
+                                "ValidFrom": "2022-05-05 19:23:15",
+                                "ValidTo": "2023-05-04 19:23:15",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "330000038db0bfe1b0ca33b3d400000000038d",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "dbbed756-4f18-430e-9a68-6f0054091fa3",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "EA9C72C1CE865E6044ABFF576FD712D4DF3F5114318753EFCFEFED70EE586884"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "573D0A8D59DC7FDB0BE784ABE9B51DA9183848B613FF4C96B143D286043B4E43",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Oracle Corporation and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "ae5b655b-a592-4d17-bce2-99ef497e846c",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "b6736f2d357c4f0b8d557c3c0c39fb54",
+                    "SHA1": "4917df76db99a277efdb57da560e145ca3d32d35",
+                    "SHA256": "e7c20b3ab481ec885501eca5293781d84b5a1ac24f88266b5270e7ecb4aa2538"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "5917ac93685b816492c5476071db3871",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "f039244623179184ac63f73797aee7f926f2132e",
+                "SHA256": "6e79e3d0580d244c2fc2179a4f08cb80f945ad33d8c4c325de4e35e0d41584c5",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.362375087615993,
+                        "Virtual Size": "0x24058"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.8424565006028102,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.188660636162784,
+                        "Virtual Size": "0xcc30"
+                    },
+                    ".rela": {
+                        "Entropy": 2.5870428023786656,
+                        "Virtual Size": "0x24ea0"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.3567796494470397,
+                        "Virtual Size": "0xa"
+                    },
+                    ".text": {
+                        "Entropy": 5.612002982618474,
+                        "Virtual Size": "0x87259"
+                    },
+                    "/14": {
+                        "Entropy": 7.113430283211426,
+                        "Virtual Size": "0x603"
+                    },
+                    "/4": {
+                        "Entropy": 4.796856025961145,
+                        "Virtual Size": "0x13ab0"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "3300000018e730837f472a7b5b000100000018",
+                                "Signature": "71bbbe63866fd705b424a7ba51f23ca48a84197382972d3a8f43597f67928ed7263aa0a22681b89d851ddb655f9ccf932a92da0dc6c7f43eded65716ee65ed2739ef140bb95d987dcdc1b7ee9134abd02370e12c3eba71662f10e88370610acb6c98fff27c38b3b829333d75428e804aded09b3486717d41188f048902c169787bcf10996c7b66de4dfa5b8217bdb02314393db288a8dffb5b5b63a14d781ebf0efa5ac640585fdf6370bcb52870f92d67282231111211726c82c09a1a1a81043bba955b40bbc91c033272d987521e37d8aa1dd0fa54513c12acc0a1480801d2dfa5e438a71a0a30a684a39233224b9e71463db6b99a67073724a200425b42c6",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+                                "TBS": {
+                                    "MD5": "d442a6ab238e766c07d33f02d299a9a5",
+                                    "SHA1": "3fb2a93548919ed386a441800a5d941ee358e38f",
+                                    "SHA256": "8806fc9fc29ec30556728d016e0667364f4f3359b8747cbd45d5f783ffe93abb"
+                                },
+                                "ValidFrom": "2015-10-28 20:43:37",
+                                "ValidTo": "2017-01-28 20:43:37",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                },
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "SerialNumber": "3300000018e730837f472a7b5b000100000018",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "ae5b655b-a592-4d17-bce2-99ef497e846c"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "c8d926b0-b5a4-4960-b951-1f4cfffd940e",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "2493adfef4cb684c76b9697cf414c95b",
+                    "SHA1": "d05a293ae6ba3f9d4f03da5027807f2182be4c22",
+                    "SHA256": "ee0a54e2dd9848d7a209d2c945449a0bac9a46c45e5e033c6982d2924839ac74"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2016-02-10 16:43:19",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.18233 (winblue_ltsb.160210-0600)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "09287aecf07aa294ed7f76f2234270a9",
+                "MachineType": "THUMB",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.18233",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "9a33833e2407d8d25146f07e9c5c8444",
+                    "SHA1": "04243895d74611d8d91937ec718a82b8dd7fe0f9",
+                    "SHA256": "2efb0d9096d6fc172537ba8c386ba82f72b5a9bed5047e7830290bb6aafb0ff4"
+                },
+                "SHA1": "f4de49ab09ad1d3e18ba4eeef481d91cd67a4860",
+                "SHA256": "860c16809e3941bebedff0bde99c32aa77379c0be1f6b174d20038a02162d3d5",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 6.118785418021721,
+                        "Virtual Size": "0x35d10"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.140620718060279,
+                        "Virtual Size": "0x5ba8"
+                    },
+                    ".reloc": {
+                        "Entropy": 4.723783525533069,
+                        "Virtual Size": "0x40dc"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4718876307612105,
+                        "Virtual Size": "0xfce8"
+                    },
+                    ".text": {
+                        "Entropy": 7.012580430527564,
+                        "Virtual Size": "0x9f3d4"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "33000000a6206efff45e063a190000000000a6",
+                                "Signature": "1af26ac0cce3928cceeb0ebeb5186b1b289be1caa47cba55a0f5e23afa820ee56142a1f158d8d32c2230c6010fa04ae06caf71b10094107e15e2a73e7d6ab6ee827ab9a2dd386dfe2693fcf0e1a88ac736f48f2944a8214bda510dfc68ccbf0fc6c4f0f39036edd3f08e1449b129d7f611b7e5d6b60a97f63530ed8381a11fc8b95beb7fbc45258d4eb767a911095a27d17f613665f70600b30b88091015722e8a64fb43d975f92890d80b545e38317279e44a7071a104715796dd91d0b913c2ec106073f696a236d71979da345d469eac38e7492ac88f7ecdff68180d2dd57051d79a46b2f6ed2c810d6bd51521c3fda183dd8599f282561255ef8bde0f8ed8",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "57c30a2d7e6573994b137079cbff34b8",
+                                    "SHA1": "08980baa201ccbfc096accff568fb2b073da66f4",
+                                    "SHA256": "19241716f05046843df5ff3c02395bf6e2ed68ad52d441a71a2edcd24ac93056"
+                                },
+                                "ValidFrom": "2015-07-15 17:04:59",
+                                "ValidTo": "2016-10-15 17:04:59",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "33000000a6206efff45e063a190000000000a6",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2022-34301"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\esdiags.efi } }",
+            "Description": "This was provided by Eurosoft and revoked Aug-22",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "aa02b41c-fdba-4a15-8cd0-721c8ce19b68",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "cf53d0ab33dfb190f34ec0b12fcd54d6",
+                    "SHA1": "fb0b0ee77baf7de4e8072a79bd48406c63a0bc7c",
+                    "SHA256": "e9d873cbcede3634e0a4b3644b51e1c8a0a048272992c738513ebc96cd3e3360"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "esdiags.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "77164588c1c1207395ca4a64dca19f85",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "b1d0f26d6c2ada8828889a9208529ce96b6312e4",
+                "SHA256": "1e918f170a796b4b0b1400bb9bdae75be1cf86705c2d0fc8fb9dd0c5016b933b",
+                "Sections": {
+                    "": {
+                        "Entropy": -0.0,
+                        "Virtual Size": "0x1d28"
+                    },
+                    ".reloc": {
+                        "Entropy": 5.393560756394889,
+                        "Virtual Size": "0x100c"
+                    },
+                    ".text": {
+                        "Entropy": 5.26426828621347,
+                        "Virtual Size": "0xb6128"
+                    },
+                    ".xdata": {
+                        "Entropy": -0.0,
+                        "Virtual Size": "0x13e4"
+                    },
+                    "text": {
+                        "Entropy": 4.864329193142283,
+                        "Virtual Size": "0x96"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "09d2ecf1e18290f1ea3bf27dd1cbeb62",
+                                "Signature": "4ad23e049278de3e46ea9bacb4869b3b787d3fb0306e9cb33621ad3ec283bca093d68b08bea449dfee9bdf1819f0bd95ce2724761856a5e2225eb38bb958c363fc54a6c47b3097894cc42d8cea7e553062f1ed7ccd15cedc0eb3a3316597ca1ac7954546f73325a8ccd9cfbf02dde71cef4684c23b22307ef3839ca5f8f7cbdbc2c6038e2ba37e8b0281de8653718a28163567d1c3617c40b1ba453b6177f31c73b515838a22871c59e8d15f9235dff874ad7a73ef0b8b10e3a123cfb7f3ac7b74fa306f21589ec29ad06f297549d387ddc369aa59e48fad5ea5ed7ec9051fa0ec96247ecb48b31a534e2ae9ad020ed0cdf25ae65cee5affec49f5ec44b5fcb7",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "??=GB, ??=Private Organization, serialNumber=01488751, C=GB, L=Bournemouth, O=Eurosoft (UK) Ltd, CN=Eurosoft (UK) Ltd",
+                                "TBS": {
+                                    "MD5": "0300d0ac1873acaa7bbbfa8bb78865f8",
+                                    "SHA1": "8cf42d660984334a7f73556260861949c9c2769d",
+                                    "SHA256": "a3ec97b75a7cff80f285bdc5808873f9d4e44994661a925afdef65d8365b71f9"
+                                },
+                                "ValidFrom": "2019-04-05 00:00:00",
+                                "ValidTo": "2022-04-13 12:00:00",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "03f1b4e15f3a82f1149678b3d7d8475c",
+                                "Signature": "19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA (SHA2)",
+                                "TBS": {
+                                    "MD5": "83f5de89f641d0fbf60248e10a7b9534",
+                                    "SHA1": "382a73a059a08698d6eb98c87e1b36fc750933a4",
+                                    "SHA256": "eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf"
+                                },
+                                "ValidFrom": "2012-04-18 12:00:00",
+                                "ValidTo": "2027-04-18 12:00:00",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA (SHA2)",
+                                "SerialNumber": "09d2ecf1e18290f1ea3bf27dd1cbeb62",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "esdiags.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\shim.efi } }",
+            "Description": "This was provided by Micron Technology and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "b3ceecb6-6bb6-43fa-9ab3-8ba2d6647443",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "2ccccbe8e79cfaa23784d56e0edf946f",
+                    "SHA1": "4dc601eb63e1e8d30e7ed4eede0a757630e66dc5",
+                    "SHA256": "b3e506340fbf6b5786973393079f24b66ba46507e35e911db0362a2acde97049"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "2014-03-10 12:11:20",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "shim.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "d407a4d3a9887218394aa73e94ffbde5",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "d483cd3de769ee4a2bd69c498501e7764656fb75",
+                "SHA256": "9d61099de8327efeff7e4aea81d9f3396a2218e6b22e15d05032a765897c0eba",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.804980130818098,
+                        "Virtual Size": "0x32158"
+                    },
+                    ".dynamic": {
+                        "Entropy": 1.0259041624373757,
+                        "Virtual Size": "0x130"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.212193108334823,
+                        "Virtual Size": "0xf5a0"
+                    },
+                    ".rela": {
+                        "Entropy": 2.622199242754339,
+                        "Virtual Size": "0x29d78"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".text": {
+                        "Entropy": 5.634947420095376,
+                        "Virtual Size": "0xab9fb"
+                    },
+                    "/14": {
+                        "Entropy": 0.6143694458867568,
+                        "Virtual Size": "0x12"
+                    },
+                    "/4": {
+                        "Entropy": 4.852850797014689,
+                        "Virtual Size": "0x17d58"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000000a6642f3f49fb7379600010000000a",
+                                "Signature": "2a27d6bd2f34c68a9989ec856449fe4934ad5c0615ec5819664399053737a86be46c914b9478ce393534b759eec5eb6f015b706b853f1d2be51fe9807b178eaa9e0f9558d6a5d913c58c7492cbad106abb7395426801a42f363842e60bf72d046668865db5d8ce2c901c9673044d05abb74c171ac198c0f9376bb9185ec7523bb53e6d2c114642ffbfbe20efc6c2571c2006159cb70ff2c428e997f6ce83bf57ad9a47c47decce9830cf861a156471c62600a0260b44e29ea8e6e33c407c046f37be4a46dcaf38c018b24f969beb716d8e76cebc3d1d19134ed6f216cc2e357848b4998196ebd7326bca3e3ade1ba88e98612a569a46a1f45856f4e2dfa02a5d",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+                                "TBS": {
+                                    "MD5": "c52110f552e27ebb1e3fae114abafb3f",
+                                    "SHA1": "4954e087123653ce38da4cdd31141b6a1bb999e4",
+                                    "SHA256": "1cf7d28cfb21714522a9c91dda9d899ceadb0769f14b25e770799d88365aa54c"
+                                },
+                                "ValidFrom": "2013-09-24 17:54:03",
+                                "ValidTo": "2014-12-24 17:54:03",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                },
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "SerialNumber": "330000000a6642f3f49fb7379600010000000a",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "shim.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Intel Corporation and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "4f2db5df-2730-4e9e-aa70-51029d2540d1",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "2DCF8E8D817023D1E8E1451A3D68D6EC30D9BED94CBCB87F19DDC1CC0116AC1A"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "55A3628537C4FBDA0FA7D27001EB2DFCDC515D8A48649715A31E1D0065A7DA35",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "4f2db5df-2730-4e9e-aa70-51029d2540d1"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "10baff75-83cd-4786-ac2b-ade269c71421",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "75E78C197FF91F574735A3A606E56862E9E0B84DF0CF69F7C7F43CBC171AB371"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "268CED16B53E3430A28F1713A0D155A68BED89DB264D8D8170EB6BC548C9424B",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\BOOTX64.EFI } }",
+            "Description": "This was provided by Fedora Project and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "7cd28475-a974-4b4b-becd-b57b605d2b9e",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "831541e64bf58f95339e2e1fbc08b9a8",
+                    "SHA1": "78d90cb632f7b98b3c39ef79f5a8079654b27e5b",
+                    "SHA256": "f1b4f6513b0d544a688d13adc291efa8c59f420ca5dcb23e0b5a06fa7e0d083d"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "2013-11-06 14:45:47",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "BOOTX64.EFI",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "aa8eae148f6ac90c370eb50c88b974e1",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "2f8b409981580582bfe5fd5e36f8d3e23c061966",
+                "SHA256": "a120f42de7b5bfcb55c40afc857b6baf4d1ac60725500c27a5b2942bda970ccf",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.788657848345654,
+                        "Virtual Size": "0x32638"
+                    },
+                    ".dynamic": {
+                        "Entropy": 1.0193252150689545,
+                        "Virtual Size": "0x130"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.212411046351249,
+                        "Virtual Size": "0xf540"
+                    },
+                    ".rela": {
+                        "Entropy": 2.6197000559147496,
+                        "Virtual Size": "0x2b440"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".text": {
+                        "Entropy": 5.632428417166211,
+                        "Virtual Size": "0xab73e"
+                    },
+                    "/14": {
+                        "Entropy": 7.133596117970691,
+                        "Virtual Size": "0x4ac"
+                    },
+                    "/4": {
+                        "Entropy": 4.852532962586707,
+                        "Virtual Size": "0x17c88"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000000a6642f3f49fb7379600010000000a",
+                                "Signature": "2a27d6bd2f34c68a9989ec856449fe4934ad5c0615ec5819664399053737a86be46c914b9478ce393534b759eec5eb6f015b706b853f1d2be51fe9807b178eaa9e0f9558d6a5d913c58c7492cbad106abb7395426801a42f363842e60bf72d046668865db5d8ce2c901c9673044d05abb74c171ac198c0f9376bb9185ec7523bb53e6d2c114642ffbfbe20efc6c2571c2006159cb70ff2c428e997f6ce83bf57ad9a47c47decce9830cf861a156471c62600a0260b44e29ea8e6e33c407c046f37be4a46dcaf38c018b24f969beb716d8e76cebc3d1d19134ed6f216cc2e357848b4998196ebd7326bca3e3ade1ba88e98612a569a46a1f45856f4e2dfa02a5d",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+                                "TBS": {
+                                    "MD5": "c52110f552e27ebb1e3fae114abafb3f",
+                                    "SHA1": "4954e087123653ce38da4cdd31141b6a1bb999e4",
+                                    "SHA256": "1cf7d28cfb21714522a9c91dda9d899ceadb0769f14b25e770799d88365aa54c"
+                                },
+                                "ValidFrom": "2013-09-24 17:54:03",
+                                "ValidTo": "2014-12-24 17:54:03",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                },
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "SerialNumber": "330000000a6642f3f49fb7379600010000000a",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "BOOTX64.EFI"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Fedora Project and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "d9cb5f15-653d-4fdc-aee2-279681f7f91f",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "9954A1A99D55E8B189AB1BCA414B91F6A017191F6C40A86B6F3EF368DD860031"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "F06D3E0F031A2FDC63DD2BA2BE7F32E0D432434C3515C2F840D812FFBFA530F6",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "d9cb5f15-653d-4fdc-aee2-279681f7f91f"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "ad4ed491-2e8d-4c16-9bad-4352f1ce2f67",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "C875AE8A8DB5441A577172869A4EC6E71DACE7A875F42A2FBBA4B52F293499DE"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "339E7E433DA8002B9FFB9EEB3C768742A93953509FC02BCAF95254228914067F",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "98b2c48c-eaa0-48d4-bcbd-4090cffd2fed",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "F558E04EF99B39A1012E8BC2685728D983C682CF5E6F7E4D335A660283D7C666"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "575D4DF1AFBDD514A6D293234F4493736200E657D0EB9C618CBE18B3AE8EBB3E",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\Signed_14173467011297444/shimaa64.efi } }",
+            "Description": "This was provided by Debian and revoked Apr-21",
+            "OperatingSystem": "64-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "2d38a9bc-5c3e-4871-9e74-a1181a10764d",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "c5fe8d0376e90b44fd565015cd7e82c9",
+                    "SHA1": "a69b510efc63da996aa74d11e49b6748141d2803",
+                    "SHA256": "903d0d76ada77672c60a4d63be5f6e1b8f247cea9e7d32b6cb26e1a82815d09d"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "Signed_14173467011297444/shimaa64.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    "text, text"
+                ],
+                "InternalName": "",
+                "MD5": "a1b9b882d3990b8465c7010a406ecd99",
+                "MachineType": "ARM64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "58d47e6513a61b42d4c1c2a9150cf9fd051ec435",
+                "SHA256": "754952ff4187789c0269982d056f6a863409963f46d870c0a8d054e0fe69857b",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 2.6794102876071513,
+                        "Virtual Size": "0x34b08"
+                    },
+                    ".text": {
+                        "Entropy": 6.294539620252291,
+                        "Virtual Size": "0x99000"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "TBS": {
+                                    "MD5": "8d8a1f204c9c80213bd427fa58b387e2",
+                                    "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386",
+                                    "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0"
+                                },
+                                "ValidFrom": "2018-07-03 20:53:01",
+                                "ValidTo": "2019-07-26 20:53:01",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                },
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "Signed_14173467011297444/shimaa64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "2682f970-000c-406a-bf2e-fa4c1ac8bbeb",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "E6C63C984BC754736376564A8F9AB1B7885B9AC2F49F1EC6E4053049D26F78F9"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "B28C498A7CD61006A32A9EEF404AED4349CA68DC6F2240833BA4EC745D37A1DA",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "e9785a5c-1caf-4577-85fa-9a2eadc9bfe9",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "788383A4C733BB87D2BF51673DC73E92DF15AB7D51DC715627AE77686D8D23BC"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "D389EDE1F84051086D30B8C2CFC362797B129854DF1313CA474F83A143F55D11",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "e9785a5c-1caf-4577-85fa-9a2eadc9bfe9"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootarm.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "312efde5-1d57-4845-860d-cecb9a1af677",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "26ACA3C927095772FA26A4D63680597130AD161EEE8CBCE34B59E10C6167E92A"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootarm.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "0EC7C340AE2DAA6D5F7B261BB64A5E7E2351073FC5B893E07D03595DEE28F544",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootarm.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Intel Corporation and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "8e051211-3998-46bf-abf0-cfba6699c4f1",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "CF13A243C1CD2E3C8CEB7E70100387CECBFB830525BBF9D0B70C79ADF3E84128"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "07058C9BBCCB99D58FC93EBE2C007CFE28E1BF74E51954584AA3D3CA06689FBA",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "8e051211-3998-46bf-abf0-cfba6699c4f1"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "46412487-6c24-4809-8b77-f2165d5a8395",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "2E6921DC970AAC433DE9AE4ED66B2681A4CD2BE649D2EE9A561871C335E8B1B7"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "DEB3FC384826610AD277DDD592F6CA8FA9D00E56457724D470DAAC32962532F9",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Unknown and revoked Jul-20",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "0cb9b7da-f228-4e4b-a07c-06346f0d2e47",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "B9B20E933E2B6C33C9FF088E224D802028F29A4CEBE50AB5D746027911A454FF"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "459728935C400CBED125A0AA12D0E618CCB6F4FDE3194BB2D06A511DAA335350",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "0cb9b7da-f228-4e4b-a07c-06346f0d2e47"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "4885e5bd-31eb-4f63-af7f-efff02e753ee",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "92F858F6A02BD2014618B05D7759E34E7781B15C34C8814BA4C930B320F8DB09"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "53E9CF33ED9379862E5A5424E0C3FBE6D81D0D622368F773C81658F408A642E3",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootx64.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "8e8db009-ddf8-4196-ac2a-99c9a0e6d9fb",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "6159052617b8251fa73b9137546992ca",
+                    "SHA1": "d9196a975de3cb5f3fbed654aef1a7d87801fffc",
+                    "SHA256": "cc202e8f2753ec75c9eeaac65c9d39eea6faed570664e930e3815976cd332d91"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2014-09-18 12:30:51",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.4.9840.0 (fbl_sec_oss3(dlinsley).140616-1123)",
+                "Filename": "bootx64.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "9ea079774ed23df340ecc523ddf68045",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.4.9840.0",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "2777dfee3c799f841a25c53df5d11e39",
+                    "SHA1": "6a4457a8f18e185baf0a0352666728176d377faf",
+                    "SHA256": "1ae942cee9560dc7ed300190c7efbe6312d44ec378914f3c09554d816a51b45e"
+                },
+                "SHA1": "34e4cbad02d8dd38e88bc3ab0b2dc47e91b9c02f",
+                "SHA256": "71083eb4f247ac78f52aa09f81054396a0dac1064e1191b5b56a43a6976c5c74",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.542679524584936,
+                        "Virtual Size": "0x620c0"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.100559280267619,
+                        "Virtual Size": "0xa7c4"
+                    },
+                    ".rdata": {
+                        "Entropy": 5.474744858697431,
+                        "Virtual Size": "0x22024"
+                    },
+                    ".reloc": {
+                        "Entropy": 5.4333959598080055,
+                        "Virtual Size": "0x99c"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.46970412781484,
+                        "Virtual Size": "0xfce8"
+                    },
+                    ".text": {
+                        "Entropy": 6.471130112924717,
+                        "Virtual Size": "0x14af76"
+                    },
+                    "PAGE": {
+                        "Entropy": 6.5423108965051275,
+                        "Virtual Size": "0x16bb"
+                    },
+                    "PAGER32C": {
+                        "Entropy": 6.320430943959415,
+                        "Virtual Size": "0x2e69"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+                                "Signature": "8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "9da610547a25cbe89af7ecdb99229623",
+                                    "SHA1": "6841cbcbd019586d045c2e9d6d0bc3a98fee3bf7",
+                                    "SHA256": "1cfead8146399a4dfe6759e9303c30c521cff3830e7177e87e64021dc3da4931"
+                                },
+                                "ValidFrom": "2014-07-01 20:32:01",
+                                "ValidTo": "2015-10-01 20:32:01",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Unknown and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "e081d394-fa4c-46c9-8a1c-c8790790aa3c",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "91656AA4EF493B3824A0B7263248E4E2D657A5C8488D880CB65B01730932FB53"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "84A6C5F6C7AC07F1CC405F7B53B69BFF17BE0E4B9A428C21D39DCE0CDD4EF16B",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "e081d394-fa4c-46c9-8a1c-c8790790aa3c"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootx64.efi } }",
+            "Description": "This was provided by SEAGATE Technology and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "a3bbd629-976b-4804-b5ea-2e62ee592092",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "370b63db6afc64b05feadcbffb223da4",
+                    "SHA1": "e9449d88a4154e0d1bfda7986c089f743b00e9ed",
+                    "SHA256": "95049f0e4137c790b0d2767195e56f73807d123adcf8f6e7bf2d4d991d305f89"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "2013-05-23 05:14:08",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootx64.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "ca747f0a7e1bcbc51cf4f9cd2a17f9a5",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "41686992e3e8fc975674d5134909975b66b54a38",
+                "SHA256": "777adc7e8a3e1422b3fc9c10ce31e996c057fe801a5292f0902bd5c5365e7287",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.797978054526178,
+                        "Virtual Size": "0x316e8"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.8341231672694769,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.2127120070382236,
+                        "Virtual Size": "0xf1f8"
+                    },
+                    ".rela": {
+                        "Entropy": 2.6244580629738223,
+                        "Virtual Size": "0x2af90"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".text": {
+                        "Entropy": 5.641612169819171,
+                        "Virtual Size": "0xaa991"
+                    },
+                    "/4": {
+                        "Entropy": 4.819140517708772,
+                        "Virtual Size": "0x174e8"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "33000000081eb17e9c15fc837a000100000008",
+                                "Signature": "840831439e4e63e88d00e1b0c0678d70bb89f466e9027ab28177926d5def8175b3240e729f943f1e6bd94a0f27c92e696a5001c0747f6bf7574c09e8485a5eb6d7024244ddd73236c28e9dfad58ec5098b74516234232552d9230c1d0ddae73108b0a0144bd9e9265dac56ebdcce7512cf3627a6858d41876ede19d35e0e27957a6896aae9ea150098327450fe7c72385aac6feff0616b3d066cd0be7e5a537bb18488c67db9f0731c30ac7918fe977b4250ffbfbeea81e1ba3b8a0305b9374f0d22453781cc5823b5faad5e50e84306381f83382fe0ed8b176a9c9ff1868cc6543e7f12b1f112adc62430fd1ba530d877a290f0d2e09eacce07ed37ec439c25",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+                                "TBS": {
+                                    "MD5": "c5e24205d04c09c94d81b6935af7ec09",
+                                    "SHA1": "12622dccb5b07edfd65cae6fc018e24b80ff2c82",
+                                    "SHA256": "d6afbff1c283d7777501bd3b2adb4aadb8ce32649ee401dfbb06f884362f7507"
+                                },
+                                "ValidFrom": "2012-07-02 22:25:14",
+                                "ValidTo": "2013-10-02 22:25:14",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                },
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "SerialNumber": "33000000081eb17e9c15fc837a000100000008",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "bbd79406-168c-449a-8206-9927288fefd4",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "B3EAFDEB6E2809BD72730E4FC7896B9D94543CA360E9629B63C039FF91274BEB"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "F64F70D1D3AD35BEC25526472C51765BEB40AAF72CA8EC1242E046F62C18C11E",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootx64.efi } }",
+            "Description": "This was provided by TeraByte Inc. and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "dabe9a66-0446-43a1-b9bc-fe279702a5ab",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "5ebf16973c90bb7a23fb44504d80f390",
+                    "SHA1": "ccb632ec30624e6860fe361920b83d1739d9db1a",
+                    "SHA256": "4b8668a5d465bcdd9000aa8dfcff42044fcbd0aece32fc7011a83e9160e89f09"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1970-01-01 01:28:49",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootx64.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "24a7545dc37bc7d366b05c68752af476",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "63006031749d3e2d445fd952c8da201181b90593",
+                "SHA256": "6b6e59284750fc0e6fac4d6c2a46100e9b0dde54e000b7327edd4a4dced9e9a0",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.543005509538862,
+                        "Virtual Size": "0x2a5d8"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.8341231672694769,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.2108977484090375,
+                        "Virtual Size": "0xedc0"
+                    },
+                    ".rela": {
+                        "Entropy": 2.6458352177504407,
+                        "Virtual Size": "0x1ae68"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".text": {
+                        "Entropy": 5.636907616740039,
+                        "Virtual Size": "0x9517a"
+                    },
+                    "/14": {
+                        "Entropy": 5.199783217663668,
+                        "Virtual Size": "0xc5"
+                    },
+                    "/26": {
+                        "Entropy": 7.264358037145479,
+                        "Virtual Size": "0x482"
+                    },
+                    "/4": {
+                        "Entropy": 4.842286067133961,
+                        "Virtual Size": "0x18848"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+                                "Signature": "6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "TBS": {
+                                    "MD5": "a5052527524f4998a7bd87f396196fe8",
+                                    "SHA1": "2374a3e4f0499d106f0e4d71a22f7b0e709847c0",
+                                    "SHA256": "f5b4992e0bd1b102ae9d5aeec4bd213f5dd042bd27b9a345ad336d2dda10a138"
+                                },
+                                "ValidFrom": "2017-08-11 20:20:00",
+                                "ValidTo": "2018-08-11 20:20:00",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                },
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "b0db7258-fe95-4712-ae0f-fe258342295b",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "F31FD461C5E99510403FC97C1DA2D8A9CBE270597D32BADF8FD66B77495F8D94"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "862EF2D92E8E0DF128007AEF6F9E4D6A6D0DE3C656A4D72D1A19A18068C23508",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "b0db7258-fe95-4712-ae0f-fe258342295b"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootarm.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "44560d47-de27-4691-bee4-6306bc160643",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "8810B37003E7CDDA026663968AA9E1B9CCCC96EED98528CF5A975BDE7B8084B7"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootarm.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "7391D51035BE75620EE4F0F597DF65F54D3518A7CFB74276D7A778AAF7B39477",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootarm.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "5d92da13-8976-4b19-871d-a9266e342121",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "19F4C7030AD74035F5BC07ACE285BD7538F231D25787755D72071EDE879C6978"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "A84526FB39B09F95A0A1CABE23D34CC28FA554242405EB653D6EAB8669B3C1BC",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "7c6d9a9a-0ec1-43b7-8e1f-053fb98e9fbf",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "9dc081d5f69234c2bbe8fbf881510703",
+                    "SHA1": "99c709c98c1d9548ab82b298f47782597c767601",
+                    "SHA256": "915009d1cf9d68b9e53064de82d4b70b58d2f014a03805cc406427d323d9fc35"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2022-06-02 22:57:05",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.20396 (winblue_ltsb_escrow.220602-1730)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "a442859fd33fbf61ed0ea28bbf33bdbb",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.20396",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "aaf18af925d829095e017c505f1a0039",
+                    "SHA1": "c3d13f7d96127a3b16c7a8c0a3dd98fd9f22c3cf",
+                    "SHA256": "05367ecae4cf78cc575048fb931468b1d210df8c38ff8ca05481124b1a1a6917"
+                },
+                "SHA1": "a1aee57f1fd4a6768950f74dfb2e2a97853d4733",
+                "SHA256": "c9f47991e981394076050cb8b5cddfcbf9fb01b6d7272b9079082e20e4875cc8",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 5.414037738822692,
+                        "Virtual Size": "0x6c830"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.09109331005081,
+                        "Virtual Size": "0xa71c"
+                    },
+                    ".reloc": {
+                        "Entropy": 5.408865957224927,
+                        "Virtual Size": "0x998"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.472348575968224,
+                        "Virtual Size": "0xfd40"
+                    },
+                    ".text": {
+                        "Entropy": 6.495613960484225,
+                        "Virtual Size": "0x16dbe4"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c",
+                                "Signature": "699045742c403812de1bdf9ea2be22132e82a7c006ab278e0c9f460bd435386348031a6b5cbdf450ae5a243331dcb2cc7eace8371cf71ec35a6f663147bd211ea357614e6a611eeacca6486a778d4cd788106ade12d6625574e7a89ecab4eb0bb99295c498dd5f565680a2d26bf2545e727c4204023c48d8021b608fd901c6fefd16ce0c3a669fb0ce758dc671f2cdd7434c163f9de9453e5523d94a78205c828a4615e50330d9f52a8a77f7683d2b61ff1324382d40d31001c518b56b286fbb8c754f6940590c2071385ed0a9387b529c06bf71fff89c74634550fc331b389d558696ace05787144e5af53d20a75a84981bf8380ddac3743f407d8ff27c089e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "46f57c3b860b08484cb79066ac1014ad",
+                                    "SHA1": "c1fe3ab97b834a98460e4ae92fe2468d16f61a92",
+                                    "SHA256": "d78e6b22fec42de5200f6c56731dd6742c79fa2bf7c01c8dc04d3d5738474c9b"
+                                },
+                                "ValidFrom": "2021-09-02 18:23:41",
+                                "ValidTo": "2022-09-01 18:23:41",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "3d65bba8-925b-4fcc-849e-ddfc0bdf1c49",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "DC7CC8D1DC11E304ABDF6E6227838F35B223B780F030DE7B341E88A3F6A361B4"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "C655C36EA5160603D4134B038D732604394031E177D1C32CFD582CCE0C037887",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Unknown and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "ae979b6b-32b7-42cd-b835-09215a457c01",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "C42D11C70CCF5E8CF3FB91FDF21D884021AD836CA68ADF2CBB7995C10BF588D4"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "561694642D87969C00583ED6C4BB6C41527DFF7164A079035E8C8B905A5E4B62",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "ae979b6b-32b7-42cd-b835-09215a457c01"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\shim-0.4-0ubuntu4/shim64-bit.efi } }",
+            "Description": "This was provided by Canonical Ltd and revoked Apr-21",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "c8bbda28-7392-4588-a899-755c58de432b",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "15d38ac115b29438f9f82509f78c340a",
+                    "SHA1": "c017bdf23c9fae3f7c66a28aaefa4ce95d174a71",
+                    "SHA256": "1db183cf5655b2dd0ce9508273b339146c3b7dcdec0d0ac3c180c953083faf18"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "2013-09-23 01:33:04",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "shim-0.4-0ubuntu4/shim64-bit.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "8712d45e1ae024cb45067ad5918e12da",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "a6aa33d40dacfcc964b01a5c18d26829d362fbce",
+                "SHA256": "702a10fa1541869f455143ed00425e4e9b2d533c3b639259bde6aac97eca15ed",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.791429945661147,
+                        "Virtual Size": "0x30b48"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.8174565006028103,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.2126934517254524,
+                        "Virtual Size": "0xf120"
+                    },
+                    ".rela": {
+                        "Entropy": 2.627268789314352,
+                        "Virtual Size": "0x299a0"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".text": {
+                        "Entropy": 5.634227672572103,
+                        "Virtual Size": "0xa84d5"
+                    },
+                    "/14": {
+                        "Entropy": 7.33045778996378,
+                        "Virtual Size": "0x441"
+                    },
+                    "/4": {
+                        "Entropy": 4.852971920873678,
+                        "Virtual Size": "0x176f8"
+                    }
+                },
+                "Signature": "",
+                "Signatures": {}
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "shim-0.4-0ubuntu4/shim64-bit.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "1d193967-c24f-46c5-83ae-4bf1d5ea80ca",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "23A0F1DE04EF678E621A449040CF519DDC3679FE54C9E2E0897DFE2C80D3DC26"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "9C4A74D11888FA41A0341EE6F0B75DB69C34827851755F46506A6C0ED96CEC8D",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Canonical and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "25356276-9f23-4044-a512-863c5b3180df",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "B93F0699598F8B20FA0DACC12CFCFC1F2568793F6E779E04795E6D7C22530F75"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "96520E78051325998A6D82FFFEE0366F85289E6D8834D1F3DA9082C6EE146D26",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "25356276-9f23-4044-a512-863c5b3180df"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "b7909152-9a87-4045-9aca-ae18890b2b71",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "3B7696DF627ADE30BB15BDC5CE3F3C27240C973353E8551E7B036C90D01280C9"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "41607556B9A25F6F3AB73331589519553F83D2CB3629FB3E729303898D173023",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "9164d869-3953-40eb-91e4-26a837e3aacc",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "e518520c0709c922714f016a9ec3d893",
+                    "SHA1": "3ef1fcd520f386618b77de8759b40d169b042708",
+                    "SHA256": "05729029ef940c5e6ee96b3b1253c08783c01329bce2e9951bc22a09223fc15c"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2022-04-11 22:20:40",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.20366 (winblue_ltsb_escrow.220411-1722)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "c6697cdbcf51cc54053438e644243327",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.20366",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "c3a45277e34522772d2ffb9c618850dd",
+                    "SHA1": "ccaa1ad0944140bed3cf64cdaf8c9d2004c29074",
+                    "SHA256": "474fc92022c5254d909bd3560e682dc6a340333b34b82d63e8b9a575cf09b292"
+                },
+                "SHA1": "056c3b1ab4f9b248ffc5285f299a2653839357f2",
+                "SHA256": "1eadf7bf5fde916884a4beb82dd68ba50be05413f00aae8571190a2eaa462640",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 6.175578570095665,
+                        "Virtual Size": "0x5c8b0"
+                    },
+                    ".reloc": {
+                        "Entropy": 6.751781167901335,
+                        "Virtual Size": "0x5ea4"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4725471322840162,
+                        "Virtual Size": "0xfd40"
+                    },
+                    ".text": {
+                        "Entropy": 6.63395324582708,
+                        "Virtual Size": "0x1326f4"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c",
+                                "Signature": "699045742c403812de1bdf9ea2be22132e82a7c006ab278e0c9f460bd435386348031a6b5cbdf450ae5a243331dcb2cc7eace8371cf71ec35a6f663147bd211ea357614e6a611eeacca6486a778d4cd788106ade12d6625574e7a89ecab4eb0bb99295c498dd5f565680a2d26bf2545e727c4204023c48d8021b608fd901c6fefd16ce0c3a669fb0ce758dc671f2cdd7434c163f9de9453e5523d94a78205c828a4615e50330d9f52a8a77f7683d2b61ff1324382d40d31001c518b56b286fbb8c754f6940590c2071385ed0a9387b529c06bf71fff89c74634550fc331b389d558696ace05787144e5af53d20a75a84981bf8380ddac3743f407d8ff27c089e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "46f57c3b860b08484cb79066ac1014ad",
+                                    "SHA1": "c1fe3ab97b834a98460e4ae92fe2468d16f61a92",
+                                    "SHA256": "d78e6b22fec42de5200f6c56731dd6742c79fa2bf7c01c8dc04d3d5738474c9b"
+                                },
+                                "ValidFrom": "2021-09-02 18:23:41",
+                                "ValidTo": "2022-09-01 18:23:41",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Unknown and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "0d33abea-51fd-4453-a8a3-150328e8ce21",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "9ED33F0FBC180BC032F8909CA2C4AB3418EDC33A45A50D2521A3B5876AA3EA2C"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "A121947909D35BB042F0049D18E4EE2B27941E10D14E4D6B1C11945CA79992E6",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "0d33abea-51fd-4453-a8a3-150328e8ce21"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "d1d2f3cc-064e-455c-af50-3bd0d46a06f2",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "889829fb843f0a94ac85fd363af55729",
+                    "SHA1": "7064b8e79beeb6e7443033f51a17d7973ea424a2",
+                    "SHA256": "7f292bce8dc97b601ef1ea72bdf7d96a12a87782bb1b1c547f85c55c7b3ff035"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2022-02-15 11:51:09",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.20300 (winblue_ltsb_escrow.220215-0706)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "d6604f3caaa504ff3aedbade7d87fb97",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.20300",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "c3a45277e34522772d2ffb9c618850dd",
+                    "SHA1": "ccaa1ad0944140bed3cf64cdaf8c9d2004c29074",
+                    "SHA256": "474fc92022c5254d909bd3560e682dc6a340333b34b82d63e8b9a575cf09b292"
+                },
+                "SHA1": "a8dc3e14fb4ad8d264fdaba4ccbc89d64ee4791d",
+                "SHA256": "f025a519dccf1df41951c22c6dc5cafa61e21b117e174b4983b45ccc22c6375f",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 6.174017317899591,
+                        "Virtual Size": "0x5c8b0"
+                    },
+                    ".reloc": {
+                        "Entropy": 6.755773988883993,
+                        "Virtual Size": "0x5e94"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4723546570842396,
+                        "Virtual Size": "0xfd40"
+                    },
+                    ".text": {
+                        "Entropy": 6.632565264872485,
+                        "Virtual Size": "0x132694"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c",
+                                "Signature": "699045742c403812de1bdf9ea2be22132e82a7c006ab278e0c9f460bd435386348031a6b5cbdf450ae5a243331dcb2cc7eace8371cf71ec35a6f663147bd211ea357614e6a611eeacca6486a778d4cd788106ade12d6625574e7a89ecab4eb0bb99295c498dd5f565680a2d26bf2545e727c4204023c48d8021b608fd901c6fefd16ce0c3a669fb0ce758dc671f2cdd7434c163f9de9453e5523d94a78205c828a4615e50330d9f52a8a77f7683d2b61ff1324382d40d31001c518b56b286fbb8c754f6940590c2071385ed0a9387b529c06bf71fff89c74634550fc331b389d558696ace05787144e5af53d20a75a84981bf8380ddac3743f407d8ff27c089e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "46f57c3b860b08484cb79066ac1014ad",
+                                    "SHA1": "c1fe3ab97b834a98460e4ae92fe2468d16f61a92",
+                                    "SHA256": "d78e6b22fec42de5200f6c56731dd6742c79fa2bf7c01c8dc04d3d5738474c9b"
+                                },
+                                "ValidFrom": "2021-09-02 18:23:41",
+                                "ValidTo": "2022-09-01 18:23:41",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Unknown and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "8d43face-8444-4bf2-ac71-c0213d06ef91",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "495300790E6C9BF2510DABA59DB3D57E9D2B85D7D7640434EC75BAA3851C74E5"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "DA31FE4698AD3D0E30408927BE36C938BF52FA9CB8D46B12F84F5D5EC22DD1C6",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "8d43face-8444-4bf2-ac71-c0213d06ef91"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootia32.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "7cefffba-3701-43ff-96a7-7a66f008805e",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "50F93402B66127D87B947067E9689DF5B2B36B253833FFE1E6CECA685FAE2D85"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootia32.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "C443B4E3083BDBF2296A5E0986022520535C01ECC6CA3E0F0F83F3B683672368",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootia32.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootx64.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "163602d8-2ce1-4c1a-9101-568c50a6f887",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "0e937bbc24f9343c32c2641a3b728ea8",
+                    "SHA1": "3c3db26f3be97e13953510a1615c3efd05f10aea",
+                    "SHA256": "2992068e4f616f2d7253e9d58116a97f22923f4dc1b78a58be4499b982ecf270"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2014-08-18 17:28:19",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.4.9820.0 (fbl_sec(dlinsley).140425-1038)",
+                "Filename": "bootx64.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "c815c638cba6bdc82a6b4f72204ed252",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.4.9820.0",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "420a1a5671848b2653305add8102a14f",
+                    "SHA1": "114d1b38b6213056c957863df20adfa4d8e5d3a1",
+                    "SHA256": "20a649595bb060b7fabbd48e91fff890b90f378cbbdcf05d770a881393fa42fa"
+                },
+                "SHA1": "d2e758288883a7b37a46b773ec0ff61c328e8bf7",
+                "SHA256": "64604ea91f31b815bd0219d56563b9c2d307fc6c71ecc38d498221e0e0e9c4ad",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.348734060496247,
+                        "Virtual Size": "0x63050"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.080132511208591,
+                        "Virtual Size": "0xa758"
+                    },
+                    ".rdata": {
+                        "Entropy": 5.425860402319835,
+                        "Virtual Size": "0x21e54"
+                    },
+                    ".reloc": {
+                        "Entropy": 5.422764555576717,
+                        "Virtual Size": "0x988"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.469760072257071,
+                        "Virtual Size": "0xfce0"
+                    },
+                    ".text": {
+                        "Entropy": 6.47422240022722,
+                        "Virtual Size": "0x14ab76"
+                    },
+                    "PAGE": {
+                        "Entropy": 6.547079200625931,
+                        "Virtual Size": "0x1639"
+                    },
+                    "PAGER32C": {
+                        "Entropy": 6.320194972365571,
+                        "Virtual Size": "0x2e69"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+                                "Signature": "8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "9da610547a25cbe89af7ecdb99229623",
+                                    "SHA1": "6841cbcbd019586d045c2e9d6d0bc3a98fee3bf7",
+                                    "SHA256": "1cfead8146399a4dfe6759e9303c30c521cff3830e7177e87e64021dc3da4931"
+                                },
+                                "ValidFrom": "2014-07-01 20:32:01",
+                                "ValidTo": "2015-10-01 20:32:01",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "5ea7cfb0-5f73-4d02-925e-8161b423fa88",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "A372DA66E15D456DC4200BD3908E0943BA4EAF864F7A35062B6B1704320D090A"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "45A04261C55E72E48C90A5C821C3A519B4A0D9B1A6C3561CE7477AC399D23C5B",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootarm.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "35a53e95-2bf9-43c3-b7ff-c8a176b73a7e",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "91D56D765B020B99B7716582E3C380147FF0ACDDF63BB09ACDED0C0249E5CC8C"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootarm.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "641A3F8E77A42F04B0F300399F0FE6545733DB7EE00FA402358723E84BC62741",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootarm.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\centos-7.9-shim-20200726-shimia32.efi } }",
+            "Description": "This was provided by Red Hat, Inc. and revoked Apr-21",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "fd70f49d-4efd-4ebb-a889-5dbbcebe33a0",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "398995770D21E9F66B90D69D1EDE16C9E58C0634B2F7D26B1F22501DD93FDAE5"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "centos-7.9-shim-20200726-shimia32.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "8C3A26B5831FF45BC3BCA44C2815951E2DA489A91BBCD295F12DFDBCED9958B9",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "centos-7.9-shim-20200726-shimia32.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootx64.efi } }",
+            "Description": "This was provided by Blancco Technology Group and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "4d2c43e5-7a66-4890-93c7-3f9ce734f78e",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "757b01c0eb9ed075c6e93d2fac4b0e4e",
+                    "SHA1": "948d8090a1f360db50a84f3cab750f95d76044b6",
+                    "SHA256": "5b248e913d71853d3da5aedd8d9a4bc57a917126573817fb5fcb2d86a2f1c886"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootx64.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "22534ca115844f647fd2698572201490",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "7a21dd6f0289ca16c6f2a46cd37a965721f07518",
+                "SHA256": "24d6b301a1268ba8b373275981538855205eb0115609800f2b5b95377483b108",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.411757169157883,
+                        "Virtual Size": "0x2bc78"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.7873974037224476,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.210413889723783,
+                        "Virtual Size": "0xfff0"
+                    },
+                    ".rela": {
+                        "Entropy": 2.655298369840716,
+                        "Virtual Size": "0x1c470"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".text": {
+                        "Entropy": 5.6177167078803505,
+                        "Virtual Size": "0x9aac7"
+                    },
+                    "/14": {
+                        "Entropy": 5.287094102644723,
+                        "Virtual Size": "0xa9"
+                    },
+                    "/26": {
+                        "Entropy": 7.246800061582028,
+                        "Virtual Size": "0x42e"
+                    },
+                    "/4": {
+                        "Entropy": 4.834298869664788,
+                        "Virtual Size": "0x1e698"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+                                "Signature": "6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "TBS": {
+                                    "MD5": "a5052527524f4998a7bd87f396196fe8",
+                                    "SHA1": "2374a3e4f0499d106f0e4d71a22f7b0e709847c0",
+                                    "SHA256": "f5b4992e0bd1b102ae9d5aeec4bd213f5dd042bd27b9a345ad336d2dda10a138"
+                                },
+                                "ValidFrom": "2017-08-11 20:20:00",
+                                "ValidTo": "2018-08-11 20:20:00",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                },
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootx64.efi } }",
+            "Description": "This was provided by TeraByte Inc. and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "f4268520-fd18-40df-aecf-b2a6e8dcf27d",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "ba5501c6998594711fe062521d0ba9de",
+                    "SHA1": "8dc43164d1742fd0e3a9590190ee7116bcfc04a8",
+                    "SHA256": "96e4509450d380dac362ff8e295589128a1f1ce55885d20d89c27ba2a9d00909"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "2013-02-28 08:15:09",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootx64.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "fbec641d8564e4e48784b2b07dd9c196",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "7ac5c5314da05d3a6e69e4213b9479a62d6f411b",
+                "SHA256": "ee39a9a3fbde8b15ce4ac34519e248ea746a52ae0ae680da5b0c7ef919e583a3",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.774275035620183,
+                        "Virtual Size": "0x310c8"
+                    },
+                    ".dynamic": {
+                        "Entropy": 1.0259041624373757,
+                        "Virtual Size": "0x130"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.2093022589915736,
+                        "Virtual Size": "0xf1f8"
+                    },
+                    ".rela": {
+                        "Entropy": 2.622559703225293,
+                        "Virtual Size": "0x2af90"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".text": {
+                        "Entropy": 5.6400279515127,
+                        "Virtual Size": "0xaa1d1"
+                    },
+                    "/4": {
+                        "Entropy": 4.829624557782118,
+                        "Virtual Size": "0x17460"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "33000000081eb17e9c15fc837a000100000008",
+                                "Signature": "840831439e4e63e88d00e1b0c0678d70bb89f466e9027ab28177926d5def8175b3240e729f943f1e6bd94a0f27c92e696a5001c0747f6bf7574c09e8485a5eb6d7024244ddd73236c28e9dfad58ec5098b74516234232552d9230c1d0ddae73108b0a0144bd9e9265dac56ebdcce7512cf3627a6858d41876ede19d35e0e27957a6896aae9ea150098327450fe7c72385aac6feff0616b3d066cd0be7e5a537bb18488c67db9f0731c30ac7918fe977b4250ffbfbeea81e1ba3b8a0305b9374f0d22453781cc5823b5faad5e50e84306381f83382fe0ed8b176a9c9ff1868cc6543e7f12b1f112adc62430fd1ba530d877a290f0d2e09eacce07ed37ec439c25",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+                                "TBS": {
+                                    "MD5": "c5e24205d04c09c94d81b6935af7ec09",
+                                    "SHA1": "12622dccb5b07edfd65cae6fc018e24b80ff2c82",
+                                    "SHA256": "d6afbff1c283d7777501bd3b2adb4aadb8ce32649ee401dfbb06f884362f7507"
+                                },
+                                "ValidFrom": "2012-07-02 22:25:14",
+                                "ValidTo": "2013-10-02 22:25:14",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                },
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "SerialNumber": "33000000081eb17e9c15fc837a000100000008",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\rhel-8.3-20200917-shimia32.efi } }",
+            "Description": "This was provided by Red Hat, Inc. and revoked Apr-21",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "7520fd68-dbc4-4182-ab8e-2cc005024183",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "4AAC0A9E089DF8E9AC6725E0DFCA3AC11A17747A2E35F43A2B38A58F8AE2A273"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "rhel-8.3-20200917-shimia32.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "3BA74313087DB77CF93A00E072A2FAE00C0A472DAC5DD6988F9C0993A0769159",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "rhel-8.3-20200917-shimia32.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "7662d98a-0476-48dd-b532-8e6142d251ec",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "e2a3feaa3ac65bd8ceec1f6430f81121",
+                    "SHA1": "80257f616bfa48d64053b0198af7280152e8243f",
+                    "SHA256": "8ed8aa03199de7d541ccbb3009a2b1ff575219662d8b23fba7fdff02d80abd29"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2016-10-05 14:50:04",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.2.9200.22004 (win8_ldr.161005-0600)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "a168299b9ced4e289f438408b6a047b6",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.2.9200.22004",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "fa6462badb7aa537a9d3ecf604e9fbd7",
+                    "SHA1": "caefdafc6f3620830b306d429c83bb077f6bdaa4",
+                    "SHA256": "4689fe3d6e35db99759219db2adef6cefa62105e8b636c0c5bd2a6bec395e471"
+                },
+                "SHA1": "cd0498821da3074abf0b1c44819f1bd2f3a13355",
+                "SHA256": "90ea447ccfdcd9771de40de9721d0256d6d8a30d68963e82485c2e92b7eb5257",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 6.169217945416925,
+                        "Virtual Size": "0x55ef0"
+                    },
+                    ".rdata": {
+                        "Entropy": 5.377951519517065,
+                        "Virtual Size": "0x122af"
+                    },
+                    ".reloc": {
+                        "Entropy": 6.114816268597115,
+                        "Virtual Size": "0x61f4"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4717263860040073,
+                        "Virtual Size": "0xfd14"
+                    },
+                    ".text": {
+                        "Entropy": 6.640808824960342,
+                        "Virtual Size": "0xdd886"
+                    },
+                    "PAGE": {
+                        "Entropy": 6.507290228990708,
+                        "Virtual Size": "0x12ab"
+                    },
+                    "PAGER32C": {
+                        "Entropy": 6.570088920256996,
+                        "Virtual Size": "0x4805"
+                    },
+                    "PAGER32R": {
+                        "Entropy": 7.631412897966042,
+                        "Virtual Size": "0x380"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+                                "Signature": "60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "f31f8c784e5d3986ccacb9c88c6d7044",
+                                    "SHA1": "833498af9a41da339c83e0d384b521f72d053331",
+                                    "SHA256": "1f47e616b2810165968d76ef4f6587611c276f4b52901bd6aa5822f9c6e52976"
+                                },
+                                "ValidFrom": "2015-08-18 17:15:28",
+                                "ValidTo": "2016-11-18 17:15:28",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "ca53fb23-c94b-436c-9066-079bd6480ae7",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "6730C911E6D91009420D202FB6F394568A06AA97E9F33F30C7E92AAA71332D68"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "97C24B65A08878AEB0002FC577B717A950C0A20E60EBDFC569637EF57059A2BE",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "5466b767-bb4f-4044-a72c-1a7aab0d1d4f",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "D084AC3FCD80893B1878653C8BA9B71FB9C53E25843A989EF51A9B44C7EAFCBC"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "1EC66D5D99383D9EB6CB553965D6ADEF787ABDDEC162844AF1CC04F24EDBCE08",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "312c2d35-25a3-454a-a458-a797350273b1",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "F330F23C09772A64E1478A19CE003FABCA4F52A9431A8C6803019AD532D7DDC8"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "AEFCF3C2010344775B306EFA5FA4A9B7630AA95DA5B59C4E96A2524302B51E50",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\cent-8.3-20200730-shimia32.efi } }",
+            "Description": "This was provided by Red Hat, Inc. and revoked Apr-21",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "8041563b-fe86-4183-9409-a479ef4f9b46",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "F5D396FC5AD8B7EAC22652129D56449DC30B6965CE3E41F5D76590E3B1ECFE62"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "cent-8.3-20200730-shimia32.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "5E9D231F7BC2F98E9CBFBE65DA29F7B663A1E84FEE090250BD0976D65DB3FC0A",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "cent-8.3-20200730-shimia32.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "5cb571f7-050a-40db-a196-9ad7cd8afed6",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "E808A337ED6911EF561C27CABACABF4EA6D6E20FB70F5413B121AC251ABCC10C"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "079A26143F5CD9862331F7C1850FFCF2D6E081FCFA8617F6FFA94FA212834DD1",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "c045cb03-9cfb-4ef9-b058-6734090e1dda",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "8D93D60C691959651476E5DC464BE12A85FA5280B6F524D4A1C3FCC9D048CFAD"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "34440CB45EB6EC2532EF89D6FCD7D3D9BC2A021677BEBC9D65C47A725A6845D4",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "c045cb03-9cfb-4ef9-b058-6734090e1dda"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "ddacf4b0-e6e4-4546-b3bc-f196645266b1",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "47F7A5F3821286A9C677F66CFE2A84D5CA94CB6FC1EBE8E1986E91EDD58CBE33"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "39CEDF83BD3417A90588795CDE2BD6BAF7089997FDDB588E552952C179958D84",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "40f5cc74-badf-47d0-8fd7-021190a05953",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "A5BCFC748DA415BD7F00B669E1237C9898A6D03517CC80B3626F0BE326046B28"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "A7BF87F519397CA73C79AB94079E0E8218661C149713A8A286DBF1079E57B4BE",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\BOOTX64.efi } }",
+            "Description": "This was provided by Oracle Corporation and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "7cb68e8b-c07d-4b76-9af0-0936553f516c",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "e933dba3a6ab068b91601eb1828cec97",
+                    "SHA1": "4b496c6b76d4ddafb0e2b3c0fb27f47639005f98",
+                    "SHA256": "2679650fe341f2cf1ea883460b3556aaaf77a70d6b8dc484c9301d1b746cf7b5"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1970-01-09 17:23:08",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "BOOTX64.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "92f1d7fd78d0353c62e5dc8e81f558e2",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "a63dbf2c3b022c5d70c20e674ab8066a2b3290c7",
+                "SHA256": "06edb9f17a9007c8b6db6ee2fc240e88e238f06c7c983f987cd9be1b80010d04",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.460859983643804,
+                        "Virtual Size": "0x2a358"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.809123167269477,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.2034263115689736,
+                        "Virtual Size": "0xdd40"
+                    },
+                    ".rela": {
+                        "Entropy": 2.6459313794720467,
+                        "Virtual Size": "0x1b0d8"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".text": {
+                        "Entropy": 5.63990249860699,
+                        "Virtual Size": "0x96ba3"
+                    },
+                    "/14": {
+                        "Entropy": 5.146942838207223,
+                        "Virtual Size": "0x84"
+                    },
+                    "/26": {
+                        "Entropy": 7.130706042544344,
+                        "Virtual Size": "0x5f0"
+                    },
+                    "/4": {
+                        "Entropy": 4.852580285671373,
+                        "Virtual Size": "0x18c28"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "TBS": {
+                                    "MD5": "8d8a1f204c9c80213bd427fa58b387e2",
+                                    "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386",
+                                    "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0"
+                                },
+                                "ValidFrom": "2018-07-03 20:53:01",
+                                "ValidTo": "2019-07-26 20:53:01",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                },
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "BOOTX64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Fedora Project and revoked Jul-20",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "887e3ac7-c597-4327-86cc-29936e2f8cdb",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "D14EE5616DC8EC74D695AF08DACC78BBEFAFA7A97A5CFEAB9B961E86CE9EDD37"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "2F1DAE62EA074FD06DBBF620009CB3E65988D15431A061EAAB4D7ED1A97A3689",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "887e3ac7-c597-4327-86cc-29936e2f8cdb"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "7b45ea3e-38d4-4bac-aac7-54806c6ffb28",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "3E1A6021B3C6066E94F7F06AD7B29E35B1BD9EE496827A290EFB9BE7A27C5D63"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "3E5206C60B696D3B81696DF457D74881F0188ADFD75404A4C0AA627688975671",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Unknown and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "27c9ba50-5540-4ff3-90eb-8798c48599a1",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "1CB4DCCAF2C812CFA7B4938E1371FE2B96910FE407216FD95428672D6C7E7316"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "127B01B1F605183BBA4D1A07B7EEFE01BA88203A6CD6686B28F3883F33C0ED42",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "27c9ba50-5540-4ff3-90eb-8798c48599a1"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "a74084e3-94b3-4674-99c8-e314f7f6241f",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "367A31E5838831AD2C074647886A6CDFF217E6B1BA910BFF85DC7A87AE9B5E98"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "957D8826BEE05DFEA66994C237E61BD70CC0115CC176E1D931F1D892C6C16814",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "a74084e3-94b3-4674-99c8-e314f7f6241f"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\shim.efi } }",
+            "Description": "This was provided by Unknown and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "1456951c-e037-4508-a34f-5a6ff0065521",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "803bade13dfb54c31a1096787d89ab74",
+                    "SHA1": "1076e1a25c7fe4b65b48570300c506a0317c42bb",
+                    "SHA256": "03f64a29948a88beffdb035e0b09a7370ccf0cd9ce6bcf8e640c2107318fab87"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "2013-11-26 01:54:06",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "shim.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "89c04150c5f5b596236e04ccf5ef6a2f",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "7639a4d8974693df09e8cce6d1e3d0092fa03dcd",
+                "SHA256": "e50f1f1e9fb9198e5b094773d1d0068cc1cb1987d06583abaca20adc1f8932a9",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.794829537696304,
+                        "Virtual Size": "0x31df8"
+                    },
+                    ".dynamic": {
+                        "Entropy": 1.0127462677005334,
+                        "Virtual Size": "0x130"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.210837608809073,
+                        "Virtual Size": "0xf4e0"
+                    },
+                    ".rela": {
+                        "Entropy": 2.6237858498943414,
+                        "Virtual Size": "0x29d78"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".text": {
+                        "Entropy": 5.636185896681617,
+                        "Virtual Size": "0xabc1b"
+                    },
+                    "/14": {
+                        "Entropy": 0.6143694458867568,
+                        "Virtual Size": "0x12"
+                    },
+                    "/4": {
+                        "Entropy": 4.84611486714032,
+                        "Virtual Size": "0x17a98"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000000a6642f3f49fb7379600010000000a",
+                                "Signature": "2a27d6bd2f34c68a9989ec856449fe4934ad5c0615ec5819664399053737a86be46c914b9478ce393534b759eec5eb6f015b706b853f1d2be51fe9807b178eaa9e0f9558d6a5d913c58c7492cbad106abb7395426801a42f363842e60bf72d046668865db5d8ce2c901c9673044d05abb74c171ac198c0f9376bb9185ec7523bb53e6d2c114642ffbfbe20efc6c2571c2006159cb70ff2c428e997f6ce83bf57ad9a47c47decce9830cf861a156471c62600a0260b44e29ea8e6e33c407c046f37be4a46dcaf38c018b24f969beb716d8e76cebc3d1d19134ed6f216cc2e357848b4998196ebd7326bca3e3ade1ba88e98612a569a46a1f45856f4e2dfa02a5d",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+                                "TBS": {
+                                    "MD5": "c52110f552e27ebb1e3fae114abafb3f",
+                                    "SHA1": "4954e087123653ce38da4cdd31141b6a1bb999e4",
+                                    "SHA256": "1cf7d28cfb21714522a9c91dda9d899ceadb0769f14b25e770799d88365aa54c"
+                                },
+                                "ValidFrom": "2013-09-24 17:54:03",
+                                "ValidTo": "2014-12-24 17:54:03",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                },
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "SerialNumber": "330000000a6642f3f49fb7379600010000000a",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "shim.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by EgoSecure and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "fb78c0ab-b76a-47b5-b7ef-d64bf38611b4",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "5C39F0E5E0E7FA3BE05090813B13D161ACAF48494FDE6233B452C416D29CDDBE"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "5C39F0E5E0E7FA3BE05090813B13D161ACAF48494FDE6233B452C416D29CDDBE",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "fb78c0ab-b76a-47b5-b7ef-d64bf38611b4"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\rhel-7.9-20200730-shimia32.efi } }",
+            "Description": "This was provided by Red Hat, Inc. and revoked Apr-21",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "9b6deeaf-b8bb-4f8e-a8b6-d174312fcb7f",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "172FA584B4EEA5A5D4104FB0AC30EDE032CCD31CD2675D7003D79A2CD0C243E6"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "rhel-7.9-20200730-shimia32.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "2CAD0B454397089723959FAAFC2DB5388C50DFD5C02319703BABA6F03654561C",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "rhel-7.9-20200730-shimia32.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "ac90e9e0-2035-46a5-b3fc-f0670e6d0ddd",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "A0107A564E93989C57044FD18AA85BEB1258101AC3D9F6E10BF12C1C6573BC2B"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "2B2025F4C880166D94222A95A88FF0A525C361D7B2C8A886B4E4CE6FBDD6520D",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "841c43d9-b7a0-40a7-ae7c-fc1affb759af",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "57E6913AFACC5222BD76CDAF31F8ED88895464255374EF097A82D7F59AD39596"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "439983268FC8238CB2DC187B033904DBD682929852D846FB69A22DDA1561A422",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "841c43d9-b7a0-40a7-ae7c-fc1affb759af"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootia32.efi } }",
+            "Description": "This was provided by Isoo Software Dev Co Ltd and revoked Jul-20",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "8b88b928-4717-4a30-832e-dcb3bb15b7a3",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "40b8a117af84ea3225963daf421eccb3",
+                    "SHA1": "99823dd47cfe71774cb0fcc687fa1da921b6240b",
+                    "SHA256": "bd882355bf6813cf88ec0b83b6133691100f480381ac06531c3d5909cf1fb626"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootia32.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "b1aea18419d0643fb2e4d8f6da2ae461",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "3085f38227977dce8dac3b29c92b0103e5b5eae8",
+                "SHA256": "56f9e50da4817b1de9d9291eb5f2bc63703ca3e6f4a8571bde28cf756e2c80ba",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 5.336485470877681,
+                        "Virtual Size": "0x20cdc"
+                    },
+                    ".dynamic": {
+                        "Entropy": 1.4609704737895086,
+                        "Virtual Size": "0x80"
+                    },
+                    ".dynsym": {
+                        "Entropy": 4.390812113462173,
+                        "Virtual Size": "0x9360"
+                    },
+                    ".rel": {
+                        "Entropy": 3.52145733418307,
+                        "Virtual Size": "0x9048"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.5709505944546687,
+                        "Virtual Size": "0xa"
+                    },
+                    ".text": {
+                        "Entropy": 5.843166036178159,
+                        "Virtual Size": "0x931e7"
+                    },
+                    "/16": {
+                        "Entropy": 7.335685443962851,
+                        "Virtual Size": "0x3e6"
+                    },
+                    "/4": {
+                        "Entropy": 4.946577948119573,
+                        "Virtual Size": "0x62"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+                                "Signature": "6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "TBS": {
+                                    "MD5": "a5052527524f4998a7bd87f396196fe8",
+                                    "SHA1": "2374a3e4f0499d106f0e4d71a22f7b0e709847c0",
+                                    "SHA256": "f5b4992e0bd1b102ae9d5aeec4bd213f5dd042bd27b9a345ad336d2dda10a138"
+                                },
+                                "ValidFrom": "2017-08-11 20:20:00",
+                                "ValidTo": "2018-08-11 20:20:00",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                },
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootia32.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Unknown and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "cc9c7842-484d-4427-9ed5-75073efdad17",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "362ED31D20B1E00392281231A96F0A0ACFDE02618953E695C9EF2EB0BAC37550"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "8A73B6E52B27695C72D4776C0BCFA54D30C1340D534D5EEFF8D890377CDFDFAA",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "cc9c7842-484d-4427-9ed5-75073efdad17"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "db57d7a1-5937-4ba9-896e-8fdce1ff2990",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "332450890F9C8FFF7EC15C53921BF27227AB9EA06B0E1C816D819F8E21CFB55F"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "C79381B9A5D1D2B8A85B6A5B2255923FB2D3A5F500CC00FBBCBF10C6A3A0B40E",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootarm.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "0c015961-2a7d-4fc2-99ca-5cfccf2de27f",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "4A9B1C438BC8F114BFAA82F5D533DA31CC610C276711422C74A167B8AEED7C82"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootarm.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "F50D0AAA4875B0B609D0F796AACB77D582E0246D3FC544F76ADB73B67A156626",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootarm.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "160959a3-8cac-43f9-a0d1-1c108375fb95",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "266C1429C8DC389481B3814BC3AF8723DB28EECEB0BB026BBBEDA0CC41D36BC3"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "DBEEA13BD8FC4D613501D8CF564A129A541AEE6FB5AB82CB4A5F448B52FD1C52",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootx64.efi } }",
+            "Description": "This was provided by Endless OS and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "b59f1e98-72fb-4ccf-a651-bf9318f14150",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "a130bc7f90388e8f9d885f55fc7a8b8e",
+                    "SHA1": "b7f9b5a096cd0d524da6296ace355e268cc01a9d",
+                    "SHA256": "0fa3a29ad05130d7fe5bf4d2596563cded1d874096aacc181069932a2e49519a"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1970-01-09 02:08:12",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootx64.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "7661abbf92a68466a3562ec887365e6a",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "ccdc96497a3d4cb4a616939fbf102e5faa787a9f",
+                "SHA256": "4b2bd93b32de4be7235c95c97af98e12bed5f0602b7b428700f9a1348cb2f731",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.357579251117195,
+                        "Virtual Size": "0x28f78"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.8341231672694769,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.207672075514832,
+                        "Virtual Size": "0xea00"
+                    },
+                    ".rela": {
+                        "Entropy": 2.634187270160945,
+                        "Virtual Size": "0x1abc8"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".text": {
+                        "Entropy": 5.6193950523430525,
+                        "Virtual Size": "0x8effc"
+                    },
+                    "/14": {
+                        "Entropy": 7.407333327251879,
+                        "Virtual Size": "0x371"
+                    },
+                    "/4": {
+                        "Entropy": 4.8333953377065395,
+                        "Virtual Size": "0x18018"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "3300000018e730837f472a7b5b000100000018",
+                                "Signature": "71bbbe63866fd705b424a7ba51f23ca48a84197382972d3a8f43597f67928ed7263aa0a22681b89d851ddb655f9ccf932a92da0dc6c7f43eded65716ee65ed2739ef140bb95d987dcdc1b7ee9134abd02370e12c3eba71662f10e88370610acb6c98fff27c38b3b829333d75428e804aded09b3486717d41188f048902c169787bcf10996c7b66de4dfa5b8217bdb02314393db288a8dffb5b5b63a14d781ebf0efa5ac640585fdf6370bcb52870f92d67282231111211726c82c09a1a1a81043bba955b40bbc91c033272d987521e37d8aa1dd0fa54513c12acc0a1480801d2dfa5e438a71a0a30a684a39233224b9e71463db6b99a67073724a200425b42c6",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+                                "TBS": {
+                                    "MD5": "d442a6ab238e766c07d33f02d299a9a5",
+                                    "SHA1": "3fb2a93548919ed386a441800a5d941ee358e38f",
+                                    "SHA256": "8806fc9fc29ec30556728d016e0667364f4f3359b8747cbd45d5f783ffe93abb"
+                                },
+                                "ValidFrom": "2015-10-28 20:43:37",
+                                "ValidTo": "2017-01-28 20:43:37",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                },
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "SerialNumber": "3300000018e730837f472a7b5b000100000018",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "0dc82e15-40ab-4a65-bfbe-9c8925d3cdbb",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "DBB424CB8AD35EE68546092645C4689D6027A97FEDF3C5AF842B9572F1276997"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "8DEB88A2435270BD24328760FA6FB5C77BCD5C47F7A0109F15300D644CB9A228",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootx64.efi } }",
+            "Description": "This was provided by Isoo Software Dev Co Ltd and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "2e3641bb-5bd7-42d3-8353-481b4593c641",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "2fb83ba40e7c8d9019f48dfa8269bdb8",
+                    "SHA1": "775705904e0748bc6210e1869f20765a2f1b027b",
+                    "SHA256": "e24b315a551671483d8b9073b32de11b4de1eb2eab211afd2d9c319ff55e08d0"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootx64.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "89805fbe6421f1d03023514f8fd7215d",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "f41fb5b7aaf48c05faed3e6622d2e2e70c95d2b7",
+                "SHA256": "561d28e0888cdb0a8fce41754742aa8eb1bf5c8dd4eacbf9af0f40e0d36013c2",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.469891621916525,
+                        "Virtual Size": "0x29c18"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.8630797231656377,
+                        "Virtual Size": "0x100"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.209809899920352,
+                        "Virtual Size": "0xdd10"
+                    },
+                    ".rela": {
+                        "Entropy": 2.6482475445299474,
+                        "Virtual Size": "0x1b0d8"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".text": {
+                        "Entropy": 5.6413160957491595,
+                        "Virtual Size": "0x95a7e"
+                    },
+                    "/14": {
+                        "Entropy": 4.946577948119573,
+                        "Virtual Size": "0x62"
+                    },
+                    "/26": {
+                        "Entropy": 7.335685443962851,
+                        "Virtual Size": "0x3e6"
+                    },
+                    "/4": {
+                        "Entropy": 4.861285118776935,
+                        "Virtual Size": "0x18780"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+                                "Signature": "6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "TBS": {
+                                    "MD5": "a5052527524f4998a7bd87f396196fe8",
+                                    "SHA1": "2374a3e4f0499d106f0e4d71a22f7b0e709847c0",
+                                    "SHA256": "f5b4992e0bd1b102ae9d5aeec4bd213f5dd042bd27b9a345ad336d2dda10a138"
+                                },
+                                "ValidFrom": "2017-08-11 20:20:00",
+                                "ValidTo": "2018-08-11 20:20:00",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                },
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootx64.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "1ab3d6b3-7bd1-477e-8127-a2be4b9a7636",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "f9c6e874f1efcfe3a046acceb16d86dc",
+                    "SHA1": "4ef60851f60fb3c04c48a99e582bd5d868e91d75",
+                    "SHA256": "e8818666b7e014b6e4820afaa84d5a84fa42cb5d2663c848d358b2913274ba21"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2014-11-05 18:19:11",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.4.9880.0 (fbl_sec_oss3(dlinsley).140616-1123)",
+                "Filename": "bootx64.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "9618221803e2befd17607ef2d957442f",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.4.9880.0",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "a02554021493291650ba1e2951aef07f",
+                    "SHA1": "3cb0d2f0d1a2046caf0027cfd995294a09eeda72",
+                    "SHA256": "3089fe7fa4527043c200fafe2a7272e48a1f7c54725a623f22d12f2cdbb48350"
+                },
+                "SHA1": "1581d6767a70eb0bf596b82592440346eb00cefb",
+                "SHA256": "990a4dd8c86392421d680fa039af4e88d1ebdc97f61a73f8347d6b314fe8cd51",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.550324790112712,
+                        "Virtual Size": "0x625a0"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.1168156717400635,
+                        "Virtual Size": "0xa80c"
+                    },
+                    ".rdata": {
+                        "Entropy": 5.678015481743603,
+                        "Virtual Size": "0x20d34"
+                    },
+                    ".reloc": {
+                        "Entropy": 5.429956404165192,
+                        "Virtual Size": "0x9c8"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4696484697973857,
+                        "Virtual Size": "0xfd54"
+                    },
+                    ".text": {
+                        "Entropy": 6.474696277787201,
+                        "Virtual Size": "0x14da96"
+                    },
+                    "PAGE": {
+                        "Entropy": 6.553345757683435,
+                        "Virtual Size": "0x1726"
+                    },
+                    "PAGER32C": {
+                        "Entropy": 6.329737871071302,
+                        "Virtual Size": "0x2e69"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+                                "Signature": "8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "9da610547a25cbe89af7ecdb99229623",
+                                    "SHA1": "6841cbcbd019586d045c2e9d6d0bc3a98fee3bf7",
+                                    "SHA256": "1cfead8146399a4dfe6759e9303c30c521cff3830e7177e87e64021dc3da4931"
+                                },
+                                "ValidFrom": "2014-07-01 20:32:01",
+                                "ValidTo": "2015-10-01 20:32:01",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootarm.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "cef00ef9-665c-48ed-9b4c-d383d2846e05",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "7AB5FF84B7B80A432366E3BBCC198ED382C9FD592CD5DD210138D2F9297CC1F6"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootarm.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "494A55C84A5A244292DB7F678D4574C7CC6E58D522F0BE270D68B0F1A41E19D3",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootarm.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Unknown and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "d40485d2-4fea-4d92-99e9-e1531fe4d33a",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "DCCC3CE1C00EE4B0B10487D372A0FA47F5C26F57A359BE7B27801E144EACBAC4"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "1275826206FEF9AA0A48A60BBC15300B3201F76F45E3CCE3FD0064DE2FC7CC5F",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "d40485d2-4fea-4d92-99e9-e1531fe4d33a"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "0e36a4f3-efab-453c-b6db-fe4f613b79d8",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "9e1d88b1165fafcc8d3ba103110c4843",
+                    "SHA1": "7ae4be62af6bbe64ea43e60462403334b278fff0",
+                    "SHA256": "f923efa6615ce9a93e5d69963b30adb00f2d2059113f55babc477ba889841f29"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2014-06-14 00:22:31",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.17211 (winblue_gdr.140613-1709)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "c9b413ac0a31f9eb0a141e05654d1d52",
+                "MachineType": "THUMB",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.17211",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "bf2b2fa1725551a7b25c0d86164613a7",
+                    "SHA1": "c2527f2c2aa74dd913300d7868a0d042d10ed406",
+                    "SHA256": "3bc6dba2d4913666539154040f7a9b5b2d4bb1dda99810435b6db4dede407c03"
+                },
+                "SHA1": "70f682f3c63a4a1121c3c9afa78934aa2412c049",
+                "SHA256": "ac22c4ad2e62a3a8369a311b69e9b3dd558359cb44de8115e6bef2ae5e5e7151",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 6.116187398286086,
+                        "Virtual Size": "0x35d10"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.136093204344787,
+                        "Virtual Size": "0x5b50"
+                    },
+                    ".reloc": {
+                        "Entropy": 4.731539389747102,
+                        "Virtual Size": "0x409c"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4716290018327003,
+                        "Virtual Size": "0xfce8"
+                    },
+                    ".text": {
+                        "Entropy": 7.052788904216757,
+                        "Virtual Size": "0x9ccf4"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000001b40b3e1eae3b8c84600000000001b",
+                                "Signature": "cbc341b6aa9c66039f4068be8e0a48a0e38ad5c22d4a6f33e6c39817378261c73b0ac8e800662cde2333f4a79c3b75b726b7aaefc55cb467374a3804a65dd3bcf318da3699a4951225e092422aa4bb08880db7d021c4b7883ccd2452884d6e00d6ec06e6055f30218dfc376e893fdf2b0174ba323e15e0d9e480862c7132f49666ab01c246edcb9e403752b15284de32fa501cbed5bba0e45c60635520155a623bbd1b14d47e4cb8c9b2114d41de618eb6fbb022303df44f93d5d6ba60a5edc24f31c0530da52ea1392985d95b01833392c7686abf5c318308b442b5055011dfd475058a740a741ef63482b84edf9758ccfa5f3472df9c7043ca60912102c15b",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "2e3f888fadd3d8d498f3237752c18df9",
+                                    "SHA1": "4f3c14facbfca2505dddb77d8b8bfe71abb1d2ed",
+                                    "SHA256": "574085e964e5d1fc9d71150ef08a0e08779e1919f28d75a19dad15f69571c8f6"
+                                },
+                                "ValidFrom": "2013-04-10 20:41:53",
+                                "ValidTo": "2014-07-10 20:41:53",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "330000001b40b3e1eae3b8c84600000000001b",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Intel Corporation and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "97efcb29-1524-4142-923b-4395a39fe3ee",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "4185821F6DAB5BA8347B78A22B5F9A0A7570CA5C93A74D478A793D83BAC49805"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "C31524CF5814D19C11611A5E5C27B2071DCB76B7EC6DC2DEC93FF9DE5CE656DE",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "97efcb29-1524-4142-923b-4395a39fe3ee"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootx64.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "43311ee4-a044-4086-9a53-ae01c3ef7f4f",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "2da35b95ebf3903dcaf2ec18fcd2c975",
+                    "SHA1": "9006b56e7af152fae72c7095cf9155515a1c5a97",
+                    "SHA256": "f8f38c4febe9d8e45e71a459c5bff171755c348d5f619f3c6ef30a3f8fd02bd1"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2015-02-04 20:26:14",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "10.0.10010.0 (fbl_kpg_kernel.140630-1750)",
+                "Filename": "bootx64.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "8d9e858d7fc95bfcc3690f3bddfac320",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "10.0.10010.0",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "8b6b2892c15ff00e4ddf7eb144e1ae12",
+                    "SHA1": "89115214dfec813ecfa5a23bed633254c214e62c",
+                    "SHA256": "97ff062fbed8c63a4a2526daab5b76fde0b0c54540be4264d13a9116216a1be1"
+                },
+                "SHA1": "0d0e3c0e73f5561985e6a004d8d160be88d64ee7",
+                "SHA256": "0b753bd95ae643b2543f501533ca54db34ddc9d20f336358067a7069240a6214",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.42328323265371,
+                        "Virtual Size": "0x3b260"
+                    },
+                    ".pdata": {
+                        "Entropy": 5.981623522146152,
+                        "Virtual Size": "0x7d64"
+                    },
+                    ".rdata": {
+                        "Entropy": 5.392724511782535,
+                        "Virtual Size": "0x19914"
+                    },
+                    ".reloc": {
+                        "Entropy": 5.420446329188424,
+                        "Virtual Size": "0x804"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.459847805795169,
+                        "Virtual Size": "0xfc40"
+                    },
+                    ".text": {
+                        "Entropy": 6.491978717136592,
+                        "Virtual Size": "0xd0ea8"
+                    },
+                    "PAGE": {
+                        "Entropy": 6.535197922143474,
+                        "Virtual Size": "0x1726"
+                    },
+                    "PAGER32C": {
+                        "Entropy": 5.528643658730128,
+                        "Virtual Size": "0x2d9"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+                                "Signature": "8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "9da610547a25cbe89af7ecdb99229623",
+                                    "SHA1": "6841cbcbd019586d045c2e9d6d0bc3a98fee3bf7",
+                                    "SHA256": "1cfead8146399a4dfe6759e9303c30c521cff3830e7177e87e64021dc3da4931"
+                                },
+                                "ValidFrom": "2014-07-01 20:32:01",
+                                "ValidTo": "2015-10-01 20:32:01",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "f5fabb82-d43d-45ec-b057-5963c46113a0",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "8A305C5FBE7C56F9E3214D7ADB8F176341F4020F234F3C14E52335967A2D365F"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "C6C85806905E0B76C25C82A88BFF62B995F49124C55413E74D1DCC3461FE8336",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "9f95756f-dfcf-48ae-9c0c-8d99f4894e28",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "2298078eaeda24a91219936dfb897e5b",
+                    "SHA1": "23760cf7521a929e9bfcaa5591ad186a18f91f87",
+                    "SHA256": "ce65c29521cd8498fad962e5f70d55c5044366ec09c761a60cc7c4a2001776a4"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2014-08-18 17:28:06",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.4.9820.0 (fbl_sec(dlinsley).140425-1038)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "8000831e91c318757fa911d4c879dc02",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.4.9820.0",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "420a1a5671848b2653305add8102a14f",
+                    "SHA1": "114d1b38b6213056c957863df20adfa4d8e5d3a1",
+                    "SHA256": "20a649595bb060b7fabbd48e91fff890b90f378cbbdcf05d770a881393fa42fa"
+                },
+                "SHA1": "d88ac2154cd473d25c41be40bcca918158badf94",
+                "SHA256": "59e4fa86b1c3bb7df3cdb79a17ec36af9ad12e153172f6d8e662fcfb9dbb37d5",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.306218248343971,
+                        "Virtual Size": "0x63050"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.083164356102291,
+                        "Virtual Size": "0xa758"
+                    },
+                    ".reloc": {
+                        "Entropy": 5.402300872203148,
+                        "Virtual Size": "0x988"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4701486563458728,
+                        "Virtual Size": "0xfce0"
+                    },
+                    ".text": {
+                        "Entropy": 6.474040887094493,
+                        "Virtual Size": "0x170eb4"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+                                "Signature": "8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "9da610547a25cbe89af7ecdb99229623",
+                                    "SHA1": "6841cbcbd019586d045c2e9d6d0bc3a98fee3bf7",
+                                    "SHA256": "1cfead8146399a4dfe6759e9303c30c521cff3830e7177e87e64021dc3da4931"
+                                },
+                                "ValidFrom": "2014-07-01 20:32:01",
+                                "ValidTo": "2015-10-01 20:32:01",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Red Hat Inc. and revoked Jul-20",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "8e87c22a-ea23-4f89-bee2-c301e31b4045",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "F8DD2281C67C59A08FDDC9859E9D5FF73802CAD88975242BD11486F13C6DDA6B"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "24AF7036C63F09FEBAB1B84372ECD6151BE32CDC94E80E57F52F7D2C3665FBC4",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "8e87c22a-ea23-4f89-bee2-c301e31b4045"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "495a811b-db1c-41f6-88db-36688933fcec",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "CB340011AFEB0D74C4A588B36EBAA441961608E8D2FA80DCA8C13872C850796B"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "DF224EF3B05794CBCE084C11BAAF3D85F380A5213D9097E400D9FA42FC412933",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "495a811b-db1c-41f6-88db-36688933fcec"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootia32.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "2f495b21-1d43-43c5-8770-c221121a2e6a",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "B7EA2FBD3FEEDA309912B2767BA80DD037813E80FED17CDA79EF7F62B6D1953B"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootia32.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "6FDB5AB3815A499948DF5ED732EE275FA44CE8313287A33B2875B2A2B1D60021",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootia32.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\rhel-7.9-shim-20200726-shim64-bit.efi } }",
+            "Description": "This was provided by Red Hat, Inc. and revoked Apr-21",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "4b37df07-e561-4581-977f-6eb984d0afbf",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "99D7ADA0D67E5233108DBD76702F4B168087CFC4EC65494D6CA8ABA858FEBADA"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "rhel-7.9-shim-20200726-shim64-bit.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "BD8020CC80D5F842DDFD5AC110C189707A83E85415EEA3386884ABDCFD7F3135",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "rhel-7.9-shim-20200726-shim64-bit.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Unknown and revoked Jul-20",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "d964e229-7407-4292-88b5-505f8be99d2f",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "9E0D9074F146461F9ACEE7D27F2C7DD8BEE73EB62AC62CF87F03BEE0C4516528"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "17F186C88052B988B4C9B62F8D7F55023AC317C82324DD5A958D05B8A1246F77",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "d964e229-7407-4292-88b5-505f8be99d2f"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootarm.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "45647cc8-3eeb-483b-97c3-170693cfea9a",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "A109E71AE3A0376CA0059A421250508EDB2BB624B6517A291F51E249F16B5CE7"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootarm.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "E8E83E3E343C069277EC4C1E79C5C61D20917E0451B9A980346732EEB7B840C1",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootarm.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "d457a885-6677-4118-9cf3-05bfc65e1fde",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "B149B29E8211E24827FBE0168D30CB2619CD3365BD6F8173E7A731C5F702DCD9"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "E3946218D523E5D20C99A9A5BB22303DDCEF958DE2A978E01AF2F46D2D7A4DDD",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootarm.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "cc19dcf6-f6e2-4820-8df0-73abc96a95d8",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "706B8A820652212D3A5F57303C9CB2B80B9E79DCF2621F29318AF2346419EDFA"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootarm.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "4CADDFE7EB99A666652EBDA685A542612C851C732801AA5B15AB39E826D7C1D7",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootarm.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Alt Linux LTD and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "bf8069da-0ffc-463d-b17c-3e0ee49d0585",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "C452AB846073DF5ACE25CCA64D6B7A09D906308A1A65EB5240E3C4EBCAA9CC0C"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "5C39F0E5E0E7FA3BE05090813B13D161ACAF48494FDE6233B452C416D29CDDBE",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bf8069da-0ffc-463d-b17c-3e0ee49d0585"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Unknown and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "7e14af6f-c8b8-4c15-a2ef-bc0a2b39e085",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "6DBBEAD23E8C860CF8B47F74FBFCA5204DE3E28B881313BB1D1ECCDC4747934E"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "88B530624B67FAA0C0C1039618958F4DE983A997A6FF762BCCA82B8201194F28",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "7e14af6f-c8b8-4c15-a2ef-bc0a2b39e085"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "9a34a20c-afea-4d1e-9109-fb7354066e06",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "F33727B54A9908CEC7ED8DB582A1482420FA257B61B559C47343110872ADF7D8"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "79193EAE46F687D00B90B3EBA361B35802BD42E2891A8A8C286B4C00119F9F94",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "0f3431ba-2b83-4020-b3ff-32eadbcb7205",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "9F2B71EC2FECC93E4EDEAE24B32F8857FA36A81A7272DEFD5435D29FA3BF828E"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "7384B867C248569C3DB81E82AF35585AB3108858E958750098F9D8298CC9B8F6",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "0fe6f9a2-7b13-4c27-bf9a-412d9acf533f",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "AE1DCA8AAB7C4BDD21C5AA19A323F597BD1850445D76695CB2910CCCB5F163B8"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "9A02C839424A2DB0C3B98553C179C0583E7B8760C7A061176F76B6970746B8AC",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\Signed_14173467011297444/shim64-bit.efi } }",
+            "Description": "This was provided by Debian and revoked Apr-21",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "d20a9d4f-d336-4400-b839-d2334be05e06",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "9d017c87755ffc16175ff7fa5dcbb175",
+                    "SHA1": "47263679db883d7ad9adbc93d6a1fbf8095f0133",
+                    "SHA256": "af79b14064601bc0987d4747af1e914a228c05d622ceda03b7a4f67014fee767"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "Signed_14173467011297444/shim64-bit.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "8273287f52ffff4624121d2926ef9df4",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "69b368ef62566f9b06db68ab91c736f98d0749b9",
+                "SHA256": "599a102b6445fa88392b8c85a31d80ece950624219d846affbfb7131d4bf550b",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.405783332258001,
+                        "Virtual Size": "0x2d1f8"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.8630797231656377,
+                        "Virtual Size": "0x100"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.211174101144175,
+                        "Virtual Size": "0xf2d0"
+                    },
+                    ".rela": {
+                        "Entropy": 2.6583278822249916,
+                        "Virtual Size": "0x1c6c8"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".text": {
+                        "Entropy": 5.634218168833761,
+                        "Virtual Size": "0x9ff35"
+                    },
+                    "/14": {
+                        "Entropy": 5.064013199597692,
+                        "Virtual Size": "0x69"
+                    },
+                    "/26": {
+                        "Entropy": 7.435250663075391,
+                        "Virtual Size": "0x57a"
+                    },
+                    "/4": {
+                        "Entropy": 4.853329182162778,
+                        "Virtual Size": "0x1f020"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "TBS": {
+                                    "MD5": "8d8a1f204c9c80213bd427fa58b387e2",
+                                    "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386",
+                                    "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0"
+                                },
+                                "ValidFrom": "2018-07-03 20:53:01",
+                                "ValidTo": "2019-07-26 20:53:01",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                },
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "Signed_14173467011297444/shim64-bit.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "dc63ce55-4d4d-40f7-996d-6fc85f01443f",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "8FDB0851B7639B3293019BF0A8DBD6B7DD57910AC0CC0224852C3381880F2A45"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "76AC59211DF73F8BC0F1369CE290BFF57AD705CD1EB3B402D19E12FE5FFBD6D6",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "da54ae14-5e4d-4280-b91e-4b78d0df036a",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "23FCD6BF3084CEE6A9F9885E5239230B0ADDE0C870589EE461551D1CA8F4E85B"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "31DCD37C53CEE49C1241978CB976230EFDA89A83C3E3DBC18EDA92099055026A",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "5ef6ea24-838e-4df6-b00d-3deb0ec3fa33",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "4667BF250CD7C1A06B8474C613CDB1DF648A7F58736FBF57D05D6F755DAB67F4"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "0692A9566F22F280715080EE24B8FF54ED7372A98BD4994670FCF862035281B5",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "5ef6ea24-838e-4df6-b00d-3deb0ec3fa33"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "b8cfe531-3969-4203-a575-fec35e4880fd",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "F2A74464235248EA2A41EA0D0256E9CDD24BB6B3E2A6F2FC7E0AADC86EC56CA1"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "D2BF5E584EA2F3844B27CEF320636D1A2CD6BFB023ED65110FF6D0EF09292114",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "15ca73cc-0098-429e-8191-5df17cae28aa",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "CB7BBABE6E9A118C420BE4294132A88BC494969D95B9884480BD4F68AB94FB2C"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "C2D9AB79B0593235C5EDC3CF77C3A48FCFA740D804A0397B3D9BD9AE9EE516D4",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "357e4bd3-4bc9-4b94-81a1-3833515e2d4e",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "7FC7196EBBFA0D7947DE66F37158DF23821F156F724FC3CC906F16E8EBFA3E9F"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "9A59A2B53C8BBD2E536EADE26F26F3EE61129AB027812922B52C572364465E8C",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Unknown and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "59b5e207-bca6-4425-b392-2fd0ed44935e",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "9BAF4F76D76BF5D6A897BFBD5F429BA14D04E08B48C3EE8D76930A828FFF3891"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "610D0A80FD4E876EAD581903B33C96ECC4B8BD7115FC9DF5579B3A25416FDAEF",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "59b5e207-bca6-4425-b392-2fd0ed44935e"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\BOOTX64.EFI } }",
+            "Description": "This was provided by Red Hat Inc. and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "2bfaff34-8a6b-486e-a308-0484d2372727",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "1886fd591b86756f2823f157d197be5f",
+                    "SHA1": "b9d3918f7829cf8308e519448712a95d58eb6ed5",
+                    "SHA256": "02e6216acaef6401401fa555ecbed940b1a5f2569aed92956137ae58482ef1b7"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1970-01-09 17:23:08",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "BOOTX64.EFI",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "c453084032024e3b2dcd648c9406e760",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "1316e2b5fb83b29acc00c5050799afb7ccd6b6e2",
+                "SHA256": "fb5eebcd4100593a1b2890267037b7701c83f32c284b99908ff1c34d5693bfc2",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.46067866301335,
+                        "Virtual Size": "0x2a358"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.809123167269477,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.2034263115689736,
+                        "Virtual Size": "0xdd40"
+                    },
+                    ".rela": {
+                        "Entropy": 2.6459313794720467,
+                        "Virtual Size": "0x1b0d8"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".text": {
+                        "Entropy": 5.639910820231437,
+                        "Virtual Size": "0x96ba3"
+                    },
+                    "/14": {
+                        "Entropy": 5.160331946961136,
+                        "Virtual Size": "0x84"
+                    },
+                    "/26": {
+                        "Entropy": 7.338341139988703,
+                        "Virtual Size": "0x3e2"
+                    },
+                    "/4": {
+                        "Entropy": 4.852580285671373,
+                        "Virtual Size": "0x18c28"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+                                "Signature": "6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "TBS": {
+                                    "MD5": "a5052527524f4998a7bd87f396196fe8",
+                                    "SHA1": "2374a3e4f0499d106f0e4d71a22f7b0e709847c0",
+                                    "SHA256": "f5b4992e0bd1b102ae9d5aeec4bd213f5dd042bd27b9a345ad336d2dda10a138"
+                                },
+                                "ValidFrom": "2017-08-11 20:20:00",
+                                "ValidTo": "2018-08-11 20:20:00",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                },
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "BOOTX64.EFI"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "dba882ff-03d1-4cf3-9e9d-9358d6416d79",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "D417C004525C7BB57523836278CEE120FD66147983BA738AAC011E24BE75E6E2"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "4759E0891A636E1A3D27472C48AF55F27BF5E3CCF474141FEFBBA2AA124AC410",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\BOOTX64.EFI } }",
+            "Description": "This was provided by Red Hat Inc. and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "dd78a9a0-255d-4856-b9be-76b08852303a",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "b1e4dc9ee87d701d9aabbb52211a9ba0",
+                    "SHA1": "ba2a769531f2cb00b2ca9c089f1668c6851b382f",
+                    "SHA256": "bb1dd16d530008636f232303a7a86f3dff969f848815c0574b12c2d787fec93f"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "BOOTX64.EFI",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "d984cf8612284adc59b3b73deccb777f",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "61ce3d65bef674357febe866d4e922373f809219",
+                "SHA256": "24558c1cb417b6387e2406c70ff13f5438506e8d7560dd7b226499c872c8076f",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.539674359844269,
+                        "Virtual Size": "0x2ba58"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.8226444693437958,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.205605133391943,
+                        "Virtual Size": "0xdd28"
+                    },
+                    ".rela": {
+                        "Entropy": 2.6539709907526596,
+                        "Virtual Size": "0x1b0d8"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".text": {
+                        "Entropy": 5.645691672093194,
+                        "Virtual Size": "0x9777e"
+                    },
+                    "/14": {
+                        "Entropy": 4.946577948119573,
+                        "Virtual Size": "0x62"
+                    },
+                    "/26": {
+                        "Entropy": 7.473113877861932,
+                        "Virtual Size": "0x389"
+                    },
+                    "/4": {
+                        "Entropy": 4.865324642604779,
+                        "Virtual Size": "0x189f0"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "TBS": {
+                                    "MD5": "8d8a1f204c9c80213bd427fa58b387e2",
+                                    "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386",
+                                    "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0"
+                                },
+                                "ValidFrom": "2018-07-03 20:53:01",
+                                "ValidTo": "2019-07-26 20:53:01",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                },
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "BOOTX64.EFI"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "0ecce400-dd9c-4291-9502-c8682a4474a4",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "9F136F152A21885D574519554C7B64C15F014E413CDE6AD160F2091EBA9E6424"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "891C44B16ABB7063144BBEF23BC35609FD14BB3FCD8ADFD1E804526AF344EBD4",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "52d2d179-addb-4556-a244-d085e0aefad2",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "941A51239ED416A788B5059DD647631B16E506C8F6AD87B1D5F3B8C97199A160"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "EA21E2A1F1779F77C35060CD8690D2E74116C4402DD10B6F8260DB2D00B4A9E5",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootx64.efi } }",
+            "Description": "This was provided by Miray Software AG and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "fec3976c-cd0e-4929-a01d-23c584cf7e00",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "fb9005cf320ed99d82d5b6a98988c576",
+                    "SHA1": "f4bc99b43ab88f15d2803b5a9de898223a380563",
+                    "SHA256": "68ee4632c7be1c66c83e89dd93eaee1294159abf45b4c2c72d7dc7499aa2a043"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1970-01-10 13:30:02",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootx64.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "a1a05331029aa3aa0fd396897cb46e8a",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "5e8fe0458328bfeacd491e1c74857c526f444596",
+                "SHA256": "0e5eb8d0bebf089a974bc0ca85d33d73f9a0bf72ed2a5e3a62a0387b51d509ce",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.598664200386453,
+                        "Virtual Size": "0x2c298"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.8424565006028102,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.2043588757367574,
+                        "Virtual Size": "0xe508"
+                    },
+                    ".rela": {
+                        "Entropy": 2.5990440989417416,
+                        "Virtual Size": "0x29598"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".text": {
+                        "Entropy": 5.589380447571309,
+                        "Virtual Size": "0x9f00b"
+                    },
+                    "/14": {
+                        "Entropy": 7.180357884758935,
+                        "Virtual Size": "0x5ea"
+                    },
+                    "/4": {
+                        "Entropy": 4.837183147385955,
+                        "Virtual Size": "0x161d8"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000000a6642f3f49fb7379600010000000a",
+                                "Signature": "2a27d6bd2f34c68a9989ec856449fe4934ad5c0615ec5819664399053737a86be46c914b9478ce393534b759eec5eb6f015b706b853f1d2be51fe9807b178eaa9e0f9558d6a5d913c58c7492cbad106abb7395426801a42f363842e60bf72d046668865db5d8ce2c901c9673044d05abb74c171ac198c0f9376bb9185ec7523bb53e6d2c114642ffbfbe20efc6c2571c2006159cb70ff2c428e997f6ce83bf57ad9a47c47decce9830cf861a156471c62600a0260b44e29ea8e6e33c407c046f37be4a46dcaf38c018b24f969beb716d8e76cebc3d1d19134ed6f216cc2e357848b4998196ebd7326bca3e3ade1ba88e98612a569a46a1f45856f4e2dfa02a5d",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+                                "TBS": {
+                                    "MD5": "c52110f552e27ebb1e3fae114abafb3f",
+                                    "SHA1": "4954e087123653ce38da4cdd31141b6a1bb999e4",
+                                    "SHA256": "1cf7d28cfb21714522a9c91dda9d899ceadb0769f14b25e770799d88365aa54c"
+                                },
+                                "ValidFrom": "2013-09-24 17:54:03",
+                                "ValidTo": "2014-12-24 17:54:03",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                },
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "SerialNumber": "330000000a6642f3f49fb7379600010000000a",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootarm.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "29a5f4df-eaf4-468f-94e1-da9ba1b1c20a",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "1BCF1611E0CC92C9D46D2A51C7ECF6EC63C562EF759324A1D9151D508A16B7B3"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootarm.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "BC5D2B2C7E7CB051D084484259095B2868CAEC001C09A6FD33302B0AA0DFA7E2",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootarm.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "33559284-bca8-4af2-917e-d209ee8d15c5",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "8CB4FDAE88F4F492AC6C87716602366DF1AC84224B85AB2D3949F5AEE79CEFEB"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "A37FF7C979ED0E58633D61D00CDFF45A2488E86C740240C77834C8C8C651CB19",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Microsoft and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "f57db2b6-025f-43fe-af3a-c50cc2bc1aec",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "91971C1497BF8E5BC68439ACC48D63EBB8FAABFD764DCBE82F3BA977CAC8CF6A"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "2AEC3E859816EFA89AF844D6DD8CCAEA345A851CB23006D3C2928081352BEB25",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "f57db2b6-025f-43fe-af3a-c50cc2bc1aec"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootarm.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "bbc2661b-25de-4c4b-ac84-367115d44e8c",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "7803F12E7E1B7063502EB8E223A9013E2B61125A888B74D61465B51DE53276BA"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootarm.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "5E189C9D2633F0AC10ECB763A150568925884E29ED684050194D87B883B68B34",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootarm.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "cf486d6a-cb41-4d0b-9258-81a14e76f719",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "4B59C6D8E94428C4CBDB0F306FED75B099EA349431F001AA819C3BD0D1600812"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "89C7492FAA5DFEFFE4F126764CD556A82B53520404636BD50C32405346959016",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootx64.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "0a9c062b-91a3-44f9-b577-0128708bf124",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "662458438867c4c20ffa9adb1dbe99da",
+                    "SHA1": "e407452938d3438b835e875dd8c40785587a6e0b",
+                    "SHA256": "cfd2a8f23bbce7424f4a6e27def368f17b086ffa226528900fa092736e705ef9"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2014-10-07 18:02:30",
+                "Date": "",
+                "Description": "Boot Manager (Test)",
+                "ExportedFunctions": "",
+                "FileVersion": "6.4.9857.0 (fbl_kpg_kernel(dedesa).140630-1750)",
+                "Filename": "bootx64.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "9962f9fb820e5d7f5a31b86b9d164d33",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.4.9857.0",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "c5389be8b9ed2eadc3172c020ecaf490",
+                    "SHA1": "c792c3865fa8fad335ab1bf4df6fc31f9a4bb8b7",
+                    "SHA256": "4e28f20b385ab12059b7bfd4011ce3aa3d1e1a1514c9b01f86bc2d696d83c356"
+                },
+                "SHA1": "84376651061fc88774ec945b9062c112139c883e",
+                "SHA256": "f6208932ed98aa64f5ec0d9f59138d4c1dddbd82437315aac4aa913e5d4f825e",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.5467853172101345,
+                        "Virtual Size": "0x62140"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.062316800180466,
+                        "Virtual Size": "0xa7c4"
+                    },
+                    ".rdata": {
+                        "Entropy": 5.3663917464862045,
+                        "Virtual Size": "0x23014"
+                    },
+                    ".reloc": {
+                        "Entropy": 5.434784212443644,
+                        "Virtual Size": "0x9a0"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4613409021077035,
+                        "Virtual Size": "0xfc40"
+                    },
+                    ".text": {
+                        "Entropy": 6.473097220302679,
+                        "Virtual Size": "0x14b976"
+                    },
+                    "PAGE": {
+                        "Entropy": 6.536008053813184,
+                        "Virtual Size": "0x16b9"
+                    },
+                    "PAGER32C": {
+                        "Entropy": 6.319009763281622,
+                        "Virtual Size": "0x2e69"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+                                "Signature": "8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "9da610547a25cbe89af7ecdb99229623",
+                                    "SHA1": "6841cbcbd019586d045c2e9d6d0bc3a98fee3bf7",
+                                    "SHA256": "1cfead8146399a4dfe6759e9303c30c521cff3830e7177e87e64021dc3da4931"
+                                },
+                                "ValidFrom": "2014-07-01 20:32:01",
+                                "ValidTo": "2015-10-01 20:32:01",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "058a1317-f391-4baf-86a8-31ea7b01d6e6",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "aff88198eaa921bd4c804c7b39833ff4",
+                    "SHA1": "8c5d802f57367e3f81b341095265c6dbf0774403",
+                    "SHA256": "459457c48e1b450d8f22858ffb392fca78bb6f4da837862889ab798bdcbdf08f"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2012-08-21 03:22:30",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.2.9200.16399 (win8_gdr.120820-2123)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "e8b4de749b80b47640ea86b06f56429f",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.2.9200.16399",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "a387b0075e977009a7bb74d24fc388de",
+                    "SHA1": "345e019b25904c911be9e3b6a9e2b0bb18652b04",
+                    "SHA256": "e04ed5674c66abbab401efb6e21e2481d4cbc485e5c8a6d34419bd7c8cc9fdad"
+                },
+                "SHA1": "d79557da8528c045a204a3abf3dcd26b7fb814f3",
+                "SHA256": "905c2df524e664759d55a6dad4b62b58220adc59fec3e852964efc2165b0fc0c",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.629726747704923,
+                        "Virtual Size": "0x63cf0"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.004535487649427,
+                        "Virtual Size": "0x8e80"
+                    },
+                    ".rdata": {
+                        "Entropy": 5.418752774603626,
+                        "Virtual Size": "0x19b44"
+                    },
+                    ".reloc": {
+                        "Entropy": 2.706444085925694,
+                        "Virtual Size": "0x1ab4"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.471186192315521,
+                        "Virtual Size": "0xfcf4"
+                    },
+                    ".text": {
+                        "Entropy": 6.4845800528218485,
+                        "Virtual Size": "0x109ee2"
+                    },
+                    "PAGE": {
+                        "Entropy": 6.510073701345747,
+                        "Virtual Size": "0x169e"
+                    },
+                    "PAGER32C": {
+                        "Entropy": 6.353527581631879,
+                        "Virtual Size": "0x3d48"
+                    },
+                    "PAGER32R": {
+                        "Entropy": 7.631412897966042,
+                        "Virtual Size": "0x380"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "610bbbd8000000000005",
+                                "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "158438012e4dcd69b27b762c9358cfa2",
+                                    "SHA1": "684ac167849404a4101f166b759f291a43d5f749",
+                                    "SHA256": "95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c"
+                                },
+                                "ValidFrom": "2012-04-09 20:55:50",
+                                "ValidTo": "2013-07-09 20:55:50",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "610bbbd8000000000005",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "44795d05-39b3-4605-a58c-cd20de64f934",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "1A74740EBBE6A0E7DD44CC3D8E29F8FCF42B642298A5C5A586D77BE0DB15C2F9"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "34776096730EB7B0CAA5415414943E2C31AAA464BB545FBCB8E341E7EBACFAB5",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "c2c1c3d4-441d-4ce1-92c9-094411b3bf09",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "BFCAA41445F20B54AEA650D03D7C39B77CD82A7A14824DC55AA587C4C0F742A3"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "E299D3CA4A5A6579E863DD54488B6E804E47B20B75B7E71DC64B47F6403386B5",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "03fbb84a-9153-4d42-aa08-c26fd8260bd1",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "C3505BF3EC10A51DACE417C76B8BD10939A065D1F34E75B8A3065EE31CC69B96"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "AD215B731A41CBE37CAFEE5280FFC282A8AC23B5E8BA25DFF3D28A6AAE1D2A0D",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "03fbb84a-9153-4d42-aa08-c26fd8260bd1"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "2856fed8-45ba-4ef2-8904-8d9c9ecc6cb4",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "9EBDA9554AD5BB9E3D5CE700F7C86D4F5B0D782BF1DBF30A6A7234749A5DD517"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "E28C1F6E413330EA1DE56643F344702D2962988ED72AC49DC7B33B51B2238537",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootia32.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "8ceef305-f81d-4d24-bb34-2adf41c5b779",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "BF550C6F826C96461552E665F53A4F275A14838FD64CCF773D194B78CE33E907"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootia32.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "6A412612692B81C56395EDBC4E4CB189478D15BD7474A01829ECF867C71ED871",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootia32.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "61dad3bb-db5d-497c-8aca-74ae55991a3b",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "6f065bbb5d76aa5fb79975c9480b9ee6",
+                    "SHA1": "6dc5e016421e15ec84239bf6a643dabeed536cdc",
+                    "SHA256": "03df4500273c43189296f09d734977c882a008fc056f43c309b9d2351f31792e"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2016-10-12 08:08:30",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.18515 (winblue_ltsb.161012-0600)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "3560dd8322a15d0e23d3747e32a04ebc",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.18515",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "85fa20421a65e83905361d389b335669",
+                    "SHA1": "fad704c4353c271f61f7ffcecc3bc5aceb3a15b7",
+                    "SHA256": "60bb1a6f5f679831418c16a7c2000159d31507690560194ca357bfd0b4018f9c"
+                },
+                "SHA1": "5ecee585f6f31b380d65407f6b73dbaf03388624",
+                "SHA256": "7c6f0f7062aca9c286fb921917747c8b65ff4a69eb71102b90c1570b4c521fea",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 5.389266574153063,
+                        "Virtual Size": "0x6c590"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.105064334989352,
+                        "Virtual Size": "0xa554"
+                    },
+                    ".reloc": {
+                        "Entropy": 5.403599915824733,
+                        "Virtual Size": "0x968"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.471738871242664,
+                        "Virtual Size": "0xfd30"
+                    },
+                    ".text": {
+                        "Entropy": 6.491384926143433,
+                        "Virtual Size": "0x16acf4"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+                                "Signature": "60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "f31f8c784e5d3986ccacb9c88c6d7044",
+                                    "SHA1": "833498af9a41da339c83e0d384b521f72d053331",
+                                    "SHA256": "1f47e616b2810165968d76ef4f6587611c276f4b52901bd6aa5822f9c6e52976"
+                                },
+                                "ValidFrom": "2015-08-18 17:15:28",
+                                "ValidTo": "2016-11-18 17:15:28",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "568b07e2-3499-46e8-928a-843aff3217f5",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "d70a1a6c6f9861a0e59fdf7f22d78658",
+                    "SHA1": "50343f4e379f1dfa6364a89d9075f5150ad481f6",
+                    "SHA256": "7c09d8b90b72b7c2ccf1a413e335c2d1a25d75bb8541f9bc16b4c4e26bda6855"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2016-02-10 07:52:42",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.18233 (winblue_ltsb.160210-0600)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "9a3221899f456225679f8e54739100ac",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.18233",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "85fa20421a65e83905361d389b335669",
+                    "SHA1": "fad704c4353c271f61f7ffcecc3bc5aceb3a15b7",
+                    "SHA256": "60bb1a6f5f679831418c16a7c2000159d31507690560194ca357bfd0b4018f9c"
+                },
+                "SHA1": "19a0cfa98525d7ac0edc5b0770e5b1e5dcc4a992",
+                "SHA256": "fd69741dcd1bc0d9ab8a02c2a7ee8d466a58613562536aa8aab5ea260bbdf9c3",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.535808771844317,
+                        "Virtual Size": "0x6b290"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.109699981025818,
+                        "Virtual Size": "0xa53c"
+                    },
+                    ".reloc": {
+                        "Entropy": 5.392289502924012,
+                        "Virtual Size": "0x960"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.470959394300465,
+                        "Virtual Size": "0xfd10"
+                    },
+                    ".text": {
+                        "Entropy": 6.491203662022541,
+                        "Virtual Size": "0x16a6a4"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+                                "Signature": "60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "f31f8c784e5d3986ccacb9c88c6d7044",
+                                    "SHA1": "833498af9a41da339c83e0d384b521f72d053331",
+                                    "SHA256": "1f47e616b2810165968d76ef4f6587611c276f4b52901bd6aa5822f9c6e52976"
+                                },
+                                "ValidFrom": "2015-08-18 17:15:28",
+                                "ValidTo": "2016-11-18 17:15:28",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "18b807f0-bafd-4f25-8f7d-e2ff15fb5691",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "24dca2244a6220a9bb1962697f8aa2f0",
+                    "SHA1": "2688b0ed81c02678e9884b32b6ef0fd603930cd7",
+                    "SHA256": "148fe18f715a9fcfe1a444ce0fff7f85869eb422330dc04b314c0f295d6da79e"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "2012-10-15 05:52:12",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "c86257e19730c49e2abfbdf19e322c49",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "6a9e3957a060061c09a674ed338df34af8f23540",
+                "SHA256": "f88e92940985413acd440daa20c08df99c54613636826d9d95b898d39c44b19b",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.785189552901681,
+                        "Virtual Size": "0x30b48"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.8341231672694769,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.2123348112059116,
+                        "Virtual Size": "0xf090"
+                    },
+                    ".rela": {
+                        "Entropy": 2.630441034461607,
+                        "Virtual Size": "0x2af48"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".text": {
+                        "Entropy": 5.636154950062723,
+                        "Virtual Size": "0xa8b3d"
+                    },
+                    "/4": {
+                        "Entropy": 4.818597410150845,
+                        "Virtual Size": "0x17158"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "33000000081eb17e9c15fc837a000100000008",
+                                "Signature": "840831439e4e63e88d00e1b0c0678d70bb89f466e9027ab28177926d5def8175b3240e729f943f1e6bd94a0f27c92e696a5001c0747f6bf7574c09e8485a5eb6d7024244ddd73236c28e9dfad58ec5098b74516234232552d9230c1d0ddae73108b0a0144bd9e9265dac56ebdcce7512cf3627a6858d41876ede19d35e0e27957a6896aae9ea150098327450fe7c72385aac6feff0616b3d066cd0be7e5a537bb18488c67db9f0731c30ac7918fe977b4250ffbfbeea81e1ba3b8a0305b9374f0d22453781cc5823b5faad5e50e84306381f83382fe0ed8b176a9c9ff1868cc6543e7f12b1f112adc62430fd1ba530d877a290f0d2e09eacce07ed37ec439c25",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+                                "TBS": {
+                                    "MD5": "c5e24205d04c09c94d81b6935af7ec09",
+                                    "SHA1": "12622dccb5b07edfd65cae6fc018e24b80ff2c82",
+                                    "SHA256": "d6afbff1c283d7777501bd3b2adb4aadb8ce32649ee401dfbb06f884362f7507"
+                                },
+                                "ValidFrom": "2012-07-02 22:25:14",
+                                "ValidTo": "2013-10-02 22:25:14",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                },
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "SerialNumber": "33000000081eb17e9c15fc837a000100000008",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "47601d49-9a7e-4402-b5e3-69bc03788afc",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "C999EB66393506C8149C35C8A8CE87671895D65167E4B0140B54DA72A92D7C88"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "AA4931B170DA278A4A954FEB76CBF7310B657AB9232D1C7A4B6EB628D8A98073",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "bcd750be-01b1-4b34-b7a5-065af773d063",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "A7B788A7849607348C0DE9041989F7D67EC302F0CE8D7FDE5E434801F012B5B1"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "65FFA344151D7347ABD0DEB599086063A503FB6419BE9E4358851F6B6AE96749",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "54a6f135-0fba-459b-8749-4a0764d690c1",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "0A3C2072EF4FBDBF045E1876E855BB8AD5DD0809F66AD1442239A7D856AD908E"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "8D76482F549D66048611DE6C4E67289E3B0BF051130B546E9A4B98B8DE0C4EA8",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "4e6a6f59-083f-4829-baa5-0c388a9a7634",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "6078C0FA37D9D35DADAC7AD90E90A3A95C44985A3D305BD22A5D838ED45491EE"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "5ED5BD6952F8E520D74AA3001BC587493AFB6D628C0A3BF80875676C63F07B75",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "3b7197b1-fac3-4680-b8a4-b91cc56d984b",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "0A620707ACF23A4E6CDC357A1499E14852B605D9EB6186422F57D458E627D6C0"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "E012F7C26EC6DE9D336AF7843DE0A4278D6191FA7989DDCAC40A978FD927BB6C",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "e774e770-0d9e-40c1-b9e1-ac09484a837f",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "7490AD46B3AEA32DD21C46A7A42FF4183FFAA7C486C75C6438ADF936E512B9A5"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "DEA5BD5268B76F56B4091A20C806124DE8054FB07A652CF0E883BBA9A0938DE0",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "191557da-f224-48bb-b027-94534c5637ae",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "800423CEB7E4759621A62C729BABC81F53259D95F76457224AD601542B7B26D4"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "34F107AD8F982B591FB92BCC193BFCDBFF916C720BC69D96A0E9BD22CBA1E84C",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Intel Corporation and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "2a2e7598-1bd6-4772-a189-6421ab29af37",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "09F98AA90F85198C0D73F89BA77E87EC6F596C491350FB8F8BBA80A62FBB914B"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "6484A487192E0B44CBD30EB7B3D436A9150D5B5AD271974764366BDC4E8677BB",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "2a2e7598-1bd6-4772-a189-6421ab29af37"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "4936b474-694a-4b6d-b023-1c868be1b2ff",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "5E2BB7BC8B16E0B9DDFF75606668E69D76AF1219C17180EF0A5B9B383F00B995"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "FDD173678810D9F9F887B428EB260CF42C837EACC41A11E89C08131E262E2C01",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\sbs.efi } }",
+            "Description": "This was provided by Unknown and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "9d795efb-5f1e-4db5-920d-97de9ba77753",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "2edaa19d0ac13a692d90ab976522966f",
+                    "SHA1": "8aeae94deaffa792e788dbd6bdd27629f17e3f9d",
+                    "SHA256": "992d359aa7a5f789d268b94c11b9485a6b1ce64362b0edb4441ccc187c39647b"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 19:58:11",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "sbs.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "c73ed000259378b96a9c57c588fc6ef0",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "66fe7992ab4da8a44c7b06a0b958faa9a293014b",
+                "SHA256": "a1111555bfde8807746c8af73deceb4bdadc52dee87004e2ad7239c038687985",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.407658207289342,
+                        "Virtual Size": "0x285a8"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.8341231672694769,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.2005941982779254,
+                        "Virtual Size": "0xd860"
+                    },
+                    ".rela": {
+                        "Entropy": 2.650758642360982,
+                        "Virtual Size": "0x1aec8"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".text": {
+                        "Entropy": 5.631394972561704,
+                        "Virtual Size": "0x920e1"
+                    },
+                    "/14": {
+                        "Entropy": 7.161591522225466,
+                        "Virtual Size": "0x53d"
+                    },
+                    "/4": {
+                        "Entropy": 4.844338442798661,
+                        "Virtual Size": "0x18170"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+                                "Signature": "6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "TBS": {
+                                    "MD5": "a5052527524f4998a7bd87f396196fe8",
+                                    "SHA1": "2374a3e4f0499d106f0e4d71a22f7b0e709847c0",
+                                    "SHA256": "f5b4992e0bd1b102ae9d5aeec4bd213f5dd042bd27b9a345ad336d2dda10a138"
+                                },
+                                "ValidFrom": "2017-08-11 20:20:00",
+                                "ValidTo": "2018-08-11 20:20:00",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                },
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "sbs.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "c7f3ce1c-9b48-4d6e-b769-4a2869e09bb4",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "F02174BB75BC774DF2D7A63A0B0F7A040C9907399F97F642743DA97DF30104C7"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "642296E7342D651FE2FE547C1F08329777CCD44DC4F11C75FEC1F037A9B4B9B4",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "89393561-f676-4029-a1ca-88a4c4fa03b9",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "958C0DB651F4E4CCD062446263618C877910E08257EC6D9BCDD8BF1E33134FFB"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "8536BA8D9039C5F91752BDC45A7AD2F91FDA2334363850DCEB38FD87DB7632E4",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "aeb357f2-c2cb-42f1-a37c-3f0a2a355346",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "caa781731a9d13ac418d97ec2cccb8f1",
+                    "SHA1": "7ac2da2861fe7b90862a27b63629d8a9ee58d97d",
+                    "SHA256": "7fddfe06c44dc4302da54577353c18fdbe11b41cb3e6064ec1c116ee102fe080"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2016-10-05 14:24:09",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.2.9200.22004 (win8_ldr.161005-0600)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "7f0de7a661590f1c33de0b80676e8827",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.2.9200.22004",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "a387b0075e977009a7bb74d24fc388de",
+                    "SHA1": "345e019b25904c911be9e3b6a9e2b0bb18652b04",
+                    "SHA256": "e04ed5674c66abbab401efb6e21e2481d4cbc485e5c8a6d34419bd7c8cc9fdad"
+                },
+                "SHA1": "003454b835a5ee7ee200f9cb4e68b071e2b8e69b",
+                "SHA256": "d1af02fca7522c8d27e053544b3b653ff2daffcae9c420e460235dacab53f7cd",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 5.464601076751779,
+                        "Virtual Size": "0x65010"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.017575781905406,
+                        "Virtual Size": "0x8eb0"
+                    },
+                    ".rdata": {
+                        "Entropy": 5.427514584005019,
+                        "Virtual Size": "0x19b14"
+                    },
+                    ".reloc": {
+                        "Entropy": 2.715757042100683,
+                        "Virtual Size": "0x1ad6"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.47211306543629,
+                        "Virtual Size": "0xfd14"
+                    },
+                    ".text": {
+                        "Entropy": 6.481657238537085,
+                        "Virtual Size": "0x10a5e2"
+                    },
+                    "PAGE": {
+                        "Entropy": 6.514627558721207,
+                        "Virtual Size": "0x169e"
+                    },
+                    "PAGER32C": {
+                        "Entropy": 6.357861791329596,
+                        "Virtual Size": "0x3d48"
+                    },
+                    "PAGER32R": {
+                        "Entropy": 7.631412897966042,
+                        "Virtual Size": "0x380"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+                                "Signature": "60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "f31f8c784e5d3986ccacb9c88c6d7044",
+                                    "SHA1": "833498af9a41da339c83e0d384b521f72d053331",
+                                    "SHA256": "1f47e616b2810165968d76ef4f6587611c276f4b52901bd6aa5822f9c6e52976"
+                                },
+                                "ValidFrom": "2015-08-18 17:15:28",
+                                "ValidTo": "2016-11-18 17:15:28",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2023-28005"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootia32.efi } }",
+            "Description": "This was provided by Trend Micro and revoked Mar-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "990b3c53-97bc-4fd8-a212-e60c6fda898c",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "1F8A0E13AADE0885A06B5D822BB21D8111664C37691F0D256EBA840277511BCA"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootia32.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "B97D5B2A7A9E582652CB9A9BDE1BB68EB631C2329168A996BD19CDD1499408BA",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootia32.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "c54ad511-bb85-42f4-ae87-e476854748b9",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "450EFFC827CA535A79D5C4FF3E1A3F614CA9126B3792F997D38791CA7399320C"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "4B0C9083430D91770BBB629380DB3A2A89DC73BB8DF677725668F727A2C2147C",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\Signed_13652009334930799/shim64-bit.efi } }",
+            "Description": "This was provided by Debian and revoked Apr-21",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "63cbc1a5-3884-4049-ad87-f32f77644986",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "3c80cdb2f0833095f9f77027e2431b0a",
+                    "SHA1": "21b20549df4909eeb13f64d4641ef60cd5c5a682",
+                    "SHA256": "48f4584de1c5ec650c25e6c623635ce101bd82617fc400d4150f0aee2355b4ca"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "Signed_13652009334930799/shim64-bit.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "8572a7c437a9bc92225906ce5fc04497",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "6d2ce22514e2dffca0e31eedd4804280f8c37e4c",
+                "SHA256": "cc5c7db3068d99d6271fb38ab15b78c633c92249c4d783db0cdae2b918e97969",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.407892310209117,
+                        "Virtual Size": "0x2d1f8"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.8630797231656377,
+                        "Virtual Size": "0x100"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.21087140465499,
+                        "Virtual Size": "0xf2e8"
+                    },
+                    ".rela": {
+                        "Entropy": 2.6590153947439474,
+                        "Virtual Size": "0x1c6c8"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".text": {
+                        "Entropy": 5.637088505235519,
+                        "Virtual Size": "0x9ffd5"
+                    },
+                    "/14": {
+                        "Entropy": 5.064013199597692,
+                        "Virtual Size": "0x69"
+                    },
+                    "/26": {
+                        "Entropy": 7.405693653367437,
+                        "Virtual Size": "0x3b3"
+                    },
+                    "/4": {
+                        "Entropy": 4.854473006421037,
+                        "Virtual Size": "0x1f020"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "TBS": {
+                                    "MD5": "8d8a1f204c9c80213bd427fa58b387e2",
+                                    "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386",
+                                    "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0"
+                                },
+                                "ValidFrom": "2018-07-03 20:53:01",
+                                "ValidTo": "2019-07-26 20:53:01",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                },
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "Signed_13652009334930799/shim64-bit.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\BOOTX64.EFI } }",
+            "Description": "This was provided by Fedora Project and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "fecfe761-f926-4a24-bb10-bf4b8d96750d",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "efca75864e4fa65df7ccf2a5c124a3c5",
+                    "SHA1": "ad9a72bdb69a17abe85d948e6bbbb89141da2543",
+                    "SHA256": "0ce02100f67c7ef85f4eed368f02bf7092380a3c23ca91fd7f19430d94b00c19"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "BOOTX64.EFI",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "f2c580ccd60898d4aa2676249d67c171",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "85fa4266743ebb0262b8c1da8b01d1f26e630404",
+                "SHA256": "e6cb6a3dcbd85954e5123759461198af67658aa425a6186ffc9b57b772f9158f",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.537670509902523,
+                        "Virtual Size": "0x2ba18"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.8226444693437958,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.206001279398792,
+                        "Virtual Size": "0xdd28"
+                    },
+                    ".rela": {
+                        "Entropy": 2.6486948946395157,
+                        "Virtual Size": "0x1b0d8"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".text": {
+                        "Entropy": 5.64531153004446,
+                        "Virtual Size": "0x975ee"
+                    },
+                    "/14": {
+                        "Entropy": 4.946577948119573,
+                        "Virtual Size": "0x62"
+                    },
+                    "/26": {
+                        "Entropy": 7.133596117970691,
+                        "Virtual Size": "0x4ac"
+                    },
+                    "/4": {
+                        "Entropy": 4.853871352073291,
+                        "Virtual Size": "0x186d0"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+                                "Signature": "6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "TBS": {
+                                    "MD5": "a5052527524f4998a7bd87f396196fe8",
+                                    "SHA1": "2374a3e4f0499d106f0e4d71a22f7b0e709847c0",
+                                    "SHA256": "f5b4992e0bd1b102ae9d5aeec4bd213f5dd042bd27b9a345ad336d2dda10a138"
+                                },
+                                "ValidFrom": "2017-08-11 20:20:00",
+                                "ValidTo": "2018-08-11 20:20:00",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                },
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "BOOTX64.EFI"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootarm.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "0cbcf08b-1870-478c-bb85-8d12308ec1c2",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "C32E05EEF54D7EAA0DD89FE0F4D1A8D97671FB456F6299047C3192C3E3724BCA"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootarm.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "90AA7C82344C06E7657FA919AD2B7395A07F8A1ECA8C159029569BD4467CC7B2",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootarm.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "a4e64b6f-16b8-43db-af2f-c77daf3f0ca9",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "E39891F48BBCC593B8ED86CE82CE666FC1145B9FCBFD2B07BAD0A89BF4C7BFBF"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "D84AE3F1BB7B2F2C41B986E473AD424CF6F1D136B4E91AA5F73824737169D820",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "a4e64b6f-16b8-43db-af2f-c77daf3f0ca9"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootarm.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "5891ca2a-61e6-4938-942b-bfcc61dcb929",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "0021B5B11CEB03402D618134800A36C54E1C4328AD389D50B40EACC1E881DCB5"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootarm.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "CD4A508F248776D8679ECEDB7BB1AF1752C23FDF66284522B4B36F242471B72C",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootarm.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootarm.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "997fb55c-0910-48f0-adf7-33f2e50473c6",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "F4D7D6F0D820F749A442DAB0A34D53A71CE47DF51DE07E6723AB848108AD1945"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootarm.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "9A7FA44AE658F9CDED2AA0CC440EAA8134FC1FAFED290ABBC8C45EC670884605",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootarm.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Univention GmbH and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "e4cbfa0b-8b40-4ac9-b390-a566dbddd873",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "70A1450AF2AD395569AD0AFEB1D9C125324EE90AEC39C258880134D4892D51AB"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "2B7A243AC2248C630A51D73889E4BAA33DA94BD58D63E364A5FEF1A0998B4F5E",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "e4cbfa0b-8b40-4ac9-b390-a566dbddd873"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "b3a8852a-b702-419a-9d1c-4b371a130474",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "0928F0408BF725E61D67D87138A8EEBC52962D2847F16E3587163B160E41B6AD"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "5613DD1553044BEF74610BC012D676375588421FF0000B69DCF62D1081451ECE",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "b3a8852a-b702-419a-9d1c-4b371a130474"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Intel Corporation and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "04cb75f3-e10f-4f9c-9f8f-97d4a310922c",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "E36DFC719D2114C2E39AEA88849E2845AB326F6F7FE74E0E539B7E54D81F3631"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "0CCD31ED42FF79E74FBA9C064F59F698E3AE9F9E690BE296EA63936E81982000",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "04cb75f3-e10f-4f9c-9f8f-97d4a310922c"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Oracle Corporation and revoked Jul-20",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "af34038a-8535-46ac-8f63-bdf18bb89563",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "1D5C15CED73845B7E968BF3ACE52C5C660AA2DA6DDEFF2CE6445A04B885A0F12"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "04A779863E698705914958CFCF521450B8D2C9AE321DFE36A2DFDA00AE75ADC1",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "af34038a-8535-46ac-8f63-bdf18bb89563"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootx64.efi } }",
+            "Description": "This was provided by Miray Software AG and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "5efb08ce-213c-49be-8c2b-0ae849f64b3c",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "9e12eb37ae8b46c4010ec3e1b7201f21",
+                    "SHA1": "90a6b60c5051a3b00d779c03ac1e07f5df376347",
+                    "SHA256": "f277af4f9bdc918ae89fa35cc1b34e34984c04ae9765322c3cb049574d36509c"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1970-01-09 23:56:52",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootx64.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "077432d8b1ae0ceea719297360357320",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "d537e7c393d18329197e079601678b9b476247d3",
+                "SHA256": "4e371dd0448f1de869ee087b59ff88d11865463715272bcc6c29b0d5e21dbd82",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.4112605874652075,
+                        "Virtual Size": "0x2b838"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.8341231672694769,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.21155188819022,
+                        "Virtual Size": "0x101b8"
+                    },
+                    ".rela": {
+                        "Entropy": 2.657629438857694,
+                        "Virtual Size": "0x1c3b0"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".text": {
+                        "Entropy": 5.607257358833804,
+                        "Virtual Size": "0x9953f"
+                    },
+                    "/14": {
+                        "Entropy": 5.278552013395339,
+                        "Virtual Size": "0xce"
+                    },
+                    "/26": {
+                        "Entropy": 7.18604621467741,
+                        "Virtual Size": "0x5bc"
+                    },
+                    "/4": {
+                        "Entropy": 4.8209991495784,
+                        "Virtual Size": "0x1e768"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "3300000024c1fb0e65d9747386000100000024",
+                                "Signature": "47f27d2f6c0691c8e54b4403f9ec6c6b4423a43467cca7e8cf8afe60457f3b5703cde9d840ac3dd35567d791af1d1146376ba1fba9a8a502b5c9601232f24349ca5c324d1806150540cc5823d7dd777b3166268a26734c21b32862e300c8ca42856ec161633c1a076f4213c4c2a63e2ffd0ee16a301ae0c6dba732bc500a5986742520022ce33746f96c4ea8641b2a68a902872a41a8e6701e96158ab91c54c6695bc736fa047ec57b40d732abeb61e34414454e6702ef7bc5518a0d77ab42ed5efc23b01683b5c3c95c4aeb564b6f76cdae4d2e33ac59fca4cfdeb4c215549e1f43b64fd3eb9ba35171be9dab9375a1a94107dd4f95bbf88e9c239136619e20",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "TBS": {
+                                    "MD5": "82b02850f57505f0830f6dd30b6aeffd",
+                                    "SHA1": "e600e0efe4030190c5e0cab9aaad72f4e76db429",
+                                    "SHA256": "1c1d5edaeb9a5feef85e34eb40607816e98464127723d284f99b69c0c15e42f7"
+                                },
+                                "ValidFrom": "2017-08-11 20:20:00",
+                                "ValidTo": "2018-08-11 20:20:00",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                },
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "SerialNumber": "3300000024c1fb0e65d9747386000100000024",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "57416bf8-a14e-42bb-b668-d424222ffcdd",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "6B8EEC829F0373931099F070CBD4E2E1380CD5644201D05D80D86B1E7ED0B08B"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "6E90699DC49B40F02790D085E3A1B9CEB2F81D85F55D2054163B3432FB87F59B",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "48eb1fa0-a607-4967-8faf-20dc68913367",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "82ACBA48D5236CCFF7659AFC14594DEE902BD6082EF1A30A0B9B508628CF34F4"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "7D092A6101832F2CF3F9DE42C66A9948751B05D3D4005FB9C0E8BDF9B8DAEC6B",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "48eb1fa0-a607-4967-8faf-20dc68913367"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "c748db0c-0a54-4567-a733-2f803c84a914",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "6D174DC1673F7CFB6F1EA75D71739AFDE2B784E214E41AE6F5AA30F622A400C4"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "6A7CD85A11D733D1D03A01AAD914A3F22C33AD9590AB27792D2B177E0E51D896",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "116c526f-a50d-4f84-b577-d52dbbde526b",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "0B4908AD33CB2F7E87D3108B74364C5C42FA597807EEAC98DE5EC63F5896CE34"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "46BA7E327D359A9B108CAFBBF2D7B6B32AA6767C2A3A472B4FFE2587FE376977",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootarm.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "2b807893-889b-4dd8-99be-ff17aecfb58e",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "7D0B74AE42DF73A0C2C9CA64F6C83813D3D6A5C4B02BC47F566CEDD5682C691A"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootarm.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "73DD7327621AA77D919473F71D3175EFA40F174D3C16060C079CEF169CC51363",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootarm.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "34cf714a-cbf0-4339-afb8-bae3643a4075",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "FE0E58846C40717FEDE6A1E0D6A0546CBF8B8CF0B82258FC16D05BAB58107D34"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "AA38D5E097A9853A25A1DAA838ED83BC43569DB871FDF24888512A434024A866",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "7ca92d66-191e-469f-8320-a1f67a1eaa64",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "DB1E5C6152A28D3EB6B1AFEAAD4974F3654AC6FBBE769D870ABB74EDE632B9E5"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "AB66D5C1C320900FC15984D7E1D44331411F2339DA9376F3E9BC2A4CB9B06014",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\shim-sles.efi } }",
+            "Description": "This was provided by SUSE Linux Products GmbH and revoked Apr-21",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "795fbec7-a5f6-4e5d-b2c3-c968bf758e26",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "040B3BC339E9B6F9ACD828B88F3482A5C3F64E67E5A714BA1DA8A70453B34AF6"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "shim-sles.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "3166EE4CE65D10105DEEE3A0163E236AC872E2C45652DC1DD78F8CE984463C12",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "shim-sles.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootx64.efi } }",
+            "Description": "This was provided by Alt Linux LTD and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "cce60051-3b8f-4752-9e76-a1098bc803b6",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "cf8d4c0a11aef346e68e0187814ac953",
+                    "SHA1": "51e223e52d59a6e2e4df6614cfa47525722f127d",
+                    "SHA256": "8c0349d708571ae5aa21c11363482332073297d868f29058916529efc520ef70"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootx64.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "f38a930c417139cd5ccfe3ff2277b4c7",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "b304b38b615184a936502bfb705bf254ab41ee32",
+                "SHA256": "c4b5797189521611b809720ed9c4734f1dec8a2ee2597781ffe438f652a58ce5",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.54595045365008,
+                        "Virtual Size": "0x2b138"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.7842520391300999,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.2037054998928167,
+                        "Virtual Size": "0xdd10"
+                    },
+                    ".rela": {
+                        "Entropy": 2.649841454143249,
+                        "Virtual Size": "0x1b0d8"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".text": {
+                        "Entropy": 5.6443502666559935,
+                        "Virtual Size": "0x959be"
+                    },
+                    "/14": {
+                        "Entropy": 4.934638497318441,
+                        "Virtual Size": "0x64"
+                    },
+                    "/26": {
+                        "Entropy": 7.306150252866006,
+                        "Virtual Size": "0x414"
+                    },
+                    "/4": {
+                        "Entropy": 4.860485674278351,
+                        "Virtual Size": "0x18788"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "TBS": {
+                                    "MD5": "8d8a1f204c9c80213bd427fa58b387e2",
+                                    "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386",
+                                    "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0"
+                                },
+                                "ValidFrom": "2018-07-03 20:53:01",
+                                "ValidTo": "2019-07-26 20:53:01",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                },
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootarm.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "bca306da-15be-48c3-8a55-3165085410b9",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "731A31CC36C5A7D7445F9644CE4E850E99CC7962EF6E2DE98721447A1438D805"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootarm.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "AC390194D59EC41A1A01BD96417CFE79E833CD6BBCA820B5FCB35CC3FE99653B",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootarm.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootarm.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "eba694e7-6b97-4fd7-8e20-e26392cad8e7",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "86E9384C41F9339D9B0F80B48055D02BE5FF908860F2CEF63359E0D8B7937A27"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootarm.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "07463549E9B992F78E7E64BD24BCA93754EF3674F5F5D76C4D44F462060DF0B9",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootarm.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "68bce846-d710-4c06-a74c-bdf24a87157b",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "8bbbe505bcaf280a57c1bbd361585c0d",
+                    "SHA1": "df47daa733f498b29d1b3daf28724cc400710a63",
+                    "SHA256": "2b21029fa033526d1dcd9e87ad8893f9b5a08987c3271b8a86716865de53d958"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2013-08-22 05:41:48",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.16384 (winblue_rtm.130821-1623)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "11ca417bc767273a9de7b1355cb2908e",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.16384",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "e754010390655ad90064d6113e5dd792",
+                    "SHA1": "235cedf98ee575630be68e22dcb4bdf096629ba4",
+                    "SHA256": "691116109e663ec85f12f05de1670ed2caa11b641bdcccb4d2a8907a46033e0e"
+                },
+                "SHA1": "8de2b54c1204ea7491174a94c1a283695952155b",
+                "SHA256": "0b16ad93ee38243d72ff0acd790107767b6d7d3563a4ba8edb7a23eec5c8d531",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.568362788596972,
+                        "Virtual Size": "0x6b250"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.052020537215353,
+                        "Virtual Size": "0xa47c"
+                    },
+                    ".rdata": {
+                        "Entropy": 5.839311515562025,
+                        "Virtual Size": "0x1dd44"
+                    },
+                    ".reloc": {
+                        "Entropy": 2.343044695048387,
+                        "Virtual Size": "0x2028"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4707613356348475,
+                        "Virtual Size": "0xfd10"
+                    },
+                    ".text": {
+                        "Entropy": 6.4695047421671195,
+                        "Virtual Size": "0x143d82"
+                    },
+                    "PAGE": {
+                        "Entropy": 6.540359913399707,
+                        "Virtual Size": "0x1669"
+                    },
+                    "PAGER32C": {
+                        "Entropy": 6.359590728392211,
+                        "Virtual Size": "0x3d09"
+                    },
+                    "PAGER32R": {
+                        "Entropy": 7.124151697179559,
+                        "Virtual Size": "0x100"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+                                "Signature": "78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "28b23b39f3bbd936a26a5b86451be0ac",
+                                    "SHA1": "3b16f29295d5a7c323beb479c71d3d20c6b8acc2",
+                                    "SHA256": "4383c9a796dc607ddaae1849d8e5d2e7ea211aad2c599fe1e251285ec87dd150"
+                                },
+                                "ValidFrom": "2013-06-17 21:43:38",
+                                "ValidTo": "2014-09-17 21:43:38",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "7c5fa8fd-40fd-437f-a2cd-e21aaa43336f",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "633F9806BC96A831CC2C8D521D71E9EBD02180DABA1A50978EF6B72E5034E9EF"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "176693F4060E5330AE384BBB5470A0F3C936EC725DAABA81D5DB2B820141D282",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "e06e3faf-46e8-4902-9bd7-69b462d292d2",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "B4938ED2FF001B73EF31E5BBBEBE1D6DBB7D9888A9FBE5251A52A5ED016652CF"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "3EBB964E2D24C5D0F2E07972A9F143B73161344790E960463BF9C229000848C1",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Intel Corporation and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "a4e079d3-3919-4c47-84ba-9a7d7d1acbe0",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "D372C0D0F4FDC9F52E9E1F23FC56EE72414A17F350D0CEA6C26A35A6C3217A13"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "D8E8197BB6CB93157BAE6B4E63EFFA60BB49628DEBB6F771F154C229F4205DB3",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "a4e079d3-3919-4c47-84ba-9a7d7d1acbe0"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "84dbe789-ccc2-4988-a6f0-b4c74b74e133",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "f0056ccaf2bb46ff7e936a2e371f94b7",
+                    "SHA1": "56b864169cb1f986f5103c248d6e83caab52154c",
+                    "SHA256": "065d94b9ea00397a2addb747e1e0978e4de6bf175339778fb9b0760fec3d3b61"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2014-04-26 13:28:07",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.17109 (winblue_gdr.140426-0111)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "86f6426a9b47dc73eb8c8bafbb46799f",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.17109",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "f946cf9d5023059fc9f2140cd5b159d7",
+                    "SHA1": "13ecec12054fd579ab92638fb336a8a17c1264db",
+                    "SHA256": "f699df0555e9fe0fb7019c00aa9f4c2da8abeacc45ef7f11dd65541052afb896"
+                },
+                "SHA1": "c730aa1c864f3b802de8d123b5b883dc9b2ce81b",
+                "SHA256": "00550ccee4edfefd7b7fb54864d0aa5df059885e9e79ff80d4fb134b4487c05d",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.531675396212995,
+                        "Virtual Size": "0x6b2b0"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.086465742838075,
+                        "Virtual Size": "0xa4a0"
+                    },
+                    ".reloc": {
+                        "Entropy": 2.3314984387449065,
+                        "Virtual Size": "0x2020"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4710786971088847,
+                        "Virtual Size": "0xfd10"
+                    },
+                    ".text": {
+                        "Entropy": 6.504411864376694,
+                        "Virtual Size": "0x167854"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+                                "Signature": "78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "28b23b39f3bbd936a26a5b86451be0ac",
+                                    "SHA1": "3b16f29295d5a7c323beb479c71d3d20c6b8acc2",
+                                    "SHA256": "4383c9a796dc607ddaae1849d8e5d2e7ea211aad2c599fe1e251285ec87dd150"
+                                },
+                                "ValidFrom": "2013-06-17 21:43:38",
+                                "ValidTo": "2014-09-17 21:43:38",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\rhel-8.3-20200917-shim64-bit.efi } }",
+            "Description": "This was provided by Red Hat, Inc. and revoked Apr-21",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "3b5b838e-359b-483e-94e9-a1c1ed3077d6",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "40D6CAE02973789080CF4C3A9AD11B5A0A4D8BBA4438AB96E276CC784454DEE7"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "rhel-8.3-20200917-shim64-bit.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "258C72394A0D163E9196A16682D3881E6CB24171EDA78FE026CC9CA9BEBFF22E",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "rhel-8.3-20200917-shim64-bit.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootx64.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "b3f78afd-8a4f-444e-8561-b32a5d6015f1",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "CB95A4D2E0E02A5B56D059C9F223C2326753EA8C44D2E3FA6C4486629BE387A9"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootx64.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "C8AA71C72318CA43CBA4302FBAD12B474E7E4ED1B0EDA8A48CD71343A32FF155",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "6a65ed03-95af-404a-8ac0-95fa8ac8eb99",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "E7D9BDBCC68B5BED590C29B72DCA2B96779B8B68B12A47DED074B8F1B32F8FBE"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "0CF738DD9BEA4F3BA350C805AE7A59076147080BC46F1D6D6C994382E77F8486",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\shim-15+1533136590.3beb971-0ubuntu1/shim64-bit.efi } }",
+            "Description": "This was provided by Canonical Ltd and revoked Apr-21",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "f901491e-f41b-4b77-8f9f-f9e5a6f03c8c",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "75a7ca7cd2451ad3190c71a38c41ca02",
+                    "SHA1": "a60d97d18e48c13e38723508639f0600aa6888f9",
+                    "SHA256": "5bfe928eec15454be29504e8f592a4ce5908afe3284b9eeeb259b25145eea2ab"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "shim-15+1533136590.3beb971-0ubuntu1/shim64-bit.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "9c9e2e8f49820dbed91f5cae846bbadb",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "afc56df60e5ea5a55a1e21f76562d073a56ec46b",
+                "SHA256": "8844d9b3aea1568a7ff298e6dc12564c422dafae6510db377454ca6072861dde",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.618421307458241,
+                        "Virtual Size": "0x2f6d8"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.8630797231656377,
+                        "Virtual Size": "0x100"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.2098335666907074,
+                        "Virtual Size": "0xf2e8"
+                    },
+                    ".rela": {
+                        "Entropy": 2.6716229722395415,
+                        "Virtual Size": "0x1c6c8"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".text": {
+                        "Entropy": 5.636421874643909,
+                        "Virtual Size": "0xa0075"
+                    },
+                    "/14": {
+                        "Entropy": 5.1485772576861875,
+                        "Virtual Size": "0x84"
+                    },
+                    "/26": {
+                        "Entropy": 7.322772708526002,
+                        "Virtual Size": "0x449"
+                    },
+                    "/4": {
+                        "Entropy": 4.859622277775737,
+                        "Virtual Size": "0x1f018"
+                    }
+                },
+                "Signature": "",
+                "Signatures": {}
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "shim-15+1533136590.3beb971-0ubuntu1/shim64-bit.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\HfiPcieGen3 } }",
+            "Description": "This was provided by Intel Corporation and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "1387dafb-6dad-48b4-a186-98e52cac74b7",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "4dcaca83effd9b0a6fd63f766d4ec969",
+                    "SHA1": "bd9fc7d7672f8c70045b2fc6f9029064f1030763",
+                    "SHA256": "5890fa227121c76d90ed9e63c87e3a6533eea0f6f0a1a23f1fc445139bc6bcdf"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "HfiPcieGen3",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "36218d733c0afdd2d6dce6f616335a2f",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "96787a55f640b630ba6277197dbdfd14ecf3b87d",
+                "SHA256": "0ed1b0fae1a6e705d1b116d08b7184e0a2ee2a0e6b0c372ce69b40e9ef34579f",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 6.984348675206676,
+                        "Virtual Size": "0x3cb60"
+                    },
+                    ".debug": {
+                        "Entropy": 4.703183509474167,
+                        "Virtual Size": "0xc0"
+                    },
+                    ".reloc": {
+                        "Entropy": 6.692193979712798,
+                        "Virtual Size": "0x2360"
+                    },
+                    ".text": {
+                        "Entropy": 5.464301989959131,
+                        "Virtual Size": "0x36340"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "3300000024c1fb0e65d9747386000100000024",
+                                "Signature": "47f27d2f6c0691c8e54b4403f9ec6c6b4423a43467cca7e8cf8afe60457f3b5703cde9d840ac3dd35567d791af1d1146376ba1fba9a8a502b5c9601232f24349ca5c324d1806150540cc5823d7dd777b3166268a26734c21b32862e300c8ca42856ec161633c1a076f4213c4c2a63e2ffd0ee16a301ae0c6dba732bc500a5986742520022ce33746f96c4ea8641b2a68a902872a41a8e6701e96158ab91c54c6695bc736fa047ec57b40d732abeb61e34414454e6702ef7bc5518a0d77ab42ed5efc23b01683b5c3c95c4aeb564b6f76cdae4d2e33ac59fca4cfdeb4c215549e1f43b64fd3eb9ba35171be9dab9375a1a94107dd4f95bbf88e9c239136619e20",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "TBS": {
+                                    "MD5": "82b02850f57505f0830f6dd30b6aeffd",
+                                    "SHA1": "e600e0efe4030190c5e0cab9aaad72f4e76db429",
+                                    "SHA256": "1c1d5edaeb9a5feef85e34eb40607816e98464127723d284f99b69c0c15e42f7"
+                                },
+                                "ValidFrom": "2017-08-11 20:20:00",
+                                "ValidTo": "2018-08-11 20:20:00",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                },
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "SerialNumber": "3300000024c1fb0e65d9747386000100000024",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "HfiPcieGen3"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\gcdx64.efi } }",
+            "Description": "This was provided by Canonical and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "5f398d53-d42c-4c4c-acc2-b3766bf08b97",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "5b234f54fbe2396c8248e75ee4f691d2",
+                    "SHA1": "ba379da7ab2c2c99c24e004f4357da5cb6acaa6d",
+                    "SHA256": "e7681f153121ea1e67f74bbcb0cdc5e502702c1b8cc55fb65d702dfba948b5f4"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "2014-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "gcdx64.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "4a7dcdd069fcdf8d7319ea5e135403fb",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "f48de3320923666bd1a9690f993a6d83ed420c24",
+                "SHA256": "0ac2943abf5ef953b939247b74331fb2c437e405a81dd5569d9cff1d6183d53a",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 1.2839449201733235,
+                        "Virtual Size": "0xf000"
+                    },
+                    ".reloc": {
+                        "Entropy": 5.904300253815697,
+                        "Virtual Size": "0x1000"
+                    },
+                    ".text": {
+                        "Entropy": 5.571601531682557,
+                        "Virtual Size": "0xb000"
+                    },
+                    "mods": {
+                        "Entropy": 4.3228367643315035,
+                        "Virtual Size": "0x13e000"
+                    }
+                },
+                "Signature": "",
+                "Signatures": {}
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "gcdx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "fa8ffd8e-ef04-4510-bf93-34fe1fadc156",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "1510988D3DCCE120F22696A9E87B02E7FAD6367EF4AE8BFD54CDB528A5C48E99"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "E21231BE8A60E9FE94AD0D2202ED01C36E4AFC731A30659B8AC44C22B7377FBD",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootx64.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "af2bf5be-c938-4852-a9b2-14ecff96c414",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "13A1F37BEDFB5417B6B737E2A3816C8FD587D74D836914B2B2EDC9FD6CA30E58"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootx64.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "D19F5CAC6AA761C1F66C71B9B7A2D44DFF216B97BE10F66180F5E4EF084C9811",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "7489f724-a3b3-435d-b34e-9ca0a94c6ceb",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "9C259FCB301D5FC7397ED5759963E0EF6B36E42057FD73046E6BD08B149F751C"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "707BEEAE9B9CBF0D56AEE48AE398F127D3B52FD37D25B95C561CDA1DB5233C50",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "7489f724-a3b3-435d-b34e-9ca0a94c6ceb"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "11dd8dba-8b90-413b-b2eb-bdb05f573d2b",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "ddee4ca24adecb29457fd110f5a472ed",
+                    "SHA1": "c146c31c4634aa1a51fe611ace87a75464c5e199",
+                    "SHA256": "310949b7fd26af0e2e29e1c902ac198574f096d15836376c8b3ef2dd1fb5f1c5"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2012-07-25 20:40:16",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.2.9200.16384 (win8_rtm.120725-1247)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "bc78920fd9f058973d63495f36203685",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.2.9200.16384",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "fa6462badb7aa537a9d3ecf604e9fbd7",
+                    "SHA1": "caefdafc6f3620830b306d429c83bb077f6bdaa4",
+                    "SHA256": "4689fe3d6e35db99759219db2adef6cefa62105e8b636c0c5bd2a6bec395e471"
+                },
+                "SHA1": "edbde6908eebb8bd3197c1634769213b22e0b1b3",
+                "SHA256": "db9643f6d78c6c5bdc29b041660174324639be8b3bc6e247c8c2026e68c4e618",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 5.324535468894605,
+                        "Virtual Size": "0x54bf0"
+                    },
+                    ".rdata": {
+                        "Entropy": 5.358873830747045,
+                        "Virtual Size": "0x122b0"
+                    },
+                    ".reloc": {
+                        "Entropy": 6.124520370323963,
+                        "Virtual Size": "0x61b0"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.470569475120354,
+                        "Virtual Size": "0xfcf4"
+                    },
+                    ".text": {
+                        "Entropy": 6.642283438119681,
+                        "Virtual Size": "0xdd276"
+                    },
+                    "PAGE": {
+                        "Entropy": 6.499448286436215,
+                        "Virtual Size": "0x12ab"
+                    },
+                    "PAGER32C": {
+                        "Entropy": 6.57198166568606,
+                        "Virtual Size": "0x4805"
+                    },
+                    "PAGER32R": {
+                        "Entropy": 7.631412897966042,
+                        "Virtual Size": "0x380"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "610bbbd8000000000005",
+                                "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "158438012e4dcd69b27b762c9358cfa2",
+                                    "SHA1": "684ac167849404a4101f166b759f291a43d5f749",
+                                    "SHA256": "95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c"
+                                },
+                                "ValidFrom": "2012-04-09 20:55:50",
+                                "ValidTo": "2013-07-09 20:55:50",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "610bbbd8000000000005",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "57f3ded8-3e38-4146-88ad-92ae83c627d5",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "C0530BADC4D066D5C4B8B955023E9EFA7FB9337ECB7E1298E7CBA172D8680485"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "85C838E95601A4B1CFA64600FC4A16330CB50D575FB2E89ECAA08D6B12B50CDF",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "e12666fa-d6b3-449e-b3c3-18cf7a3d5b69",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "815D98AEE498CF27FD6648C7E02CFC0A4A88AA73237CBB2352FE38384A72683D"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "764D5B7F15EF539E0C8685DF62AB7CC7DBA3FCA50A08A8F7643D108A0A7FF757",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "7a216607-3204-4536-9507-a3beccc529a8",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "dd9b5d03a87f0e8ddba5df77f7a98999",
+                    "SHA1": "a18abd2b659c6d0eb756052a05e463f4c2eab7cd",
+                    "SHA256": "8ede7732284dab4aa384606ca07be29e72fded094597261a2f6473494a8aca0a"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2012-07-25 20:32:59",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.2.9200.16384 (win8_rtm.120725-1247)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "87b6d22295a16073d8d456fc574441a8",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.2.9200.16384",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "a387b0075e977009a7bb74d24fc388de",
+                    "SHA1": "345e019b25904c911be9e3b6a9e2b0bb18652b04",
+                    "SHA256": "e04ed5674c66abbab401efb6e21e2481d4cbc485e5c8a6d34419bd7c8cc9fdad"
+                },
+                "SHA1": "0c26596b3297d5e5a06f8d3788579edc7895a622",
+                "SHA256": "783d088ce72996a064c0da796579475e0aef23c5e6e0e5905c98571bf8620e20",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.629726747704923,
+                        "Virtual Size": "0x63cf0"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.004535487649427,
+                        "Virtual Size": "0x8e80"
+                    },
+                    ".rdata": {
+                        "Entropy": 5.41880175126111,
+                        "Virtual Size": "0x19b44"
+                    },
+                    ".reloc": {
+                        "Entropy": 2.706444085925694,
+                        "Virtual Size": "0x1ab4"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.47076835529837,
+                        "Virtual Size": "0xfcf4"
+                    },
+                    ".text": {
+                        "Entropy": 6.4845800528218485,
+                        "Virtual Size": "0x109ee2"
+                    },
+                    "PAGE": {
+                        "Entropy": 6.510073701345747,
+                        "Virtual Size": "0x169e"
+                    },
+                    "PAGER32C": {
+                        "Entropy": 6.353527581631879,
+                        "Virtual Size": "0x3d48"
+                    },
+                    "PAGER32R": {
+                        "Entropy": 7.631412897966042,
+                        "Virtual Size": "0x380"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "610bbbd8000000000005",
+                                "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "158438012e4dcd69b27b762c9358cfa2",
+                                    "SHA1": "684ac167849404a4101f166b759f291a43d5f749",
+                                    "SHA256": "95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c"
+                                },
+                                "ValidFrom": "2012-04-09 20:55:50",
+                                "ValidTo": "2013-07-09 20:55:50",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "610bbbd8000000000005",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Intel Corporation and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "b089a9fd-d664-400b-b66c-158cd1848428",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "81A8B2C9751AEB1FABA7DBDE5EE9691DC0EAEE2A31C38B1491A8146756A6B770"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "D4D97AEAB61079D3EB0E55794504991DD1BEB0F200315718FFE44BAE89F8F330",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "b089a9fd-d664-400b-b66c-158cd1848428"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "58907c65-5be5-4821-9c87-8d27b5a8840d",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "17C2B5B96693CDC2951C89DDE641D14716063F5FC8795CEBC635378B73044E8B"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "376E727A97432EE289CE9485988E24C0E20321DDC45443D7916D20D9C8824883",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\shim-0.8-0ubuntu2/shim64-bit.efi } }",
+            "Description": "This was provided by Canonical Ltd and revoked Apr-21",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "eff3ed05-f849-4ea0-9f4f-1af40e48c368",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "e5569162d84d9553c5cb32345e717a9e",
+                    "SHA1": "64a3960e247176d3389e64a2a61a3be0782dde88",
+                    "SHA256": "e6ed1aaa082e63c15be118462ad2d14cee3bd9cdd81db5c8801b33ade2183d50"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1970-01-09 20:05:41",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "shim-0.8-0ubuntu2/shim64-bit.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "1feeb7cf14b7809b43c9044ff910afd2",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "5a9676753387c0f2b6bf9bae87605b78667df8f1",
+                "SHA256": "45ec69179be0f20088f10be909fc8b6104f85607db0a556482fee9384eb4d52b",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.508686595222319,
+                        "Virtual Size": "0x2d718"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.8424565006028102,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.209835026586944,
+                        "Virtual Size": "0xe538"
+                    },
+                    ".rela": {
+                        "Entropy": 2.603259641312489,
+                        "Virtual Size": "0x29598"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".text": {
+                        "Entropy": 5.587299575684047,
+                        "Virtual Size": "0x9f5ec"
+                    },
+                    "/14": {
+                        "Entropy": 7.322772708526002,
+                        "Virtual Size": "0x449"
+                    },
+                    "/4": {
+                        "Entropy": 4.8448409206206575,
+                        "Virtual Size": "0x161e0"
+                    }
+                },
+                "Signature": "",
+                "Signatures": {}
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "shim-0.8-0ubuntu2/shim64-bit.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\shim64-bit.efi } }",
+            "Description": "This was provided by VMware, Inc. and revoked Apr-21",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "3e375fd6-edc4-48ff-801e-cf5d4fef7d2e",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "1142A0CC7C9004DFF64C5948484D6A7EC3514E176F5CA6BDEED7A093940B93CC"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "shim64-bit.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "10914C967939CA831D9D39B87332A6E8882FE99901DC0E4DE4931CA5A065B9FF",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "shim64-bit.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "cede5464-786a-4472-9b83-cbf540f90d1e",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "D455A3C084DF64CF66DC1D2BAB352C74AAF66035058DF1143EFBDD4298AA4527"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "E9F55F39797D7ADAA99F2FE4138D413A10539C9663976B055A705A76C6A916D4",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootx64.efi } }",
+            "Description": "This was provided by NTI Corporation and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "9ae39650-46fc-402d-a4dc-569ce8411039",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "fcc5a83e211d451fcb6f8082cc598ea0",
+                    "SHA1": "20ad14d6ff96fc1dde5df105e0b71cebc77f5b48",
+                    "SHA256": "e051b788ecbaeda53046c70e6af6058f95222c046157b8c4c1b9c2cfc65f46e5"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1970-01-10 18:41:20",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootx64.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "e2be3deb5a33615e127a7b2930bb544a",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "608df8090d9d8b9aa3ef02b395415edb65d9be6d",
+                "SHA256": "7b5dfe4f9e4ee68e3cdd9c91bcae26db334d49ae4c1f9525cecd834de48df110",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.609462071845652,
+                        "Virtual Size": "0x2c678"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.8424565006028102,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.2058008626392853,
+                        "Virtual Size": "0xe520"
+                    },
+                    ".rela": {
+                        "Entropy": 2.602685601595089,
+                        "Virtual Size": "0x29598"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".text": {
+                        "Entropy": 5.5918453515116635,
+                        "Virtual Size": "0x9f72b"
+                    },
+                    "/14": {
+                        "Entropy": 0.6143694458867568,
+                        "Virtual Size": "0x12"
+                    },
+                    "/4": {
+                        "Entropy": 4.842008275901556,
+                        "Virtual Size": "0x16238"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "3300000010a4912943d94ce62e000100000010",
+                                "Signature": "2b1b08b20674b8acbad524875a42f0b4d4ba6df424b9adb1e83c9309e657fe499f386cdf93a4f71393ab57da5eee4e346ebccdf9a7e990b44a76433af4071e90ee0e0fc8744003f9afe6bdda1cbd132fef8235d39c932bb9960f52bbea2062ed773a52beef26b333f603d8e9a0a9652c222a013cb1bd44bb5dc96c1a4135284c91784f0d66a2d7d97c59e26fd19d645e730b656d56e7a8166f228a751a745c4491f1865c8d5a4b1bf61fd4a564811e32699deff03a3328829cd888ae53fccb0819957ee499a2ad79d1c1d73ef7324562bee86575193983b41f66c12c95eb5d171df5c4beda799c4fb314e8e27bc47b195e1c8a2cd2d3bfbb29c8264ebddf95da",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+                                "TBS": {
+                                    "MD5": "61509fd4e01160eb7d8007dc182bee5b",
+                                    "SHA1": "febd34ec96d90e498d9b6fa54d7fab80ce1464d3",
+                                    "SHA256": "7d79e52d96bc7c571299d90c3bc4bff9d08e36eb74b7e8b0cd69114980737953"
+                                },
+                                "ValidFrom": "2014-10-01 18:02:10",
+                                "ValidTo": "2016-01-01 18:02:10",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                },
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "SerialNumber": "3300000010a4912943d94ce62e000100000010",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "463dc6a9-273b-448d-b189-ec577fc29317",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "E9C71B7CD5A4DF0BA48D2CA48E6C468E657257F73F66017DE45E18EE746ED7D5"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "C2B1E1BB8F016D310FEA7225EEF9DC6B6F0E33E5C9DD74E9F24835DF6287296E",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\BOOTX64.EFI } }",
+            "Description": "This was provided by Red Hat Inc. and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "d159a67f-5512-4922-bc1e-5c675a73d0cb",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "69843fea4e1051a4614a17f5bc8daf97",
+                    "SHA1": "84958a487eb9b1c6d55883e3c32361132c1fe214",
+                    "SHA256": "3ece27cbb3ec4438cce523b927c4f05fdc5c593a3766db984c5e437a3ff6a16b"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "2014-10-02 09:13:35",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "BOOTX64.EFI",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "d0be4e86a7eaa87c849e3e137c3471dd",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "1ed0450060202cea44d69a503da1b33004a963dc",
+                "SHA256": "df4e1cf6eaf602f99849ddb6802bd91fb13cd5c3f9fb420250d8a3d750642efa",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.599000636926533,
+                        "Virtual Size": "0x2c458"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.8424565006028102,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.2071099501580793,
+                        "Virtual Size": "0xe508"
+                    },
+                    ".rela": {
+                        "Entropy": 2.6016627065866507,
+                        "Virtual Size": "0x29598"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".text": {
+                        "Entropy": 5.592324512235591,
+                        "Virtual Size": "0x9f80e"
+                    },
+                    "/14": {
+                        "Entropy": 7.338341139988703,
+                        "Virtual Size": "0x3e2"
+                    },
+                    "/4": {
+                        "Entropy": 4.8404117804324684,
+                        "Virtual Size": "0x16238"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "3300000010a4912943d94ce62e000100000010",
+                                "Signature": "2b1b08b20674b8acbad524875a42f0b4d4ba6df424b9adb1e83c9309e657fe499f386cdf93a4f71393ab57da5eee4e346ebccdf9a7e990b44a76433af4071e90ee0e0fc8744003f9afe6bdda1cbd132fef8235d39c932bb9960f52bbea2062ed773a52beef26b333f603d8e9a0a9652c222a013cb1bd44bb5dc96c1a4135284c91784f0d66a2d7d97c59e26fd19d645e730b656d56e7a8166f228a751a745c4491f1865c8d5a4b1bf61fd4a564811e32699deff03a3328829cd888ae53fccb0819957ee499a2ad79d1c1d73ef7324562bee86575193983b41f66c12c95eb5d171df5c4beda799c4fb314e8e27bc47b195e1c8a2cd2d3bfbb29c8264ebddf95da",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+                                "TBS": {
+                                    "MD5": "61509fd4e01160eb7d8007dc182bee5b",
+                                    "SHA1": "febd34ec96d90e498d9b6fa54d7fab80ce1464d3",
+                                    "SHA256": "7d79e52d96bc7c571299d90c3bc4bff9d08e36eb74b7e8b0cd69114980737953"
+                                },
+                                "ValidFrom": "2014-10-01 18:02:10",
+                                "ValidTo": "2016-01-01 18:02:10",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                },
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "SerialNumber": "3300000010a4912943d94ce62e000100000010",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "BOOTX64.EFI"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\rhel-7.9-20200909-shimia32.efi } }",
+            "Description": "This was provided by Red Hat, Inc. and revoked Apr-21",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "146ba6ae-683a-4c91-b076-c267a77bbd47",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "2B7A7A4DAFC35E49D03CBE7118E6BA4582401E1776B9C18A2597725B05A605F1"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "rhel-7.9-20200909-shimia32.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "FE924700AC79DC4689ADD5F7C6761E0D60E665A65F9572B43915010881B0BFBC",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "rhel-7.9-20200909-shimia32.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "cfec0cca-c6b7-4327-a2d8-7dca0515e161",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "36B7CDB6564C58CB54895B6D2C73F88D2908BCBD693BFD253945BD31E3EE81BC"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "C1136125F38F6B76285AE4F1A0068F49819CBB5B57F6AB85960640F93FEC21BD",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Fedora Project and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "dbc9e79d-2655-4892-81fe-830383602432",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "2B2298EAA26B9DC4A4558AE92E7BB0E4F85CF34BF848FDF636C0C11FBEC49897"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "E1DC3EF55626A4CF6DDC425A353208F309271B8A9FDBF8964082FB08DFB7A170",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "dbc9e79d-2655-4892-81fe-830383602432"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\shimia32.efi } }",
+            "Description": "This was provided by Oracle America, Inc. and revoked Apr-21",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "afc98e92-1064-426a-87de-35479bc19474",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "F7E4C7FB10755AC534BCDF61AA7FA18539E42E061C247891E9BA42E17290C742"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "shimia32.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "1BBE108A0DA8A6A15221BA576E985B4240AD603D7D967F710428A9CB53B97B0B",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "shimia32.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "23d2d4cc-fb8c-43d8-b736-ae5c4fc3cd96",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "691BA3414E78622581BC519BAF0BCB16FB262D3ABBD8639F3E0ECA2A29F99406"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "C1B24EBFE119C27A2E5EDD4267EEF37B2CD14FBBD8688DE27E08AF89996DB468",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\BOOTx64.efi } }",
+            "Description": "This was provided by whitecanyon and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "cab29561-a4b4-4cb1-b6c6-115700991af8",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "df444af8d4fa4d4b0bf54cdd266ea4b6",
+                    "SHA1": "358f886257db7011d5a38b1e1bc7908a302392d5",
+                    "SHA256": "ad3be589c0474e97de5bb2bf33534948b76bb80376dfdc58b1fed767b5a15bfc"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 22:05:22",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "BOOTx64.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "16e6180b7edfa353678a459079afa5db",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "a9874a4b39d64c5116a663883834c2e789b87f99",
+                "SHA256": "50484376441815f7f85aa294290a9b6072a6a9e8feae79447c5c4de855c5a3d3",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.47065286455017,
+                        "Virtual Size": "0x29938"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.8257898339361436,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.2089463615530573,
+                        "Virtual Size": "0xdbd8"
+                    },
+                    ".rela": {
+                        "Entropy": 2.6492203474275433,
+                        "Virtual Size": "0x1aee0"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".text": {
+                        "Entropy": 5.6427037826640545,
+                        "Virtual Size": "0x955b3"
+                    },
+                    "/14": {
+                        "Entropy": 5.2339069016332305,
+                        "Virtual Size": "0xc9"
+                    },
+                    "/26": {
+                        "Entropy": 7.287209418645642,
+                        "Virtual Size": "0x415"
+                    },
+                    "/4": {
+                        "Entropy": 4.84610218490152,
+                        "Virtual Size": "0x18860"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+                                "Signature": "6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "TBS": {
+                                    "MD5": "a5052527524f4998a7bd87f396196fe8",
+                                    "SHA1": "2374a3e4f0499d106f0e4d71a22f7b0e709847c0",
+                                    "SHA256": "f5b4992e0bd1b102ae9d5aeec4bd213f5dd042bd27b9a345ad336d2dda10a138"
+                                },
+                                "ValidFrom": "2017-08-11 20:20:00",
+                                "ValidTo": "2018-08-11 20:20:00",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                },
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "BOOTx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "e1e05cba-138a-4879-84c6-0ab872d03ea5",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "34dc51ef7732132306a90266b0dcaf95",
+                    "SHA1": "4f92bc4253c99fb31787f7b1501b0f3af801534a",
+                    "SHA256": "0328f7dd12b552efa7a9e083730333b85f3f4e83d39387fc531863b422f75cc8"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2015-09-29 08:01:44",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.18067 (winblue_ltsb.150929-0600)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "aad10724a4a2b676a69459a61124efec",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.18067",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "2fbc53c18b773e0990639d636825b0ba",
+                    "SHA1": "2a1d3ef0d46e4b8b403cdf0c29bcefbe41250cb3",
+                    "SHA256": "d1a38cd90fba6fb39948b1c0ee836f9542268bb74c4379963c2920d11f696f22"
+                },
+                "SHA1": "e41e22000179036196670a70b71dc199f503f803",
+                "SHA256": "25933d1597ead1c390abc59433aec7c8f955c588551024c88c6388afbc84ed40",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.539922885880969,
+                        "Virtual Size": "0x6b290"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.0876428216562735,
+                        "Virtual Size": "0xa518"
+                    },
+                    ".reloc": {
+                        "Entropy": 5.3873912473580265,
+                        "Virtual Size": "0x960"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.471196048302116,
+                        "Virtual Size": "0xfd10"
+                    },
+                    ".text": {
+                        "Entropy": 6.489801499882737,
+                        "Virtual Size": "0x169a84"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+                                "Signature": "60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "f31f8c784e5d3986ccacb9c88c6d7044",
+                                    "SHA1": "833498af9a41da339c83e0d384b521f72d053331",
+                                    "SHA256": "1f47e616b2810165968d76ef4f6587611c276f4b52901bd6aa5822f9c6e52976"
+                                },
+                                "ValidFrom": "2015-08-18 17:15:28",
+                                "ValidTo": "2016-11-18 17:15:28",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "c348343b-faea-4c60-a0bd-c140a51ca9f0",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "9DEBCA159F7892D56C94614C469CF37C8DA035683B1251FC4E6EC0EF2EEE720E"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "4A62256316FBC805231420BAA4668B26023AE08B1BC7203A71C28905D19C817A",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "b262ea41-bb3c-4682-9a8d-a4e52e495c6c",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "9ac88694e8ed9aee8005b00700994fd1",
+                    "SHA1": "f1fcc53669caf87c89c1acec550dc9b989d5f4a8",
+                    "SHA256": "7a0294ba07a2aee3648afc0daf2efd526a5b76349ec906f819c03bc217257638"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2012-09-13 20:23:52",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.2.9200.20516 (win8_ldr.120913-1503)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "7f5843d48a960315b047e5231470e1b6",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.2.9200.20516",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "fa6462badb7aa537a9d3ecf604e9fbd7",
+                    "SHA1": "caefdafc6f3620830b306d429c83bb077f6bdaa4",
+                    "SHA256": "4689fe3d6e35db99759219db2adef6cefa62105e8b636c0c5bd2a6bec395e471"
+                },
+                "SHA1": "a9f1a7c49b57694d6f44de42e7675ccf07e0a57e",
+                "SHA256": "81199ecb7a384d04f4e0f5541af731ca6ab0a04f1e2d692b4c386e0f02f15009",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 5.32099548613425,
+                        "Virtual Size": "0x54bf0"
+                    },
+                    ".rdata": {
+                        "Entropy": 5.359607054105938,
+                        "Virtual Size": "0x122aa"
+                    },
+                    ".reloc": {
+                        "Entropy": 6.124599725636047,
+                        "Virtual Size": "0x61b0"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.470952087691717,
+                        "Virtual Size": "0xfcf4"
+                    },
+                    ".text": {
+                        "Entropy": 6.641518892559521,
+                        "Virtual Size": "0xdd286"
+                    },
+                    "PAGE": {
+                        "Entropy": 6.502474956779901,
+                        "Virtual Size": "0x12ab"
+                    },
+                    "PAGER32C": {
+                        "Entropy": 6.572183780133045,
+                        "Virtual Size": "0x4805"
+                    },
+                    "PAGER32R": {
+                        "Entropy": 7.631412897966042,
+                        "Virtual Size": "0x380"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "610bbbd8000000000005",
+                                "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "158438012e4dcd69b27b762c9358cfa2",
+                                    "SHA1": "684ac167849404a4101f166b759f291a43d5f749",
+                                    "SHA256": "95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c"
+                                },
+                                "ValidFrom": "2012-04-09 20:55:50",
+                                "ValidTo": "2013-07-09 20:55:50",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "610bbbd8000000000005",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "c7e48901-5dda-4d9a-b064-9ec8e51efc06",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "6CFDDB6203F254D38A5BCDD4173D51647A487CA70AB21326ACA0A03BB3D2BAC0"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "0876FD237955DB876744D5AEFBBF0DB3771AA2603233E123B39F4E772FC3B457",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Intel Corporation and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "73fc4a00-2d2f-46c4-a597-bd0cc015dfdc",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "BEF7663BE5EA4DBFD8686E24701E036F4C03FB7FCD67A6C566ED94CE09C44470"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "690B765C38BE3FBA65B829677D98A67943F92E24E9860EE2A13273F5932B8A0A",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "73fc4a00-2d2f-46c4-a597-bd0cc015dfdc"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\BOOTX64.EFI } }",
+            "Description": "This was provided by Red Hat Inc. and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "2cb09869-230c-4114-a4ec-a744b3181282",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "418f5f26299f7eb90d5659caff5388a3",
+                    "SHA1": "d076bcca3841b8c400b4ae3317ea65de33782094",
+                    "SHA256": "9f1863ed5717c394b42ef10a6607b144a65ba11fb6579df94b8eb2f0c4cd60c1"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1970-01-10 14:01:04",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "BOOTX64.EFI",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "390218e8b12b9b5a8985baf49e163930",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "d8f34bcb62883019182a69e25f0b71caa3fcabdc",
+                "SHA256": "0e99607b20d537497169c506c6893243d3f1bd5960505c1566bd97c0a741adfb",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.4633509004578,
+                        "Virtual Size": "0x2a358"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.809123167269477,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.2029723126169776,
+                        "Virtual Size": "0xdd88"
+                    },
+                    ".rela": {
+                        "Entropy": 2.6478060576511773,
+                        "Virtual Size": "0x1b0a8"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".text": {
+                        "Entropy": 5.640931943255041,
+                        "Virtual Size": "0x96ce3"
+                    },
+                    "/14": {
+                        "Entropy": 5.127727685417211,
+                        "Virtual Size": "0x84"
+                    },
+                    "/26": {
+                        "Entropy": 7.339046392262435,
+                        "Virtual Size": "0x9c7"
+                    },
+                    "/4": {
+                        "Entropy": 4.850383937155969,
+                        "Virtual Size": "0x18c28"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "TBS": {
+                                    "MD5": "8d8a1f204c9c80213bd427fa58b387e2",
+                                    "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386",
+                                    "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0"
+                                },
+                                "ValidFrom": "2018-07-03 20:53:01",
+                                "ValidTo": "2019-07-26 20:53:01",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                },
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "BOOTX64.EFI"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootx64.efi } }",
+            "Description": "This was provided by TeraByte Inc. and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "e314abb1-31d1-460f-9df0-f437263d9e71",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "50588d1cf5701594eefb3eb90f401614",
+                    "SHA1": "8a6738664c7dd6a99dbbd32c0c43432e9f88c85a",
+                    "SHA256": "9d00ae4cd47a41c783dc48f342c076c2c16f3413f4d2df50d181ca3bb5ad859d"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "2014-09-04 13:05:11",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootx64.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "c2d60556e72219f9d4dd063a6843aa37",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "83720b7f32ce09df641395f39a86bc48b3e8a9b8",
+                "SHA256": "d809eddc88a14239e8a069fa71f81f3e4af4dc293f7575d71d597c80f8767816",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.597286314345456,
+                        "Virtual Size": "0x2cab8"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.8341231672694769,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.2071015337175828,
+                        "Virtual Size": "0xe520"
+                    },
+                    ".rela": {
+                        "Entropy": 2.6053915011200695,
+                        "Virtual Size": "0x2aa50"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".text": {
+                        "Entropy": 5.588107260830429,
+                        "Virtual Size": "0x9f2be"
+                    },
+                    "/14": {
+                        "Entropy": 0.6143694458867568,
+                        "Virtual Size": "0x12"
+                    },
+                    "/4": {
+                        "Entropy": 4.836197087741231,
+                        "Virtual Size": "0x161d8"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000000a6642f3f49fb7379600010000000a",
+                                "Signature": "2a27d6bd2f34c68a9989ec856449fe4934ad5c0615ec5819664399053737a86be46c914b9478ce393534b759eec5eb6f015b706b853f1d2be51fe9807b178eaa9e0f9558d6a5d913c58c7492cbad106abb7395426801a42f363842e60bf72d046668865db5d8ce2c901c9673044d05abb74c171ac198c0f9376bb9185ec7523bb53e6d2c114642ffbfbe20efc6c2571c2006159cb70ff2c428e997f6ce83bf57ad9a47c47decce9830cf861a156471c62600a0260b44e29ea8e6e33c407c046f37be4a46dcaf38c018b24f969beb716d8e76cebc3d1d19134ed6f216cc2e357848b4998196ebd7326bca3e3ade1ba88e98612a569a46a1f45856f4e2dfa02a5d",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+                                "TBS": {
+                                    "MD5": "c52110f552e27ebb1e3fae114abafb3f",
+                                    "SHA1": "4954e087123653ce38da4cdd31141b6a1bb999e4",
+                                    "SHA256": "1cf7d28cfb21714522a9c91dda9d899ceadb0769f14b25e770799d88365aa54c"
+                                },
+                                "ValidFrom": "2013-09-24 17:54:03",
+                                "ValidTo": "2014-12-24 17:54:03",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                },
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "SerialNumber": "330000000a6642f3f49fb7379600010000000a",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "a7cc38fb-91b2-4e2c-a0a9-2a6051c31cb5",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "8A03960BDEA6A4953AC50A2BBF9317BE228C2EBBC299E1E90CC7C6EB18F43B94"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "E785D139C9F008F9135EDFAD44492D11D09B83373ABE74AD45B7CADD25EBB464",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Oracle Corporation and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "07ce0c22-0e7a-4f68-91e2-61a9d9cd566f",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "65F3C0A01B8402D362B9722E98F75E5E991E6C186E934F7B2B2E6BE6DEC800EC"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "6A86152DF323185DCD535369C94B9226FEB6AAB4479C00A4A916B4E82E4A85FE",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "07ce0c22-0e7a-4f68-91e2-61a9d9cd566f"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootaa64.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "2297fba2-2316-41a2-93f7-20ea8c9f6b98",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "A1A59CC2784246AD693B1DF151454642324E89C898566A59906891F48089ECE9"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootaa64.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "2674036BC5EE2446739FBBBE21F8480DA23AD5E98A6768754B4C9B9FC37EF2E2",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootaa64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\Signed_14173467011297444/shimia32.efi } }",
+            "Description": "This was provided by Debian and revoked Apr-21",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "40519b35-c303-4cb2-aa20-c08545506e08",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "b857ca99527ef8704d481f4901948705",
+                    "SHA1": "e4e5ede245103cde830e02c847c59abeeea32025",
+                    "SHA256": "a8a3300e33a0a2692839ccba84803c5e742d12501b6d58c46eb87f32017f2cff"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "Signed_14173467011297444/shimia32.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "c77a847cc9c46de840d61ec8e3453f29",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "cba6f1df00f5220288d92686d84ae7e10c950c32",
+                "SHA256": "a80b37c9749d6f2c2fdf64922a3142eb0fd63c72fd2989d7e75dcb4be367299a",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 5.281293400299073,
+                        "Virtual Size": "0x23764"
+                    },
+                    ".dynamic": {
+                        "Entropy": 1.4765954737895086,
+                        "Virtual Size": "0x80"
+                    },
+                    ".dynsym": {
+                        "Entropy": 4.417215138757397,
+                        "Virtual Size": "0xa1e0"
+                    },
+                    ".rel": {
+                        "Entropy": 3.5626097123135003,
+                        "Virtual Size": "0x9798"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".text": {
+                        "Entropy": 5.854758369929387,
+                        "Virtual Size": "0xa0537"
+                    },
+                    "/16": {
+                        "Entropy": 7.435250663075391,
+                        "Virtual Size": "0x57a"
+                    },
+                    "/4": {
+                        "Entropy": 5.064013199597692,
+                        "Virtual Size": "0x69"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "TBS": {
+                                    "MD5": "8d8a1f204c9c80213bd427fa58b387e2",
+                                    "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386",
+                                    "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0"
+                                },
+                                "ValidFrom": "2018-07-03 20:53:01",
+                                "ValidTo": "2019-07-26 20:53:01",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                },
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "Signed_14173467011297444/shimia32.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "b429b35f-a9c3-4de9-a7be-da2b2c688a02",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "B420509D0D69B294633FD7AE2C36B2B549D45A6A863EF16843A1116A11127F56"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "02FF707BE8808663B2CC33286630839DD7B14AC8E2340F4661870B18A9621D9D",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\rhel-7.9-shim-20200726-shimia32.efi } }",
+            "Description": "This was provided by Red Hat, Inc. and revoked Apr-21",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "a2e0c2d5-a9f3-43f2-83f0-41235cae223d",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "2629AE14B467DA5DF8E9EB6F1ADC1A9F50A78DBC3C246271C8530D0D35997A4C"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "rhel-7.9-shim-20200726-shimia32.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "DEF0CE090F4C6B203C317558D43D015427311475231E8CE9B2E00AC0C18D3922",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "rhel-7.9-shim-20200726-shimia32.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "73fcc470-7c81-4385-8c78-933467e404cf",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "DE7F766E4454DA118A6C42BEE476C4BB66F660BFDB88DB572C4621C43EC1836E"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "35F731A87345B78EAC85100D339ED77CE83B7DF6151B401B446A79D9FEBCD36D",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "aa7f07a3-cedd-4752-b1fd-0e8043dd54e6",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "97A8C5BA11D61FEFBB5D6A05DA4E15BA472DC4C6CD4972FC1A035DE321342FE4"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "7C783057C245A34DFF5A9497C3CD4181FC80D06439884E12AD5D67A4F5266CD6",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "aa7f07a3-cedd-4752-b1fd-0e8043dd54e6"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "d0acb6e2-2647-424d-b438-eff9f1b605fd",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "1B9A8D23FFC211EFF6F12D17037EB076EA46562DEC937F44CC49D4AF1C119BA0"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "1B9A8D23FFC211EFF6F12D17037EB076EA46562DEC937F44CC49D4AF1C119BA0",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Fedora Project and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "c4189bae-54f2-4fe5-8978-dc3e1ddc20ee",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "78B4EDCAABC8D9093E20E217802CAEB4F09E23A3394C4ACC6E87E8F35395310F"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "9E5773C34073B8473BD1EBC9D4D50780A7CDF9EB767750107D4B0F45BC8EABE8",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "c4189bae-54f2-4fe5-8978-dc3e1ddc20ee"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "09476ffd-a0fd-4510-9e36-a20727c16b8c",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "5AAFC9F5F98DB75F8519D8652924932939760F00DF8827FA2A6E36DB265F21F8"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "A97E2E39DA89F16E0AFB9CF3A213205ED00BF2200A573812B5C5F56FDB8B2402",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "d569f749-c5fe-42ff-b6f9-8966a14d06af",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "a60e4ec04f4225b91e5ba2c607fd84da",
+                    "SHA1": "164e0544942fc32310285c8e8602244194c860b2",
+                    "SHA256": "fc736034ebab004776581ce9a6c112106dfddfabb315b1f0a4d0842d67308429"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2012-09-19 23:19:05",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.2.9200.16420 (win8_gdr.120919-1813)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "9caa5988ee5678dad93374ef1f4fd184",
+                "MachineType": "THUMB",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.2.9200.16420",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "cf754bf89d7037f778daec0827acbe4e",
+                    "SHA1": "d9585e21d15cc1e8ea347a17f536f3fc9ab67510",
+                    "SHA256": "dc9623ba46d2c0c39fd89d803d9c8649f6a3b20ebc9b4218da63da3b4fe19373"
+                },
+                "SHA1": "7b09d0dd2b0e37d91ee548a205ba53f8d5b02c7b",
+                "SHA256": "79baff384ed507030cbe328a3d6c04d13e77932f08d387f76cf2422fb3b2588b",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 5.598080350898377,
+                        "Virtual Size": "0x35b50"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.104261146987598,
+                        "Virtual Size": "0x4e50"
+                    },
+                    ".rdata": {
+                        "Entropy": 5.647467240821381,
+                        "Virtual Size": "0x10504"
+                    },
+                    ".reloc": {
+                        "Entropy": 4.664264175172123,
+                        "Virtual Size": "0x3b88"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.471356139350038,
+                        "Virtual Size": "0xfccc"
+                    },
+                    ".text": {
+                        "Entropy": 7.094146009062804,
+                        "Virtual Size": "0x86c9e"
+                    },
+                    "PAGE": {
+                        "Entropy": 6.9370198019728795,
+                        "Virtual Size": "0xf40"
+                    },
+                    "PAGER32C": {
+                        "Entropy": 6.8208156523893635,
+                        "Virtual Size": "0x2480"
+                    },
+                    "PAGER32R": {
+                        "Entropy": 7.631412897966042,
+                        "Virtual Size": "0x380"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "610bbbd8000000000005",
+                                "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "158438012e4dcd69b27b762c9358cfa2",
+                                    "SHA1": "684ac167849404a4101f166b759f291a43d5f749",
+                                    "SHA256": "95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c"
+                                },
+                                "ValidFrom": "2012-04-09 20:55:50",
+                                "ValidTo": "2013-07-09 20:55:50",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "610bbbd8000000000005",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "275664b6-bb50-43c5-9d04-b100ea9fe56b",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "0a0000705bbb68e7e712da6d3e638b2c",
+                    "SHA1": "af2f6de1a213564cfcef1588b157a5ea52ee54da",
+                    "SHA256": "f1cad3ac005b57d6e22ea57b9ebe1ee9e5052bdda499f5f2c1364317de87a794"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2013-09-25 02:06:36",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.16411 (winblue_gdr.130924-1807)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "a7077726554ee791e5a4b6e20ba8d557",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.16411",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "476ff7a2afe034c2194a948f1f780094",
+                    "SHA1": "1a999ada5820fb409ce7f2ec343e215caf2e07a4",
+                    "SHA256": "802de9524cf6556e6464828cc411f87a8fb3693742c5515126eb511122e9086a"
+                },
+                "SHA1": "6d3c3476f38f447586c8fc347dd545ebf3b83a15",
+                "SHA256": "3fda721bc5007eab23af6e0c56a6942a7925a858f0d801fbb21011ccf758893b",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.528276048554928,
+                        "Virtual Size": "0x6b230"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.076711122380285,
+                        "Virtual Size": "0xa3d4"
+                    },
+                    ".reloc": {
+                        "Entropy": 2.339034701100046,
+                        "Virtual Size": "0x2000"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4714597444382016,
+                        "Virtual Size": "0xfd10"
+                    },
+                    ".text": {
+                        "Entropy": 6.501476254289593,
+                        "Virtual Size": "0x164d34"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+                                "Signature": "78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "28b23b39f3bbd936a26a5b86451be0ac",
+                                    "SHA1": "3b16f29295d5a7c323beb479c71d3d20c6b8acc2",
+                                    "SHA256": "4383c9a796dc607ddaae1849d8e5d2e7ea211aad2c599fe1e251285ec87dd150"
+                                },
+                                "ValidFrom": "2013-06-17 21:43:38",
+                                "ValidTo": "2014-09-17 21:43:38",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootia32.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "e0432a67-4ec8-4281-b4c1-a800e1b615be",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "6A16ADA3FE0C5468F0A43FB2F597A42F3DA3218C88EE819BF799110CF7A79B6C"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootia32.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "84897E4405319DAB2822D63147F3DA90AC2A436A7D24EC5DD91B277AB6528FAB",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootia32.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\shim-0.7-0ubuntu4/shim64-bit.efi } }",
+            "Description": "This was provided by Canonical Ltd and revoked Apr-21",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "465c1250-966d-4d32-b168-3b2c614e17f2",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "2f0397316df4c2f34530fa28716256ae",
+                    "SHA1": "0c4ed758c59239c84740373a3a1da56d5d4b400b",
+                    "SHA256": "dd8f3f048db46f3983348d35cd77d121f56d856cf33234857073e25a7f450b2c"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:08",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "shim-0.7-0ubuntu4/shim64-bit.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "1bdc36814a6f20464e94616f0d98a521",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "093660339cf8e3fc1d8a80855e4f3a72e9a92f30",
+                "SHA256": "17864e719e9c61d84e29a3cedf2b63aeaecfc10867211efc3077dd216b0a4965",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.627610996610074,
+                        "Virtual Size": "0x2c078"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.8424565006028102,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.2048776341706633,
+                        "Virtual Size": "0xe490"
+                    },
+                    ".rela": {
+                        "Entropy": 2.6180499183854384,
+                        "Virtual Size": "0x29598"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".text": {
+                        "Entropy": 5.589734350916883,
+                        "Virtual Size": "0x9dd4b"
+                    },
+                    "/14": {
+                        "Entropy": 7.322772708526002,
+                        "Virtual Size": "0x449"
+                    },
+                    "/4": {
+                        "Entropy": 4.84229298761354,
+                        "Virtual Size": "0x16050"
+                    }
+                },
+                "Signature": "",
+                "Signatures": {}
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "shim-0.7-0ubuntu4/shim64-bit.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Oracle Corporation and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "e0a4512e-03fa-4db8-b7e0-8c8eb6f2bc8a",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "37A480374DAF6202CE790C318A2BB8AA3797311261160A8E30558B7DEA78C7A6"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "7C2FDA323F09B9BE6269BA979A620438413EBA4A93B2BA34F9B39998268AD9CD",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "e0a4512e-03fa-4db8-b7e0-8c8eb6f2bc8a"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "d69993da-b588-4dcf-aea1-5d11d9ca4dd7",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "FB0BBC256AEA5CF93DA99CF26481CC42F4E7BA6B32DB63B827620807E79E805C"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "271A4B174838286F6D4BB9FCE91A47FBC87B28BE586744BD42CD82CEF4600B72",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "5b0c97fd-1a72-4f30-af67-1f398fef3675",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "F3D38950A3CACF61C94DB9153576194E953B5785637159B3AA6F1E923220EAD4"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "37CAA54424C152D84DE63C288DF7CE27BA97B8671CF27DE4101066EEAE8BE90C",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "cd328e2d-3b59-4c94-a0e0-60b7f793db09",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "13DBA28447FDBE3C8A24FEE3EB88638CE1D8F97CD4925056C0AD0E91CA51237D"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "D6D10836B79E28ACE9E2BEC7EF9B67DC736ED6C1C8EA24D395DDAAF05B76CEBD",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\shim-0~20120906.bcd0a4e8-0ubuntu3/shim64-bit.efi } }",
+            "Description": "This was provided by Canonical Ltd and revoked Apr-21",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "f4e945a8-aa6f-48dc-822c-ff44ce513b70",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "D4241190CD5A369D8C344C660E24F3027FB8E7064FAB33770E93FA765FFB152E"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "shim-0~20120906.bcd0a4e8-0ubuntu3/shim64-bit.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "561EEF7131FFB079F75F6EC3E5738354A3C0EEB204863E7A4018B6409B7D26D0",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "shim-0~20120906.bcd0a4e8-0ubuntu3/shim64-bit.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "70316201-97eb-4739-a72b-abdcd208e20b",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "5EB2C76843B253ACBCECBB84767697128F000C18358C78C5BAF135A5996C037F"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "EFA5CA12CFC70DEA81EB71088B4BDBD44D5B45A8F8D81B7DB243D6A03A7F11C4",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootx64.efi } }",
+            "Description": "This was provided by VMware Inc. and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "e121cfa2-ee0c-4c6d-9b1a-1f48ce500b81",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "96c7007a1ef6ec8ae43756e1e3bf9807",
+                    "SHA1": "9574b0676b8540628d0db2f89a8d8bb7b43d863b",
+                    "SHA256": "5c5805196a85e93789457017d4f9eb6828b97c41cb9ba6d3dc1fcc115f527a55"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1970-01-11 04:25:12",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootx64.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "07349cf7c406343bb9a9a9d9eec50790",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "12f8b7152bf718ee95d9d9a8ebd50c1a8fbb9621",
+                "SHA256": "ef43b4b4a755494b10b7431527aead697feab6fa48cf4684cca4fb5b8cd09035",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.411854121188843,
+                        "Virtual Size": "0x2bad8"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.7957307370557809,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.2112511396406864,
+                        "Virtual Size": "0x10008"
+                    },
+                    ".rela": {
+                        "Entropy": 2.651762139832741,
+                        "Virtual Size": "0x1c3b0"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".text": {
+                        "Entropy": 5.620340849167797,
+                        "Virtual Size": "0x9a9c0"
+                    },
+                    "/14": {
+                        "Entropy": 5.337170840865167,
+                        "Virtual Size": "0xd7"
+                    },
+                    "/26": {
+                        "Entropy": 7.32428121292217,
+                        "Virtual Size": "0x3e0"
+                    },
+                    "/4": {
+                        "Entropy": 4.827964610163725,
+                        "Virtual Size": "0x1e8a8"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000001e0d8474951a966ce400010000001e",
+                                "Signature": "0141873b6d85a37b5ac2a306448d73b6be76f7682ad14efef7ce4b377f0f7a5fbefd76377d59dc2caccd28d1be3eb180a8b66ab19a853bd14c7d5e955e8f07bc2ee0686ac3a2c9e997bd9f58de6dc9b93900c6b7824f64bf415ac51ebaa3dcfe8ad4fc2a41ad95b372c421c4f87835a59867c244e1c8df142abc4b23579f57431565eb8de6a7a0318b2fd17f93876a335c9450d2531f6a877baf43a569f83703a68e49987ca3c6dd42a595827f5be49151d3b79ea262e38ef5b37bda5b1be3462baa6ccb313193cdba21ea3cb1e9bbc751a769f354d63a0d1de3158c67d47b765b92d580ed5f1f1cdb5f61774c4b66c7deb15f4c71d605106064f33a17d31ca6",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+                                "TBS": {
+                                    "MD5": "b6f099bf203668f11a8f79ab08792ed8",
+                                    "SHA1": "4713755a345940554eada6042e90b0151591fad6",
+                                    "SHA256": "62a02001fda2712f35e5ba5f619a6403b6a2c10570eab455fdc69455535f49bb"
+                                },
+                                "ValidFrom": "2016-11-17 22:05:37",
+                                "ValidTo": "2018-02-17 22:05:37",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                },
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "SerialNumber": "330000001e0d8474951a966ce400010000001e",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "4750d526-693a-4831-991f-4ace2cbe92ad",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "0D85DAAA481B1BE84320E12B5078794DA29628ACB43B69C8909D291BB995CA72"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "D764AC6251FD2641EEBBFBF7A5A95E212DF5997875990D90562CA65D5D966BAE",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "4750d526-693a-4831-991f-4ace2cbe92ad"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "96d26340-d5ec-43a8-b1e7-068f46a2aeaa",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "65B2E7CC18D903C331DF1152DF73CA0DC932D29F17997481C56F3087B2DD3147"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "A739C0624B7608F40645D417E79CE0B22FA568D885ACEBE51949F268565098B4",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "96d26340-d5ec-43a8-b1e7-068f46a2aeaa"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "c818cbe0-bc64-4557-a266-570214ebaaa8",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "8055EDEEB18561927DD5956BE9070C4503FEC783AA96F166F5F93FDBC3C2AB43"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "57B017C3A6AC4676B1852E407297158D1D471373DC299CF557832D9E3F13577A",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Unknown and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "0f4b6460-f81b-4770-8dfb-55224983a557",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "B8D6B5E7857B45830E017C7BE3D856ADEB97C7290EB0665A3D473A4BEB51DCF3"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "8516257431A250296A10F82A4795F9CF68E5C185CEAA2F6F77CA0942CBE0C999",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "0f4b6460-f81b-4770-8dfb-55224983a557"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by BITDEFENDER and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "064e9fe7-c5dc-4858-9006-e9b1e0e3001b",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "F2A16D35B554694187A70D40CA682959F4F35C2CE0EAB8FD64F7AC2AB9F5C24A"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "AECD34387179AFF5CE02103679312CDEB1DA835015A8548FCE93765E7219612E",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "064e9fe7-c5dc-4858-9006-e9b1e0e3001b"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootia32.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "e9402a67-21ec-4fdb-b0a3-7f1700f1ede7",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "40b3933716925a99d7457268b098c42e",
+                    "SHA1": "f2ffc38ed784f8938830012818332db0e4bebfe3",
+                    "SHA256": "4f94f40c6b4bac7bf219c73dafd0870879f1db10de6c8620f6f1333d7aa5455a"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2014-08-18 17:44:08",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.4.9820.0 (fbl_sec(dlinsley).140425-1225)",
+                "Filename": "bootia32.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "670eb63cbc05c4a4fa62f3c63d5b5f0a",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.4.9820.0",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "d94c4831d7cd65bd85851b4c2726909e",
+                    "SHA1": "e4705a5872fb945b5826084d24ee95df003b18e3",
+                    "SHA256": "e2dd71c959ee2c73c142c38d5f2a2f2566a8d421c88ef20cf4eaf567db79fd44"
+                },
+                "SHA1": "4c53e7cd05e537f0f730ed2b079200c7e1543a72",
+                "SHA256": "132d59d83c29be7351d35c44b846dfc3f37b3c62bc40eac6aec3fd68e7cfcfde",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 5.087579213860843,
+                        "Virtual Size": "0x4db30"
+                    },
+                    ".rdata": {
+                        "Entropy": 5.206756496774499,
+                        "Virtual Size": "0x1a0d8"
+                    },
+                    ".reloc": {
+                        "Entropy": 6.753504719085344,
+                        "Virtual Size": "0x5e84"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.470390846117556,
+                        "Virtual Size": "0xfce0"
+                    },
+                    ".text": {
+                        "Entropy": 6.640315213526757,
+                        "Virtual Size": "0x117cde"
+                    },
+                    "PAGE": {
+                        "Entropy": 6.552393775330552,
+                        "Virtual Size": "0x128f"
+                    },
+                    "PAGER32C": {
+                        "Entropy": 6.501891369169368,
+                        "Virtual Size": "0x3adf"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+                                "Signature": "8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "9da610547a25cbe89af7ecdb99229623",
+                                    "SHA1": "6841cbcbd019586d045c2e9d6d0bc3a98fee3bf7",
+                                    "SHA256": "1cfead8146399a4dfe6759e9303c30c521cff3830e7177e87e64021dc3da4931"
+                                },
+                                "ValidFrom": "2014-07-01 20:32:01",
+                                "ValidTo": "2015-10-01 20:32:01",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootia32.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "3f6b5528-2fd7-427f-967e-e89cd9e77182",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "D860D3DC4D9A412E8FE8036100BDA7637B57A0168CA811781ED4A00815A97E0C"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "540CABD0862F121CE200DCEBB6C9D3B209B266F0CD413CEA2385886F965E5062",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "60aaedd4-4eb0-485b-a534-82645695a185",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "4A4873A319A3A3DE35EA325771DFFCBB31EC14550A4E029CF0FEB9CD686B8C92"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "A0946E9C77C27E5E9D19BCEEFE4DC147F97BF1CA7FE12F15280D390BA7A0D67A",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "bcda745b-c931-494a-bf26-4dfd7c824ee9",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "324CBE75EF34E09A98C71B186F535F9091A1FF257BEA93DFEAF199EB352CA0F6"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "A09DBE91C9743163A3DC26BB7E51398C751DF7140D5DA4DD6D43B1915FA906EC",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "ff057f2b-0bc9-4318-a017-66307880a7c6",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "4d7e341b788c22d2ffd0a6e8d7c27190",
+                    "SHA1": "2ab7a9fc3312a502e9178fe76930d65d07480b31",
+                    "SHA256": "21554d1f3bf9f52d3cd297d27df56215c0fd08a0bf673868f3d8c6c064dc5609"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2015-02-04 20:26:03",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "10.0.10010.0 (fbl_kpg_kernel.140630-1750)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "28196e29d41524919202b6bd1e38f35c",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "10.0.10010.0",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "8b6b2892c15ff00e4ddf7eb144e1ae12",
+                    "SHA1": "89115214dfec813ecfa5a23bed633254c214e62c",
+                    "SHA256": "97ff062fbed8c63a4a2526daab5b76fde0b0c54540be4264d13a9116216a1be1"
+                },
+                "SHA1": "ed2c4554266084506d2e514797b3dfc86a50118a",
+                "SHA256": "f4c53c0b054413691ba25a2d162bcde9c9e35b5e706272f70bff96ed5c05a7b8",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.34472616116653,
+                        "Virtual Size": "0x3b260"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.025018814445507,
+                        "Virtual Size": "0x7d64"
+                    },
+                    ".reloc": {
+                        "Entropy": 5.395165473860109,
+                        "Virtual Size": "0x7fc"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4599700329826906,
+                        "Virtual Size": "0xfc40"
+                    },
+                    ".text": {
+                        "Entropy": 6.4887395472277625,
+                        "Virtual Size": "0xec124"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+                                "Signature": "8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "9da610547a25cbe89af7ecdb99229623",
+                                    "SHA1": "6841cbcbd019586d045c2e9d6d0bc3a98fee3bf7",
+                                    "SHA256": "1cfead8146399a4dfe6759e9303c30c521cff3830e7177e87e64021dc3da4931"
+                                },
+                                "ValidFrom": "2014-07-01 20:32:01",
+                                "ValidTo": "2015-10-01 20:32:01",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by BITDEFENDER and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "78f886c7-28cd-4686-ac8f-ee82f3e0fbcb",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "D89A11D16C488DD4FBBC541D4B07FAF8670D660994488FE54B1FBFF2704E4288"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "A95666BFAF48FD9C4CAF2F3ED4EB593145C48BD3C93E4B00638088CE7EE962CF",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "78f886c7-28cd-4686-ac8f-ee82f3e0fbcb"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\shimaa64.efi } }",
+            "Description": "This was provided by Canonical Ltd and revoked Apr-21",
+            "OperatingSystem": "64-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "0acd4573-d0e2-4f57-8c94-3d6e57a391e7",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "62B79FB4A04052FCB498A97F22A3567642D4BC47D1C2FF9A06311C8C6148E907"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "shimaa64.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "3C6318DC79E5CE66F7DCCC71DF01C4E4ACC53F14D978011A29033D59D43D9233",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "shimaa64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootx64.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "837d8bdc-6458-4eba-87cf-c82a32d1eca6",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "F254087746FDB5D9D9EAE6DF458485752BEB0FCF295C36D273511B45F7480287"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootx64.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "106E99968A816752C4A0F5DF6AEACC0400C688DE35832798029040CDB41E1F09",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "N/A"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\mboot-official_arm64.efi } }",
+            "Description": "This was provided by vmware and revoked Aug-22",
+            "OperatingSystem": "64-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "c10b8a2d-9bdd-46c5-bbdb-177f88c7794f",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "F4DC5A40D2A9DBDAB210BAE0C508E053AE986C4DA42D68760A1655D6FBAEC051"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "mboot-official_arm64.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "8CC2B48C79FBF5654B28B7BEEC51A3266E4CBB4FBE3A84F843EA0957683A1E93",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "mboot-official_arm64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "9e382fdf-568a-4b81-b4ce-58c25f3b2d80",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "9A22818E84CA5CDEC6F7FDF0A10B9FF230A53A5C18F4E9179C90A3FD268CD622"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "CB5C370B7BDC87A2153425852F477916BA3B13E4C62EA419AD93DBDD34780BEC",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\BOOTX64.EFI } }",
+            "Description": "This was provided by Red Hat Inc. and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "329800cf-dad0-4ca8-bdc9-6ec18ff01421",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "eff2e129dcbf0ddc1e70c9ae8b5d0c6f",
+                    "SHA1": "c5997af577c074aac5cf0fb290f24bec27618d73",
+                    "SHA256": "835881f2a5572d7059b5c8635018552892e945626f115fc9ca07acf7bde857a4"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "BOOTX64.EFI",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "c748cde9827385f9832a4f0ab1f02550",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "6436ae30f3f189f70f9043d91ede90058fbeb00a",
+                "SHA256": "338b89190177e950151a198823fd9d5f4ea25c1faf73e56ca5d9cf69d373fd66",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.540880693208529,
+                        "Virtual Size": "0x2ba58"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.8226444693437958,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.2053343981539277,
+                        "Virtual Size": "0xdd28"
+                    },
+                    ".rela": {
+                        "Entropy": 2.6542755257736204,
+                        "Virtual Size": "0x1b0d8"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".text": {
+                        "Entropy": 5.645524701763948,
+                        "Virtual Size": "0x9775e"
+                    },
+                    "/14": {
+                        "Entropy": 4.946577948119573,
+                        "Virtual Size": "0x62"
+                    },
+                    "/26": {
+                        "Entropy": 7.340161985642677,
+                        "Virtual Size": "0x3e1"
+                    },
+                    "/4": {
+                        "Entropy": 4.86401422844892,
+                        "Virtual Size": "0x189f0"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+                                "TBS": {
+                                    "MD5": "8d8a1f204c9c80213bd427fa58b387e2",
+                                    "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386",
+                                    "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0"
+                                },
+                                "ValidFrom": "2018-07-03 20:53:01",
+                                "ValidTo": "2019-07-26 20:53:01",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                },
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "BOOTX64.EFI"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\shim-15+1552672080.a4a1fbe-0ubuntu1/shim64-bit.efi } }",
+            "Description": "This was provided by Canonical Ltd and revoked Apr-21",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "42952e7b-6913-40b6-bc44-5eacd9c673a7",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "E060DA09561AE00DCFB1769D6E8E846868A1E99A54B14AA5D0689F2840CEC6DF"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "shim-15+1552672080.a4a1fbe-0ubuntu1/shim64-bit.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "CE7A0A3D718747C7263D099FD1477E363ECFE75BD2F639EE47AC1271EC229D80",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "shim-15+1552672080.a4a1fbe-0ubuntu1/shim64-bit.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "8c855009-8e77-4446-acf1-17ce8b445b01",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "f1fe210387316d9b4c40f31214cea418",
+                    "SHA1": "51d44ad13402af95119844f7da407090702e764e",
+                    "SHA256": "5a47b0b11d2fd9cd39c627d1e6bf4afed9601aa15d6a5d84fb10f39755d2d323"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2021-12-04 21:50:19",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.20227 (winblue_ltsb.211204-1700)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "37d03ef09bf90e11e07eed536a7fed7e",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.20227",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "c3a45277e34522772d2ffb9c618850dd",
+                    "SHA1": "ccaa1ad0944140bed3cf64cdaf8c9d2004c29074",
+                    "SHA256": "474fc92022c5254d909bd3560e682dc6a340333b34b82d63e8b9a575cf09b292"
+                },
+                "SHA1": "97e4998bff2642bafef802b3d909e89f69b1046e",
+                "SHA256": "b7313be4901f1a80f84e4e8a6636f090e7125b97fc845d4454d5e4bef3d40ca7",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 6.174248711645025,
+                        "Virtual Size": "0x5c8b0"
+                    },
+                    ".reloc": {
+                        "Entropy": 6.752299420294601,
+                        "Virtual Size": "0x5e90"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.472265991210306,
+                        "Virtual Size": "0xfd30"
+                    },
+                    ".text": {
+                        "Entropy": 6.6338522426228606,
+                        "Virtual Size": "0x132694"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c",
+                                "Signature": "699045742c403812de1bdf9ea2be22132e82a7c006ab278e0c9f460bd435386348031a6b5cbdf450ae5a243331dcb2cc7eace8371cf71ec35a6f663147bd211ea357614e6a611eeacca6486a778d4cd788106ade12d6625574e7a89ecab4eb0bb99295c498dd5f565680a2d26bf2545e727c4204023c48d8021b608fd901c6fefd16ce0c3a669fb0ce758dc671f2cdd7434c163f9de9453e5523d94a78205c828a4615e50330d9f52a8a77f7683d2b61ff1324382d40d31001c518b56b286fbb8c754f6940590c2071385ed0a9387b529c06bf71fff89c74634550fc331b389d558696ace05787144e5af53d20a75a84981bf8380ddac3743f407d8ff27c089e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "46f57c3b860b08484cb79066ac1014ad",
+                                    "SHA1": "c1fe3ab97b834a98460e4ae92fe2468d16f61a92",
+                                    "SHA256": "d78e6b22fec42de5200f6c56731dd6742c79fa2bf7c01c8dc04d3d5738474c9b"
+                                },
+                                "ValidFrom": "2021-09-02 18:23:41",
+                                "ValidTo": "2022-09-01 18:23:41",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Unknown and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "dc00f1c1-898a-479d-b9a5-9caa9973e310",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "9063F5FBC5E57AB6DE6C9488146020E172B176D5AB57D4C89F0F600E17FE2DE2"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "94BDE75194960FAFF8329DCB4462BD8888B32078B0FB8FB2011C6993FDA0316A",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "dc00f1c1-898a-479d-b9a5-9caa9973e310"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "c8069469-51c7-44c5-8032-1d2fde34f8d3",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "48CDB31A16D891124BE77490FBC2AD13CB355A18CB0007258CA4BCEA44F288EF"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "D76281DD69E992EFB55604A1B4E6171E552F3B7E1411D75368F98EF91ED69E21",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\BOOTX64.EFI } }",
+            "Description": "This was provided by Oracle Corporation and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "33ce2528-8820-4680-bc5d-b48fcc1f9d2d",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "925441e09c4b9c8e30a467a29c16ee49",
+                    "SHA1": "7a26f6d09fcc80e5be03b7a6e5f8fe2a3652f29f",
+                    "SHA256": "894d7839368f3298cc915ae8742ef330d7a26699f459478cf22c2b6bb2850166"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1970-01-10 02:40:12",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "BOOTX64.EFI",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "53663cb5fea6bde711171523a2206e45",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "b0adec5a51e018cc50ef0497126ef4a8d9fd037c",
+                "SHA256": "899afe09e356003605b30dc209a5ba4ef6910baef23fac268bcac6db3cfee98d",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.41909152489649,
+                        "Virtual Size": "0x2c518"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.7957307370557809,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.2164267361361474,
+                        "Virtual Size": "0x10230"
+                    },
+                    ".rela": {
+                        "Entropy": 2.6559476189231193,
+                        "Virtual Size": "0x1c548"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".text": {
+                        "Entropy": 5.619450573511709,
+                        "Virtual Size": "0x9be5f"
+                    },
+                    "/14": {
+                        "Entropy": 5.3247800569653165,
+                        "Virtual Size": "0xe5"
+                    },
+                    "/26": {
+                        "Entropy": 7.113430283211426,
+                        "Virtual Size": "0x603"
+                    },
+                    "/4": {
+                        "Entropy": 4.837270867662857,
+                        "Virtual Size": "0x1ebf8"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000001e0d8474951a966ce400010000001e",
+                                "Signature": "0141873b6d85a37b5ac2a306448d73b6be76f7682ad14efef7ce4b377f0f7a5fbefd76377d59dc2caccd28d1be3eb180a8b66ab19a853bd14c7d5e955e8f07bc2ee0686ac3a2c9e997bd9f58de6dc9b93900c6b7824f64bf415ac51ebaa3dcfe8ad4fc2a41ad95b372c421c4f87835a59867c244e1c8df142abc4b23579f57431565eb8de6a7a0318b2fd17f93876a335c9450d2531f6a877baf43a569f83703a68e49987ca3c6dd42a595827f5be49151d3b79ea262e38ef5b37bda5b1be3462baa6ccb313193cdba21ea3cb1e9bbc751a769f354d63a0d1de3158c67d47b765b92d580ed5f1f1cdb5f61774c4b66c7deb15f4c71d605106064f33a17d31ca6",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+                                "TBS": {
+                                    "MD5": "b6f099bf203668f11a8f79ab08792ed8",
+                                    "SHA1": "4713755a345940554eada6042e90b0151591fad6",
+                                    "SHA256": "62a02001fda2712f35e5ba5f619a6403b6a2c10570eab455fdc69455535f49bb"
+                                },
+                                "ValidFrom": "2016-11-17 22:05:37",
+                                "ValidTo": "2018-02-17 22:05:37",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                },
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "SerialNumber": "330000001e0d8474951a966ce400010000001e",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "BOOTX64.EFI"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootia32.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "9b9f7199-24ed-4372-8247-e420ab0b7937",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "49465D4AD701642C7BCB5EF30A0807A3CD438AB42BF8D62D68038C3FCBBE8605"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootia32.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "4E00B1C1CC2BFCB1FF2FDB4184D13CEA5A2617BACC3623C3DF52C50158065E73",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootia32.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "71999c6f-6195-4944-ad16-105579c98549",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "CB6722995D4821AEAA9871C1B9782A02ED2F3D2BC6C1AAFD3E6B7673A210A8FB"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "50A8B3CD4F80C8C27FA47242869FDE8B6B7709A8AD1AF0EF0A726D20623007D8",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\HfiPcieGen3 } }",
+            "Description": "This was provided by Intel Corporation and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "3c5c1c32-6c09-4fea-863a-2e5cb48bb099",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "e599f74cf93986aafae680c20c7b3723",
+                    "SHA1": "36a6e60b2512bfd940eadb7ff3fdba23fa970a8c",
+                    "SHA256": "9fa4d5023fd43ecaff4200ba7e8d4353259d2b7e5e72b5096eff8027d66d1043"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "HfiPcieGen3",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "ffa0df6d1cb927f4cde2741d63c7125b",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "a2c8bf15abcb90da814748bb150d66f842f23a38",
+                "SHA256": "98acba206e9f3843a4a7e07c66ead4366fbe7976653b65ed0c311d4efae878ab",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 6.816481814190404,
+                        "Virtual Size": "0x48c80"
+                    },
+                    ".debug": {
+                        "Entropy": 4.647938066282669,
+                        "Virtual Size": "0xc0"
+                    },
+                    ".reloc": {
+                        "Entropy": 6.735442193719632,
+                        "Virtual Size": "0x3a20"
+                    },
+                    ".text": {
+                        "Entropy": 5.413383270074479,
+                        "Virtual Size": "0x3eee0"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000001e0d8474951a966ce400010000001e",
+                                "Signature": "0141873b6d85a37b5ac2a306448d73b6be76f7682ad14efef7ce4b377f0f7a5fbefd76377d59dc2caccd28d1be3eb180a8b66ab19a853bd14c7d5e955e8f07bc2ee0686ac3a2c9e997bd9f58de6dc9b93900c6b7824f64bf415ac51ebaa3dcfe8ad4fc2a41ad95b372c421c4f87835a59867c244e1c8df142abc4b23579f57431565eb8de6a7a0318b2fd17f93876a335c9450d2531f6a877baf43a569f83703a68e49987ca3c6dd42a595827f5be49151d3b79ea262e38ef5b37bda5b1be3462baa6ccb313193cdba21ea3cb1e9bbc751a769f354d63a0d1de3158c67d47b765b92d580ed5f1f1cdb5f61774c4b66c7deb15f4c71d605106064f33a17d31ca6",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+                                "TBS": {
+                                    "MD5": "b6f099bf203668f11a8f79ab08792ed8",
+                                    "SHA1": "4713755a345940554eada6042e90b0151591fad6",
+                                    "SHA256": "62a02001fda2712f35e5ba5f619a6403b6a2c10570eab455fdc69455535f49bb"
+                                },
+                                "ValidFrom": "2016-11-17 22:05:37",
+                                "ValidTo": "2018-02-17 22:05:37",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                },
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "SerialNumber": "330000001e0d8474951a966ce400010000001e",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "HfiPcieGen3"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootarm.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "25025124-0a03-422d-8fe8-530afd16951c",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "D28AEC97E28A38D94BE65369E43D01F6266195D6113E7ED17A6930A309288800"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootarm.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "372968218A3CBA11D964EF1B1E8CFF3804EDF96481B96B929208D1B483ADB30C",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootarm.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "0486fe15-0d77-4c66-9918-1278ef014f72",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "4755a94a9c24a396102236124cd43c7f",
+                    "SHA1": "e7efd492f1248e8eb94f4ee629365328cc7c7822",
+                    "SHA256": "07b6d3aa86d0a8d5f46bdd5886d8f20fa2dd9377898d1139bd74b41f5e7ae44b"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2013-08-21 21:15:47",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.16384 (winblue_rtm.130821-1623)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "c831903e223d70526791119b52eaa4df",
+                "MachineType": "THUMB",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.16384",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "55e14c81b5fe58eedc0ba4f71e3dfc38",
+                    "SHA1": "d793a26f5757c9a0c1bdd8b6a22fb8461560265d",
+                    "SHA256": "f728c141f52f30bd327d1b8522257d8095ab4e4a707f449b48560f6e17803762"
+                },
+                "SHA1": "43e01a095fe196f5f7f0f6aa4f33d79803d1fe43",
+                "SHA256": "86e5b25aa8072895e72e3d5f4beaccc1488a434fb10babe17fb9010da4ed93bc",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 6.124598814239404,
+                        "Virtual Size": "0x35d10"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.096561187355531,
+                        "Virtual Size": "0x5b20"
+                    },
+                    ".rdata": {
+                        "Entropy": 5.6876031395439375,
+                        "Virtual Size": "0x10134"
+                    },
+                    ".reloc": {
+                        "Entropy": 4.721187435331078,
+                        "Virtual Size": "0x4064"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.471204074592975,
+                        "Virtual Size": "0xfce8"
+                    },
+                    ".text": {
+                        "Entropy": 7.094486381874274,
+                        "Virtual Size": "0x8a3da"
+                    },
+                    "PAGE": {
+                        "Entropy": 6.974677001292805,
+                        "Virtual Size": "0xf2c"
+                    },
+                    "PAGER32C": {
+                        "Entropy": 6.715799464104058,
+                        "Virtual Size": "0x18b6"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000001b40b3e1eae3b8c84600000000001b",
+                                "Signature": "cbc341b6aa9c66039f4068be8e0a48a0e38ad5c22d4a6f33e6c39817378261c73b0ac8e800662cde2333f4a79c3b75b726b7aaefc55cb467374a3804a65dd3bcf318da3699a4951225e092422aa4bb08880db7d021c4b7883ccd2452884d6e00d6ec06e6055f30218dfc376e893fdf2b0174ba323e15e0d9e480862c7132f49666ab01c246edcb9e403752b15284de32fa501cbed5bba0e45c60635520155a623bbd1b14d47e4cb8c9b2114d41de618eb6fbb022303df44f93d5d6ba60a5edc24f31c0530da52ea1392985d95b01833392c7686abf5c318308b442b5055011dfd475058a740a741ef63482b84edf9758ccfa5f3472df9c7043ca60912102c15b",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "2e3f888fadd3d8d498f3237752c18df9",
+                                    "SHA1": "4f3c14facbfca2505dddb77d8b8bfe71abb1d2ed",
+                                    "SHA256": "574085e964e5d1fc9d71150ef08a0e08779e1919f28d75a19dad15f69571c8f6"
+                                },
+                                "ValidFrom": "2013-04-10 20:41:53",
+                                "ValidTo": "2014-07-10 20:41:53",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "330000001b40b3e1eae3b8c84600000000001b",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "N/A"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\mboot-official_em64t.efi } }",
+            "Description": "This was provided by vmware and revoked Aug-22",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "0c0db73b-9d53-4fa1-93fe-cab2b3cabf9f",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "CA65A9B2915D9A055A407BC0698936349A04E3DB691E178419FBA701AAD8DE55"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "mboot-official_em64t.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "918871DEC65B4D8A8D0E29B221351DFEA3A1D9212A4E0D7EE692CC1696E9AFC6",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "mboot-official_em64t.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "4d31cfeb-3005-497a-b566-7062066398ab",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "cb9d3c514e9a2a200235c093312630ca",
+                    "SHA1": "3779679707ac8e825d6195b8106efe77ce33bfc8",
+                    "SHA256": "ce8c44e185faaa03959cf23229607854ef7e316ed0773d66d7be5e0a48061de5"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2012-09-19 23:32:48",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.2.9200.20521 (win8_ldr.120919-1813)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "02e7a063eae0c4b80a6793fd63bac013",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.2.9200.20521",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "fa6462badb7aa537a9d3ecf604e9fbd7",
+                    "SHA1": "caefdafc6f3620830b306d429c83bb077f6bdaa4",
+                    "SHA256": "4689fe3d6e35db99759219db2adef6cefa62105e8b636c0c5bd2a6bec395e471"
+                },
+                "SHA1": "c7a420758542a22c9db7c9f75a4709ac53ec8da2",
+                "SHA256": "9da10b25786d8db0167fd66c051f7e2655781bb561b99584312b439a32be4c32",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 5.32099548613425,
+                        "Virtual Size": "0x54bf0"
+                    },
+                    ".rdata": {
+                        "Entropy": 5.359664573712839,
+                        "Virtual Size": "0x122aa"
+                    },
+                    ".reloc": {
+                        "Entropy": 6.124599725636047,
+                        "Virtual Size": "0x61b0"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4708442562161297,
+                        "Virtual Size": "0xfcf4"
+                    },
+                    ".text": {
+                        "Entropy": 6.641518892559521,
+                        "Virtual Size": "0xdd286"
+                    },
+                    "PAGE": {
+                        "Entropy": 6.502474956779901,
+                        "Virtual Size": "0x12ab"
+                    },
+                    "PAGER32C": {
+                        "Entropy": 6.572183780133045,
+                        "Virtual Size": "0x4805"
+                    },
+                    "PAGER32R": {
+                        "Entropy": 7.631412897966042,
+                        "Virtual Size": "0x380"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "610bbbd8000000000005",
+                                "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "158438012e4dcd69b27b762c9358cfa2",
+                                    "SHA1": "684ac167849404a4101f166b759f291a43d5f749",
+                                    "SHA256": "95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c"
+                                },
+                                "ValidFrom": "2012-04-09 20:55:50",
+                                "ValidTo": "2013-07-09 20:55:50",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "610bbbd8000000000005",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "3598ca7a-27b3-4c09-aaca-cb5108eca19f",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "39ABED2935891EEF96E2B733BBC6951DAFAD1A4C6B500D2D9B28C358355A6AB8"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "1B455F745A6397C1B4FDFA43E634462EE1414DB21EF5A3391142B0F988F31FFE",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "7480e25e-d4dd-4e39-b652-33861111c011",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "3153B3E305575439914605D976CF6EAD5A500E54D0B6ABCDAAFCCED1BC47E04F"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "55C6D083A4E3BE8FF842A5D39EF6F0C82D3DD29FE377C7AEA920C7B419F660D8",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\shimia32.efi } }",
+            "Description": "This was provided by Oracle America, Inc. and revoked Apr-21",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "7ad06c0c-5595-41e6-8049-b051fa3e931b",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "D472D0DCBA3F5DD61BE3931244717BF2230BABD30E9E2F6B2880BFCDC8FD6665"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "shimia32.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "7B9D76B66E9E3503682EB5B6CCC8F70B8B5082F140252A7F6127AD9764D8F297",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "shimia32.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "b2be4369-0672-4a82-96df-ee4d208d3352",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "54061FF50D91296F2F44D8B338AEEDFBBE86DF49DB5DE8A45191AAA931F5BCF6"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "79631821A585BFC9A9A5D2D92D37714EFD84A3D856284A0897654461EC1C137D",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "2a9c12a2-bc01-4af2-bb23-a5f1fcba5bdc",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "C1547CF902570207A9694B6B8E353FE41419DB6A3802221DDF10FB8F86947804"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "B15095CBB09505C8354657EF7DF0FA4046F5F9DC74B26EF12A7D83E82A718322",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\rhel-8.3-20200730-shimia32.efi } }",
+            "Description": "This was provided by Red Hat, Inc. and revoked Apr-21",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "a1062c3c-45c5-4c75-bbd2-d744c8e3fcb8",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "01E2DA8EC5A6929DDBBBEB2E9807586FACDDCA6A7EF62BFEBB581BDC2D7274D6"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "rhel-8.3-20200730-shimia32.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "A1DD22421CC934E050572520A026985AE8C5FC5AD73816510713F1E1D4DFF575",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "rhel-8.3-20200730-shimia32.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Unknown and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "1ca07dec-812e-46a2-ada4-141584aa0c12",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "6873D2F61C29BD52E954EEFF5977AA8367439997811A62FF212C948133C68D97"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "6E5D8278A7A4A58DBBA2F5D01B09B9DE4BB20ACD2DD4890846C8125A65136BF8",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "1ca07dec-812e-46a2-ada4-141584aa0c12"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "07e76cae-6513-4120-b399-3ab5ae5879a5",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "A5E0C1C1FDEBE61C4DDBB66C57EB23BCAA86C36BAB9900AD10342A4971128EAC"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "997CCF341DBCE2EB9E119803723130DA90E8F1DD167A7B75400E73CBBADA54FD",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2022-34303"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\shim.efi } }",
+            "Description": "This was provided by CPSD and revoked Aug-22",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "530ab1a9-d9a6-4f01-986a-5b69c99400b4",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "284153E7D04A9F187E5C3DBFE17B2672AD2FBDD119F27BEC789417B7919853EC"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "shim.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "51BD59697B4E1DF61DF32AD57CEBE394BE54E3E9DBFEB8DC00A3A176D13A5767",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "shim.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "077ccbb7-5e3d-455d-abbf-317e3ee73abd",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "A5E476C4BA2ED8EF8C30F247F3E13AFA5C7E3A5A952E4B8325C22F33F7F23621"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "DB67C1601CC3B3313B9F6E8F12E76627E7BC6F3936BD8147FCAFAF5FB6556966",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Unknown and revoked Jul-20",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "0bbd943d-7d16-4fe7-ac8b-f9d12daba1f4",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "B52531C84351EB695A8AFF0B7A5BDF93972CDEDFAF4067745425D75E21CD0CBB"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "26A8EBB3EF412AA70D4AB4486EBEE8DB42656AE7F2EC868FA95FA656090F01BE",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "0bbd943d-7d16-4fe7-ac8b-f9d12daba1f4"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "7e81b1d7-7526-4958-98cf-688b36cf8ea0",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "3A9E49E6E644C0ABEC17D32D020339D171439ABA327409A7797E6686BD0F641C"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "FE4B7349F21EE077096B6986693C3F250758C5DDF96C14AF4BBFD96EE74A70A0",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\rhel-8.3-shim-20200726-shim64-bit.efi } }",
+            "Description": "This was provided by Red Hat, Inc. and revoked Apr-21",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "cc89429d-d9b6-412c-8083-4879ab57f589",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "EF87BE89A413657DE8721498552CF9E0F3C1F71BC62DFA63B9F25BBC66E86494"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "rhel-8.3-shim-20200726-shim64-bit.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "98721004CFF6B89B3E5A9267D29250710E6A6C8AFAE06EEF29F92745CD70E079",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "rhel-8.3-shim-20200726-shim64-bit.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootia32.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "cd9dcfdd-25a1-42d5-bd95-3778087060b5",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "73BAEB8EB0B64056A7BC309642FDC589BF219928A906666D107E65E8B0DBF496"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootia32.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "4B6C8947CAA89BE6077E2964C4F97425C663AEFEBCDFC373CAFD982367FB5CFF",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootia32.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2022-34303"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\miniloader.efi } }",
+            "Description": "This was provided by CPSD and revoked Aug-22",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "0e46bd88-7635-4162-a02e-85d9bd33be3a",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "EDD2CB55726E10ABEDEC9DE8CA5DED289AD793AB3B6919D163C875FEC1209CD5"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "miniloader.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "30CF3AD2DF14F05D89BC321744559E857055A5C84D7F0834B3DBD261ACE1CF5D",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "miniloader.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "f651508a-842a-4af6-b332-559fc9897806",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "D069A07B5ACDE004FE7286558041F1F123DD88BB1395E5E453F62F48EF37D199"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "9CD99CEFF9B7496E7B6720AF4C561668D6993376EC18593E3F54B1540E5B31A0",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "0e305520-6001-4144-893d-b4c38ea47886",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "1FB619FE1504EF78C8BF59294B16C6D9BF1DA741FB582DE125B6A044F6961C57"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "52D826CF8F6A0095938F7069B5F5DA22C16AE037D757BF9115AA84920BCE4EBF",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Unknown and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "99b952f7-5438-417b-9dab-c318bdcd75e6",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "61CEC4A377BF5902C0FEAEE37034BF97D5BC6E0615E23A1CDFBAE6E3F5FB3CFD"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "B6C36B2B18A3E73EA007173F8669D9A9A861FDDF27C3E3C0C3F1315E2AE5B43F",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "99b952f7-5438-417b-9dab-c318bdcd75e6"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by SUSE Linux and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "a950cc79-4054-4d02-bd8d-3de2165a3721",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "992820E6EC8C41DAAE4BD8AB48F58268E943A670D35CA5E2BDCD3E7C4C94A072"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "169D0AC3DA1DDA382812F7F221B8C9CD55961A05D876E3D812641313297848BA",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "a950cc79-4054-4d02-bd8d-3de2165a3721"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "66314d3b-bec0-4042-94f3-2744b5a337ee",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "61dcd3b5b1b343f78cdba79267151107",
+                    "SHA1": "f62b5d4321be185905a65037dfcdeb277a4f6169",
+                    "SHA256": "490c927242cc6227ca439a7e9aa9d771ad4d1686eede1f331cbb6c69e9be746e"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2013-08-21 22:13:37",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.16384 (winblue_rtm.130821-1623)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "e7ae8ab50eae0f2730780d6e87a165cc",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.16384",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "76b472327057a88cd36ca28afc4c0e33",
+                    "SHA1": "3111a9f1a2306b44b216f95d22c5d3780e200bb4",
+                    "SHA256": "99f483be10e4f3d7da9abe8eabdf67c61589c0ecec750aac0991666c9bc4e518"
+                },
+                "SHA1": "339702656fbb6e001e9a283dbd54567323f0332f",
+                "SHA256": "88582f3cae30afd77990944709ac4e272d68cdc009d9c3ff6f7c2e19e74f5975",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 5.3304508105703245,
+                        "Virtual Size": "0x56510"
+                    },
+                    ".rdata": {
+                        "Entropy": 5.897305248359915,
+                        "Virtual Size": "0x154c4"
+                    },
+                    ".reloc": {
+                        "Entropy": 5.536942764112647,
+                        "Virtual Size": "0x7fe4"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4708887278026244,
+                        "Virtual Size": "0xfd10"
+                    },
+                    ".text": {
+                        "Entropy": 6.634660604406808,
+                        "Virtual Size": "0x11125e"
+                    },
+                    "PAGE": {
+                        "Entropy": 6.562392196399758,
+                        "Virtual Size": "0x1333"
+                    },
+                    "PAGER32C": {
+                        "Entropy": 6.5590017342718845,
+                        "Virtual Size": "0x4795"
+                    },
+                    "PAGER32R": {
+                        "Entropy": 7.124151697179559,
+                        "Virtual Size": "0x100"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+                                "Signature": "78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "28b23b39f3bbd936a26a5b86451be0ac",
+                                    "SHA1": "3b16f29295d5a7c323beb479c71d3d20c6b8acc2",
+                                    "SHA256": "4383c9a796dc607ddaae1849d8e5d2e7ea211aad2c599fe1e251285ec87dd150"
+                                },
+                                "ValidFrom": "2013-06-17 21:43:38",
+                                "ValidTo": "2014-09-17 21:43:38",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "5cab3a24-4bf3-427a-887e-92ec2ed8f1a7",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "7f11c44bb3fd9f28c453ed0545ce1fd2",
+                    "SHA1": "e5e7294536819a91f69d03c57425ad2576a1055d",
+                    "SHA256": "74b39c206dc8a11cd196d5998d2996b6ad477d72eaf86e19a3dc14ec0eab0f1e"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2014-04-26 11:39:30",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.17109 (winblue_gdr.140426-0111)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "cd78242cb85f016a3ea62002c8f07c0d",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.17109",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "61ae12104fd32308c2c6da0ad0f4da3a",
+                    "SHA1": "5916de417c3548f9179b3fca1170571bd0615d62",
+                    "SHA256": "9d016f97efd1b99cdeec92f9010dbe2695c277306c00fe7e352588a7f6e7be26"
+                },
+                "SHA1": "1df5dc38345eee82fcb606f8c5140c619f187946",
+                "SHA256": "4628ec2698cfbca38d3bb4872df8e65a370ed4591e3fbd613a28b394942b8976",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 5.269345781205062,
+                        "Virtual Size": "0x5b510"
+                    },
+                    ".reloc": {
+                        "Entropy": 5.543449582817808,
+                        "Virtual Size": "0x7fba"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4713678198457463,
+                        "Virtual Size": "0xfd10"
+                    },
+                    ".text": {
+                        "Entropy": 6.644731222099491,
+                        "Virtual Size": "0x12da04"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+                                "Signature": "78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "28b23b39f3bbd936a26a5b86451be0ac",
+                                    "SHA1": "3b16f29295d5a7c323beb479c71d3d20c6b8acc2",
+                                    "SHA256": "4383c9a796dc607ddaae1849d8e5d2e7ea211aad2c599fe1e251285ec87dd150"
+                                },
+                                "ValidFrom": "2013-06-17 21:43:38",
+                                "ValidTo": "2014-09-17 21:43:38",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootx64.efi } }",
+            "Description": "This was provided by TeraByte Inc. and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "63cf9ba5-5aec-4ed7-9f58-97d1eff8aa0f",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "0A75EA0B1D70EAA4D3F374246DB54FC7B43E7F596A353309B9C36B4FD975725E"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootx64.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "1BABF3FB76AE149CCB95B8E33B193CE7408B7134E0A5CC8CE1E884BCD01DFCF2",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootarm.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "28fb8eaa-e498-44f7-8f1f-1dcf1dad47d7",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "22B5A88D79B8146598613B3701B0D2AD3E1D2BC215D3A613A30356953239485C"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootarm.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "0E0D94096278CEDCF333D4902F64ADE7815ED4000A1F6EA45EB93D2DBE18E496",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootarm.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\shim64-bit.efi } }",
+            "Description": "This was provided by Canonical Ltd and revoked Apr-21",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "e638d650-dd39-49a9-a737-b02670064e45",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "2906120c5459cec104e70135cc2c7ffb",
+                    "SHA1": "e0a77a7cdefc31ecba261fcd6181b97efce9cc49",
+                    "SHA256": "273d4432af53f07f8fb2013bb13d70bd46ea49c6c1c9de6c631ae4d75c98baf0"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:00",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "shim64-bit.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "9bdc83ad343e8745e1f3d55c36cf2df6",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "095b16e4a405e6d6dbdfc1475c941c64201d41b5",
+                "SHA256": "84e680f95cd31db85663a5482a68778dd236503d88e8a6d8e3c4a6c9ba201102",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.412613928549267,
+                        "Virtual Size": "0x2db68"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.8630797231656377,
+                        "Virtual Size": "0x100"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.2062260361646557,
+                        "Virtual Size": "0xf378"
+                    },
+                    ".rela": {
+                        "Entropy": 2.6535499216585814,
+                        "Virtual Size": "0x1c6f8"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".text": {
+                        "Entropy": 5.683178156318327,
+                        "Virtual Size": "0xa3c01"
+                    },
+                    "/14": {
+                        "Entropy": 5.205469492567452,
+                        "Virtual Size": "0x84"
+                    },
+                    "/26": {
+                        "Entropy": 7.322772708526002,
+                        "Virtual Size": "0x449"
+                    },
+                    "/4": {
+                        "Entropy": 4.8785374734689935,
+                        "Virtual Size": "0x1f0c8"
+                    }
+                },
+                "Signature": "",
+                "Signatures": {}
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "shim64-bit.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\BOOTX64.EFI } }",
+            "Description": "This was provided by Red Hat Inc. and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "64c9ea42-80a1-425d-ae59-d9ee4eadf4ba",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "A924D3CAD6DA42B7399B96A095A06F18F6B1ABA5B873B0D5F3A0EE2173B48B6C"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "BOOTX64.EFI",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "BDD96B78F3AA4B123851342995451880CB2498E785ED12E48CEB36F1A3F49B2B",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "BOOTX64.EFI"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "aa0019cf-ba6c-4a6b-8ea9-3e4494562744",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "aa60f3f1fa0e30a28c2b0bd0ee4fc806",
+                    "SHA1": "55c991c8563ae11352ae9d0c24644853fceac18a",
+                    "SHA256": "54c7d9c28672a1306e43ed7feed38b295f8eec279251f996fa293f68fc6cfb12"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2022-02-15 12:19:17",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.20300 (winblue_ltsb_escrow.220215-0706)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "f3c14ba5c3670afacd47f0574922b98f",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.20300",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "aaf18af925d829095e017c505f1a0039",
+                    "SHA1": "c3d13f7d96127a3b16c7a8c0a3dd98fd9f22c3cf",
+                    "SHA256": "05367ecae4cf78cc575048fb931468b1d210df8c38ff8ca05481124b1a1a6917"
+                },
+                "SHA1": "a4ede25f03e0ce65fa4a840c454c73019275d8de",
+                "SHA256": "5052ce3b96db73a909bf0e54355e357f8ab7284fa48f9b21c85efedbb886c100",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 5.416517617217657,
+                        "Virtual Size": "0x6c7f0"
+                    },
+                    ".pdata": {
+                        "Entropy": 6.080928684654755,
+                        "Virtual Size": "0xa710"
+                    },
+                    ".reloc": {
+                        "Entropy": 5.402081860527767,
+                        "Virtual Size": "0x994"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4721768908716837,
+                        "Virtual Size": "0xfd40"
+                    },
+                    ".text": {
+                        "Entropy": 6.4945526926976,
+                        "Virtual Size": "0x16d9e4"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c",
+                                "Signature": "699045742c403812de1bdf9ea2be22132e82a7c006ab278e0c9f460bd435386348031a6b5cbdf450ae5a243331dcb2cc7eace8371cf71ec35a6f663147bd211ea357614e6a611eeacca6486a778d4cd788106ade12d6625574e7a89ecab4eb0bb99295c498dd5f565680a2d26bf2545e727c4204023c48d8021b608fd901c6fefd16ce0c3a669fb0ce758dc671f2cdd7434c163f9de9453e5523d94a78205c828a4615e50330d9f52a8a77f7683d2b61ff1324382d40d31001c518b56b286fbb8c754f6940590c2071385ed0a9387b529c06bf71fff89c74634550fc331b389d558696ace05787144e5af53d20a75a84981bf8380ddac3743f407d8ff27c089e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "46f57c3b860b08484cb79066ac1014ad",
+                                    "SHA1": "c1fe3ab97b834a98460e4ae92fe2468d16f61a92",
+                                    "SHA256": "d78e6b22fec42de5200f6c56731dd6742c79fa2bf7c01c8dc04d3d5738474c9b"
+                                },
+                                "ValidFrom": "2021-09-02 18:23:41",
+                                "ValidTo": "2022-09-01 18:23:41",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\shim64-bit.efi } }",
+            "Description": "This was provided by HP Inc. and revoked Apr-21",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "0072a990-7f8a-484c-8727-bd0912dd2ce6",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "E6236DC1EE074C077C7A1C9B3965947430847BE125F7AEB71D91A128133AEA7F"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "shim64-bit.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "DF01F567CF2C2A7B872EB750F12EC534B6F207E760D1ACA6795DB7CB12CFD92D",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "shim64-bit.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Intel Corporation and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "90e05866-5975-498c-bab9-1a71dd286011",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "DF02AAB48387A9E1D4C65228089CB6ABE196C8F4B396C7E4BBC395DE136977F6"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "6AE5984A47CCE9129498E534DB84F0FD33FE9AEE2860462414416282EB0CF34A",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "90e05866-5975-498c-bab9-1a71dd286011"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\BOOTX64.EFI } }",
+            "Description": "This was provided by Red Hat Inc. and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "47020b30-de49-4937-9908-9d72b3d153d5",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "631F0857B41845362C90C6980B4B10C4B628E23DBE24B6E96C128AE3DCB0D5AC"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "BOOTX64.EFI",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "B76C5689D45E7F40F8D78468D4484074167563CB06368CBB9CB4DBED65E1192A",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "BOOTX64.EFI"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-14372",
+            "CVE-2020-25632",
+            "CVE-2020-25647",
+            "CVE-2020-27749",
+            "CVE-2020-27779",
+            "CVE-2021-3418",
+            "CVE-2021-20225",
+            "CVE-2021-20233"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\cent-7.9-20200730-shimia32.efi } }",
+            "Description": "This was provided by Red Hat, Inc. and revoked Apr-21",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "a7bf3e37-f600-48ff-82d4-4f1e82c199d2",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "DDF3E4261419944F7C2F8B92F6D14C35060B4F94818CC4183F0C072706DEF726"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "cent-7.9-20200730-shimia32.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "2D07ABD75C154055A858D4461A1B1B76D763E9ED294E2E10244C20601E072A29",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "cent-7.9-20200730-shimia32.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Unknown and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "ccef0d61-ad41-4f54-8ce1-9197ccf0e44d",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "72C26F827CEB92989798961BC6AE748D141E05D3EBCFB65D9041B266C920BE82"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "3AE3DA82C39C6BEEFD251265370D57D5BFC67181662736C62F2E6F687409C81B",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "ccef0d61-ad41-4f54-8ce1-9197ccf0e44d"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit ARM",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "3f2c9d56-984f-41b4-a2b2-49bf97e6ef71",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "B632A6286C6FAA6643EC34311E0B9710A3508FC952E9A04263C33179E32814F8"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit ARM",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "C2BC0ADF3826972A0F8EF7E63C008C52D68215CCAE493CCEF14C3D3F4F67BDD0",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Intel Corporation and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "46629c02-f2d8-440a-bc46-d67ad73ea772",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "147730B42F11FE493FE902B6251E97CD2B6F34D36AF59330F11D02A42F940D07"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "3141C6EF9FCE61084D16F0659A9596B0156F24D6F4B03837C4B7543CFB378D61",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "46629c02-f2d8-440a-bc46-d67ad73ea772"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            },
+            {
+                "type": "yara_signature",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar"
+            },
+            {
+                "type": "sigma_hash",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml"
+            },
+            {
+                "type": "sigma_names",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml"
+            },
+            {
+                "type": "sysmon_hash_detect",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml"
+            },
+            {
+                "type": "sysmon_hash_block",
+                "value": "https://github.com/magicsword-io/Bootloaders/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml"
+            }
+        ],
+        "Id": "b3b0f086-0c9c-4e10-b65c-47509c6f0dfb",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "724bc2c9091c4dd631e113c32702d9f4",
+                    "SHA1": "f8799b5f344ad92948a1468937cd9255e6873dac",
+                    "SHA256": "f197a171a09ab640aa8ac4ff7ddfc88377a89fdbb3fee014abb9097d92575b67"
+                },
+                "Company": "Microsoft Corporation",
+                "Copyright": "© Microsoft Corporation. All rights reserved.",
+                "CreationTimestamp": "2016-10-12 08:06:52",
+                "Date": "",
+                "Description": "Boot Manager",
+                "ExportedFunctions": "",
+                "FileVersion": "6.3.9600.18515 (winblue_ltsb.161012-0600)",
+                "Filename": "bootmgfw.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "bootmgr.exe",
+                "MD5": "fe08109ce34ae68fed49348549b9ead1",
+                "MachineType": "I386",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "bootmgr.exe",
+                "PDBPath": "",
+                "Product": "Microsoft® Windows® Operating System",
+                "ProductVersion": "6.3.9600.18515",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "95c181375ef93e118f930024df1bff96",
+                    "SHA1": "e3a24ad3c9b07df2a4fb39a1432ba3597faa48f7",
+                    "SHA256": "0708c72d17d4892e2deab31b567c830ee261f5e5730997a47366c0e1e58dec0e"
+                },
+                "SHA1": "7fb211ce3088f2e657c72dcc80574310becde3e7",
+                "SHA256": "d8732eb8bd7240f17d90656424aabc0669c3d13e3117efc4805bb59dd21ceb1d",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 6.142173903791614,
+                        "Virtual Size": "0x5c7f0"
+                    },
+                    ".reloc": {
+                        "Entropy": 6.764151324597371,
+                        "Virtual Size": "0x5d40"
+                    },
+                    ".rsrc": {
+                        "Entropy": 3.4721353846875296,
+                        "Virtual Size": "0xfd30"
+                    },
+                    ".text": {
+                        "Entropy": 6.63561700395366,
+                        "Virtual Size": "0x130364"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+                                "Signature": "60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+                                "TBS": {
+                                    "MD5": "f31f8c784e5d3986ccacb9c88c6d7044",
+                                    "SHA1": "833498af9a41da339c83e0d384b521f72d053331",
+                                    "SHA256": "1f47e616b2810165968d76ef4f6587611c276f4b52901bd6aa5822f9c6e52976"
+                                },
+                                "ValidFrom": "2015-08-18 17:15:28",
+                                "ValidTo": "2016-11-18 17:15:28",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "61077656000000000008",
+                                "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "TBS": {
+                                    "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+                                    "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+                                    "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+                                },
+                                "ValidFrom": "2011-10-19 18:41:42",
+                                "ValidTo": "2026-10-19 18:51:42",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+                                "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 10 version 1507"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "696a399a-9f49-485d-9753-63edd677f144",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "99B2BD1FCF17B52C64E8506B97FA10CF8B6397C9D05D8D543F86893B210DBA62"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "944E6F803D3E1B0C1AA767B14B0F4D960A45F80F0A0A459253CA65147E947F72",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootx64.efi } }",
+            "Description": "This was provided by Fedora Project and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "e91a68c8-807d-4b65-a86b-c51335730c55",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "fb4d9da53892bb0152dcfd7a4a150fe0",
+                    "SHA1": "a070bfbb64dc542d7b6b22de52d9b4d994b0d2f1",
+                    "SHA256": "dbaf9e056d3d5b38b68553304abc88827ebc00f80cb9c7e197cdbc5822cd316c"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "1969-12-31 17:00:08",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootx64.efi",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "abd377408acc02ee7f2f16320ee9b49a",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "b72252c1c92cac65c4a4637816b0a84428d16681",
+                "SHA256": "475552c7476ad45e42344eee8b30d44c264d200ac2468428aa86fc8795fb6e34",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.509189904315613,
+                        "Virtual Size": "0x2d958"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.8424565006028102,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.211335054777265,
+                        "Virtual Size": "0xe340"
+                    },
+                    ".rela": {
+                        "Entropy": 2.602058791274868,
+                        "Virtual Size": "0x29598"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".text": {
+                        "Entropy": 5.592334908546112,
+                        "Virtual Size": "0xa00a2"
+                    },
+                    "/14": {
+                        "Entropy": 7.133596117970691,
+                        "Virtual Size": "0x4ac"
+                    },
+                    "/4": {
+                        "Entropy": 4.847040002303806,
+                        "Virtual Size": "0x16340"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "3300000010a4912943d94ce62e000100000010",
+                                "Signature": "2b1b08b20674b8acbad524875a42f0b4d4ba6df424b9adb1e83c9309e657fe499f386cdf93a4f71393ab57da5eee4e346ebccdf9a7e990b44a76433af4071e90ee0e0fc8744003f9afe6bdda1cbd132fef8235d39c932bb9960f52bbea2062ed773a52beef26b333f603d8e9a0a9652c222a013cb1bd44bb5dc96c1a4135284c91784f0d66a2d7d97c59e26fd19d645e730b656d56e7a8166f228a751a745c4491f1865c8d5a4b1bf61fd4a564811e32699deff03a3328829cd888ae53fccb0819957ee499a2ad79d1c1d73ef7324562bee86575193983b41f66c12c95eb5d171df5c4beda799c4fb314e8e27bc47b195e1c8a2cd2d3bfbb29c8264ebddf95da",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+                                "TBS": {
+                                    "MD5": "61509fd4e01160eb7d8007dc182bee5b",
+                                    "SHA1": "febd34ec96d90e498d9b6fa54d7fab80ce1464d3",
+                                    "SHA256": "7d79e52d96bc7c571299d90c3bc4bff9d08e36eb74b7e8b0cd69114980737953"
+                                },
+                                "ValidFrom": "2014-10-01 18:02:10",
+                                "ValidTo": "2016-01-01 18:02:10",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                },
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "SerialNumber": "3300000010a4912943d94ce62e000100000010",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootx64.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\BOOTX64.EFI } }",
+            "Description": "This was provided by Alt Linux LTD and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "2ca3cf24-b271-4a27-a228-ca91cab34b93",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "86e7e6f737ed657dda5423a10319d41c",
+                    "SHA1": "450ccd6553c679f4d87bbf3507780efc17a466c4",
+                    "SHA256": "c452ab846073df5ace25cca64d6b7a09d906308a1a65eb5240e3c4ebcaa9cc0c"
+                },
+                "Company": "",
+                "Copyright": "",
+                "CreationTimestamp": "2012-11-27 22:14:09",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "BOOTX64.EFI",
+                "ImportedFunctions": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "9a795b1affc7cb4650bbd99b9a2cd819",
+                "MachineType": "AMD64",
+                "MagicHeader": "50 45 0 0",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "RichPEHeaderHash": {
+                    "MD5": "ffdf660eb1ebf020a1d0a55a90712dfb",
+                    "SHA1": "3e905e3d061d0d59de61fcf39c994fcb0ec1bab3",
+                    "SHA256": "2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6"
+                },
+                "SHA1": "586bf5d3fb1fb21159338701e324d9d26b6aa0e4",
+                "SHA256": "0dd832075d552da3d29b1ef471fc23b47c0d54b9fd1541935b23f1c5813da08c",
+                "Sections": {
+                    ".data": {
+                        "Entropy": 4.771556082942012,
+                        "Virtual Size": "0x310a8"
+                    },
+                    ".dynamic": {
+                        "Entropy": 0.8341231672694769,
+                        "Virtual Size": "0xf0"
+                    },
+                    ".dynsym": {
+                        "Entropy": 3.2088436906429743,
+                        "Virtual Size": "0xf1e0"
+                    },
+                    ".rela": {
+                        "Entropy": 2.6218967970429325,
+                        "Virtual Size": "0x2af90"
+                    },
+                    ".reloc": {
+                        "Entropy": 1.7709505944546688,
+                        "Virtual Size": "0xa"
+                    },
+                    ".text": {
+                        "Entropy": 5.6399775669379935,
+                        "Virtual Size": "0xaa161"
+                    },
+                    "/4": {
+                        "Entropy": 4.828726571617874,
+                        "Virtual Size": "0x17468"
+                    }
+                },
+                "Signature": "",
+                "Signatures": [
+                    {
+                        "Certificates": [
+                            {
+                                "IsCertificateAuthority": false,
+                                "SerialNumber": "33000000081eb17e9c15fc837a000100000008",
+                                "Signature": "840831439e4e63e88d00e1b0c0678d70bb89f466e9027ab28177926d5def8175b3240e729f943f1e6bd94a0f27c92e696a5001c0747f6bf7574c09e8485a5eb6d7024244ddd73236c28e9dfad58ec5098b74516234232552d9230c1d0ddae73108b0a0144bd9e9265dac56ebdcce7512cf3627a6858d41876ede19d35e0e27957a6896aae9ea150098327450fe7c72385aac6feff0616b3d066cd0be7e5a537bb18488c67db9f0731c30ac7918fe977b4250ffbfbeea81e1ba3b8a0305b9374f0d22453781cc5823b5faad5e50e84306381f83382fe0ed8b176a9c9ff1868cc6543e7f12b1f112adc62430fd1ba530d877a290f0d2e09eacce07ed37ec439c25",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+                                "TBS": {
+                                    "MD5": "c5e24205d04c09c94d81b6935af7ec09",
+                                    "SHA1": "12622dccb5b07edfd65cae6fc018e24b80ff2c82",
+                                    "SHA256": "d6afbff1c283d7777501bd3b2adb4aadb8ce32649ee401dfbb06f884362f7507"
+                                },
+                                "ValidFrom": "2012-07-02 22:25:14",
+                                "ValidTo": "2013-10-02 22:25:14",
+                                "Version": 3
+                            },
+                            {
+                                "IsCertificateAuthority": true,
+                                "SerialNumber": "6108d3c4000000000004",
+                                "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+                                "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+                                "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "TBS": {
+                                    "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+                                    "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+                                    "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+                                },
+                                "ValidFrom": "2011-06-27 21:22:45",
+                                "ValidTo": "2026-06-27 21:32:45",
+                                "Version": 3
+                            }
+                        ],
+                        "CertificatesInfo": "",
+                        "Signer": [
+                            {
+                                "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+                                "SerialNumber": "33000000081eb17e9c15fc837a000100000008",
+                                "Version": 1
+                            }
+                        ],
+                        "SignerInfo": ""
+                    }
+                ]
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "BOOTX64.EFI"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "4e4ca92c-52eb-4289-a935-f6ec64b79e3a",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "326967C7FFC1B86DB8B32B0570E88A89CC1534CFCF300B98C077E473F9B18FA1"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "DA9C62E148457AFB0629FAB0C2D58623F9AC35A9A95EF23388ECFE85451C60C0",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "ad6add2d-fe39-4ffb-b31d-7dffaf3ef28c",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "BB44FD8CD04ABC3B54E5CCEA97EF81E70FD3933C34288D8B86F6ECB4F3ED1FDE"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "CF61636CEFDF20CF4B35382124800E047F5886952888BD41D1B8426BF34D2D29",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8.1"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "32-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "a2a7bdd7-c7bd-4195-97d5-a7b127691dfe",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "5348075329A1087EBB689FCFC775304B09C6786A523F83E7BB90E26DE0E61FF7"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "32-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "DE1CB8E571EEF26A3C4BABCEC97BA41894AE9DE7528A35BFF5FDDFF5C025CEED",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "Black Lotus Microsoft Windows 8"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\bootmgfw.efi } }",
+            "Description": "This was provided by Microsoft and revoked May-23",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "24c0575d-dfa7-4f1b-8503-e136cf8fcf3a",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "9141EA1A4E6BF1F4D72C28A1D0D124A928D5A7D36B14FC7E7E53EF442360FF99"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "bootmgfw.efi",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "B334937090AC1D2DB8FFFA7D6BB72F97FDE42712300524E2C89F0E7DCA5EF4D5",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "bootmgfw.efi"
+        ],
+        "Verified": "TRUE"
+    },
+    {
+        "Acknowledgement": {
+            "Handle": "",
+            "Person": ""
+        },
+        "Author": "Michael Haag",
+        "CVE": [
+            "CVE-2020-10713",
+            "CVE-2020-14308",
+            "CVE-2020-14309",
+            "CVE-2020-14310",
+            "CVE-2020-14311",
+            "CVE-2020-15705",
+            "CVE-2020-15706",
+            "CVE-2020-15707"
+        ],
+        "Category": "Revoked Bootloaders",
+        "Commands": {
+            "Command": "bcdedit /copy \"{current}\" /d \"TheBoots\" | {% if ($_ -match '{\\S+}') { bcdedit /set $matches[0] path \\windows\\temp\\ } }",
+            "Description": "This was provided by Unknown and revoked Jul-20",
+            "OperatingSystem": "64-bit",
+            "Privileges": "",
+            "Usecase": "Persistence"
+        },
+        "Created": "2023-05-22",
+        "Detection": [
+            {
+                "type": "",
+                "value": ""
+            }
+        ],
+        "Id": "eefbdef0-8570-4a68-9824-042e17b71f98",
+        "KnownVulnerableSamples": [
+            {
+                "Authentihash": {
+                    "MD5": "",
+                    "SHA1": "",
+                    "SHA256": "41D1EEB177C0324E17DD6557F384E532DE0CF51A019A446B01EFB351BC259D77"
+                },
+                "Company": "",
+                "Copyright": "",
+                "Date": "",
+                "Description": "",
+                "ExportedFunctions": "",
+                "FileVersion": "",
+                "Filename": "",
+                "Imports": [
+                    ""
+                ],
+                "InternalName": "",
+                "MD5": "",
+                "MachineType": "64-bit",
+                "OriginalFilename": "",
+                "PDBPath": "",
+                "Product": "",
+                "ProductVersion": "",
+                "Publisher": "",
+                "SHA1": "",
+                "SHA256": "CB9E3E372C5F707858E1DE6421C2D3407C240F9D7BC43A9B9F3BA1F6037615B9",
+                "Signature": ""
+            }
+        ],
+        "MitreID": "T1542",
+        "Resources": [
+            "https://uefi.org/revocationlistfile",
+            "https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca"
+        ],
+        "Tags": [
+            "eefbdef0-8570-4a68-9824-042e17b71f98"
+        ],
+        "Verified": "TRUE"
+    }
+]
\ No newline at end of file
diff --git a/lolrmm.com/content/bootloaders/0072a990-7f8a-484c-8727-bd0912dd2ce6.md b/lolrmm.com/content/bootloaders/0072a990-7f8a-484c-8727-bd0912dd2ce6.md
new file mode 100644
index 00000000..f6756aa9
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/0072a990-7f8a-484c-8727-bd0912dd2ce6.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "0072a990-7f8a-484c-8727-bd0912dd2ce6"
+weight = 10
+displayTitle = "shim64-bit.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# shim64-bit.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by HP Inc. and revoked Apr-21
+- **UUID**: 0072a990-7f8a-484c-8727-bd0912dd2ce6
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\shim64-bit.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372">CVE-2020-14372</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632">CVE-2020-25632</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647">CVE-2020-25647</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749">CVE-2020-27749</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779">CVE-2020-27779</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3418">CVE-2021-3418</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225">CVE-2021-20225</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233">CVE-2021-20233</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | shim64-bit.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [DF01F567CF2C2A7B872EB750F12EC534B6F207E760D1ACA6795DB7CB12CFD92D](https://www.virustotal.com/gui/file/DF01F567CF2C2A7B872EB750F12EC534B6F207E760D1ACA6795DB7CB12CFD92D) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [E6236DC1EE074C077C7A1C9B3965947430847BE125F7AEB71D91A128133AEA7F](https://www.virustotal.com/gui/search/authentihash%253AE6236DC1EE074C077C7A1C9B3965947430847BE125F7AEB71D91A128133AEA7F) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/0072a990-7f8a-484c-8727-bd0912dd2ce6.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/025ed4ef-d8c6-492b-927f-a1eb484d7b89.md b/lolrmm.com/content/bootloaders/025ed4ef-d8c6-492b-927f-a1eb484d7b89.md
new file mode 100644
index 00000000..c3fda12b
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/025ed4ef-d8c6-492b-927f-a1eb484d7b89.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "025ed4ef-d8c6-492b-927f-a1eb484d7b89"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 025ed4ef-d8c6-492b-927f-a1eb484d7b89
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [D0A3923ED57307BBDDA1ECF0FF1C40F478DD6F439F80A072508C3551520CD52C](https://www.virustotal.com/gui/file/D0A3923ED57307BBDDA1ECF0FF1C40F478DD6F439F80A072508C3551520CD52C) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [812EB0FA2DF13A889549729CADBF1720B68F6C9E21955741B72802590AF1B5CA](https://www.virustotal.com/gui/search/authentihash%253A812EB0FA2DF13A889549729CADBF1720B68F6C9E21955741B72802590AF1B5CA) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/025ed4ef-d8c6-492b-927f-a1eb484d7b89.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/02e8f438-8842-4018-8592-a4fea656bd01.md b/lolrmm.com/content/bootloaders/02e8f438-8842-4018-8592-a4fea656bd01.md
new file mode 100644
index 00000000..b4f21f63
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/02e8f438-8842-4018-8592-a4fea656bd01.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "02e8f438-8842-4018-8592-a4fea656bd01"
+weight = 10
+displayTitle = "02e8f438-8842-4018-8592-a4fea656bd01"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 02e8f438-8842-4018-8592-a4fea656bd01 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Unknown and revoked Jul-20
+- **UUID**: 02e8f438-8842-4018-8592-a4fea656bd01
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [8BF4FAC6F3981D1E6180DB0CD53152AE9666DC40884090A522840062E0C926E7](https://www.virustotal.com/gui/file/8BF4FAC6F3981D1E6180DB0CD53152AE9666DC40884090A522840062E0C926E7) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [0257FF710F2A16E489B37493C07604A7CDA96129D8A8FD68D2B6AF633904315D](https://www.virustotal.com/gui/search/authentihash%253A0257FF710F2A16E489B37493C07604A7CDA96129D8A8FD68D2B6AF633904315D) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/02e8f438-8842-4018-8592-a4fea656bd01.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/03fbb84a-9153-4d42-aa08-c26fd8260bd1.md b/lolrmm.com/content/bootloaders/03fbb84a-9153-4d42-aa08-c26fd8260bd1.md
new file mode 100644
index 00000000..b2ea9871
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/03fbb84a-9153-4d42-aa08-c26fd8260bd1.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "03fbb84a-9153-4d42-aa08-c26fd8260bd1"
+weight = 10
+displayTitle = "03fbb84a-9153-4d42-aa08-c26fd8260bd1"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 03fbb84a-9153-4d42-aa08-c26fd8260bd1 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by SUSE Linux and revoked Jul-20
+- **UUID**: 03fbb84a-9153-4d42-aa08-c26fd8260bd1
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [AD215B731A41CBE37CAFEE5280FFC282A8AC23B5E8BA25DFF3D28A6AAE1D2A0D](https://www.virustotal.com/gui/file/AD215B731A41CBE37CAFEE5280FFC282A8AC23B5E8BA25DFF3D28A6AAE1D2A0D) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [C3505BF3EC10A51DACE417C76B8BD10939A065D1F34E75B8A3065EE31CC69B96](https://www.virustotal.com/gui/search/authentihash%253AC3505BF3EC10A51DACE417C76B8BD10939A065D1F34E75B8A3065EE31CC69B96) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/03fbb84a-9153-4d42-aa08-c26fd8260bd1.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/0486fe15-0d77-4c66-9918-1278ef014f72.md b/lolrmm.com/content/bootloaders/0486fe15-0d77-4c66-9918-1278ef014f72.md
new file mode 100644
index 00000000..66c73aa4
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/0486fe15-0d77-4c66-9918-1278ef014f72.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "0486fe15-0d77-4c66-9918-1278ef014f72"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 0486fe15-0d77-4c66-9918-1278ef014f72
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/c831903e223d70526791119b52eaa4df.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [c831903e223d70526791119b52eaa4df](https://www.virustotal.com/gui/file/c831903e223d70526791119b52eaa4df) |
+| SHA1               | [43e01a095fe196f5f7f0f6aa4f33d79803d1fe43](https://www.virustotal.com/gui/file/43e01a095fe196f5f7f0f6aa4f33d79803d1fe43) |
+| SHA256             | [86e5b25aa8072895e72e3d5f4beaccc1488a434fb10babe17fb9010da4ed93bc](https://www.virustotal.com/gui/file/86e5b25aa8072895e72e3d5f4beaccc1488a434fb10babe17fb9010da4ed93bc) |
+| Authentihash MD5   | [4755a94a9c24a396102236124cd43c7f](https://www.virustotal.com/gui/search/authentihash%253A4755a94a9c24a396102236124cd43c7f) |
+| Authentihash SHA1  | [e7efd492f1248e8eb94f4ee629365328cc7c7822](https://www.virustotal.com/gui/search/authentihash%253Ae7efd492f1248e8eb94f4ee629365328cc7c7822) |
+| Authentihash SHA256| [07b6d3aa86d0a8d5f46bdd5886d8f20fa2dd9377898d1139bd74b41f5e7ae44b](https://www.virustotal.com/gui/search/authentihash%253A07b6d3aa86d0a8d5f46bdd5886d8f20fa2dd9377898d1139bd74b41f5e7ae44b) |
+| RichPEHeaderHash MD5   | [55e14c81b5fe58eedc0ba4f71e3dfc38](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A55e14c81b5fe58eedc0ba4f71e3dfc38) |
+| RichPEHeaderHash SHA1  | [d793a26f5757c9a0c1bdd8b6a22fb8461560265d](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Ad793a26f5757c9a0c1bdd8b6a22fb8461560265d) |
+| RichPEHeaderHash SHA256| [f728c141f52f30bd327d1b8522257d8095ab4e4a707f449b48560f6e17803762](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Af728c141f52f30bd327d1b8522257d8095ab4e4a707f449b48560f6e17803762) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000001b40b3e1eae3b8c84600000000001b
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 2e3f888fadd3d8d498f3237752c18df9  |
+| ToBeSigned (TBS) SHA1             | 4f3c14facbfca2505dddb77d8b8bfe71abb1d2ed |
+| ToBeSigned (TBS) SHA256           | 574085e964e5d1fc9d71150ef08a0e08779e1919f28d75a19dad15f69571c8f6 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2013-04-10 20:41:53 |
+| ValidTo                           | 2014-07-10 20:41:53 |
+| Signature                         | cbc341b6aa9c66039f4068be8e0a48a0e38ad5c22d4a6f33e6c39817378261c73b0ac8e800662cde2333f4a79c3b75b726b7aaefc55cb467374a3804a65dd3bcf318da3699a4951225e092422aa4bb08880db7d021c4b7883ccd2452884d6e00d6ec06e6055f30218dfc376e893fdf2b0174ba323e15e0d9e480862c7132f49666ab01c246edcb9e403752b15284de32fa501cbed5bba0e45c60635520155a623bbd1b14d47e4cb8c9b2114d41de618eb6fbb022303df44f93d5d6ba60a5edc24f31c0530da52ea1392985d95b01833392c7686abf5c318308b442b5055011dfd475058a740a741ef63482b84edf9758ccfa5f3472df9c7043ca60912102c15b |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000001b40b3e1eae3b8c84600000000001b |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000001b40b3e1eae3b8c84600000000001b",
+      "Signature": "cbc341b6aa9c66039f4068be8e0a48a0e38ad5c22d4a6f33e6c39817378261c73b0ac8e800662cde2333f4a79c3b75b726b7aaefc55cb467374a3804a65dd3bcf318da3699a4951225e092422aa4bb08880db7d021c4b7883ccd2452884d6e00d6ec06e6055f30218dfc376e893fdf2b0174ba323e15e0d9e480862c7132f49666ab01c246edcb9e403752b15284de32fa501cbed5bba0e45c60635520155a623bbd1b14d47e4cb8c9b2114d41de618eb6fbb022303df44f93d5d6ba60a5edc24f31c0530da52ea1392985d95b01833392c7686abf5c318308b442b5055011dfd475058a740a741ef63482b84edf9758ccfa5f3472df9c7043ca60912102c15b",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "2e3f888fadd3d8d498f3237752c18df9",
+        "SHA1": "4f3c14facbfca2505dddb77d8b8bfe71abb1d2ed",
+        "SHA256": "574085e964e5d1fc9d71150ef08a0e08779e1919f28d75a19dad15f69571c8f6"
+      },
+      "ValidFrom": "2013-04-10 20:41:53",
+      "ValidTo": "2014-07-10 20:41:53",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "330000001b40b3e1eae3b8c84600000000001b",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/0486fe15-0d77-4c66-9918-1278ef014f72.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/04cb75f3-e10f-4f9c-9f8f-97d4a310922c.md b/lolrmm.com/content/bootloaders/04cb75f3-e10f-4f9c-9f8f-97d4a310922c.md
new file mode 100644
index 00000000..07ae339a
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/04cb75f3-e10f-4f9c-9f8f-97d4a310922c.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "04cb75f3-e10f-4f9c-9f8f-97d4a310922c"
+weight = 10
+displayTitle = "04cb75f3-e10f-4f9c-9f8f-97d4a310922c"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 04cb75f3-e10f-4f9c-9f8f-97d4a310922c ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Intel Corporation and revoked Jul-20
+- **UUID**: 04cb75f3-e10f-4f9c-9f8f-97d4a310922c
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [0CCD31ED42FF79E74FBA9C064F59F698E3AE9F9E690BE296EA63936E81982000](https://www.virustotal.com/gui/file/0CCD31ED42FF79E74FBA9C064F59F698E3AE9F9E690BE296EA63936E81982000) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [E36DFC719D2114C2E39AEA88849E2845AB326F6F7FE74E0E539B7E54D81F3631](https://www.virustotal.com/gui/search/authentihash%253AE36DFC719D2114C2E39AEA88849E2845AB326F6F7FE74E0E539B7E54D81F3631) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/04cb75f3-e10f-4f9c-9f8f-97d4a310922c.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/04eaf4b4-a618-4d2c-8eb1-1e0065c05212.md b/lolrmm.com/content/bootloaders/04eaf4b4-a618-4d2c-8eb1-1e0065c05212.md
new file mode 100644
index 00000000..36611a32
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/04eaf4b4-a618-4d2c-8eb1-1e0065c05212.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "04eaf4b4-a618-4d2c-8eb1-1e0065c05212"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 04eaf4b4-a618-4d2c-8eb1-1e0065c05212
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8">Black Lotus Microsoft Windows 8</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [EA4EEC2975E4EAED0C5EE6C25C887FC8C7A0298FB613852DEC200DACD2485FD3](https://www.virustotal.com/gui/file/EA4EEC2975E4EAED0C5EE6C25C887FC8C7A0298FB613852DEC200DACD2485FD3) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [A983E73E57BDF014C9A29331290EE87DF37F97C81DBCC43C6C933FE2209C0BD5](https://www.virustotal.com/gui/search/authentihash%253AA983E73E57BDF014C9A29331290EE87DF37F97C81DBCC43C6C933FE2209C0BD5) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/04eaf4b4-a618-4d2c-8eb1-1e0065c05212.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/058a1317-f391-4baf-86a8-31ea7b01d6e6.md b/lolrmm.com/content/bootloaders/058a1317-f391-4baf-86a8-31ea7b01d6e6.md
new file mode 100644
index 00000000..6e87fbab
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/058a1317-f391-4baf-86a8-31ea7b01d6e6.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "058a1317-f391-4baf-86a8-31ea7b01d6e6"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 058a1317-f391-4baf-86a8-31ea7b01d6e6
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/e8b4de749b80b47640ea86b06f56429f.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8">Black Lotus Microsoft Windows 8</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [e8b4de749b80b47640ea86b06f56429f](https://www.virustotal.com/gui/file/e8b4de749b80b47640ea86b06f56429f) |
+| SHA1               | [d79557da8528c045a204a3abf3dcd26b7fb814f3](https://www.virustotal.com/gui/file/d79557da8528c045a204a3abf3dcd26b7fb814f3) |
+| SHA256             | [905c2df524e664759d55a6dad4b62b58220adc59fec3e852964efc2165b0fc0c](https://www.virustotal.com/gui/file/905c2df524e664759d55a6dad4b62b58220adc59fec3e852964efc2165b0fc0c) |
+| Authentihash MD5   | [aff88198eaa921bd4c804c7b39833ff4](https://www.virustotal.com/gui/search/authentihash%253Aaff88198eaa921bd4c804c7b39833ff4) |
+| Authentihash SHA1  | [8c5d802f57367e3f81b341095265c6dbf0774403](https://www.virustotal.com/gui/search/authentihash%253A8c5d802f57367e3f81b341095265c6dbf0774403) |
+| Authentihash SHA256| [459457c48e1b450d8f22858ffb392fca78bb6f4da837862889ab798bdcbdf08f](https://www.virustotal.com/gui/search/authentihash%253A459457c48e1b450d8f22858ffb392fca78bb6f4da837862889ab798bdcbdf08f) |
+| RichPEHeaderHash MD5   | [a387b0075e977009a7bb74d24fc388de](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Aa387b0075e977009a7bb74d24fc388de) |
+| RichPEHeaderHash SHA1  | [345e019b25904c911be9e3b6a9e2b0bb18652b04](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A345e019b25904c911be9e3b6a9e2b0bb18652b04) |
+| RichPEHeaderHash SHA256| [e04ed5674c66abbab401efb6e21e2481d4cbc485e5c8a6d34419bd7c8cc9fdad](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Ae04ed5674c66abbab401efb6e21e2481d4cbc485e5c8a6d34419bd7c8cc9fdad) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 610bbbd8000000000005
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 158438012e4dcd69b27b762c9358cfa2  |
+| ToBeSigned (TBS) SHA1             | 684ac167849404a4101f166b759f291a43d5f749 |
+| ToBeSigned (TBS) SHA256           | 95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2012-04-09 20:55:50 |
+| ValidTo                           | 2013-07-09 20:55:50 |
+| Signature                         | c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 610bbbd8000000000005 |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "610bbbd8000000000005",
+      "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "158438012e4dcd69b27b762c9358cfa2",
+        "SHA1": "684ac167849404a4101f166b759f291a43d5f749",
+        "SHA256": "95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c"
+      },
+      "ValidFrom": "2012-04-09 20:55:50",
+      "ValidTo": "2013-07-09 20:55:50",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "610bbbd8000000000005",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/058a1317-f391-4baf-86a8-31ea7b01d6e6.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/05a8e372-5b24-4953-8d25-d6560076f4f4.md b/lolrmm.com/content/bootloaders/05a8e372-5b24-4953-8d25-d6560076f4f4.md
new file mode 100644
index 00000000..a495d267
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/05a8e372-5b24-4953-8d25-d6560076f4f4.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "05a8e372-5b24-4953-8d25-d6560076f4f4"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 05a8e372-5b24-4953-8d25-d6560076f4f4
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [4BB0A426CA2A23E05B62A3008009AAD7F184F3D24DBD65E9AA81DE341BC5326F](https://www.virustotal.com/gui/file/4BB0A426CA2A23E05B62A3008009AAD7F184F3D24DBD65E9AA81DE341BC5326F) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [C21614E207B1991D3D6DF842009718652D241A8D926E221B85D069F1615E27A2](https://www.virustotal.com/gui/search/authentihash%253AC21614E207B1991D3D6DF842009718652D241A8D926E221B85D069F1615E27A2) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/05a8e372-5b24-4953-8d25-d6560076f4f4.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/063ad364-8db5-4bb6-a731-799b970cf900.md b/lolrmm.com/content/bootloaders/063ad364-8db5-4bb6-a731-799b970cf900.md
new file mode 100644
index 00000000..7ed14fb8
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/063ad364-8db5-4bb6-a731-799b970cf900.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "063ad364-8db5-4bb6-a731-799b970cf900"
+weight = 10
+displayTitle = "rhel-8.3-shim-20200726-shimia32.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# rhel-8.3-shim-20200726-shimia32.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Red Hat, Inc. and revoked Apr-21
+- **UUID**: 063ad364-8db5-4bb6-a731-799b970cf900
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\rhel-8.3-shim-20200726-shimia32.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372">CVE-2020-14372</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632">CVE-2020-25632</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647">CVE-2020-25647</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749">CVE-2020-27749</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779">CVE-2020-27779</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3418">CVE-2021-3418</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225">CVE-2021-20225</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233">CVE-2021-20233</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | rhel-8.3-shim-20200726-shimia32.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [96DD3FFBAB73A9DAA0CA93C34C4EDA5BD9C8AEEB0480C1A3BD93131F44CA9A29](https://www.virustotal.com/gui/file/96DD3FFBAB73A9DAA0CA93C34C4EDA5BD9C8AEEB0480C1A3BD93131F44CA9A29) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [FFF421A9DCD3EF38AD585E8BACA408AC2E4CDBDFA679900EC17089624E310ADA](https://www.virustotal.com/gui/search/authentihash%253AFFF421A9DCD3EF38AD585E8BACA408AC2E4CDBDFA679900EC17089624E310ADA) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/063ad364-8db5-4bb6-a731-799b970cf900.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/064e9fe7-c5dc-4858-9006-e9b1e0e3001b.md b/lolrmm.com/content/bootloaders/064e9fe7-c5dc-4858-9006-e9b1e0e3001b.md
new file mode 100644
index 00000000..8b145e54
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/064e9fe7-c5dc-4858-9006-e9b1e0e3001b.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "064e9fe7-c5dc-4858-9006-e9b1e0e3001b"
+weight = 10
+displayTitle = "064e9fe7-c5dc-4858-9006-e9b1e0e3001b"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 064e9fe7-c5dc-4858-9006-e9b1e0e3001b ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by BITDEFENDER and revoked Jul-20
+- **UUID**: 064e9fe7-c5dc-4858-9006-e9b1e0e3001b
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [AECD34387179AFF5CE02103679312CDEB1DA835015A8548FCE93765E7219612E](https://www.virustotal.com/gui/file/AECD34387179AFF5CE02103679312CDEB1DA835015A8548FCE93765E7219612E) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [F2A16D35B554694187A70D40CA682959F4F35C2CE0EAB8FD64F7AC2AB9F5C24A](https://www.virustotal.com/gui/search/authentihash%253AF2A16D35B554694187A70D40CA682959F4F35C2CE0EAB8FD64F7AC2AB9F5C24A) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/064e9fe7-c5dc-4858-9006-e9b1e0e3001b.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/077ccbb7-5e3d-455d-abbf-317e3ee73abd.md b/lolrmm.com/content/bootloaders/077ccbb7-5e3d-455d-abbf-317e3ee73abd.md
new file mode 100644
index 00000000..1215e7ec
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/077ccbb7-5e3d-455d-abbf-317e3ee73abd.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "077ccbb7-5e3d-455d-abbf-317e3ee73abd"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 077ccbb7-5e3d-455d-abbf-317e3ee73abd
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [DB67C1601CC3B3313B9F6E8F12E76627E7BC6F3936BD8147FCAFAF5FB6556966](https://www.virustotal.com/gui/file/DB67C1601CC3B3313B9F6E8F12E76627E7BC6F3936BD8147FCAFAF5FB6556966) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [A5E476C4BA2ED8EF8C30F247F3E13AFA5C7E3A5A952E4B8325C22F33F7F23621](https://www.virustotal.com/gui/search/authentihash%253AA5E476C4BA2ED8EF8C30F247F3E13AFA5C7E3A5A952E4B8325C22F33F7F23621) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/077ccbb7-5e3d-455d-abbf-317e3ee73abd.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/07ce0c22-0e7a-4f68-91e2-61a9d9cd566f.md b/lolrmm.com/content/bootloaders/07ce0c22-0e7a-4f68-91e2-61a9d9cd566f.md
new file mode 100644
index 00000000..88ce4e2c
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/07ce0c22-0e7a-4f68-91e2-61a9d9cd566f.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "07ce0c22-0e7a-4f68-91e2-61a9d9cd566f"
+weight = 10
+displayTitle = "07ce0c22-0e7a-4f68-91e2-61a9d9cd566f"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 07ce0c22-0e7a-4f68-91e2-61a9d9cd566f ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Oracle Corporation and revoked Jul-20
+- **UUID**: 07ce0c22-0e7a-4f68-91e2-61a9d9cd566f
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [6A86152DF323185DCD535369C94B9226FEB6AAB4479C00A4A916B4E82E4A85FE](https://www.virustotal.com/gui/file/6A86152DF323185DCD535369C94B9226FEB6AAB4479C00A4A916B4E82E4A85FE) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [65F3C0A01B8402D362B9722E98F75E5E991E6C186E934F7B2B2E6BE6DEC800EC](https://www.virustotal.com/gui/search/authentihash%253A65F3C0A01B8402D362B9722E98F75E5E991E6C186E934F7B2B2E6BE6DEC800EC) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/07ce0c22-0e7a-4f68-91e2-61a9d9cd566f.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/07e76cae-6513-4120-b399-3ab5ae5879a5.md b/lolrmm.com/content/bootloaders/07e76cae-6513-4120-b399-3ab5ae5879a5.md
new file mode 100644
index 00000000..7721be16
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/07e76cae-6513-4120-b399-3ab5ae5879a5.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "07e76cae-6513-4120-b399-3ab5ae5879a5"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 07e76cae-6513-4120-b399-3ab5ae5879a5
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [997CCF341DBCE2EB9E119803723130DA90E8F1DD167A7B75400E73CBBADA54FD](https://www.virustotal.com/gui/file/997CCF341DBCE2EB9E119803723130DA90E8F1DD167A7B75400E73CBBADA54FD) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [A5E0C1C1FDEBE61C4DDBB66C57EB23BCAA86C36BAB9900AD10342A4971128EAC](https://www.virustotal.com/gui/search/authentihash%253AA5E0C1C1FDEBE61C4DDBB66C57EB23BCAA86C36BAB9900AD10342A4971128EAC) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/07e76cae-6513-4120-b399-3ab5ae5879a5.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/09476ffd-a0fd-4510-9e36-a20727c16b8c.md b/lolrmm.com/content/bootloaders/09476ffd-a0fd-4510-9e36-a20727c16b8c.md
new file mode 100644
index 00000000..6423b218
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/09476ffd-a0fd-4510-9e36-a20727c16b8c.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "09476ffd-a0fd-4510-9e36-a20727c16b8c"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 09476ffd-a0fd-4510-9e36-a20727c16b8c
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [A97E2E39DA89F16E0AFB9CF3A213205ED00BF2200A573812B5C5F56FDB8B2402](https://www.virustotal.com/gui/file/A97E2E39DA89F16E0AFB9CF3A213205ED00BF2200A573812B5C5F56FDB8B2402) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [5AAFC9F5F98DB75F8519D8652924932939760F00DF8827FA2A6E36DB265F21F8](https://www.virustotal.com/gui/search/authentihash%253A5AAFC9F5F98DB75F8519D8652924932939760F00DF8827FA2A6E36DB265F21F8) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/09476ffd-a0fd-4510-9e36-a20727c16b8c.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/0a9c062b-91a3-44f9-b577-0128708bf124.md b/lolrmm.com/content/bootloaders/0a9c062b-91a3-44f9-b577-0128708bf124.md
new file mode 100644
index 00000000..82eabf2b
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/0a9c062b-91a3-44f9-b577-0128708bf124.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "0a9c062b-91a3-44f9-b577-0128708bf124"
+weight = 10
+displayTitle = "bootx64.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootx64.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 0a9c062b-91a3-44f9-b577-0128708bf124
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/9962f9fb820e5d7f5a31b86b9d164d33.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootx64.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootx64.efi |
+| MD5                | [9962f9fb820e5d7f5a31b86b9d164d33](https://www.virustotal.com/gui/file/9962f9fb820e5d7f5a31b86b9d164d33) |
+| SHA1               | [84376651061fc88774ec945b9062c112139c883e](https://www.virustotal.com/gui/file/84376651061fc88774ec945b9062c112139c883e) |
+| SHA256             | [f6208932ed98aa64f5ec0d9f59138d4c1dddbd82437315aac4aa913e5d4f825e](https://www.virustotal.com/gui/file/f6208932ed98aa64f5ec0d9f59138d4c1dddbd82437315aac4aa913e5d4f825e) |
+| Authentihash MD5   | [662458438867c4c20ffa9adb1dbe99da](https://www.virustotal.com/gui/search/authentihash%253A662458438867c4c20ffa9adb1dbe99da) |
+| Authentihash SHA1  | [e407452938d3438b835e875dd8c40785587a6e0b](https://www.virustotal.com/gui/search/authentihash%253Ae407452938d3438b835e875dd8c40785587a6e0b) |
+| Authentihash SHA256| [cfd2a8f23bbce7424f4a6e27def368f17b086ffa226528900fa092736e705ef9](https://www.virustotal.com/gui/search/authentihash%253Acfd2a8f23bbce7424f4a6e27def368f17b086ffa226528900fa092736e705ef9) |
+| RichPEHeaderHash MD5   | [c5389be8b9ed2eadc3172c020ecaf490](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Ac5389be8b9ed2eadc3172c020ecaf490) |
+| RichPEHeaderHash SHA1  | [c792c3865fa8fad335ab1bf4df6fc31f9a4bb8b7](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Ac792c3865fa8fad335ab1bf4df6fc31f9a4bb8b7) |
+| RichPEHeaderHash SHA256| [4e28f20b385ab12059b7bfd4011ce3aa3d1e1a1514c9b01f86bc2d696d83c356](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A4e28f20b385ab12059b7bfd4011ce3aa3d1e1a1514c9b01f86bc2d696d83c356) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager (Test) |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000004ea1d80770a9bbe94400000000004e
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 9da610547a25cbe89af7ecdb99229623  |
+| ToBeSigned (TBS) SHA1             | 6841cbcbd019586d045c2e9d6d0bc3a98fee3bf7 |
+| ToBeSigned (TBS) SHA256           | 1cfead8146399a4dfe6759e9303c30c521cff3830e7177e87e64021dc3da4931 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2014-07-01 20:32:01 |
+| ValidTo                           | 2015-10-01 20:32:01 |
+| Signature                         | 8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000004ea1d80770a9bbe94400000000004e |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+      "Signature": "8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "9da610547a25cbe89af7ecdb99229623",
+        "SHA1": "6841cbcbd019586d045c2e9d6d0bc3a98fee3bf7",
+        "SHA256": "1cfead8146399a4dfe6759e9303c30c521cff3830e7177e87e64021dc3da4931"
+      },
+      "ValidFrom": "2014-07-01 20:32:01",
+      "ValidTo": "2015-10-01 20:32:01",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/0a9c062b-91a3-44f9-b577-0128708bf124.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/0acd4573-d0e2-4f57-8c94-3d6e57a391e7.md b/lolrmm.com/content/bootloaders/0acd4573-d0e2-4f57-8c94-3d6e57a391e7.md
new file mode 100644
index 00000000..f8ff9bf8
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/0acd4573-d0e2-4f57-8c94-3d6e57a391e7.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "0acd4573-d0e2-4f57-8c94-3d6e57a391e7"
+weight = 10
+displayTitle = "shimaa64.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# shimaa64.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Canonical Ltd and revoked Apr-21
+- **UUID**: 0acd4573-d0e2-4f57-8c94-3d6e57a391e7
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\shimaa64.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372">CVE-2020-14372</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632">CVE-2020-25632</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647">CVE-2020-25647</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749">CVE-2020-27749</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779">CVE-2020-27779</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3418">CVE-2021-3418</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225">CVE-2021-20225</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233">CVE-2021-20233</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | shimaa64.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [3C6318DC79E5CE66F7DCCC71DF01C4E4ACC53F14D978011A29033D59D43D9233](https://www.virustotal.com/gui/file/3C6318DC79E5CE66F7DCCC71DF01C4E4ACC53F14D978011A29033D59D43D9233) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [62B79FB4A04052FCB498A97F22A3567642D4BC47D1C2FF9A06311C8C6148E907](https://www.virustotal.com/gui/search/authentihash%253A62B79FB4A04052FCB498A97F22A3567642D4BC47D1C2FF9A06311C8C6148E907) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/0acd4573-d0e2-4f57-8c94-3d6e57a391e7.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/0bbd943d-7d16-4fe7-ac8b-f9d12daba1f4.md b/lolrmm.com/content/bootloaders/0bbd943d-7d16-4fe7-ac8b-f9d12daba1f4.md
new file mode 100644
index 00000000..848d51ff
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/0bbd943d-7d16-4fe7-ac8b-f9d12daba1f4.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "0bbd943d-7d16-4fe7-ac8b-f9d12daba1f4"
+weight = 10
+displayTitle = "0bbd943d-7d16-4fe7-ac8b-f9d12daba1f4"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 0bbd943d-7d16-4fe7-ac8b-f9d12daba1f4 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Unknown and revoked Jul-20
+- **UUID**: 0bbd943d-7d16-4fe7-ac8b-f9d12daba1f4
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [26A8EBB3EF412AA70D4AB4486EBEE8DB42656AE7F2EC868FA95FA656090F01BE](https://www.virustotal.com/gui/file/26A8EBB3EF412AA70D4AB4486EBEE8DB42656AE7F2EC868FA95FA656090F01BE) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [B52531C84351EB695A8AFF0B7A5BDF93972CDEDFAF4067745425D75E21CD0CBB](https://www.virustotal.com/gui/search/authentihash%253AB52531C84351EB695A8AFF0B7A5BDF93972CDEDFAF4067745425D75E21CD0CBB) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/0bbd943d-7d16-4fe7-ac8b-f9d12daba1f4.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/0c015961-2a7d-4fc2-99ca-5cfccf2de27f.md b/lolrmm.com/content/bootloaders/0c015961-2a7d-4fc2-99ca-5cfccf2de27f.md
new file mode 100644
index 00000000..f1412af6
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/0c015961-2a7d-4fc2-99ca-5cfccf2de27f.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "0c015961-2a7d-4fc2-99ca-5cfccf2de27f"
+weight = 10
+displayTitle = "bootarm.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootarm.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 0c015961-2a7d-4fc2-99ca-5cfccf2de27f
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootarm.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootarm.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [F50D0AAA4875B0B609D0F796AACB77D582E0246D3FC544F76ADB73B67A156626](https://www.virustotal.com/gui/file/F50D0AAA4875B0B609D0F796AACB77D582E0246D3FC544F76ADB73B67A156626) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [4A9B1C438BC8F114BFAA82F5D533DA31CC610C276711422C74A167B8AEED7C82](https://www.virustotal.com/gui/search/authentihash%253A4A9B1C438BC8F114BFAA82F5D533DA31CC610C276711422C74A167B8AEED7C82) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/0c015961-2a7d-4fc2-99ca-5cfccf2de27f.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/0c0db73b-9d53-4fa1-93fe-cab2b3cabf9f.md b/lolrmm.com/content/bootloaders/0c0db73b-9d53-4fa1-93fe-cab2b3cabf9f.md
new file mode 100644
index 00000000..d262f8fa
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/0c0db73b-9d53-4fa1-93fe-cab2b3cabf9f.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "0c0db73b-9d53-4fa1-93fe-cab2b3cabf9f"
+weight = 10
+displayTitle = "mboot-official_em64t.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# mboot-official_em64t.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by vmware and revoked Aug-22
+- **UUID**: 0c0db73b-9d53-4fa1-93fe-cab2b3cabf9f
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\mboot-official_em64t.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=N/A">N/A</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | mboot-official_em64t.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [918871DEC65B4D8A8D0E29B221351DFEA3A1D9212A4E0D7EE692CC1696E9AFC6](https://www.virustotal.com/gui/file/918871DEC65B4D8A8D0E29B221351DFEA3A1D9212A4E0D7EE692CC1696E9AFC6) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [CA65A9B2915D9A055A407BC0698936349A04E3DB691E178419FBA701AAD8DE55](https://www.virustotal.com/gui/search/authentihash%253ACA65A9B2915D9A055A407BC0698936349A04E3DB691E178419FBA701AAD8DE55) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/0c0db73b-9d53-4fa1-93fe-cab2b3cabf9f.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/0c3bd8f7-9926-4763-98d1-7eaf036f7bf1.md b/lolrmm.com/content/bootloaders/0c3bd8f7-9926-4763-98d1-7eaf036f7bf1.md
new file mode 100644
index 00000000..920310f1
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/0c3bd8f7-9926-4763-98d1-7eaf036f7bf1.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "0c3bd8f7-9926-4763-98d1-7eaf036f7bf1"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 0c3bd8f7-9926-4763-98d1-7eaf036f7bf1
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [513310D70C03096167B915705C9F0CF34B2B62AC317AA3F89FA5CC385D74DB54](https://www.virustotal.com/gui/file/513310D70C03096167B915705C9F0CF34B2B62AC317AA3F89FA5CC385D74DB54) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [22C3867606A625048E1D9D5230F07FAE41E70BD08EA978BDB37563C0EDD9DA03](https://www.virustotal.com/gui/search/authentihash%253A22C3867606A625048E1D9D5230F07FAE41E70BD08EA978BDB37563C0EDD9DA03) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/0c3bd8f7-9926-4763-98d1-7eaf036f7bf1.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/0cb9b7da-f228-4e4b-a07c-06346f0d2e47.md b/lolrmm.com/content/bootloaders/0cb9b7da-f228-4e4b-a07c-06346f0d2e47.md
new file mode 100644
index 00000000..6fdb53bf
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/0cb9b7da-f228-4e4b-a07c-06346f0d2e47.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "0cb9b7da-f228-4e4b-a07c-06346f0d2e47"
+weight = 10
+displayTitle = "0cb9b7da-f228-4e4b-a07c-06346f0d2e47"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 0cb9b7da-f228-4e4b-a07c-06346f0d2e47 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Unknown and revoked Jul-20
+- **UUID**: 0cb9b7da-f228-4e4b-a07c-06346f0d2e47
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [459728935C400CBED125A0AA12D0E618CCB6F4FDE3194BB2D06A511DAA335350](https://www.virustotal.com/gui/file/459728935C400CBED125A0AA12D0E618CCB6F4FDE3194BB2D06A511DAA335350) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [B9B20E933E2B6C33C9FF088E224D802028F29A4CEBE50AB5D746027911A454FF](https://www.virustotal.com/gui/search/authentihash%253AB9B20E933E2B6C33C9FF088E224D802028F29A4CEBE50AB5D746027911A454FF) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/0cb9b7da-f228-4e4b-a07c-06346f0d2e47.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/0cbcf08b-1870-478c-bb85-8d12308ec1c2.md b/lolrmm.com/content/bootloaders/0cbcf08b-1870-478c-bb85-8d12308ec1c2.md
new file mode 100644
index 00000000..46d8dbd7
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/0cbcf08b-1870-478c-bb85-8d12308ec1c2.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "0cbcf08b-1870-478c-bb85-8d12308ec1c2"
+weight = 10
+displayTitle = "bootarm.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootarm.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 0cbcf08b-1870-478c-bb85-8d12308ec1c2
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootarm.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootarm.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [90AA7C82344C06E7657FA919AD2B7395A07F8A1ECA8C159029569BD4467CC7B2](https://www.virustotal.com/gui/file/90AA7C82344C06E7657FA919AD2B7395A07F8A1ECA8C159029569BD4467CC7B2) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [C32E05EEF54D7EAA0DD89FE0F4D1A8D97671FB456F6299047C3192C3E3724BCA](https://www.virustotal.com/gui/search/authentihash%253AC32E05EEF54D7EAA0DD89FE0F4D1A8D97671FB456F6299047C3192C3E3724BCA) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/0cbcf08b-1870-478c-bb85-8d12308ec1c2.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/0d33abea-51fd-4453-a8a3-150328e8ce21.md b/lolrmm.com/content/bootloaders/0d33abea-51fd-4453-a8a3-150328e8ce21.md
new file mode 100644
index 00000000..9b9b374a
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/0d33abea-51fd-4453-a8a3-150328e8ce21.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "0d33abea-51fd-4453-a8a3-150328e8ce21"
+weight = 10
+displayTitle = "0d33abea-51fd-4453-a8a3-150328e8ce21"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 0d33abea-51fd-4453-a8a3-150328e8ce21 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Unknown and revoked Jul-20
+- **UUID**: 0d33abea-51fd-4453-a8a3-150328e8ce21
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [A121947909D35BB042F0049D18E4EE2B27941E10D14E4D6B1C11945CA79992E6](https://www.virustotal.com/gui/file/A121947909D35BB042F0049D18E4EE2B27941E10D14E4D6B1C11945CA79992E6) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [9ED33F0FBC180BC032F8909CA2C4AB3418EDC33A45A50D2521A3B5876AA3EA2C](https://www.virustotal.com/gui/search/authentihash%253A9ED33F0FBC180BC032F8909CA2C4AB3418EDC33A45A50D2521A3B5876AA3EA2C) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/0d33abea-51fd-4453-a8a3-150328e8ce21.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/0dc82e15-40ab-4a65-bfbe-9c8925d3cdbb.md b/lolrmm.com/content/bootloaders/0dc82e15-40ab-4a65-bfbe-9c8925d3cdbb.md
new file mode 100644
index 00000000..fdbf7602
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/0dc82e15-40ab-4a65-bfbe-9c8925d3cdbb.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "0dc82e15-40ab-4a65-bfbe-9c8925d3cdbb"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 0dc82e15-40ab-4a65-bfbe-9c8925d3cdbb
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8">Black Lotus Microsoft Windows 8</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [8DEB88A2435270BD24328760FA6FB5C77BCD5C47F7A0109F15300D644CB9A228](https://www.virustotal.com/gui/file/8DEB88A2435270BD24328760FA6FB5C77BCD5C47F7A0109F15300D644CB9A228) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [DBB424CB8AD35EE68546092645C4689D6027A97FEDF3C5AF842B9572F1276997](https://www.virustotal.com/gui/search/authentihash%253ADBB424CB8AD35EE68546092645C4689D6027A97FEDF3C5AF842B9572F1276997) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/0dc82e15-40ab-4a65-bfbe-9c8925d3cdbb.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/0e0c1a30-7f00-408c-94fc-b8679bfe90ee.md b/lolrmm.com/content/bootloaders/0e0c1a30-7f00-408c-94fc-b8679bfe90ee.md
new file mode 100644
index 00000000..42bbd736
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/0e0c1a30-7f00-408c-94fc-b8679bfe90ee.md
@@ -0,0 +1,241 @@
++++
+
+description = ""
+title = "0e0c1a30-7f00-408c-94fc-b8679bfe90ee"
+weight = 10
+displayTitle = "bootx64.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootx64.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by NTI Corporation and revoked Jul-20
+- **UUID**: 0e0c1a30-7f00-408c-94fc-b8679bfe90ee
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/87ae10260e4ba99762c952c6b1781476.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootx64.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootx64.efi |
+| MD5                | [87ae10260e4ba99762c952c6b1781476](https://www.virustotal.com/gui/file/87ae10260e4ba99762c952c6b1781476) |
+| SHA1               | [d8282df774ac784f175e5954d46864fd06c28bc3](https://www.virustotal.com/gui/file/d8282df774ac784f175e5954d46864fd06c28bc3) |
+| SHA256             | [b06dc8f3de1e7e5a53dc7ad0f8028f78a843df54884b4a92bcec21071f0e649b](https://www.virustotal.com/gui/file/b06dc8f3de1e7e5a53dc7ad0f8028f78a843df54884b4a92bcec21071f0e649b) |
+| Authentihash MD5   | [543a59e6a502706a4a6210c7b7f22033](https://www.virustotal.com/gui/search/authentihash%253A543a59e6a502706a4a6210c7b7f22033) |
+| Authentihash SHA1  | [70b0cb8fdadfc2cfe995adfa594d282e7ffcaa41](https://www.virustotal.com/gui/search/authentihash%253A70b0cb8fdadfc2cfe995adfa594d282e7ffcaa41) |
+| Authentihash SHA256| [7bc9cb5463ce0f011fb5085eb8ba77d1acd283c43f4a57603cc113f22cebc579](https://www.virustotal.com/gui/search/authentihash%253A7bc9cb5463ce0f011fb5085eb8ba77d1acd283c43f4a57603cc113f22cebc579) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000000a6642f3f49fb7379600010000000a
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | c52110f552e27ebb1e3fae114abafb3f  |
+| ToBeSigned (TBS) SHA1             | 4954e087123653ce38da4cdd31141b6a1bb999e4 |
+| ToBeSigned (TBS) SHA256           | 1cf7d28cfb21714522a9c91dda9d899ceadb0769f14b25e770799d88365aa54c |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher |
+| ValidFrom                         | 2013-09-24 17:54:03 |
+| ValidTo                           | 2014-12-24 17:54:03 |
+| Signature                         | 2a27d6bd2f34c68a9989ec856449fe4934ad5c0615ec5819664399053737a86be46c914b9478ce393534b759eec5eb6f015b706b853f1d2be51fe9807b178eaa9e0f9558d6a5d913c58c7492cbad106abb7395426801a42f363842e60bf72d046668865db5d8ce2c901c9673044d05abb74c171ac198c0f9376bb9185ec7523bb53e6d2c114642ffbfbe20efc6c2571c2006159cb70ff2c428e997f6ce83bf57ad9a47c47decce9830cf861a156471c62600a0260b44e29ea8e6e33c407c046f37be4a46dcaf38c018b24f969beb716d8e76cebc3d1d19134ed6f216cc2e357848b4998196ebd7326bca3e3ade1ba88e98612a569a46a1f45856f4e2dfa02a5d |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000000a6642f3f49fb7379600010000000a |
+| Version                           | 3 |
+###### Certificate 6108d3c4000000000004
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 1f23e75a000f0b6db92650dc26ac98e1  |
+| ToBeSigned (TBS) SHA1             | bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d |
+| ToBeSigned (TBS) SHA256           | 9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011 |
+| ValidFrom                         | 2011-06-27 21:22:45 |
+| ValidTo                           | 2026-06-27 21:32:45 |
+| Signature                         | 350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 6108d3c4000000000004 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000000a6642f3f49fb7379600010000000a",
+      "Signature": "2a27d6bd2f34c68a9989ec856449fe4934ad5c0615ec5819664399053737a86be46c914b9478ce393534b759eec5eb6f015b706b853f1d2be51fe9807b178eaa9e0f9558d6a5d913c58c7492cbad106abb7395426801a42f363842e60bf72d046668865db5d8ce2c901c9673044d05abb74c171ac198c0f9376bb9185ec7523bb53e6d2c114642ffbfbe20efc6c2571c2006159cb70ff2c428e997f6ce83bf57ad9a47c47decce9830cf861a156471c62600a0260b44e29ea8e6e33c407c046f37be4a46dcaf38c018b24f969beb716d8e76cebc3d1d19134ed6f216cc2e357848b4998196ebd7326bca3e3ade1ba88e98612a569a46a1f45856f4e2dfa02a5d",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+      "TBS": {
+        "MD5": "c52110f552e27ebb1e3fae114abafb3f",
+        "SHA1": "4954e087123653ce38da4cdd31141b6a1bb999e4",
+        "SHA256": "1cf7d28cfb21714522a9c91dda9d899ceadb0769f14b25e770799d88365aa54c"
+      },
+      "ValidFrom": "2013-09-24 17:54:03",
+      "ValidTo": "2014-12-24 17:54:03",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "6108d3c4000000000004",
+      "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "TBS": {
+        "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+        "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+        "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+      },
+      "ValidFrom": "2011-06-27 21:22:45",
+      "ValidTo": "2026-06-27 21:32:45",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "SerialNumber": "330000000a6642f3f49fb7379600010000000a",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/0e0c1a30-7f00-408c-94fc-b8679bfe90ee.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/0e305520-6001-4144-893d-b4c38ea47886.md b/lolrmm.com/content/bootloaders/0e305520-6001-4144-893d-b4c38ea47886.md
new file mode 100644
index 00000000..84832291
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/0e305520-6001-4144-893d-b4c38ea47886.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "0e305520-6001-4144-893d-b4c38ea47886"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 0e305520-6001-4144-893d-b4c38ea47886
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [52D826CF8F6A0095938F7069B5F5DA22C16AE037D757BF9115AA84920BCE4EBF](https://www.virustotal.com/gui/file/52D826CF8F6A0095938F7069B5F5DA22C16AE037D757BF9115AA84920BCE4EBF) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [1FB619FE1504EF78C8BF59294B16C6D9BF1DA741FB582DE125B6A044F6961C57](https://www.virustotal.com/gui/search/authentihash%253A1FB619FE1504EF78C8BF59294B16C6D9BF1DA741FB582DE125B6A044F6961C57) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/0e305520-6001-4144-893d-b4c38ea47886.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/0e36a4f3-efab-453c-b6db-fe4f613b79d8.md b/lolrmm.com/content/bootloaders/0e36a4f3-efab-453c-b6db-fe4f613b79d8.md
new file mode 100644
index 00000000..f74a106b
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/0e36a4f3-efab-453c-b6db-fe4f613b79d8.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "0e36a4f3-efab-453c-b6db-fe4f613b79d8"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 0e36a4f3-efab-453c-b6db-fe4f613b79d8
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/c9b413ac0a31f9eb0a141e05654d1d52.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [c9b413ac0a31f9eb0a141e05654d1d52](https://www.virustotal.com/gui/file/c9b413ac0a31f9eb0a141e05654d1d52) |
+| SHA1               | [70f682f3c63a4a1121c3c9afa78934aa2412c049](https://www.virustotal.com/gui/file/70f682f3c63a4a1121c3c9afa78934aa2412c049) |
+| SHA256             | [ac22c4ad2e62a3a8369a311b69e9b3dd558359cb44de8115e6bef2ae5e5e7151](https://www.virustotal.com/gui/file/ac22c4ad2e62a3a8369a311b69e9b3dd558359cb44de8115e6bef2ae5e5e7151) |
+| Authentihash MD5   | [9e1d88b1165fafcc8d3ba103110c4843](https://www.virustotal.com/gui/search/authentihash%253A9e1d88b1165fafcc8d3ba103110c4843) |
+| Authentihash SHA1  | [7ae4be62af6bbe64ea43e60462403334b278fff0](https://www.virustotal.com/gui/search/authentihash%253A7ae4be62af6bbe64ea43e60462403334b278fff0) |
+| Authentihash SHA256| [f923efa6615ce9a93e5d69963b30adb00f2d2059113f55babc477ba889841f29](https://www.virustotal.com/gui/search/authentihash%253Af923efa6615ce9a93e5d69963b30adb00f2d2059113f55babc477ba889841f29) |
+| RichPEHeaderHash MD5   | [bf2b2fa1725551a7b25c0d86164613a7](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Abf2b2fa1725551a7b25c0d86164613a7) |
+| RichPEHeaderHash SHA1  | [c2527f2c2aa74dd913300d7868a0d042d10ed406](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Ac2527f2c2aa74dd913300d7868a0d042d10ed406) |
+| RichPEHeaderHash SHA256| [3bc6dba2d4913666539154040f7a9b5b2d4bb1dda99810435b6db4dede407c03](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3bc6dba2d4913666539154040f7a9b5b2d4bb1dda99810435b6db4dede407c03) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000001b40b3e1eae3b8c84600000000001b
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 2e3f888fadd3d8d498f3237752c18df9  |
+| ToBeSigned (TBS) SHA1             | 4f3c14facbfca2505dddb77d8b8bfe71abb1d2ed |
+| ToBeSigned (TBS) SHA256           | 574085e964e5d1fc9d71150ef08a0e08779e1919f28d75a19dad15f69571c8f6 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2013-04-10 20:41:53 |
+| ValidTo                           | 2014-07-10 20:41:53 |
+| Signature                         | cbc341b6aa9c66039f4068be8e0a48a0e38ad5c22d4a6f33e6c39817378261c73b0ac8e800662cde2333f4a79c3b75b726b7aaefc55cb467374a3804a65dd3bcf318da3699a4951225e092422aa4bb08880db7d021c4b7883ccd2452884d6e00d6ec06e6055f30218dfc376e893fdf2b0174ba323e15e0d9e480862c7132f49666ab01c246edcb9e403752b15284de32fa501cbed5bba0e45c60635520155a623bbd1b14d47e4cb8c9b2114d41de618eb6fbb022303df44f93d5d6ba60a5edc24f31c0530da52ea1392985d95b01833392c7686abf5c318308b442b5055011dfd475058a740a741ef63482b84edf9758ccfa5f3472df9c7043ca60912102c15b |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000001b40b3e1eae3b8c84600000000001b |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000001b40b3e1eae3b8c84600000000001b",
+      "Signature": "cbc341b6aa9c66039f4068be8e0a48a0e38ad5c22d4a6f33e6c39817378261c73b0ac8e800662cde2333f4a79c3b75b726b7aaefc55cb467374a3804a65dd3bcf318da3699a4951225e092422aa4bb08880db7d021c4b7883ccd2452884d6e00d6ec06e6055f30218dfc376e893fdf2b0174ba323e15e0d9e480862c7132f49666ab01c246edcb9e403752b15284de32fa501cbed5bba0e45c60635520155a623bbd1b14d47e4cb8c9b2114d41de618eb6fbb022303df44f93d5d6ba60a5edc24f31c0530da52ea1392985d95b01833392c7686abf5c318308b442b5055011dfd475058a740a741ef63482b84edf9758ccfa5f3472df9c7043ca60912102c15b",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "2e3f888fadd3d8d498f3237752c18df9",
+        "SHA1": "4f3c14facbfca2505dddb77d8b8bfe71abb1d2ed",
+        "SHA256": "574085e964e5d1fc9d71150ef08a0e08779e1919f28d75a19dad15f69571c8f6"
+      },
+      "ValidFrom": "2013-04-10 20:41:53",
+      "ValidTo": "2014-07-10 20:41:53",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "330000001b40b3e1eae3b8c84600000000001b",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/0e36a4f3-efab-453c-b6db-fe4f613b79d8.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/0e46bd88-7635-4162-a02e-85d9bd33be3a.md b/lolrmm.com/content/bootloaders/0e46bd88-7635-4162-a02e-85d9bd33be3a.md
new file mode 100644
index 00000000..690b6668
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/0e46bd88-7635-4162-a02e-85d9bd33be3a.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "0e46bd88-7635-4162-a02e-85d9bd33be3a"
+weight = 10
+displayTitle = "miniloader.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# miniloader.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by CPSD and revoked Aug-22
+- **UUID**: 0e46bd88-7635-4162-a02e-85d9bd33be3a
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\miniloader.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34303">CVE-2022-34303</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | miniloader.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [30CF3AD2DF14F05D89BC321744559E857055A5C84D7F0834B3DBD261ACE1CF5D](https://www.virustotal.com/gui/file/30CF3AD2DF14F05D89BC321744559E857055A5C84D7F0834B3DBD261ACE1CF5D) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [EDD2CB55726E10ABEDEC9DE8CA5DED289AD793AB3B6919D163C875FEC1209CD5](https://www.virustotal.com/gui/search/authentihash%253AEDD2CB55726E10ABEDEC9DE8CA5DED289AD793AB3B6919D163C875FEC1209CD5) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/0e46bd88-7635-4162-a02e-85d9bd33be3a.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/0ecce400-dd9c-4291-9502-c8682a4474a4.md b/lolrmm.com/content/bootloaders/0ecce400-dd9c-4291-9502-c8682a4474a4.md
new file mode 100644
index 00000000..04feba55
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/0ecce400-dd9c-4291-9502-c8682a4474a4.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "0ecce400-dd9c-4291-9502-c8682a4474a4"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 0ecce400-dd9c-4291-9502-c8682a4474a4
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [891C44B16ABB7063144BBEF23BC35609FD14BB3FCD8ADFD1E804526AF344EBD4](https://www.virustotal.com/gui/file/891C44B16ABB7063144BBEF23BC35609FD14BB3FCD8ADFD1E804526AF344EBD4) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [9F136F152A21885D574519554C7B64C15F014E413CDE6AD160F2091EBA9E6424](https://www.virustotal.com/gui/search/authentihash%253A9F136F152A21885D574519554C7B64C15F014E413CDE6AD160F2091EBA9E6424) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/0ecce400-dd9c-4291-9502-c8682a4474a4.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/0f3431ba-2b83-4020-b3ff-32eadbcb7205.md b/lolrmm.com/content/bootloaders/0f3431ba-2b83-4020-b3ff-32eadbcb7205.md
new file mode 100644
index 00000000..25f699b5
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/0f3431ba-2b83-4020-b3ff-32eadbcb7205.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "0f3431ba-2b83-4020-b3ff-32eadbcb7205"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 0f3431ba-2b83-4020-b3ff-32eadbcb7205
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [7384B867C248569C3DB81E82AF35585AB3108858E958750098F9D8298CC9B8F6](https://www.virustotal.com/gui/file/7384B867C248569C3DB81E82AF35585AB3108858E958750098F9D8298CC9B8F6) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [9F2B71EC2FECC93E4EDEAE24B32F8857FA36A81A7272DEFD5435D29FA3BF828E](https://www.virustotal.com/gui/search/authentihash%253A9F2B71EC2FECC93E4EDEAE24B32F8857FA36A81A7272DEFD5435D29FA3BF828E) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/0f3431ba-2b83-4020-b3ff-32eadbcb7205.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/0f4b6460-f81b-4770-8dfb-55224983a557.md b/lolrmm.com/content/bootloaders/0f4b6460-f81b-4770-8dfb-55224983a557.md
new file mode 100644
index 00000000..61fb2452
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/0f4b6460-f81b-4770-8dfb-55224983a557.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "0f4b6460-f81b-4770-8dfb-55224983a557"
+weight = 10
+displayTitle = "0f4b6460-f81b-4770-8dfb-55224983a557"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 0f4b6460-f81b-4770-8dfb-55224983a557 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Unknown and revoked Jul-20
+- **UUID**: 0f4b6460-f81b-4770-8dfb-55224983a557
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [8516257431A250296A10F82A4795F9CF68E5C185CEAA2F6F77CA0942CBE0C999](https://www.virustotal.com/gui/file/8516257431A250296A10F82A4795F9CF68E5C185CEAA2F6F77CA0942CBE0C999) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [B8D6B5E7857B45830E017C7BE3D856ADEB97C7290EB0665A3D473A4BEB51DCF3](https://www.virustotal.com/gui/search/authentihash%253AB8D6B5E7857B45830E017C7BE3D856ADEB97C7290EB0665A3D473A4BEB51DCF3) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/0f4b6460-f81b-4770-8dfb-55224983a557.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/0fe6f9a2-7b13-4c27-bf9a-412d9acf533f.md b/lolrmm.com/content/bootloaders/0fe6f9a2-7b13-4c27-bf9a-412d9acf533f.md
new file mode 100644
index 00000000..a5e6b324
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/0fe6f9a2-7b13-4c27-bf9a-412d9acf533f.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "0fe6f9a2-7b13-4c27-bf9a-412d9acf533f"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 0fe6f9a2-7b13-4c27-bf9a-412d9acf533f
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8">Black Lotus Microsoft Windows 8</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [9A02C839424A2DB0C3B98553C179C0583E7B8760C7A061176F76B6970746B8AC](https://www.virustotal.com/gui/file/9A02C839424A2DB0C3B98553C179C0583E7B8760C7A061176F76B6970746B8AC) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [AE1DCA8AAB7C4BDD21C5AA19A323F597BD1850445D76695CB2910CCCB5F163B8](https://www.virustotal.com/gui/search/authentihash%253AAE1DCA8AAB7C4BDD21C5AA19A323F597BD1850445D76695CB2910CCCB5F163B8) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/0fe6f9a2-7b13-4c27-bf9a-412d9acf533f.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/10baff75-83cd-4786-ac2b-ade269c71421.md b/lolrmm.com/content/bootloaders/10baff75-83cd-4786-ac2b-ade269c71421.md
new file mode 100644
index 00000000..9301636a
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/10baff75-83cd-4786-ac2b-ade269c71421.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "10baff75-83cd-4786-ac2b-ade269c71421"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 10baff75-83cd-4786-ac2b-ade269c71421
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [268CED16B53E3430A28F1713A0D155A68BED89DB264D8D8170EB6BC548C9424B](https://www.virustotal.com/gui/file/268CED16B53E3430A28F1713A0D155A68BED89DB264D8D8170EB6BC548C9424B) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [75E78C197FF91F574735A3A606E56862E9E0B84DF0CF69F7C7F43CBC171AB371](https://www.virustotal.com/gui/search/authentihash%253A75E78C197FF91F574735A3A606E56862E9E0B84DF0CF69F7C7F43CBC171AB371) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/10baff75-83cd-4786-ac2b-ade269c71421.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/116c526f-a50d-4f84-b577-d52dbbde526b.md b/lolrmm.com/content/bootloaders/116c526f-a50d-4f84-b577-d52dbbde526b.md
new file mode 100644
index 00000000..8d5c0c0e
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/116c526f-a50d-4f84-b577-d52dbbde526b.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "116c526f-a50d-4f84-b577-d52dbbde526b"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 116c526f-a50d-4f84-b577-d52dbbde526b
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [46BA7E327D359A9B108CAFBBF2D7B6B32AA6767C2A3A472B4FFE2587FE376977](https://www.virustotal.com/gui/file/46BA7E327D359A9B108CAFBBF2D7B6B32AA6767C2A3A472B4FFE2587FE376977) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [0B4908AD33CB2F7E87D3108B74364C5C42FA597807EEAC98DE5EC63F5896CE34](https://www.virustotal.com/gui/search/authentihash%253A0B4908AD33CB2F7E87D3108B74364C5C42FA597807EEAC98DE5EC63F5896CE34) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/116c526f-a50d-4f84-b577-d52dbbde526b.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/11dd8dba-8b90-413b-b2eb-bdb05f573d2b.md b/lolrmm.com/content/bootloaders/11dd8dba-8b90-413b-b2eb-bdb05f573d2b.md
new file mode 100644
index 00000000..49e8df08
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/11dd8dba-8b90-413b-b2eb-bdb05f573d2b.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "11dd8dba-8b90-413b-b2eb-bdb05f573d2b"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 11dd8dba-8b90-413b-b2eb-bdb05f573d2b
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/bc78920fd9f058973d63495f36203685.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8">Black Lotus Microsoft Windows 8</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [bc78920fd9f058973d63495f36203685](https://www.virustotal.com/gui/file/bc78920fd9f058973d63495f36203685) |
+| SHA1               | [edbde6908eebb8bd3197c1634769213b22e0b1b3](https://www.virustotal.com/gui/file/edbde6908eebb8bd3197c1634769213b22e0b1b3) |
+| SHA256             | [db9643f6d78c6c5bdc29b041660174324639be8b3bc6e247c8c2026e68c4e618](https://www.virustotal.com/gui/file/db9643f6d78c6c5bdc29b041660174324639be8b3bc6e247c8c2026e68c4e618) |
+| Authentihash MD5   | [ddee4ca24adecb29457fd110f5a472ed](https://www.virustotal.com/gui/search/authentihash%253Addee4ca24adecb29457fd110f5a472ed) |
+| Authentihash SHA1  | [c146c31c4634aa1a51fe611ace87a75464c5e199](https://www.virustotal.com/gui/search/authentihash%253Ac146c31c4634aa1a51fe611ace87a75464c5e199) |
+| Authentihash SHA256| [310949b7fd26af0e2e29e1c902ac198574f096d15836376c8b3ef2dd1fb5f1c5](https://www.virustotal.com/gui/search/authentihash%253A310949b7fd26af0e2e29e1c902ac198574f096d15836376c8b3ef2dd1fb5f1c5) |
+| RichPEHeaderHash MD5   | [fa6462badb7aa537a9d3ecf604e9fbd7](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Afa6462badb7aa537a9d3ecf604e9fbd7) |
+| RichPEHeaderHash SHA1  | [caefdafc6f3620830b306d429c83bb077f6bdaa4](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Acaefdafc6f3620830b306d429c83bb077f6bdaa4) |
+| RichPEHeaderHash SHA256| [4689fe3d6e35db99759219db2adef6cefa62105e8b636c0c5bd2a6bec395e471](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A4689fe3d6e35db99759219db2adef6cefa62105e8b636c0c5bd2a6bec395e471) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 610bbbd8000000000005
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 158438012e4dcd69b27b762c9358cfa2  |
+| ToBeSigned (TBS) SHA1             | 684ac167849404a4101f166b759f291a43d5f749 |
+| ToBeSigned (TBS) SHA256           | 95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2012-04-09 20:55:50 |
+| ValidTo                           | 2013-07-09 20:55:50 |
+| Signature                         | c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 610bbbd8000000000005 |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "610bbbd8000000000005",
+      "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "158438012e4dcd69b27b762c9358cfa2",
+        "SHA1": "684ac167849404a4101f166b759f291a43d5f749",
+        "SHA256": "95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c"
+      },
+      "ValidFrom": "2012-04-09 20:55:50",
+      "ValidTo": "2013-07-09 20:55:50",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "610bbbd8000000000005",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/11dd8dba-8b90-413b-b2eb-bdb05f573d2b.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/120f5dbe-0a55-4b54-a42f-e51cb54f75c4.md b/lolrmm.com/content/bootloaders/120f5dbe-0a55-4b54-a42f-e51cb54f75c4.md
new file mode 100644
index 00000000..096b2b97
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/120f5dbe-0a55-4b54-a42f-e51cb54f75c4.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "120f5dbe-0a55-4b54-a42f-e51cb54f75c4"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 120f5dbe-0a55-4b54-a42f-e51cb54f75c4
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [7294F03850C2084A287FAEFBA778592D9D01E5062DD2E980537E39FDBFE20316](https://www.virustotal.com/gui/file/7294F03850C2084A287FAEFBA778592D9D01E5062DD2E980537E39FDBFE20316) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [7F964730CFB7B8CEA284E2E810212FF9B0EE18227F64427A095D6886493DB0C4](https://www.virustotal.com/gui/search/authentihash%253A7F964730CFB7B8CEA284E2E810212FF9B0EE18227F64427A095D6886493DB0C4) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/120f5dbe-0a55-4b54-a42f-e51cb54f75c4.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/1387dafb-6dad-48b4-a186-98e52cac74b7.md b/lolrmm.com/content/bootloaders/1387dafb-6dad-48b4-a186-98e52cac74b7.md
new file mode 100644
index 00000000..6dae2e79
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/1387dafb-6dad-48b4-a186-98e52cac74b7.md
@@ -0,0 +1,241 @@
++++
+
+description = ""
+title = "1387dafb-6dad-48b4-a186-98e52cac74b7"
+weight = 10
+displayTitle = "HfiPcieGen3"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# HfiPcieGen3 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Intel Corporation and revoked Jul-20
+- **UUID**: 1387dafb-6dad-48b4-a186-98e52cac74b7
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/36218d733c0afdd2d6dce6f616335a2f.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\HfiPcieGen3 } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | HfiPcieGen3 |
+| MD5                | [36218d733c0afdd2d6dce6f616335a2f](https://www.virustotal.com/gui/file/36218d733c0afdd2d6dce6f616335a2f) |
+| SHA1               | [96787a55f640b630ba6277197dbdfd14ecf3b87d](https://www.virustotal.com/gui/file/96787a55f640b630ba6277197dbdfd14ecf3b87d) |
+| SHA256             | [0ed1b0fae1a6e705d1b116d08b7184e0a2ee2a0e6b0c372ce69b40e9ef34579f](https://www.virustotal.com/gui/file/0ed1b0fae1a6e705d1b116d08b7184e0a2ee2a0e6b0c372ce69b40e9ef34579f) |
+| Authentihash MD5   | [4dcaca83effd9b0a6fd63f766d4ec969](https://www.virustotal.com/gui/search/authentihash%253A4dcaca83effd9b0a6fd63f766d4ec969) |
+| Authentihash SHA1  | [bd9fc7d7672f8c70045b2fc6f9029064f1030763](https://www.virustotal.com/gui/search/authentihash%253Abd9fc7d7672f8c70045b2fc6f9029064f1030763) |
+| Authentihash SHA256| [5890fa227121c76d90ed9e63c87e3a6533eea0f6f0a1a23f1fc445139bc6bcdf](https://www.virustotal.com/gui/search/authentihash%253A5890fa227121c76d90ed9e63c87e3a6533eea0f6f0a1a23f1fc445139bc6bcdf) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 3300000024c1fb0e65d9747386000100000024
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 82b02850f57505f0830f6dd30b6aeffd  |
+| ToBeSigned (TBS) SHA1             | e600e0efe4030190c5e0cab9aaad72f4e76db429 |
+| ToBeSigned (TBS) SHA256           | 1c1d5edaeb9a5feef85e34eb40607816e98464127723d284f99b69c0c15e42f7 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher |
+| ValidFrom                         | 2017-08-11 20:20:00 |
+| ValidTo                           | 2018-08-11 20:20:00 |
+| Signature                         | 47f27d2f6c0691c8e54b4403f9ec6c6b4423a43467cca7e8cf8afe60457f3b5703cde9d840ac3dd35567d791af1d1146376ba1fba9a8a502b5c9601232f24349ca5c324d1806150540cc5823d7dd777b3166268a26734c21b32862e300c8ca42856ec161633c1a076f4213c4c2a63e2ffd0ee16a301ae0c6dba732bc500a5986742520022ce33746f96c4ea8641b2a68a902872a41a8e6701e96158ab91c54c6695bc736fa047ec57b40d732abeb61e34414454e6702ef7bc5518a0d77ab42ed5efc23b01683b5c3c95c4aeb564b6f76cdae4d2e33ac59fca4cfdeb4c215549e1f43b64fd3eb9ba35171be9dab9375a1a94107dd4f95bbf88e9c239136619e20 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 3300000024c1fb0e65d9747386000100000024 |
+| Version                           | 3 |
+###### Certificate 6108d3c4000000000004
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 1f23e75a000f0b6db92650dc26ac98e1  |
+| ToBeSigned (TBS) SHA1             | bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d |
+| ToBeSigned (TBS) SHA256           | 9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011 |
+| ValidFrom                         | 2011-06-27 21:22:45 |
+| ValidTo                           | 2026-06-27 21:32:45 |
+| Signature                         | 350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 6108d3c4000000000004 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "3300000024c1fb0e65d9747386000100000024",
+      "Signature": "47f27d2f6c0691c8e54b4403f9ec6c6b4423a43467cca7e8cf8afe60457f3b5703cde9d840ac3dd35567d791af1d1146376ba1fba9a8a502b5c9601232f24349ca5c324d1806150540cc5823d7dd777b3166268a26734c21b32862e300c8ca42856ec161633c1a076f4213c4c2a63e2ffd0ee16a301ae0c6dba732bc500a5986742520022ce33746f96c4ea8641b2a68a902872a41a8e6701e96158ab91c54c6695bc736fa047ec57b40d732abeb61e34414454e6702ef7bc5518a0d77ab42ed5efc23b01683b5c3c95c4aeb564b6f76cdae4d2e33ac59fca4cfdeb4c215549e1f43b64fd3eb9ba35171be9dab9375a1a94107dd4f95bbf88e9c239136619e20",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+      "TBS": {
+        "MD5": "82b02850f57505f0830f6dd30b6aeffd",
+        "SHA1": "e600e0efe4030190c5e0cab9aaad72f4e76db429",
+        "SHA256": "1c1d5edaeb9a5feef85e34eb40607816e98464127723d284f99b69c0c15e42f7"
+      },
+      "ValidFrom": "2017-08-11 20:20:00",
+      "ValidTo": "2018-08-11 20:20:00",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "6108d3c4000000000004",
+      "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "TBS": {
+        "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+        "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+        "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+      },
+      "ValidFrom": "2011-06-27 21:22:45",
+      "ValidTo": "2026-06-27 21:32:45",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "SerialNumber": "3300000024c1fb0e65d9747386000100000024",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/1387dafb-6dad-48b4-a186-98e52cac74b7.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/13ef8a27-3274-4d3d-831f-36b30bc88627.md b/lolrmm.com/content/bootloaders/13ef8a27-3274-4d3d-831f-36b30bc88627.md
new file mode 100644
index 00000000..b1301d43
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/13ef8a27-3274-4d3d-831f-36b30bc88627.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "13ef8a27-3274-4d3d-831f-36b30bc88627"
+weight = 10
+displayTitle = "bootia32.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootia32.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 13ef8a27-3274-4d3d-831f-36b30bc88627
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootia32.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootia32.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [F2F2F729FC1B94C3B3AD210E0664FAE3351D0D7541581FE2C6DC7B087BE2B16C](https://www.virustotal.com/gui/file/F2F2F729FC1B94C3B3AD210E0664FAE3351D0D7541581FE2C6DC7B087BE2B16C) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [C2CC91555617171A7D8AF57DEE529B443A41A1FAD3D4032DBDB814DAD6C2688E](https://www.virustotal.com/gui/search/authentihash%253AC2CC91555617171A7D8AF57DEE529B443A41A1FAD3D4032DBDB814DAD6C2688E) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/13ef8a27-3274-4d3d-831f-36b30bc88627.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/1456951c-e037-4508-a34f-5a6ff0065521.md b/lolrmm.com/content/bootloaders/1456951c-e037-4508-a34f-5a6ff0065521.md
new file mode 100644
index 00000000..d979c1a6
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/1456951c-e037-4508-a34f-5a6ff0065521.md
@@ -0,0 +1,241 @@
++++
+
+description = ""
+title = "1456951c-e037-4508-a34f-5a6ff0065521"
+weight = 10
+displayTitle = "shim.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# shim.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Unknown and revoked Jul-20
+- **UUID**: 1456951c-e037-4508-a34f-5a6ff0065521
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/89c04150c5f5b596236e04ccf5ef6a2f.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\shim.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | shim.efi |
+| MD5                | [89c04150c5f5b596236e04ccf5ef6a2f](https://www.virustotal.com/gui/file/89c04150c5f5b596236e04ccf5ef6a2f) |
+| SHA1               | [7639a4d8974693df09e8cce6d1e3d0092fa03dcd](https://www.virustotal.com/gui/file/7639a4d8974693df09e8cce6d1e3d0092fa03dcd) |
+| SHA256             | [e50f1f1e9fb9198e5b094773d1d0068cc1cb1987d06583abaca20adc1f8932a9](https://www.virustotal.com/gui/file/e50f1f1e9fb9198e5b094773d1d0068cc1cb1987d06583abaca20adc1f8932a9) |
+| Authentihash MD5   | [803bade13dfb54c31a1096787d89ab74](https://www.virustotal.com/gui/search/authentihash%253A803bade13dfb54c31a1096787d89ab74) |
+| Authentihash SHA1  | [1076e1a25c7fe4b65b48570300c506a0317c42bb](https://www.virustotal.com/gui/search/authentihash%253A1076e1a25c7fe4b65b48570300c506a0317c42bb) |
+| Authentihash SHA256| [03f64a29948a88beffdb035e0b09a7370ccf0cd9ce6bcf8e640c2107318fab87](https://www.virustotal.com/gui/search/authentihash%253A03f64a29948a88beffdb035e0b09a7370ccf0cd9ce6bcf8e640c2107318fab87) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000000a6642f3f49fb7379600010000000a
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | c52110f552e27ebb1e3fae114abafb3f  |
+| ToBeSigned (TBS) SHA1             | 4954e087123653ce38da4cdd31141b6a1bb999e4 |
+| ToBeSigned (TBS) SHA256           | 1cf7d28cfb21714522a9c91dda9d899ceadb0769f14b25e770799d88365aa54c |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher |
+| ValidFrom                         | 2013-09-24 17:54:03 |
+| ValidTo                           | 2014-12-24 17:54:03 |
+| Signature                         | 2a27d6bd2f34c68a9989ec856449fe4934ad5c0615ec5819664399053737a86be46c914b9478ce393534b759eec5eb6f015b706b853f1d2be51fe9807b178eaa9e0f9558d6a5d913c58c7492cbad106abb7395426801a42f363842e60bf72d046668865db5d8ce2c901c9673044d05abb74c171ac198c0f9376bb9185ec7523bb53e6d2c114642ffbfbe20efc6c2571c2006159cb70ff2c428e997f6ce83bf57ad9a47c47decce9830cf861a156471c62600a0260b44e29ea8e6e33c407c046f37be4a46dcaf38c018b24f969beb716d8e76cebc3d1d19134ed6f216cc2e357848b4998196ebd7326bca3e3ade1ba88e98612a569a46a1f45856f4e2dfa02a5d |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000000a6642f3f49fb7379600010000000a |
+| Version                           | 3 |
+###### Certificate 6108d3c4000000000004
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 1f23e75a000f0b6db92650dc26ac98e1  |
+| ToBeSigned (TBS) SHA1             | bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d |
+| ToBeSigned (TBS) SHA256           | 9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011 |
+| ValidFrom                         | 2011-06-27 21:22:45 |
+| ValidTo                           | 2026-06-27 21:32:45 |
+| Signature                         | 350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 6108d3c4000000000004 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000000a6642f3f49fb7379600010000000a",
+      "Signature": "2a27d6bd2f34c68a9989ec856449fe4934ad5c0615ec5819664399053737a86be46c914b9478ce393534b759eec5eb6f015b706b853f1d2be51fe9807b178eaa9e0f9558d6a5d913c58c7492cbad106abb7395426801a42f363842e60bf72d046668865db5d8ce2c901c9673044d05abb74c171ac198c0f9376bb9185ec7523bb53e6d2c114642ffbfbe20efc6c2571c2006159cb70ff2c428e997f6ce83bf57ad9a47c47decce9830cf861a156471c62600a0260b44e29ea8e6e33c407c046f37be4a46dcaf38c018b24f969beb716d8e76cebc3d1d19134ed6f216cc2e357848b4998196ebd7326bca3e3ade1ba88e98612a569a46a1f45856f4e2dfa02a5d",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+      "TBS": {
+        "MD5": "c52110f552e27ebb1e3fae114abafb3f",
+        "SHA1": "4954e087123653ce38da4cdd31141b6a1bb999e4",
+        "SHA256": "1cf7d28cfb21714522a9c91dda9d899ceadb0769f14b25e770799d88365aa54c"
+      },
+      "ValidFrom": "2013-09-24 17:54:03",
+      "ValidTo": "2014-12-24 17:54:03",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "6108d3c4000000000004",
+      "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "TBS": {
+        "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+        "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+        "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+      },
+      "ValidFrom": "2011-06-27 21:22:45",
+      "ValidTo": "2026-06-27 21:32:45",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "SerialNumber": "330000000a6642f3f49fb7379600010000000a",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/1456951c-e037-4508-a34f-5a6ff0065521.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/1457ea3c-21cc-46d1-adf3-606e98b3938b.md b/lolrmm.com/content/bootloaders/1457ea3c-21cc-46d1-adf3-606e98b3938b.md
new file mode 100644
index 00000000..bd036bfb
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/1457ea3c-21cc-46d1-adf3-606e98b3938b.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "1457ea3c-21cc-46d1-adf3-606e98b3938b"
+weight = 10
+displayTitle = "1457ea3c-21cc-46d1-adf3-606e98b3938b"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 1457ea3c-21cc-46d1-adf3-606e98b3938b ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by SUSE Linux and revoked Jul-20
+- **UUID**: 1457ea3c-21cc-46d1-adf3-606e98b3938b
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [97BB9FD717C396231E86ECBE5A760D56DBACF4AE8E963D16D724591E45919B65](https://www.virustotal.com/gui/file/97BB9FD717C396231E86ECBE5A760D56DBACF4AE8E963D16D724591E45919B65) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [CC8EEC6EB9212CBF897A5ACE7E8ABEECE1079F1A6DEF0A789591CB1547F1F084](https://www.virustotal.com/gui/search/authentihash%253ACC8EEC6EB9212CBF897A5ACE7E8ABEECE1079F1A6DEF0A789591CB1547F1F084) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/1457ea3c-21cc-46d1-adf3-606e98b3938b.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/146ba6ae-683a-4c91-b076-c267a77bbd47.md b/lolrmm.com/content/bootloaders/146ba6ae-683a-4c91-b076-c267a77bbd47.md
new file mode 100644
index 00000000..7ca22505
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/146ba6ae-683a-4c91-b076-c267a77bbd47.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "146ba6ae-683a-4c91-b076-c267a77bbd47"
+weight = 10
+displayTitle = "rhel-7.9-20200909-shimia32.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# rhel-7.9-20200909-shimia32.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Red Hat, Inc. and revoked Apr-21
+- **UUID**: 146ba6ae-683a-4c91-b076-c267a77bbd47
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\rhel-7.9-20200909-shimia32.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372">CVE-2020-14372</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632">CVE-2020-25632</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647">CVE-2020-25647</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749">CVE-2020-27749</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779">CVE-2020-27779</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3418">CVE-2021-3418</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225">CVE-2021-20225</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233">CVE-2021-20233</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | rhel-7.9-20200909-shimia32.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [FE924700AC79DC4689ADD5F7C6761E0D60E665A65F9572B43915010881B0BFBC](https://www.virustotal.com/gui/file/FE924700AC79DC4689ADD5F7C6761E0D60E665A65F9572B43915010881B0BFBC) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [2B7A7A4DAFC35E49D03CBE7118E6BA4582401E1776B9C18A2597725B05A605F1](https://www.virustotal.com/gui/search/authentihash%253A2B7A7A4DAFC35E49D03CBE7118E6BA4582401E1776B9C18A2597725B05A605F1) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/146ba6ae-683a-4c91-b076-c267a77bbd47.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/15ca73cc-0098-429e-8191-5df17cae28aa.md b/lolrmm.com/content/bootloaders/15ca73cc-0098-429e-8191-5df17cae28aa.md
new file mode 100644
index 00000000..bc7e467b
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/15ca73cc-0098-429e-8191-5df17cae28aa.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "15ca73cc-0098-429e-8191-5df17cae28aa"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 15ca73cc-0098-429e-8191-5df17cae28aa
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [C2D9AB79B0593235C5EDC3CF77C3A48FCFA740D804A0397B3D9BD9AE9EE516D4](https://www.virustotal.com/gui/file/C2D9AB79B0593235C5EDC3CF77C3A48FCFA740D804A0397B3D9BD9AE9EE516D4) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [CB7BBABE6E9A118C420BE4294132A88BC494969D95B9884480BD4F68AB94FB2C](https://www.virustotal.com/gui/search/authentihash%253ACB7BBABE6E9A118C420BE4294132A88BC494969D95B9884480BD4F68AB94FB2C) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/15ca73cc-0098-429e-8191-5df17cae28aa.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/160959a3-8cac-43f9-a0d1-1c108375fb95.md b/lolrmm.com/content/bootloaders/160959a3-8cac-43f9-a0d1-1c108375fb95.md
new file mode 100644
index 00000000..1c4defeb
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/160959a3-8cac-43f9-a0d1-1c108375fb95.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "160959a3-8cac-43f9-a0d1-1c108375fb95"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 160959a3-8cac-43f9-a0d1-1c108375fb95
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [DBEEA13BD8FC4D613501D8CF564A129A541AEE6FB5AB82CB4A5F448B52FD1C52](https://www.virustotal.com/gui/file/DBEEA13BD8FC4D613501D8CF564A129A541AEE6FB5AB82CB4A5F448B52FD1C52) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [266C1429C8DC389481B3814BC3AF8723DB28EECEB0BB026BBBEDA0CC41D36BC3](https://www.virustotal.com/gui/search/authentihash%253A266C1429C8DC389481B3814BC3AF8723DB28EECEB0BB026BBBEDA0CC41D36BC3) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/160959a3-8cac-43f9-a0d1-1c108375fb95.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/163602d8-2ce1-4c1a-9101-568c50a6f887.md b/lolrmm.com/content/bootloaders/163602d8-2ce1-4c1a-9101-568c50a6f887.md
new file mode 100644
index 00000000..41dd0fb3
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/163602d8-2ce1-4c1a-9101-568c50a6f887.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "163602d8-2ce1-4c1a-9101-568c50a6f887"
+weight = 10
+displayTitle = "bootx64.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootx64.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 163602d8-2ce1-4c1a-9101-568c50a6f887
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/c815c638cba6bdc82a6b4f72204ed252.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootx64.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootx64.efi |
+| MD5                | [c815c638cba6bdc82a6b4f72204ed252](https://www.virustotal.com/gui/file/c815c638cba6bdc82a6b4f72204ed252) |
+| SHA1               | [d2e758288883a7b37a46b773ec0ff61c328e8bf7](https://www.virustotal.com/gui/file/d2e758288883a7b37a46b773ec0ff61c328e8bf7) |
+| SHA256             | [64604ea91f31b815bd0219d56563b9c2d307fc6c71ecc38d498221e0e0e9c4ad](https://www.virustotal.com/gui/file/64604ea91f31b815bd0219d56563b9c2d307fc6c71ecc38d498221e0e0e9c4ad) |
+| Authentihash MD5   | [0e937bbc24f9343c32c2641a3b728ea8](https://www.virustotal.com/gui/search/authentihash%253A0e937bbc24f9343c32c2641a3b728ea8) |
+| Authentihash SHA1  | [3c3db26f3be97e13953510a1615c3efd05f10aea](https://www.virustotal.com/gui/search/authentihash%253A3c3db26f3be97e13953510a1615c3efd05f10aea) |
+| Authentihash SHA256| [2992068e4f616f2d7253e9d58116a97f22923f4dc1b78a58be4499b982ecf270](https://www.virustotal.com/gui/search/authentihash%253A2992068e4f616f2d7253e9d58116a97f22923f4dc1b78a58be4499b982ecf270) |
+| RichPEHeaderHash MD5   | [420a1a5671848b2653305add8102a14f](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A420a1a5671848b2653305add8102a14f) |
+| RichPEHeaderHash SHA1  | [114d1b38b6213056c957863df20adfa4d8e5d3a1](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A114d1b38b6213056c957863df20adfa4d8e5d3a1) |
+| RichPEHeaderHash SHA256| [20a649595bb060b7fabbd48e91fff890b90f378cbbdcf05d770a881393fa42fa](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A20a649595bb060b7fabbd48e91fff890b90f378cbbdcf05d770a881393fa42fa) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000004ea1d80770a9bbe94400000000004e
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 9da610547a25cbe89af7ecdb99229623  |
+| ToBeSigned (TBS) SHA1             | 6841cbcbd019586d045c2e9d6d0bc3a98fee3bf7 |
+| ToBeSigned (TBS) SHA256           | 1cfead8146399a4dfe6759e9303c30c521cff3830e7177e87e64021dc3da4931 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2014-07-01 20:32:01 |
+| ValidTo                           | 2015-10-01 20:32:01 |
+| Signature                         | 8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000004ea1d80770a9bbe94400000000004e |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+      "Signature": "8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "9da610547a25cbe89af7ecdb99229623",
+        "SHA1": "6841cbcbd019586d045c2e9d6d0bc3a98fee3bf7",
+        "SHA256": "1cfead8146399a4dfe6759e9303c30c521cff3830e7177e87e64021dc3da4931"
+      },
+      "ValidFrom": "2014-07-01 20:32:01",
+      "ValidTo": "2015-10-01 20:32:01",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/163602d8-2ce1-4c1a-9101-568c50a6f887.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/163d69a7-be4d-47bf-ba9b-ad2e76271175.md b/lolrmm.com/content/bootloaders/163d69a7-be4d-47bf-ba9b-ad2e76271175.md
new file mode 100644
index 00000000..ecd63e70
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/163d69a7-be4d-47bf-ba9b-ad2e76271175.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "163d69a7-be4d-47bf-ba9b-ad2e76271175"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 163d69a7-be4d-47bf-ba9b-ad2e76271175
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [73ED112C5EE295BA56BEA8679E062EE22A5E01B23438A7B8F459AF8F61A93BF4](https://www.virustotal.com/gui/file/73ED112C5EE295BA56BEA8679E062EE22A5E01B23438A7B8F459AF8F61A93BF4) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [FDBE6C45F2414421562D812EB67C5FA0CFD0D40AFE2CF0CDDC5E09054ACB4FE5](https://www.virustotal.com/gui/search/authentihash%253AFDBE6C45F2414421562D812EB67C5FA0CFD0D40AFE2CF0CDDC5E09054ACB4FE5) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/163d69a7-be4d-47bf-ba9b-ad2e76271175.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/164bcf0f-91a1-4754-9c4d-f2c1b90aea06.md b/lolrmm.com/content/bootloaders/164bcf0f-91a1-4754-9c4d-f2c1b90aea06.md
new file mode 100644
index 00000000..35a0f46d
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/164bcf0f-91a1-4754-9c4d-f2c1b90aea06.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "164bcf0f-91a1-4754-9c4d-f2c1b90aea06"
+weight = 10
+displayTitle = "164bcf0f-91a1-4754-9c4d-f2c1b90aea06"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 164bcf0f-91a1-4754-9c4d-f2c1b90aea06 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by SUSE Linux and revoked Jul-20
+- **UUID**: 164bcf0f-91a1-4754-9c4d-f2c1b90aea06
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [9C904F10520295D070DB9CF381101512946AB832C2BD92D4E92D42B934F40DC3](https://www.virustotal.com/gui/file/9C904F10520295D070DB9CF381101512946AB832C2BD92D4E92D42B934F40DC3) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [1D8B58C1FDB8DA8B33CCEE1E5F973AF734D90EF317E33F5DB1573C2BA088A80C](https://www.virustotal.com/gui/search/authentihash%253A1D8B58C1FDB8DA8B33CCEE1E5F973AF734D90EF317E33F5DB1573C2BA088A80C) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/164bcf0f-91a1-4754-9c4d-f2c1b90aea06.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/18b807f0-bafd-4f25-8f7d-e2ff15fb5691.md b/lolrmm.com/content/bootloaders/18b807f0-bafd-4f25-8f7d-e2ff15fb5691.md
new file mode 100644
index 00000000..288128c6
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/18b807f0-bafd-4f25-8f7d-e2ff15fb5691.md
@@ -0,0 +1,241 @@
++++
+
+description = ""
+title = "18b807f0-bafd-4f25-8f7d-e2ff15fb5691"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked Jul-20
+- **UUID**: 18b807f0-bafd-4f25-8f7d-e2ff15fb5691
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/c86257e19730c49e2abfbdf19e322c49.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [c86257e19730c49e2abfbdf19e322c49](https://www.virustotal.com/gui/file/c86257e19730c49e2abfbdf19e322c49) |
+| SHA1               | [6a9e3957a060061c09a674ed338df34af8f23540](https://www.virustotal.com/gui/file/6a9e3957a060061c09a674ed338df34af8f23540) |
+| SHA256             | [f88e92940985413acd440daa20c08df99c54613636826d9d95b898d39c44b19b](https://www.virustotal.com/gui/file/f88e92940985413acd440daa20c08df99c54613636826d9d95b898d39c44b19b) |
+| Authentihash MD5   | [24dca2244a6220a9bb1962697f8aa2f0](https://www.virustotal.com/gui/search/authentihash%253A24dca2244a6220a9bb1962697f8aa2f0) |
+| Authentihash SHA1  | [2688b0ed81c02678e9884b32b6ef0fd603930cd7](https://www.virustotal.com/gui/search/authentihash%253A2688b0ed81c02678e9884b32b6ef0fd603930cd7) |
+| Authentihash SHA256| [148fe18f715a9fcfe1a444ce0fff7f85869eb422330dc04b314c0f295d6da79e](https://www.virustotal.com/gui/search/authentihash%253A148fe18f715a9fcfe1a444ce0fff7f85869eb422330dc04b314c0f295d6da79e) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 33000000081eb17e9c15fc837a000100000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | c5e24205d04c09c94d81b6935af7ec09  |
+| ToBeSigned (TBS) SHA1             | 12622dccb5b07edfd65cae6fc018e24b80ff2c82 |
+| ToBeSigned (TBS) SHA256           | d6afbff1c283d7777501bd3b2adb4aadb8ce32649ee401dfbb06f884362f7507 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher |
+| ValidFrom                         | 2012-07-02 22:25:14 |
+| ValidTo                           | 2013-10-02 22:25:14 |
+| Signature                         | 840831439e4e63e88d00e1b0c0678d70bb89f466e9027ab28177926d5def8175b3240e729f943f1e6bd94a0f27c92e696a5001c0747f6bf7574c09e8485a5eb6d7024244ddd73236c28e9dfad58ec5098b74516234232552d9230c1d0ddae73108b0a0144bd9e9265dac56ebdcce7512cf3627a6858d41876ede19d35e0e27957a6896aae9ea150098327450fe7c72385aac6feff0616b3d066cd0be7e5a537bb18488c67db9f0731c30ac7918fe977b4250ffbfbeea81e1ba3b8a0305b9374f0d22453781cc5823b5faad5e50e84306381f83382fe0ed8b176a9c9ff1868cc6543e7f12b1f112adc62430fd1ba530d877a290f0d2e09eacce07ed37ec439c25 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 33000000081eb17e9c15fc837a000100000008 |
+| Version                           | 3 |
+###### Certificate 6108d3c4000000000004
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 1f23e75a000f0b6db92650dc26ac98e1  |
+| ToBeSigned (TBS) SHA1             | bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d |
+| ToBeSigned (TBS) SHA256           | 9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011 |
+| ValidFrom                         | 2011-06-27 21:22:45 |
+| ValidTo                           | 2026-06-27 21:32:45 |
+| Signature                         | 350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 6108d3c4000000000004 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "33000000081eb17e9c15fc837a000100000008",
+      "Signature": "840831439e4e63e88d00e1b0c0678d70bb89f466e9027ab28177926d5def8175b3240e729f943f1e6bd94a0f27c92e696a5001c0747f6bf7574c09e8485a5eb6d7024244ddd73236c28e9dfad58ec5098b74516234232552d9230c1d0ddae73108b0a0144bd9e9265dac56ebdcce7512cf3627a6858d41876ede19d35e0e27957a6896aae9ea150098327450fe7c72385aac6feff0616b3d066cd0be7e5a537bb18488c67db9f0731c30ac7918fe977b4250ffbfbeea81e1ba3b8a0305b9374f0d22453781cc5823b5faad5e50e84306381f83382fe0ed8b176a9c9ff1868cc6543e7f12b1f112adc62430fd1ba530d877a290f0d2e09eacce07ed37ec439c25",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+      "TBS": {
+        "MD5": "c5e24205d04c09c94d81b6935af7ec09",
+        "SHA1": "12622dccb5b07edfd65cae6fc018e24b80ff2c82",
+        "SHA256": "d6afbff1c283d7777501bd3b2adb4aadb8ce32649ee401dfbb06f884362f7507"
+      },
+      "ValidFrom": "2012-07-02 22:25:14",
+      "ValidTo": "2013-10-02 22:25:14",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "6108d3c4000000000004",
+      "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "TBS": {
+        "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+        "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+        "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+      },
+      "ValidFrom": "2011-06-27 21:22:45",
+      "ValidTo": "2026-06-27 21:32:45",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "SerialNumber": "33000000081eb17e9c15fc837a000100000008",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/18b807f0-bafd-4f25-8f7d-e2ff15fb5691.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/191557da-f224-48bb-b027-94534c5637ae.md b/lolrmm.com/content/bootloaders/191557da-f224-48bb-b027-94534c5637ae.md
new file mode 100644
index 00000000..e3a34317
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/191557da-f224-48bb-b027-94534c5637ae.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "191557da-f224-48bb-b027-94534c5637ae"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 191557da-f224-48bb-b027-94534c5637ae
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8">Black Lotus Microsoft Windows 8</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [34F107AD8F982B591FB92BCC193BFCDBFF916C720BC69D96A0E9BD22CBA1E84C](https://www.virustotal.com/gui/file/34F107AD8F982B591FB92BCC193BFCDBFF916C720BC69D96A0E9BD22CBA1E84C) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [800423CEB7E4759621A62C729BABC81F53259D95F76457224AD601542B7B26D4](https://www.virustotal.com/gui/search/authentihash%253A800423CEB7E4759621A62C729BABC81F53259D95F76457224AD601542B7B26D4) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/191557da-f224-48bb-b027-94534c5637ae.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/1a268d88-47d0-4204-ade4-ed6e4ef6028e.md b/lolrmm.com/content/bootloaders/1a268d88-47d0-4204-ade4-ed6e4ef6028e.md
new file mode 100644
index 00000000..3a9cd66e
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/1a268d88-47d0-4204-ade4-ed6e4ef6028e.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "1a268d88-47d0-4204-ade4-ed6e4ef6028e"
+weight = 10
+displayTitle = "bootia32.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootia32.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 1a268d88-47d0-4204-ade4-ed6e4ef6028e
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootia32.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootia32.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [B510C9A79CB6CE1BC37912839AF57B453CC4A77C3D5DCC9935F8CCFF7C81F9FE](https://www.virustotal.com/gui/file/B510C9A79CB6CE1BC37912839AF57B453CC4A77C3D5DCC9935F8CCFF7C81F9FE) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [D79651AA3A0491D33B7979F5B41936F8ACEFBA99BBA10E05FD6F54E2859CC589](https://www.virustotal.com/gui/search/authentihash%253AD79651AA3A0491D33B7979F5B41936F8ACEFBA99BBA10E05FD6F54E2859CC589) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/1a268d88-47d0-4204-ade4-ed6e4ef6028e.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/1ab3d6b3-7bd1-477e-8127-a2be4b9a7636.md b/lolrmm.com/content/bootloaders/1ab3d6b3-7bd1-477e-8127-a2be4b9a7636.md
new file mode 100644
index 00000000..369fecaa
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/1ab3d6b3-7bd1-477e-8127-a2be4b9a7636.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "1ab3d6b3-7bd1-477e-8127-a2be4b9a7636"
+weight = 10
+displayTitle = "bootx64.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootx64.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 1ab3d6b3-7bd1-477e-8127-a2be4b9a7636
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/9618221803e2befd17607ef2d957442f.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootx64.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootx64.efi |
+| MD5                | [9618221803e2befd17607ef2d957442f](https://www.virustotal.com/gui/file/9618221803e2befd17607ef2d957442f) |
+| SHA1               | [1581d6767a70eb0bf596b82592440346eb00cefb](https://www.virustotal.com/gui/file/1581d6767a70eb0bf596b82592440346eb00cefb) |
+| SHA256             | [990a4dd8c86392421d680fa039af4e88d1ebdc97f61a73f8347d6b314fe8cd51](https://www.virustotal.com/gui/file/990a4dd8c86392421d680fa039af4e88d1ebdc97f61a73f8347d6b314fe8cd51) |
+| Authentihash MD5   | [f9c6e874f1efcfe3a046acceb16d86dc](https://www.virustotal.com/gui/search/authentihash%253Af9c6e874f1efcfe3a046acceb16d86dc) |
+| Authentihash SHA1  | [4ef60851f60fb3c04c48a99e582bd5d868e91d75](https://www.virustotal.com/gui/search/authentihash%253A4ef60851f60fb3c04c48a99e582bd5d868e91d75) |
+| Authentihash SHA256| [e8818666b7e014b6e4820afaa84d5a84fa42cb5d2663c848d358b2913274ba21](https://www.virustotal.com/gui/search/authentihash%253Ae8818666b7e014b6e4820afaa84d5a84fa42cb5d2663c848d358b2913274ba21) |
+| RichPEHeaderHash MD5   | [a02554021493291650ba1e2951aef07f](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Aa02554021493291650ba1e2951aef07f) |
+| RichPEHeaderHash SHA1  | [3cb0d2f0d1a2046caf0027cfd995294a09eeda72](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3cb0d2f0d1a2046caf0027cfd995294a09eeda72) |
+| RichPEHeaderHash SHA256| [3089fe7fa4527043c200fafe2a7272e48a1f7c54725a623f22d12f2cdbb48350](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3089fe7fa4527043c200fafe2a7272e48a1f7c54725a623f22d12f2cdbb48350) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000004ea1d80770a9bbe94400000000004e
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 9da610547a25cbe89af7ecdb99229623  |
+| ToBeSigned (TBS) SHA1             | 6841cbcbd019586d045c2e9d6d0bc3a98fee3bf7 |
+| ToBeSigned (TBS) SHA256           | 1cfead8146399a4dfe6759e9303c30c521cff3830e7177e87e64021dc3da4931 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2014-07-01 20:32:01 |
+| ValidTo                           | 2015-10-01 20:32:01 |
+| Signature                         | 8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000004ea1d80770a9bbe94400000000004e |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+      "Signature": "8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "9da610547a25cbe89af7ecdb99229623",
+        "SHA1": "6841cbcbd019586d045c2e9d6d0bc3a98fee3bf7",
+        "SHA256": "1cfead8146399a4dfe6759e9303c30c521cff3830e7177e87e64021dc3da4931"
+      },
+      "ValidFrom": "2014-07-01 20:32:01",
+      "ValidTo": "2015-10-01 20:32:01",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/1ab3d6b3-7bd1-477e-8127-a2be4b9a7636.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/1b134b19-47f4-4bfd-af37-40c05933168f.md b/lolrmm.com/content/bootloaders/1b134b19-47f4-4bfd-af37-40c05933168f.md
new file mode 100644
index 00000000..bd87be87
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/1b134b19-47f4-4bfd-af37-40c05933168f.md
@@ -0,0 +1,164 @@
++++
+
+description = ""
+title = "1b134b19-47f4-4bfd-af37-40c05933168f"
+weight = 10
+displayTitle = "grubnetx64.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# grubnetx64.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Canonical and revoked Jul-20
+- **UUID**: 1b134b19-47f4-4bfd-af37-40c05933168f
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/f383b5c1f0cb8806742c8df990bc7803.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\grubnetx64.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | grubnetx64.efi |
+| MD5                | [f383b5c1f0cb8806742c8df990bc7803](https://www.virustotal.com/gui/file/f383b5c1f0cb8806742c8df990bc7803) |
+| SHA1               | [c1f26b124fcfb2c73ec9c9cfafe3fcfbc269d4e7](https://www.virustotal.com/gui/file/c1f26b124fcfb2c73ec9c9cfafe3fcfbc269d4e7) |
+| SHA256             | [8e8addb29426d845a0101c2c1f26c2e7fe8c78128ab04f16cfcb4e06461b0101](https://www.virustotal.com/gui/file/8e8addb29426d845a0101c2c1f26c2e7fe8c78128ab04f16cfcb4e06461b0101) |
+| Authentihash MD5   | [cba477486346b0fad728f78e3542e00e](https://www.virustotal.com/gui/search/authentihash%253Acba477486346b0fad728f78e3542e00e) |
+| Authentihash SHA1  | [cecc72f2d1a431149d9bc47f8e21b655e980e9f2](https://www.virustotal.com/gui/search/authentihash%253Acecc72f2d1a431149d9bc47f8e21b655e980e9f2) |
+| Authentihash SHA256| [804e354c6368bb27a90fae8e498a57052b293418259a019c4f53a2007254490f](https://www.virustotal.com/gui/search/authentihash%253A804e354c6368bb27a90fae8e498a57052b293418259a019c4f53a2007254490f) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/1b134b19-47f4-4bfd-af37-40c05933168f.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/1ca07dec-812e-46a2-ada4-141584aa0c12.md b/lolrmm.com/content/bootloaders/1ca07dec-812e-46a2-ada4-141584aa0c12.md
new file mode 100644
index 00000000..51d7c8c4
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/1ca07dec-812e-46a2-ada4-141584aa0c12.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "1ca07dec-812e-46a2-ada4-141584aa0c12"
+weight = 10
+displayTitle = "1ca07dec-812e-46a2-ada4-141584aa0c12"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 1ca07dec-812e-46a2-ada4-141584aa0c12 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Unknown and revoked Jul-20
+- **UUID**: 1ca07dec-812e-46a2-ada4-141584aa0c12
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [6E5D8278A7A4A58DBBA2F5D01B09B9DE4BB20ACD2DD4890846C8125A65136BF8](https://www.virustotal.com/gui/file/6E5D8278A7A4A58DBBA2F5D01B09B9DE4BB20ACD2DD4890846C8125A65136BF8) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [6873D2F61C29BD52E954EEFF5977AA8367439997811A62FF212C948133C68D97](https://www.virustotal.com/gui/search/authentihash%253A6873D2F61C29BD52E954EEFF5977AA8367439997811A62FF212C948133C68D97) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/1ca07dec-812e-46a2-ada4-141584aa0c12.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/1d193967-c24f-46c5-83ae-4bf1d5ea80ca.md b/lolrmm.com/content/bootloaders/1d193967-c24f-46c5-83ae-4bf1d5ea80ca.md
new file mode 100644
index 00000000..76475178
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/1d193967-c24f-46c5-83ae-4bf1d5ea80ca.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "1d193967-c24f-46c5-83ae-4bf1d5ea80ca"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 1d193967-c24f-46c5-83ae-4bf1d5ea80ca
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [9C4A74D11888FA41A0341EE6F0B75DB69C34827851755F46506A6C0ED96CEC8D](https://www.virustotal.com/gui/file/9C4A74D11888FA41A0341EE6F0B75DB69C34827851755F46506A6C0ED96CEC8D) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [23A0F1DE04EF678E621A449040CF519DDC3679FE54C9E2E0897DFE2C80D3DC26](https://www.virustotal.com/gui/search/authentihash%253A23A0F1DE04EF678E621A449040CF519DDC3679FE54C9E2E0897DFE2C80D3DC26) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/1d193967-c24f-46c5-83ae-4bf1d5ea80ca.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/1f0649ef-7118-46ab-b168-e4b9736bcea4.md b/lolrmm.com/content/bootloaders/1f0649ef-7118-46ab-b168-e4b9736bcea4.md
new file mode 100644
index 00000000..fb9b0fbe
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/1f0649ef-7118-46ab-b168-e4b9736bcea4.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "1f0649ef-7118-46ab-b168-e4b9736bcea4"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 1f0649ef-7118-46ab-b168-e4b9736bcea4
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8">Black Lotus Microsoft Windows 8</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [3F5AFCDADFA8F590C39764BD9A31CE160FD7A929654491154AFD6738C0523D2C](https://www.virustotal.com/gui/file/3F5AFCDADFA8F590C39764BD9A31CE160FD7A929654491154AFD6738C0523D2C) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [85255700890931C5B71A73DFF09EA5125CD702EA65F45B4054C1463E00173FDC](https://www.virustotal.com/gui/search/authentihash%253A85255700890931C5B71A73DFF09EA5125CD702EA65F45B4054C1463E00173FDC) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/1f0649ef-7118-46ab-b168-e4b9736bcea4.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/1f6808e6-5b11-4cb3-b2d7-427ea75c1f9e.md b/lolrmm.com/content/bootloaders/1f6808e6-5b11-4cb3-b2d7-427ea75c1f9e.md
new file mode 100644
index 00000000..18a59d75
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/1f6808e6-5b11-4cb3-b2d7-427ea75c1f9e.md
@@ -0,0 +1,241 @@
++++
+
+description = ""
+title = "1f6808e6-5b11-4cb3-b2d7-427ea75c1f9e"
+weight = 10
+displayTitle = "BOOTX64.EFI"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# BOOTX64.EFI ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by  Ciscso Systems Inc. and revoked Jul-20
+- **UUID**: 1f6808e6-5b11-4cb3-b2d7-427ea75c1f9e
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/cd3a08a351a1e5286fdabeb5bbf371e7.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\BOOTX64.EFI } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | BOOTX64.EFI |
+| MD5                | [cd3a08a351a1e5286fdabeb5bbf371e7](https://www.virustotal.com/gui/file/cd3a08a351a1e5286fdabeb5bbf371e7) |
+| SHA1               | [55f93fee3283aa27b1d8b20d1d4d85b770e923aa](https://www.virustotal.com/gui/file/55f93fee3283aa27b1d8b20d1d4d85b770e923aa) |
+| SHA256             | [2df05c41acc56d0f4c9371da62ec6cb311c9afb84b4a4d8c3738583ccc874d38](https://www.virustotal.com/gui/file/2df05c41acc56d0f4c9371da62ec6cb311c9afb84b4a4d8c3738583ccc874d38) |
+| Authentihash MD5   | [19a8ebfdc4acec4f18411de1412ef702](https://www.virustotal.com/gui/search/authentihash%253A19a8ebfdc4acec4f18411de1412ef702) |
+| Authentihash SHA1  | [e91507cdff068f305c149e89d25038e3a665e461](https://www.virustotal.com/gui/search/authentihash%253Ae91507cdff068f305c149e89d25038e3a665e461) |
+| Authentihash SHA256| [c805603c4fa038776e42f263c604b49d96840322e1922d5606a9b0bbb5bffe6f](https://www.virustotal.com/gui/search/authentihash%253Ac805603c4fa038776e42f263c604b49d96840322e1922d5606a9b0bbb5bffe6f) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000002b4b79b3694d12118700010000002b
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 8d8a1f204c9c80213bd427fa58b387e2  |
+| ToBeSigned (TBS) SHA1             | 8d78e1742b948f0c8298e560dd71fe1594020386 |
+| ToBeSigned (TBS) SHA256           | 1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher |
+| ValidFrom                         | 2018-07-03 20:53:01 |
+| ValidTo                           | 2019-07-26 20:53:01 |
+| Signature                         | 54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000002b4b79b3694d12118700010000002b |
+| Version                           | 3 |
+###### Certificate 6108d3c4000000000004
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 1f23e75a000f0b6db92650dc26ac98e1  |
+| ToBeSigned (TBS) SHA1             | bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d |
+| ToBeSigned (TBS) SHA256           | 9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011 |
+| ValidFrom                         | 2011-06-27 21:22:45 |
+| ValidTo                           | 2026-06-27 21:32:45 |
+| Signature                         | 350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 6108d3c4000000000004 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+      "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+      "TBS": {
+        "MD5": "8d8a1f204c9c80213bd427fa58b387e2",
+        "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386",
+        "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0"
+      },
+      "ValidFrom": "2018-07-03 20:53:01",
+      "ValidTo": "2019-07-26 20:53:01",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "6108d3c4000000000004",
+      "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "TBS": {
+        "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+        "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+        "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+      },
+      "ValidFrom": "2011-06-27 21:22:45",
+      "ValidTo": "2026-06-27 21:32:45",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/1f6808e6-5b11-4cb3-b2d7-427ea75c1f9e.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/216969d0-1120-463f-a8b0-f8832f49fe39.md b/lolrmm.com/content/bootloaders/216969d0-1120-463f-a8b0-f8832f49fe39.md
new file mode 100644
index 00000000..64c95803
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/216969d0-1120-463f-a8b0-f8832f49fe39.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "216969d0-1120-463f-a8b0-f8832f49fe39"
+weight = 10
+displayTitle = "BOOTX64.EFI"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# BOOTX64.EFI ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Red Hat Inc. and revoked Jul-20
+- **UUID**: 216969d0-1120-463f-a8b0-f8832f49fe39
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\BOOTX64.EFI } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | BOOTX64.EFI |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [487DF121FD496D9A443C3598DA3771FA187D408C589F4CB990041E546C529539](https://www.virustotal.com/gui/file/487DF121FD496D9A443C3598DA3771FA187D408C589F4CB990041E546C529539) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [947078F97C6196968C3AE99C9A5D58667E86882CF6C8C9D58967A496BB7AF43C](https://www.virustotal.com/gui/search/authentihash%253A947078F97C6196968C3AE99C9A5D58667E86882CF6C8C9D58967A496BB7AF43C) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/216969d0-1120-463f-a8b0-f8832f49fe39.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/224dff2d-8d29-4951-b7b7-4a0cd2c18dbc.md b/lolrmm.com/content/bootloaders/224dff2d-8d29-4951-b7b7-4a0cd2c18dbc.md
new file mode 100644
index 00000000..8fbb91f2
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/224dff2d-8d29-4951-b7b7-4a0cd2c18dbc.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "224dff2d-8d29-4951-b7b7-4a0cd2c18dbc"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 224dff2d-8d29-4951-b7b7-4a0cd2c18dbc
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [7429F9578205C654FC25D2FBE8B6F27D8082E049A962982EB70F55DCA02BE882](https://www.virustotal.com/gui/file/7429F9578205C654FC25D2FBE8B6F27D8082E049A962982EB70F55DCA02BE882) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [7F9602C123A090BB0C4C3B69662BC52D675A0A4ED444D1C1E0E26C2B0DC3760B](https://www.virustotal.com/gui/search/authentihash%253A7F9602C123A090BB0C4C3B69662BC52D675A0A4ED444D1C1E0E26C2B0DC3760B) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/224dff2d-8d29-4951-b7b7-4a0cd2c18dbc.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/22532a2a-950a-425c-b1c7-ae8f8e4faa5b.md b/lolrmm.com/content/bootloaders/22532a2a-950a-425c-b1c7-ae8f8e4faa5b.md
new file mode 100644
index 00000000..f838fb94
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/22532a2a-950a-425c-b1c7-ae8f8e4faa5b.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "22532a2a-950a-425c-b1c7-ae8f8e4faa5b"
+weight = 10
+displayTitle = "22532a2a-950a-425c-b1c7-ae8f8e4faa5b"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 22532a2a-950a-425c-b1c7-ae8f8e4faa5b ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Oracle Corporation and revoked Jul-20
+- **UUID**: 22532a2a-950a-425c-b1c7-ae8f8e4faa5b
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [1CC3D6DA3017F0F1422D1B8115622EDEF65FBC497487234D17F4D356670F28EB](https://www.virustotal.com/gui/file/1CC3D6DA3017F0F1422D1B8115622EDEF65FBC497487234D17F4D356670F28EB) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [1F16078CCE009DF62EDB9E7170E66CAAE670BCE71B8F92D38280C56AA372031D](https://www.virustotal.com/gui/search/authentihash%253A1F16078CCE009DF62EDB9E7170E66CAAE670BCE71B8F92D38280C56AA372031D) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/22532a2a-950a-425c-b1c7-ae8f8e4faa5b.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/2281377f-96d2-494e-91d6-86e4f2c78198.md b/lolrmm.com/content/bootloaders/2281377f-96d2-494e-91d6-86e4f2c78198.md
new file mode 100644
index 00000000..3563a0da
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/2281377f-96d2-494e-91d6-86e4f2c78198.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "2281377f-96d2-494e-91d6-86e4f2c78198"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 2281377f-96d2-494e-91d6-86e4f2c78198
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/65e619f026af74b9c47c2cc77346ec40.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [65e619f026af74b9c47c2cc77346ec40](https://www.virustotal.com/gui/file/65e619f026af74b9c47c2cc77346ec40) |
+| SHA1               | [9bf8d8b915968c37fb4b491f67e567d709d2a026](https://www.virustotal.com/gui/file/9bf8d8b915968c37fb4b491f67e567d709d2a026) |
+| SHA256             | [fef56f20ef6e5065ed0fde1d85fd19f1f07212403489fd1e2b63aa41f5dc600b](https://www.virustotal.com/gui/file/fef56f20ef6e5065ed0fde1d85fd19f1f07212403489fd1e2b63aa41f5dc600b) |
+| Authentihash MD5   | [866e67751c0a6b90c631d03793a348bc](https://www.virustotal.com/gui/search/authentihash%253A866e67751c0a6b90c631d03793a348bc) |
+| Authentihash SHA1  | [2565b9e7e5552c7a3340f5ad2c6faab6ea42bd27](https://www.virustotal.com/gui/search/authentihash%253A2565b9e7e5552c7a3340f5ad2c6faab6ea42bd27) |
+| Authentihash SHA256| [ce1af9fcce6ad19c00d8236b23b03cf83c593c6184a08266e58fe95c6caa4d13](https://www.virustotal.com/gui/search/authentihash%253Ace1af9fcce6ad19c00d8236b23b03cf83c593c6184a08266e58fe95c6caa4d13) |
+| RichPEHeaderHash MD5   | [61ae12104fd32308c2c6da0ad0f4da3a](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A61ae12104fd32308c2c6da0ad0f4da3a) |
+| RichPEHeaderHash SHA1  | [5916de417c3548f9179b3fca1170571bd0615d62](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A5916de417c3548f9179b3fca1170571bd0615d62) |
+| RichPEHeaderHash SHA256| [9d016f97efd1b99cdeec92f9010dbe2695c277306c00fe7e352588a7f6e7be26](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A9d016f97efd1b99cdeec92f9010dbe2695c277306c00fe7e352588a7f6e7be26) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000002418fc0b689e7399d0000000000024
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 28b23b39f3bbd936a26a5b86451be0ac  |
+| ToBeSigned (TBS) SHA1             | 3b16f29295d5a7c323beb479c71d3d20c6b8acc2 |
+| ToBeSigned (TBS) SHA256           | 4383c9a796dc607ddaae1849d8e5d2e7ea211aad2c599fe1e251285ec87dd150 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2013-06-17 21:43:38 |
+| ValidTo                           | 2014-09-17 21:43:38 |
+| Signature                         | 78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000002418fc0b689e7399d0000000000024 |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+      "Signature": "78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "28b23b39f3bbd936a26a5b86451be0ac",
+        "SHA1": "3b16f29295d5a7c323beb479c71d3d20c6b8acc2",
+        "SHA256": "4383c9a796dc607ddaae1849d8e5d2e7ea211aad2c599fe1e251285ec87dd150"
+      },
+      "ValidFrom": "2013-06-17 21:43:38",
+      "ValidTo": "2014-09-17 21:43:38",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/2281377f-96d2-494e-91d6-86e4f2c78198.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/2297fba2-2316-41a2-93f7-20ea8c9f6b98.md b/lolrmm.com/content/bootloaders/2297fba2-2316-41a2-93f7-20ea8c9f6b98.md
new file mode 100644
index 00000000..f1a8020a
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/2297fba2-2316-41a2-93f7-20ea8c9f6b98.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "2297fba2-2316-41a2-93f7-20ea8c9f6b98"
+weight = 10
+displayTitle = "bootaa64.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootaa64.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 2297fba2-2316-41a2-93f7-20ea8c9f6b98
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootaa64.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootaa64.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [2674036BC5EE2446739FBBBE21F8480DA23AD5E98A6768754B4C9B9FC37EF2E2](https://www.virustotal.com/gui/file/2674036BC5EE2446739FBBBE21F8480DA23AD5E98A6768754B4C9B9FC37EF2E2) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [A1A59CC2784246AD693B1DF151454642324E89C898566A59906891F48089ECE9](https://www.virustotal.com/gui/search/authentihash%253AA1A59CC2784246AD693B1DF151454642324E89C898566A59906891F48089ECE9) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/2297fba2-2316-41a2-93f7-20ea8c9f6b98.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/23d2d4cc-fb8c-43d8-b736-ae5c4fc3cd96.md b/lolrmm.com/content/bootloaders/23d2d4cc-fb8c-43d8-b736-ae5c4fc3cd96.md
new file mode 100644
index 00000000..c56a4832
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/23d2d4cc-fb8c-43d8-b736-ae5c4fc3cd96.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "23d2d4cc-fb8c-43d8-b736-ae5c4fc3cd96"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 23d2d4cc-fb8c-43d8-b736-ae5c4fc3cd96
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [C1B24EBFE119C27A2E5EDD4267EEF37B2CD14FBBD8688DE27E08AF89996DB468](https://www.virustotal.com/gui/file/C1B24EBFE119C27A2E5EDD4267EEF37B2CD14FBBD8688DE27E08AF89996DB468) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [691BA3414E78622581BC519BAF0BCB16FB262D3ABBD8639F3E0ECA2A29F99406](https://www.virustotal.com/gui/search/authentihash%253A691BA3414E78622581BC519BAF0BCB16FB262D3ABBD8639F3E0ECA2A29F99406) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/23d2d4cc-fb8c-43d8-b736-ae5c4fc3cd96.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/24b32147-9b69-40e3-a166-b0c457b3c371.md b/lolrmm.com/content/bootloaders/24b32147-9b69-40e3-a166-b0c457b3c371.md
new file mode 100644
index 00000000..7808fb83
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/24b32147-9b69-40e3-a166-b0c457b3c371.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "24b32147-9b69-40e3-a166-b0c457b3c371"
+weight = 10
+displayTitle = "24b32147-9b69-40e3-a166-b0c457b3c371"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 24b32147-9b69-40e3-a166-b0c457b3c371 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Novell Systems and revoked Jul-20
+- **UUID**: 24b32147-9b69-40e3-a166-b0c457b3c371
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [3F8091F700DA0DD082C6C06D0D3B68DB8D51FBE03198BBD6E4FA0D4A9EACA522](https://www.virustotal.com/gui/file/3F8091F700DA0DD082C6C06D0D3B68DB8D51FBE03198BBD6E4FA0D4A9EACA522) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [2F9A8EB6C8E18E7E118AFE9B51E233D88EC76C0EA256FF1F2A842B3A0EA9F466](https://www.virustotal.com/gui/search/authentihash%253A2F9A8EB6C8E18E7E118AFE9B51E233D88EC76C0EA256FF1F2A842B3A0EA9F466) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/24b32147-9b69-40e3-a166-b0c457b3c371.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/24c0575d-dfa7-4f1b-8503-e136cf8fcf3a.md b/lolrmm.com/content/bootloaders/24c0575d-dfa7-4f1b-8503-e136cf8fcf3a.md
new file mode 100644
index 00000000..1b4e390b
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/24c0575d-dfa7-4f1b-8503-e136cf8fcf3a.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "24c0575d-dfa7-4f1b-8503-e136cf8fcf3a"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 24c0575d-dfa7-4f1b-8503-e136cf8fcf3a
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8">Black Lotus Microsoft Windows 8</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [B334937090AC1D2DB8FFFA7D6BB72F97FDE42712300524E2C89F0E7DCA5EF4D5](https://www.virustotal.com/gui/file/B334937090AC1D2DB8FFFA7D6BB72F97FDE42712300524E2C89F0E7DCA5EF4D5) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [9141EA1A4E6BF1F4D72C28A1D0D124A928D5A7D36B14FC7E7E53EF442360FF99](https://www.virustotal.com/gui/search/authentihash%253A9141EA1A4E6BF1F4D72C28A1D0D124A928D5A7D36B14FC7E7E53EF442360FF99) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/24c0575d-dfa7-4f1b-8503-e136cf8fcf3a.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/25025124-0a03-422d-8fe8-530afd16951c.md b/lolrmm.com/content/bootloaders/25025124-0a03-422d-8fe8-530afd16951c.md
new file mode 100644
index 00000000..4bf78f07
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/25025124-0a03-422d-8fe8-530afd16951c.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "25025124-0a03-422d-8fe8-530afd16951c"
+weight = 10
+displayTitle = "bootarm.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootarm.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 25025124-0a03-422d-8fe8-530afd16951c
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootarm.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootarm.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [372968218A3CBA11D964EF1B1E8CFF3804EDF96481B96B929208D1B483ADB30C](https://www.virustotal.com/gui/file/372968218A3CBA11D964EF1B1E8CFF3804EDF96481B96B929208D1B483ADB30C) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [D28AEC97E28A38D94BE65369E43D01F6266195D6113E7ED17A6930A309288800](https://www.virustotal.com/gui/search/authentihash%253AD28AEC97E28A38D94BE65369E43D01F6266195D6113E7ED17A6930A309288800) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/25025124-0a03-422d-8fe8-530afd16951c.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/25356276-9f23-4044-a512-863c5b3180df.md b/lolrmm.com/content/bootloaders/25356276-9f23-4044-a512-863c5b3180df.md
new file mode 100644
index 00000000..31594421
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/25356276-9f23-4044-a512-863c5b3180df.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "25356276-9f23-4044-a512-863c5b3180df"
+weight = 10
+displayTitle = "25356276-9f23-4044-a512-863c5b3180df"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 25356276-9f23-4044-a512-863c5b3180df ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Canonical and revoked Jul-20
+- **UUID**: 25356276-9f23-4044-a512-863c5b3180df
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [96520E78051325998A6D82FFFEE0366F85289E6D8834D1F3DA9082C6EE146D26](https://www.virustotal.com/gui/file/96520E78051325998A6D82FFFEE0366F85289E6D8834D1F3DA9082C6EE146D26) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [B93F0699598F8B20FA0DACC12CFCFC1F2568793F6E779E04795E6D7C22530F75](https://www.virustotal.com/gui/search/authentihash%253AB93F0699598F8B20FA0DACC12CFCFC1F2568793F6E779E04795E6D7C22530F75) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/25356276-9f23-4044-a512-863c5b3180df.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/261d9721-b41e-4711-9ec1-d46057b9c56b.md b/lolrmm.com/content/bootloaders/261d9721-b41e-4711-9ec1-d46057b9c56b.md
new file mode 100644
index 00000000..da71e897
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/261d9721-b41e-4711-9ec1-d46057b9c56b.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "261d9721-b41e-4711-9ec1-d46057b9c56b"
+weight = 10
+displayTitle = "261d9721-b41e-4711-9ec1-d46057b9c56b"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 261d9721-b41e-4711-9ec1-d46057b9c56b ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Unknown and revoked Jul-20
+- **UUID**: 261d9721-b41e-4711-9ec1-d46057b9c56b
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [424C636253B4EFA0C69F91505EE16D7079956B8EDE4524FFCE211A1B037FF692](https://www.virustotal.com/gui/file/424C636253B4EFA0C69F91505EE16D7079956B8EDE4524FFCE211A1B037FF692) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [97A51A094444620DF38CD8C6512CAC909A75FD437AE1E4D22929807661238127](https://www.virustotal.com/gui/search/authentihash%253A97A51A094444620DF38CD8C6512CAC909A75FD437AE1E4D22929807661238127) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/261d9721-b41e-4711-9ec1-d46057b9c56b.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/2682f970-000c-406a-bf2e-fa4c1ac8bbeb.md b/lolrmm.com/content/bootloaders/2682f970-000c-406a-bf2e-fa4c1ac8bbeb.md
new file mode 100644
index 00000000..35cd6668
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/2682f970-000c-406a-bf2e-fa4c1ac8bbeb.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "2682f970-000c-406a-bf2e-fa4c1ac8bbeb"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 2682f970-000c-406a-bf2e-fa4c1ac8bbeb
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8">Black Lotus Microsoft Windows 8</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [B28C498A7CD61006A32A9EEF404AED4349CA68DC6F2240833BA4EC745D37A1DA](https://www.virustotal.com/gui/file/B28C498A7CD61006A32A9EEF404AED4349CA68DC6F2240833BA4EC745D37A1DA) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [E6C63C984BC754736376564A8F9AB1B7885B9AC2F49F1EC6E4053049D26F78F9](https://www.virustotal.com/gui/search/authentihash%253AE6C63C984BC754736376564A8F9AB1B7885B9AC2F49F1EC6E4053049D26F78F9) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/2682f970-000c-406a-bf2e-fa4c1ac8bbeb.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/26ede8d7-1e62-43e2-97f4-710a4352d0ba.md b/lolrmm.com/content/bootloaders/26ede8d7-1e62-43e2-97f4-710a4352d0ba.md
new file mode 100644
index 00000000..66b9f7d8
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/26ede8d7-1e62-43e2-97f4-710a4352d0ba.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "26ede8d7-1e62-43e2-97f4-710a4352d0ba"
+weight = 10
+displayTitle = "centos-7.9-shim-20200726-shim64-bit.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# centos-7.9-shim-20200726-shim64-bit.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Red Hat, Inc. and revoked Apr-21
+- **UUID**: 26ede8d7-1e62-43e2-97f4-710a4352d0ba
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\centos-7.9-shim-20200726-shim64-bit.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372">CVE-2020-14372</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632">CVE-2020-25632</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647">CVE-2020-25647</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749">CVE-2020-27749</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779">CVE-2020-27779</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3418">CVE-2021-3418</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225">CVE-2021-20225</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233">CVE-2021-20233</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | centos-7.9-shim-20200726-shim64-bit.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [5C512E50028955AED91AF0317813C68B427A7F73A6497BDA82F4551BE1A04936](https://www.virustotal.com/gui/file/5C512E50028955AED91AF0317813C68B427A7F73A6497BDA82F4551BE1A04936) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [5C2AFE34BD8A7AEBBB439C251DFB6A424F00E535AC4DF61EC19745B6F10E893A](https://www.virustotal.com/gui/search/authentihash%253A5C2AFE34BD8A7AEBBB439C251DFB6A424F00E535AC4DF61EC19745B6F10E893A) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/26ede8d7-1e62-43e2-97f4-710a4352d0ba.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/275664b6-bb50-43c5-9d04-b100ea9fe56b.md b/lolrmm.com/content/bootloaders/275664b6-bb50-43c5-9d04-b100ea9fe56b.md
new file mode 100644
index 00000000..922f3835
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/275664b6-bb50-43c5-9d04-b100ea9fe56b.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "275664b6-bb50-43c5-9d04-b100ea9fe56b"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 275664b6-bb50-43c5-9d04-b100ea9fe56b
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/a7077726554ee791e5a4b6e20ba8d557.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [a7077726554ee791e5a4b6e20ba8d557](https://www.virustotal.com/gui/file/a7077726554ee791e5a4b6e20ba8d557) |
+| SHA1               | [6d3c3476f38f447586c8fc347dd545ebf3b83a15](https://www.virustotal.com/gui/file/6d3c3476f38f447586c8fc347dd545ebf3b83a15) |
+| SHA256             | [3fda721bc5007eab23af6e0c56a6942a7925a858f0d801fbb21011ccf758893b](https://www.virustotal.com/gui/file/3fda721bc5007eab23af6e0c56a6942a7925a858f0d801fbb21011ccf758893b) |
+| Authentihash MD5   | [0a0000705bbb68e7e712da6d3e638b2c](https://www.virustotal.com/gui/search/authentihash%253A0a0000705bbb68e7e712da6d3e638b2c) |
+| Authentihash SHA1  | [af2f6de1a213564cfcef1588b157a5ea52ee54da](https://www.virustotal.com/gui/search/authentihash%253Aaf2f6de1a213564cfcef1588b157a5ea52ee54da) |
+| Authentihash SHA256| [f1cad3ac005b57d6e22ea57b9ebe1ee9e5052bdda499f5f2c1364317de87a794](https://www.virustotal.com/gui/search/authentihash%253Af1cad3ac005b57d6e22ea57b9ebe1ee9e5052bdda499f5f2c1364317de87a794) |
+| RichPEHeaderHash MD5   | [476ff7a2afe034c2194a948f1f780094](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A476ff7a2afe034c2194a948f1f780094) |
+| RichPEHeaderHash SHA1  | [1a999ada5820fb409ce7f2ec343e215caf2e07a4](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A1a999ada5820fb409ce7f2ec343e215caf2e07a4) |
+| RichPEHeaderHash SHA256| [802de9524cf6556e6464828cc411f87a8fb3693742c5515126eb511122e9086a](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A802de9524cf6556e6464828cc411f87a8fb3693742c5515126eb511122e9086a) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000002418fc0b689e7399d0000000000024
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 28b23b39f3bbd936a26a5b86451be0ac  |
+| ToBeSigned (TBS) SHA1             | 3b16f29295d5a7c323beb479c71d3d20c6b8acc2 |
+| ToBeSigned (TBS) SHA256           | 4383c9a796dc607ddaae1849d8e5d2e7ea211aad2c599fe1e251285ec87dd150 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2013-06-17 21:43:38 |
+| ValidTo                           | 2014-09-17 21:43:38 |
+| Signature                         | 78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000002418fc0b689e7399d0000000000024 |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+      "Signature": "78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "28b23b39f3bbd936a26a5b86451be0ac",
+        "SHA1": "3b16f29295d5a7c323beb479c71d3d20c6b8acc2",
+        "SHA256": "4383c9a796dc607ddaae1849d8e5d2e7ea211aad2c599fe1e251285ec87dd150"
+      },
+      "ValidFrom": "2013-06-17 21:43:38",
+      "ValidTo": "2014-09-17 21:43:38",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/275664b6-bb50-43c5-9d04-b100ea9fe56b.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/27c9ba50-5540-4ff3-90eb-8798c48599a1.md b/lolrmm.com/content/bootloaders/27c9ba50-5540-4ff3-90eb-8798c48599a1.md
new file mode 100644
index 00000000..665bcca7
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/27c9ba50-5540-4ff3-90eb-8798c48599a1.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "27c9ba50-5540-4ff3-90eb-8798c48599a1"
+weight = 10
+displayTitle = "27c9ba50-5540-4ff3-90eb-8798c48599a1"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 27c9ba50-5540-4ff3-90eb-8798c48599a1 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Unknown and revoked Jul-20
+- **UUID**: 27c9ba50-5540-4ff3-90eb-8798c48599a1
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [127B01B1F605183BBA4D1A07B7EEFE01BA88203A6CD6686B28F3883F33C0ED42](https://www.virustotal.com/gui/file/127B01B1F605183BBA4D1A07B7EEFE01BA88203A6CD6686B28F3883F33C0ED42) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [1CB4DCCAF2C812CFA7B4938E1371FE2B96910FE407216FD95428672D6C7E7316](https://www.virustotal.com/gui/search/authentihash%253A1CB4DCCAF2C812CFA7B4938E1371FE2B96910FE407216FD95428672D6C7E7316) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/27c9ba50-5540-4ff3-90eb-8798c48599a1.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/27ce9422-3805-4231-8142-aa0976d3686a.md b/lolrmm.com/content/bootloaders/27ce9422-3805-4231-8142-aa0976d3686a.md
new file mode 100644
index 00000000..1969b977
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/27ce9422-3805-4231-8142-aa0976d3686a.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "27ce9422-3805-4231-8142-aa0976d3686a"
+weight = 10
+displayTitle = "bootx64.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootx64.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by TeraByte Inc. and revoked Jul-20
+- **UUID**: 27ce9422-3805-4231-8142-aa0976d3686a
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootx64.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootx64.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [EEC3E281A5545CAF11EC02BB0DF159DA19698E639CBA0190A0AEC9AB09296BEB](https://www.virustotal.com/gui/file/EEC3E281A5545CAF11EC02BB0DF159DA19698E639CBA0190A0AEC9AB09296BEB) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [A4D978B7C4BDA15435D508F8B9592EC2A5ADFB12EA7BAD146A35ECB53094642F](https://www.virustotal.com/gui/search/authentihash%253AA4D978B7C4BDA15435D508F8B9592EC2A5ADFB12EA7BAD146A35ECB53094642F) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/27ce9422-3805-4231-8142-aa0976d3686a.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/2856fed8-45ba-4ef2-8904-8d9c9ecc6cb4.md b/lolrmm.com/content/bootloaders/2856fed8-45ba-4ef2-8904-8d9c9ecc6cb4.md
new file mode 100644
index 00000000..e214e779
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/2856fed8-45ba-4ef2-8904-8d9c9ecc6cb4.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "2856fed8-45ba-4ef2-8904-8d9c9ecc6cb4"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 2856fed8-45ba-4ef2-8904-8d9c9ecc6cb4
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [E28C1F6E413330EA1DE56643F344702D2962988ED72AC49DC7B33B51B2238537](https://www.virustotal.com/gui/file/E28C1F6E413330EA1DE56643F344702D2962988ED72AC49DC7B33B51B2238537) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [9EBDA9554AD5BB9E3D5CE700F7C86D4F5B0D782BF1DBF30A6A7234749A5DD517](https://www.virustotal.com/gui/search/authentihash%253A9EBDA9554AD5BB9E3D5CE700F7C86D4F5B0D782BF1DBF30A6A7234749A5DD517) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/2856fed8-45ba-4ef2-8904-8d9c9ecc6cb4.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/285c0ef5-dd8b-4c50-af8f-6ed20f233294.md b/lolrmm.com/content/bootloaders/285c0ef5-dd8b-4c50-af8f-6ed20f233294.md
new file mode 100644
index 00000000..a8c5831f
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/285c0ef5-dd8b-4c50-af8f-6ed20f233294.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "285c0ef5-dd8b-4c50-af8f-6ed20f233294"
+weight = 10
+displayTitle = "bootarm.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootarm.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 285c0ef5-dd8b-4c50-af8f-6ed20f233294
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootarm.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootarm.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [FC40897F668AA86E5279CA8FEB62873A06A569742967E0F243F51ED56BDB53CD](https://www.virustotal.com/gui/file/FC40897F668AA86E5279CA8FEB62873A06A569742967E0F243F51ED56BDB53CD) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [4380A43A7B0BE1ACE54A65B3E25ED35F340D6906365821AF139941D5D6E1EA1B](https://www.virustotal.com/gui/search/authentihash%253A4380A43A7B0BE1ACE54A65B3E25ED35F340D6906365821AF139941D5D6E1EA1B) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/285c0ef5-dd8b-4c50-af8f-6ed20f233294.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/28fb8eaa-e498-44f7-8f1f-1dcf1dad47d7.md b/lolrmm.com/content/bootloaders/28fb8eaa-e498-44f7-8f1f-1dcf1dad47d7.md
new file mode 100644
index 00000000..77cd041d
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/28fb8eaa-e498-44f7-8f1f-1dcf1dad47d7.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "28fb8eaa-e498-44f7-8f1f-1dcf1dad47d7"
+weight = 10
+displayTitle = "bootarm.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootarm.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 28fb8eaa-e498-44f7-8f1f-1dcf1dad47d7
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootarm.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8">Black Lotus Microsoft Windows 8</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootarm.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [0E0D94096278CEDCF333D4902F64ADE7815ED4000A1F6EA45EB93D2DBE18E496](https://www.virustotal.com/gui/file/0E0D94096278CEDCF333D4902F64ADE7815ED4000A1F6EA45EB93D2DBE18E496) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [22B5A88D79B8146598613B3701B0D2AD3E1D2BC215D3A613A30356953239485C](https://www.virustotal.com/gui/search/authentihash%253A22B5A88D79B8146598613B3701B0D2AD3E1D2BC215D3A613A30356953239485C) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/28fb8eaa-e498-44f7-8f1f-1dcf1dad47d7.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/29221f48-fbc7-4db4-8fc6-86f1e3e137b8.md b/lolrmm.com/content/bootloaders/29221f48-fbc7-4db4-8fc6-86f1e3e137b8.md
new file mode 100644
index 00000000..42346993
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/29221f48-fbc7-4db4-8fc6-86f1e3e137b8.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "29221f48-fbc7-4db4-8fc6-86f1e3e137b8"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 29221f48-fbc7-4db4-8fc6-86f1e3e137b8
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [3A5B30A5017105C4CB30A0793FAE4600BF4A1A442D85C79E98405DC0083DEB8C](https://www.virustotal.com/gui/file/3A5B30A5017105C4CB30A0793FAE4600BF4A1A442D85C79E98405DC0083DEB8C) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [2A92103865FB60FC84D357180CC7DB45359B04AD419E8C4FAB74F7143FC0655A](https://www.virustotal.com/gui/search/authentihash%253A2A92103865FB60FC84D357180CC7DB45359B04AD419E8C4FAB74F7143FC0655A) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/29221f48-fbc7-4db4-8fc6-86f1e3e137b8.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/293680d1-928e-47e7-b45b-421122787ad8.md b/lolrmm.com/content/bootloaders/293680d1-928e-47e7-b45b-421122787ad8.md
new file mode 100644
index 00000000..d885e1be
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/293680d1-928e-47e7-b45b-421122787ad8.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "293680d1-928e-47e7-b45b-421122787ad8"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 293680d1-928e-47e7-b45b-421122787ad8
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [66CC4EE53DAE4DD746AE6D8B58B858DDDF1634A498D5EF41F50264E6F948F526](https://www.virustotal.com/gui/file/66CC4EE53DAE4DD746AE6D8B58B858DDDF1634A498D5EF41F50264E6F948F526) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [C05B9250BDA8E86B6E5C6A8C584F0F61B4A3D243689965B5A955A2CB198D1E99](https://www.virustotal.com/gui/search/authentihash%253AC05B9250BDA8E86B6E5C6A8C584F0F61B4A3D243689965B5A955A2CB198D1E99) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/293680d1-928e-47e7-b45b-421122787ad8.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/298f4996-3321-455a-bce2-919c3a73da65.md b/lolrmm.com/content/bootloaders/298f4996-3321-455a-bce2-919c3a73da65.md
new file mode 100644
index 00000000..c4209861
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/298f4996-3321-455a-bce2-919c3a73da65.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "298f4996-3321-455a-bce2-919c3a73da65"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 298f4996-3321-455a-bce2-919c3a73da65
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8">Black Lotus Microsoft Windows 8</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [7AFFFCAF48E9289AA0C44566C53EC0A311BF3E2ABF351E0122C685FD568D97B1](https://www.virustotal.com/gui/file/7AFFFCAF48E9289AA0C44566C53EC0A311BF3E2ABF351E0122C685FD568D97B1) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [7836465BDFFAE768EFAEDCBAA8B5787BAF51B2792A020E80E341A3F824FF82CA](https://www.virustotal.com/gui/search/authentihash%253A7836465BDFFAE768EFAEDCBAA8B5787BAF51B2792A020E80E341A3F824FF82CA) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/298f4996-3321-455a-bce2-919c3a73da65.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/29a5f4df-eaf4-468f-94e1-da9ba1b1c20a.md b/lolrmm.com/content/bootloaders/29a5f4df-eaf4-468f-94e1-da9ba1b1c20a.md
new file mode 100644
index 00000000..81ebbfde
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/29a5f4df-eaf4-468f-94e1-da9ba1b1c20a.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "29a5f4df-eaf4-468f-94e1-da9ba1b1c20a"
+weight = 10
+displayTitle = "bootarm.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootarm.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 29a5f4df-eaf4-468f-94e1-da9ba1b1c20a
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootarm.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootarm.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [BC5D2B2C7E7CB051D084484259095B2868CAEC001C09A6FD33302B0AA0DFA7E2](https://www.virustotal.com/gui/file/BC5D2B2C7E7CB051D084484259095B2868CAEC001C09A6FD33302B0AA0DFA7E2) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [1BCF1611E0CC92C9D46D2A51C7ECF6EC63C562EF759324A1D9151D508A16B7B3](https://www.virustotal.com/gui/search/authentihash%253A1BCF1611E0CC92C9D46D2A51C7ECF6EC63C562EF759324A1D9151D508A16B7B3) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/29a5f4df-eaf4-468f-94e1-da9ba1b1c20a.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/29bd7324-d53f-4143-acc6-d03d0e4e3aa1.md b/lolrmm.com/content/bootloaders/29bd7324-d53f-4143-acc6-d03d0e4e3aa1.md
new file mode 100644
index 00000000..88c67c91
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/29bd7324-d53f-4143-acc6-d03d0e4e3aa1.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "29bd7324-d53f-4143-acc6-d03d0e4e3aa1"
+weight = 10
+displayTitle = "29bd7324-d53f-4143-acc6-d03d0e4e3aa1"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 29bd7324-d53f-4143-acc6-d03d0e4e3aa1 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by SUSE Linux and revoked Jul-20
+- **UUID**: 29bd7324-d53f-4143-acc6-d03d0e4e3aa1
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [9EABEA9AE699526AD519782DA21718DA7190490AA3436BBBD80269D4A4CC37C5](https://www.virustotal.com/gui/file/9EABEA9AE699526AD519782DA21718DA7190490AA3436BBBD80269D4A4CC37C5) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [BDD01126E9D85710D3FE75AF1CC1702A29F081B4F6FDF6A2B2135C0297A9CEC5](https://www.virustotal.com/gui/search/authentihash%253ABDD01126E9D85710D3FE75AF1CC1702A29F081B4F6FDF6A2B2135C0297A9CEC5) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/29bd7324-d53f-4143-acc6-d03d0e4e3aa1.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/2a2e7598-1bd6-4772-a189-6421ab29af37.md b/lolrmm.com/content/bootloaders/2a2e7598-1bd6-4772-a189-6421ab29af37.md
new file mode 100644
index 00000000..82fe7a6c
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/2a2e7598-1bd6-4772-a189-6421ab29af37.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "2a2e7598-1bd6-4772-a189-6421ab29af37"
+weight = 10
+displayTitle = "2a2e7598-1bd6-4772-a189-6421ab29af37"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 2a2e7598-1bd6-4772-a189-6421ab29af37 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Intel Corporation and revoked Jul-20
+- **UUID**: 2a2e7598-1bd6-4772-a189-6421ab29af37
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [6484A487192E0B44CBD30EB7B3D436A9150D5B5AD271974764366BDC4E8677BB](https://www.virustotal.com/gui/file/6484A487192E0B44CBD30EB7B3D436A9150D5B5AD271974764366BDC4E8677BB) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [09F98AA90F85198C0D73F89BA77E87EC6F596C491350FB8F8BBA80A62FBB914B](https://www.virustotal.com/gui/search/authentihash%253A09F98AA90F85198C0D73F89BA77E87EC6F596C491350FB8F8BBA80A62FBB914B) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/2a2e7598-1bd6-4772-a189-6421ab29af37.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/2a4a532a-848c-4ca5-a910-357daefe32e7.md b/lolrmm.com/content/bootloaders/2a4a532a-848c-4ca5-a910-357daefe32e7.md
new file mode 100644
index 00000000..31422e4b
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/2a4a532a-848c-4ca5-a910-357daefe32e7.md
@@ -0,0 +1,164 @@
++++
+
+description = ""
+title = "2a4a532a-848c-4ca5-a910-357daefe32e7"
+weight = 10
+displayTitle = "shim-0.9+1474479173.6c180c6-1ubuntu1/shim64-bit.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# shim-0.9+1474479173.6c180c6-1ubuntu1/shim64-bit.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Canonical Ltd and revoked Apr-21
+- **UUID**: 2a4a532a-848c-4ca5-a910-357daefe32e7
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/9671f8d6de959b9d084f2a67f6dfadf3.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\shim-0.9+1474479173.6c180c6-1ubuntu1/shim64-bit.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372">CVE-2020-14372</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632">CVE-2020-25632</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647">CVE-2020-25647</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749">CVE-2020-27749</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779">CVE-2020-27779</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3418">CVE-2021-3418</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225">CVE-2021-20225</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233">CVE-2021-20233</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | shim-0.9+1474479173.6c180c6-1ubuntu1/shim64-bit.efi |
+| MD5                | [9671f8d6de959b9d084f2a67f6dfadf3](https://www.virustotal.com/gui/file/9671f8d6de959b9d084f2a67f6dfadf3) |
+| SHA1               | [f7df1f4af46adceea20652bc796d86b47d9eeb6c](https://www.virustotal.com/gui/file/f7df1f4af46adceea20652bc796d86b47d9eeb6c) |
+| SHA256             | [3c430c719c9053a74d74dcc5e52b40d10f109db1dc9458a05a7a413b86a93467](https://www.virustotal.com/gui/file/3c430c719c9053a74d74dcc5e52b40d10f109db1dc9458a05a7a413b86a93467) |
+| Authentihash MD5   | [e04975ca0b4139e160f03ab301fe80b6](https://www.virustotal.com/gui/search/authentihash%253Ae04975ca0b4139e160f03ab301fe80b6) |
+| Authentihash SHA1  | [8b736cf22a54133d32665bed98eedf76755e0b10](https://www.virustotal.com/gui/search/authentihash%253A8b736cf22a54133d32665bed98eedf76755e0b10) |
+| Authentihash SHA256| [4cd73702d6b209ea8d57657ac4603c8127134d01973d84018af7c68335751ad9](https://www.virustotal.com/gui/search/authentihash%253A4cd73702d6b209ea8d57657ac4603c8127134d01973d84018af7c68335751ad9) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/2a4a532a-848c-4ca5-a910-357daefe32e7.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/2a9c12a2-bc01-4af2-bb23-a5f1fcba5bdc.md b/lolrmm.com/content/bootloaders/2a9c12a2-bc01-4af2-bb23-a5f1fcba5bdc.md
new file mode 100644
index 00000000..91981b2d
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/2a9c12a2-bc01-4af2-bb23-a5f1fcba5bdc.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "2a9c12a2-bc01-4af2-bb23-a5f1fcba5bdc"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 2a9c12a2-bc01-4af2-bb23-a5f1fcba5bdc
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [B15095CBB09505C8354657EF7DF0FA4046F5F9DC74B26EF12A7D83E82A718322](https://www.virustotal.com/gui/file/B15095CBB09505C8354657EF7DF0FA4046F5F9DC74B26EF12A7D83E82A718322) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [C1547CF902570207A9694B6B8E353FE41419DB6A3802221DDF10FB8F86947804](https://www.virustotal.com/gui/search/authentihash%253AC1547CF902570207A9694B6B8E353FE41419DB6A3802221DDF10FB8F86947804) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/2a9c12a2-bc01-4af2-bb23-a5f1fcba5bdc.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/2b61baf4-c396-4e1b-b487-87c1ebf4b17a.md b/lolrmm.com/content/bootloaders/2b61baf4-c396-4e1b-b487-87c1ebf4b17a.md
new file mode 100644
index 00000000..e00c1282
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/2b61baf4-c396-4e1b-b487-87c1ebf4b17a.md
@@ -0,0 +1,164 @@
++++
+
+description = ""
+title = "2b61baf4-c396-4e1b-b487-87c1ebf4b17a"
+weight = 10
+displayTitle = "grubx64.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# grubx64.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Canonical and revoked Jul-20
+- **UUID**: 2b61baf4-c396-4e1b-b487-87c1ebf4b17a
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/c3f1acb15ea4dd4002d43c5941d1a64e.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\grubx64.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | grubx64.efi |
+| MD5                | [c3f1acb15ea4dd4002d43c5941d1a64e](https://www.virustotal.com/gui/file/c3f1acb15ea4dd4002d43c5941d1a64e) |
+| SHA1               | [31a862d073e46ffc608cfc93ffc8e18c38dfed8f](https://www.virustotal.com/gui/file/31a862d073e46ffc608cfc93ffc8e18c38dfed8f) |
+| SHA256             | [3d23947c39680b9fcf22b092b97c9d38edcc02f7ad13d3a925d1ee0b62797e73](https://www.virustotal.com/gui/file/3d23947c39680b9fcf22b092b97c9d38edcc02f7ad13d3a925d1ee0b62797e73) |
+| Authentihash MD5   | [379f249742bb47ea2d7cec2b9d3fb1b7](https://www.virustotal.com/gui/search/authentihash%253A379f249742bb47ea2d7cec2b9d3fb1b7) |
+| Authentihash SHA1  | [b678307ce3a2c6d5a2f988e7ec068590edbf1c50](https://www.virustotal.com/gui/search/authentihash%253Ab678307ce3a2c6d5a2f988e7ec068590edbf1c50) |
+| Authentihash SHA256| [7eac80a915c84cd4afec638904d94eb168a8557951a4d539b0713028552b6b8c](https://www.virustotal.com/gui/search/authentihash%253A7eac80a915c84cd4afec638904d94eb168a8557951a4d539b0713028552b6b8c) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/2b61baf4-c396-4e1b-b487-87c1ebf4b17a.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/2b66ad2e-41d5-498c-bd23-2c88e3a74ccd.md b/lolrmm.com/content/bootloaders/2b66ad2e-41d5-498c-bd23-2c88e3a74ccd.md
new file mode 100644
index 00000000..44d8e5ff
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/2b66ad2e-41d5-498c-bd23-2c88e3a74ccd.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "2b66ad2e-41d5-498c-bd23-2c88e3a74ccd"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 2b66ad2e-41d5-498c-bd23-2c88e3a74ccd
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [6DB28A61DEE4A1209B94F5C984C44D9674F69EE700373FD7BF1A3CBDAAB83FA0](https://www.virustotal.com/gui/file/6DB28A61DEE4A1209B94F5C984C44D9674F69EE700373FD7BF1A3CBDAAB83FA0) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [FFD7688E7D2B8C3C3140B415E728BBE7663C54E23BD288FF2CF4617835088F39](https://www.virustotal.com/gui/search/authentihash%253AFFD7688E7D2B8C3C3140B415E728BBE7663C54E23BD288FF2CF4617835088F39) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/2b66ad2e-41d5-498c-bd23-2c88e3a74ccd.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/2b807893-889b-4dd8-99be-ff17aecfb58e.md b/lolrmm.com/content/bootloaders/2b807893-889b-4dd8-99be-ff17aecfb58e.md
new file mode 100644
index 00000000..5496d2c6
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/2b807893-889b-4dd8-99be-ff17aecfb58e.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "2b807893-889b-4dd8-99be-ff17aecfb58e"
+weight = 10
+displayTitle = "bootarm.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootarm.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 2b807893-889b-4dd8-99be-ff17aecfb58e
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootarm.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootarm.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [73DD7327621AA77D919473F71D3175EFA40F174D3C16060C079CEF169CC51363](https://www.virustotal.com/gui/file/73DD7327621AA77D919473F71D3175EFA40F174D3C16060C079CEF169CC51363) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [7D0B74AE42DF73A0C2C9CA64F6C83813D3D6A5C4B02BC47F566CEDD5682C691A](https://www.virustotal.com/gui/search/authentihash%253A7D0B74AE42DF73A0C2C9CA64F6C83813D3D6A5C4B02BC47F566CEDD5682C691A) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/2b807893-889b-4dd8-99be-ff17aecfb58e.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/2b96f3c6-afdb-4da2-84d4-601c9a71b2a8.md b/lolrmm.com/content/bootloaders/2b96f3c6-afdb-4da2-84d4-601c9a71b2a8.md
new file mode 100644
index 00000000..eda9a47c
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/2b96f3c6-afdb-4da2-84d4-601c9a71b2a8.md
@@ -0,0 +1,241 @@
++++
+
+description = ""
+title = "2b96f3c6-afdb-4da2-84d4-601c9a71b2a8"
+weight = 10
+displayTitle = "BOOTia32.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# BOOTia32.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by whitecanyon and revoked Jul-20
+- **UUID**: 2b96f3c6-afdb-4da2-84d4-601c9a71b2a8
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/69a56b18be5865ccda9ab3a5bb4987ab.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\BOOTia32.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | BOOTia32.efi |
+| MD5                | [69a56b18be5865ccda9ab3a5bb4987ab](https://www.virustotal.com/gui/file/69a56b18be5865ccda9ab3a5bb4987ab) |
+| SHA1               | [ec708522ed126c2bc6b8e3306c8231351927e369](https://www.virustotal.com/gui/file/ec708522ed126c2bc6b8e3306c8231351927e369) |
+| SHA256             | [a9f6c38c2608d6f36f246e74a9fd17e915c89e54eafa2281b8ace86133df22b3](https://www.virustotal.com/gui/file/a9f6c38c2608d6f36f246e74a9fd17e915c89e54eafa2281b8ace86133df22b3) |
+| Authentihash MD5   | [93d2db760e57e03fd6e20cc55dc4aa46](https://www.virustotal.com/gui/search/authentihash%253A93d2db760e57e03fd6e20cc55dc4aa46) |
+| Authentihash SHA1  | [5468b9ca48c3f67380a51e4a91732fb0792eb40d](https://www.virustotal.com/gui/search/authentihash%253A5468b9ca48c3f67380a51e4a91732fb0792eb40d) |
+| Authentihash SHA256| [adcc0b6fd6dc5911bf42f036c033fc3e43f07a8312e91d0d8d32793b62940c7e](https://www.virustotal.com/gui/search/authentihash%253Aadcc0b6fd6dc5911bf42f036c033fc3e43f07a8312e91d0d8d32793b62940c7e) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000002530b3d3726ee3f72f000100000025
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | a5052527524f4998a7bd87f396196fe8  |
+| ToBeSigned (TBS) SHA1             | 2374a3e4f0499d106f0e4d71a22f7b0e709847c0 |
+| ToBeSigned (TBS) SHA256           | f5b4992e0bd1b102ae9d5aeec4bd213f5dd042bd27b9a345ad336d2dda10a138 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher |
+| ValidFrom                         | 2017-08-11 20:20:00 |
+| ValidTo                           | 2018-08-11 20:20:00 |
+| Signature                         | 6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000002530b3d3726ee3f72f000100000025 |
+| Version                           | 3 |
+###### Certificate 6108d3c4000000000004
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 1f23e75a000f0b6db92650dc26ac98e1  |
+| ToBeSigned (TBS) SHA1             | bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d |
+| ToBeSigned (TBS) SHA256           | 9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011 |
+| ValidFrom                         | 2011-06-27 21:22:45 |
+| ValidTo                           | 2026-06-27 21:32:45 |
+| Signature                         | 350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 6108d3c4000000000004 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+      "Signature": "6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+      "TBS": {
+        "MD5": "a5052527524f4998a7bd87f396196fe8",
+        "SHA1": "2374a3e4f0499d106f0e4d71a22f7b0e709847c0",
+        "SHA256": "f5b4992e0bd1b102ae9d5aeec4bd213f5dd042bd27b9a345ad336d2dda10a138"
+      },
+      "ValidFrom": "2017-08-11 20:20:00",
+      "ValidTo": "2018-08-11 20:20:00",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "6108d3c4000000000004",
+      "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "TBS": {
+        "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+        "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+        "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+      },
+      "ValidFrom": "2011-06-27 21:22:45",
+      "ValidTo": "2026-06-27 21:32:45",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/2b96f3c6-afdb-4da2-84d4-601c9a71b2a8.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/2bfaff34-8a6b-486e-a308-0484d2372727.md b/lolrmm.com/content/bootloaders/2bfaff34-8a6b-486e-a308-0484d2372727.md
new file mode 100644
index 00000000..99c4cdf4
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/2bfaff34-8a6b-486e-a308-0484d2372727.md
@@ -0,0 +1,241 @@
++++
+
+description = ""
+title = "2bfaff34-8a6b-486e-a308-0484d2372727"
+weight = 10
+displayTitle = "BOOTX64.EFI"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# BOOTX64.EFI ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Red Hat Inc. and revoked Jul-20
+- **UUID**: 2bfaff34-8a6b-486e-a308-0484d2372727
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/c453084032024e3b2dcd648c9406e760.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\BOOTX64.EFI } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | BOOTX64.EFI |
+| MD5                | [c453084032024e3b2dcd648c9406e760](https://www.virustotal.com/gui/file/c453084032024e3b2dcd648c9406e760) |
+| SHA1               | [1316e2b5fb83b29acc00c5050799afb7ccd6b6e2](https://www.virustotal.com/gui/file/1316e2b5fb83b29acc00c5050799afb7ccd6b6e2) |
+| SHA256             | [fb5eebcd4100593a1b2890267037b7701c83f32c284b99908ff1c34d5693bfc2](https://www.virustotal.com/gui/file/fb5eebcd4100593a1b2890267037b7701c83f32c284b99908ff1c34d5693bfc2) |
+| Authentihash MD5   | [1886fd591b86756f2823f157d197be5f](https://www.virustotal.com/gui/search/authentihash%253A1886fd591b86756f2823f157d197be5f) |
+| Authentihash SHA1  | [b9d3918f7829cf8308e519448712a95d58eb6ed5](https://www.virustotal.com/gui/search/authentihash%253Ab9d3918f7829cf8308e519448712a95d58eb6ed5) |
+| Authentihash SHA256| [02e6216acaef6401401fa555ecbed940b1a5f2569aed92956137ae58482ef1b7](https://www.virustotal.com/gui/search/authentihash%253A02e6216acaef6401401fa555ecbed940b1a5f2569aed92956137ae58482ef1b7) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000002530b3d3726ee3f72f000100000025
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | a5052527524f4998a7bd87f396196fe8  |
+| ToBeSigned (TBS) SHA1             | 2374a3e4f0499d106f0e4d71a22f7b0e709847c0 |
+| ToBeSigned (TBS) SHA256           | f5b4992e0bd1b102ae9d5aeec4bd213f5dd042bd27b9a345ad336d2dda10a138 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher |
+| ValidFrom                         | 2017-08-11 20:20:00 |
+| ValidTo                           | 2018-08-11 20:20:00 |
+| Signature                         | 6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000002530b3d3726ee3f72f000100000025 |
+| Version                           | 3 |
+###### Certificate 6108d3c4000000000004
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 1f23e75a000f0b6db92650dc26ac98e1  |
+| ToBeSigned (TBS) SHA1             | bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d |
+| ToBeSigned (TBS) SHA256           | 9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011 |
+| ValidFrom                         | 2011-06-27 21:22:45 |
+| ValidTo                           | 2026-06-27 21:32:45 |
+| Signature                         | 350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 6108d3c4000000000004 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+      "Signature": "6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+      "TBS": {
+        "MD5": "a5052527524f4998a7bd87f396196fe8",
+        "SHA1": "2374a3e4f0499d106f0e4d71a22f7b0e709847c0",
+        "SHA256": "f5b4992e0bd1b102ae9d5aeec4bd213f5dd042bd27b9a345ad336d2dda10a138"
+      },
+      "ValidFrom": "2017-08-11 20:20:00",
+      "ValidTo": "2018-08-11 20:20:00",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "6108d3c4000000000004",
+      "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "TBS": {
+        "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+        "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+        "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+      },
+      "ValidFrom": "2011-06-27 21:22:45",
+      "ValidTo": "2026-06-27 21:32:45",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/2bfaff34-8a6b-486e-a308-0484d2372727.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/2c1b4ac9-5f4e-407f-bf05-bea2bef8d7f3.md b/lolrmm.com/content/bootloaders/2c1b4ac9-5f4e-407f-bf05-bea2bef8d7f3.md
new file mode 100644
index 00000000..a5a6c017
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/2c1b4ac9-5f4e-407f-bf05-bea2bef8d7f3.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "2c1b4ac9-5f4e-407f-bf05-bea2bef8d7f3"
+weight = 10
+displayTitle = "2c1b4ac9-5f4e-407f-bf05-bea2bef8d7f3"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 2c1b4ac9-5f4e-407f-bf05-bea2bef8d7f3 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Endless OS and revoked Jul-20
+- **UUID**: 2c1b4ac9-5f4e-407f-bf05-bea2bef8d7f3
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [191A99A1EF854CE43E64D1CE2FDCC0C942200B88D232F8823A439CBCD7D148C1](https://www.virustotal.com/gui/file/191A99A1EF854CE43E64D1CE2FDCC0C942200B88D232F8823A439CBCD7D148C1) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [DD59AF56084406E38C63FBE0850F30A0CD1277462A2192590FB05BC259E61273](https://www.virustotal.com/gui/search/authentihash%253ADD59AF56084406E38C63FBE0850F30A0CD1277462A2192590FB05BC259E61273) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/2c1b4ac9-5f4e-407f-bf05-bea2bef8d7f3.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/2ca2a15a-a3ca-44f8-a400-6ad9d6c119ce.md b/lolrmm.com/content/bootloaders/2ca2a15a-a3ca-44f8-a400-6ad9d6c119ce.md
new file mode 100644
index 00000000..6dd966a7
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/2ca2a15a-a3ca-44f8-a400-6ad9d6c119ce.md
@@ -0,0 +1,241 @@
++++
+
+description = ""
+title = "2ca2a15a-a3ca-44f8-a400-6ad9d6c119ce"
+weight = 10
+displayTitle = "bootia32.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootia32.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Alt Linux LTD and revoked Jul-20
+- **UUID**: 2ca2a15a-a3ca-44f8-a400-6ad9d6c119ce
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/28e6701303a90a81dea61addc9d06329.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootia32.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootia32.efi |
+| MD5                | [28e6701303a90a81dea61addc9d06329](https://www.virustotal.com/gui/file/28e6701303a90a81dea61addc9d06329) |
+| SHA1               | [00745e4a83900338ec53b231a602eb76ce3fa889](https://www.virustotal.com/gui/file/00745e4a83900338ec53b231a602eb76ce3fa889) |
+| SHA256             | [2f871712447dde7c3552f5aa90a2292821c6f32d92788e00dee8566f8d4de209](https://www.virustotal.com/gui/file/2f871712447dde7c3552f5aa90a2292821c6f32d92788e00dee8566f8d4de209) |
+| Authentihash MD5   | [376edf47c4a984324ea56fba394cc047](https://www.virustotal.com/gui/search/authentihash%253A376edf47c4a984324ea56fba394cc047) |
+| Authentihash SHA1  | [ec85b380b74232b3a564125db01bfe11ff646040](https://www.virustotal.com/gui/search/authentihash%253Aec85b380b74232b3a564125db01bfe11ff646040) |
+| Authentihash SHA256| [98cc8b91fec5252f62e81843d9d5d8ac2a2f253aa38152b3236a5092200ed290](https://www.virustotal.com/gui/search/authentihash%253A98cc8b91fec5252f62e81843d9d5d8ac2a2f253aa38152b3236a5092200ed290) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000002b4b79b3694d12118700010000002b
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 8d8a1f204c9c80213bd427fa58b387e2  |
+| ToBeSigned (TBS) SHA1             | 8d78e1742b948f0c8298e560dd71fe1594020386 |
+| ToBeSigned (TBS) SHA256           | 1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher |
+| ValidFrom                         | 2018-07-03 20:53:01 |
+| ValidTo                           | 2019-07-26 20:53:01 |
+| Signature                         | 54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000002b4b79b3694d12118700010000002b |
+| Version                           | 3 |
+###### Certificate 6108d3c4000000000004
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 1f23e75a000f0b6db92650dc26ac98e1  |
+| ToBeSigned (TBS) SHA1             | bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d |
+| ToBeSigned (TBS) SHA256           | 9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011 |
+| ValidFrom                         | 2011-06-27 21:22:45 |
+| ValidTo                           | 2026-06-27 21:32:45 |
+| Signature                         | 350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 6108d3c4000000000004 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+      "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+      "TBS": {
+        "MD5": "8d8a1f204c9c80213bd427fa58b387e2",
+        "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386",
+        "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0"
+      },
+      "ValidFrom": "2018-07-03 20:53:01",
+      "ValidTo": "2019-07-26 20:53:01",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "6108d3c4000000000004",
+      "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "TBS": {
+        "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+        "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+        "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+      },
+      "ValidFrom": "2011-06-27 21:22:45",
+      "ValidTo": "2026-06-27 21:32:45",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/2ca2a15a-a3ca-44f8-a400-6ad9d6c119ce.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/2ca3cf24-b271-4a27-a228-ca91cab34b93.md b/lolrmm.com/content/bootloaders/2ca3cf24-b271-4a27-a228-ca91cab34b93.md
new file mode 100644
index 00000000..1966b65d
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/2ca3cf24-b271-4a27-a228-ca91cab34b93.md
@@ -0,0 +1,241 @@
++++
+
+description = ""
+title = "2ca3cf24-b271-4a27-a228-ca91cab34b93"
+weight = 10
+displayTitle = "BOOTX64.EFI"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# BOOTX64.EFI ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Alt Linux LTD and revoked Jul-20
+- **UUID**: 2ca3cf24-b271-4a27-a228-ca91cab34b93
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/9a795b1affc7cb4650bbd99b9a2cd819.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\BOOTX64.EFI } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | BOOTX64.EFI |
+| MD5                | [9a795b1affc7cb4650bbd99b9a2cd819](https://www.virustotal.com/gui/file/9a795b1affc7cb4650bbd99b9a2cd819) |
+| SHA1               | [586bf5d3fb1fb21159338701e324d9d26b6aa0e4](https://www.virustotal.com/gui/file/586bf5d3fb1fb21159338701e324d9d26b6aa0e4) |
+| SHA256             | [0dd832075d552da3d29b1ef471fc23b47c0d54b9fd1541935b23f1c5813da08c](https://www.virustotal.com/gui/file/0dd832075d552da3d29b1ef471fc23b47c0d54b9fd1541935b23f1c5813da08c) |
+| Authentihash MD5   | [86e7e6f737ed657dda5423a10319d41c](https://www.virustotal.com/gui/search/authentihash%253A86e7e6f737ed657dda5423a10319d41c) |
+| Authentihash SHA1  | [450ccd6553c679f4d87bbf3507780efc17a466c4](https://www.virustotal.com/gui/search/authentihash%253A450ccd6553c679f4d87bbf3507780efc17a466c4) |
+| Authentihash SHA256| [c452ab846073df5ace25cca64d6b7a09d906308a1a65eb5240e3c4ebcaa9cc0c](https://www.virustotal.com/gui/search/authentihash%253Ac452ab846073df5ace25cca64d6b7a09d906308a1a65eb5240e3c4ebcaa9cc0c) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 33000000081eb17e9c15fc837a000100000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | c5e24205d04c09c94d81b6935af7ec09  |
+| ToBeSigned (TBS) SHA1             | 12622dccb5b07edfd65cae6fc018e24b80ff2c82 |
+| ToBeSigned (TBS) SHA256           | d6afbff1c283d7777501bd3b2adb4aadb8ce32649ee401dfbb06f884362f7507 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher |
+| ValidFrom                         | 2012-07-02 22:25:14 |
+| ValidTo                           | 2013-10-02 22:25:14 |
+| Signature                         | 840831439e4e63e88d00e1b0c0678d70bb89f466e9027ab28177926d5def8175b3240e729f943f1e6bd94a0f27c92e696a5001c0747f6bf7574c09e8485a5eb6d7024244ddd73236c28e9dfad58ec5098b74516234232552d9230c1d0ddae73108b0a0144bd9e9265dac56ebdcce7512cf3627a6858d41876ede19d35e0e27957a6896aae9ea150098327450fe7c72385aac6feff0616b3d066cd0be7e5a537bb18488c67db9f0731c30ac7918fe977b4250ffbfbeea81e1ba3b8a0305b9374f0d22453781cc5823b5faad5e50e84306381f83382fe0ed8b176a9c9ff1868cc6543e7f12b1f112adc62430fd1ba530d877a290f0d2e09eacce07ed37ec439c25 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 33000000081eb17e9c15fc837a000100000008 |
+| Version                           | 3 |
+###### Certificate 6108d3c4000000000004
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 1f23e75a000f0b6db92650dc26ac98e1  |
+| ToBeSigned (TBS) SHA1             | bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d |
+| ToBeSigned (TBS) SHA256           | 9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011 |
+| ValidFrom                         | 2011-06-27 21:22:45 |
+| ValidTo                           | 2026-06-27 21:32:45 |
+| Signature                         | 350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 6108d3c4000000000004 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "33000000081eb17e9c15fc837a000100000008",
+      "Signature": "840831439e4e63e88d00e1b0c0678d70bb89f466e9027ab28177926d5def8175b3240e729f943f1e6bd94a0f27c92e696a5001c0747f6bf7574c09e8485a5eb6d7024244ddd73236c28e9dfad58ec5098b74516234232552d9230c1d0ddae73108b0a0144bd9e9265dac56ebdcce7512cf3627a6858d41876ede19d35e0e27957a6896aae9ea150098327450fe7c72385aac6feff0616b3d066cd0be7e5a537bb18488c67db9f0731c30ac7918fe977b4250ffbfbeea81e1ba3b8a0305b9374f0d22453781cc5823b5faad5e50e84306381f83382fe0ed8b176a9c9ff1868cc6543e7f12b1f112adc62430fd1ba530d877a290f0d2e09eacce07ed37ec439c25",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+      "TBS": {
+        "MD5": "c5e24205d04c09c94d81b6935af7ec09",
+        "SHA1": "12622dccb5b07edfd65cae6fc018e24b80ff2c82",
+        "SHA256": "d6afbff1c283d7777501bd3b2adb4aadb8ce32649ee401dfbb06f884362f7507"
+      },
+      "ValidFrom": "2012-07-02 22:25:14",
+      "ValidTo": "2013-10-02 22:25:14",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "6108d3c4000000000004",
+      "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "TBS": {
+        "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+        "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+        "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+      },
+      "ValidFrom": "2011-06-27 21:22:45",
+      "ValidTo": "2026-06-27 21:32:45",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "SerialNumber": "33000000081eb17e9c15fc837a000100000008",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/2ca3cf24-b271-4a27-a228-ca91cab34b93.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/2cb09869-230c-4114-a4ec-a744b3181282.md b/lolrmm.com/content/bootloaders/2cb09869-230c-4114-a4ec-a744b3181282.md
new file mode 100644
index 00000000..a088584f
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/2cb09869-230c-4114-a4ec-a744b3181282.md
@@ -0,0 +1,241 @@
++++
+
+description = ""
+title = "2cb09869-230c-4114-a4ec-a744b3181282"
+weight = 10
+displayTitle = "BOOTX64.EFI"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# BOOTX64.EFI ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Red Hat Inc. and revoked Jul-20
+- **UUID**: 2cb09869-230c-4114-a4ec-a744b3181282
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/390218e8b12b9b5a8985baf49e163930.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\BOOTX64.EFI } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | BOOTX64.EFI |
+| MD5                | [390218e8b12b9b5a8985baf49e163930](https://www.virustotal.com/gui/file/390218e8b12b9b5a8985baf49e163930) |
+| SHA1               | [d8f34bcb62883019182a69e25f0b71caa3fcabdc](https://www.virustotal.com/gui/file/d8f34bcb62883019182a69e25f0b71caa3fcabdc) |
+| SHA256             | [0e99607b20d537497169c506c6893243d3f1bd5960505c1566bd97c0a741adfb](https://www.virustotal.com/gui/file/0e99607b20d537497169c506c6893243d3f1bd5960505c1566bd97c0a741adfb) |
+| Authentihash MD5   | [418f5f26299f7eb90d5659caff5388a3](https://www.virustotal.com/gui/search/authentihash%253A418f5f26299f7eb90d5659caff5388a3) |
+| Authentihash SHA1  | [d076bcca3841b8c400b4ae3317ea65de33782094](https://www.virustotal.com/gui/search/authentihash%253Ad076bcca3841b8c400b4ae3317ea65de33782094) |
+| Authentihash SHA256| [9f1863ed5717c394b42ef10a6607b144a65ba11fb6579df94b8eb2f0c4cd60c1](https://www.virustotal.com/gui/search/authentihash%253A9f1863ed5717c394b42ef10a6607b144a65ba11fb6579df94b8eb2f0c4cd60c1) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000002b4b79b3694d12118700010000002b
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 8d8a1f204c9c80213bd427fa58b387e2  |
+| ToBeSigned (TBS) SHA1             | 8d78e1742b948f0c8298e560dd71fe1594020386 |
+| ToBeSigned (TBS) SHA256           | 1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher |
+| ValidFrom                         | 2018-07-03 20:53:01 |
+| ValidTo                           | 2019-07-26 20:53:01 |
+| Signature                         | 54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000002b4b79b3694d12118700010000002b |
+| Version                           | 3 |
+###### Certificate 6108d3c4000000000004
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 1f23e75a000f0b6db92650dc26ac98e1  |
+| ToBeSigned (TBS) SHA1             | bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d |
+| ToBeSigned (TBS) SHA256           | 9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011 |
+| ValidFrom                         | 2011-06-27 21:22:45 |
+| ValidTo                           | 2026-06-27 21:32:45 |
+| Signature                         | 350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 6108d3c4000000000004 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+      "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+      "TBS": {
+        "MD5": "8d8a1f204c9c80213bd427fa58b387e2",
+        "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386",
+        "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0"
+      },
+      "ValidFrom": "2018-07-03 20:53:01",
+      "ValidTo": "2019-07-26 20:53:01",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "6108d3c4000000000004",
+      "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "TBS": {
+        "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+        "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+        "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+      },
+      "ValidFrom": "2011-06-27 21:22:45",
+      "ValidTo": "2026-06-27 21:32:45",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/2cb09869-230c-4114-a4ec-a744b3181282.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/2d38a9bc-5c3e-4871-9e74-a1181a10764d.md b/lolrmm.com/content/bootloaders/2d38a9bc-5c3e-4871-9e74-a1181a10764d.md
new file mode 100644
index 00000000..83140532
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/2d38a9bc-5c3e-4871-9e74-a1181a10764d.md
@@ -0,0 +1,241 @@
++++
+
+description = ""
+title = "2d38a9bc-5c3e-4871-9e74-a1181a10764d"
+weight = 10
+displayTitle = "Signed_14173467011297444/shimaa64.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# Signed_14173467011297444/shimaa64.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Debian and revoked Apr-21
+- **UUID**: 2d38a9bc-5c3e-4871-9e74-a1181a10764d
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/a1b9b882d3990b8465c7010a406ecd99.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\Signed_14173467011297444/shimaa64.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372">CVE-2020-14372</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632">CVE-2020-25632</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647">CVE-2020-25647</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749">CVE-2020-27749</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779">CVE-2020-27779</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3418">CVE-2021-3418</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225">CVE-2021-20225</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233">CVE-2021-20233</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | Signed_14173467011297444/shimaa64.efi |
+| MD5                | [a1b9b882d3990b8465c7010a406ecd99](https://www.virustotal.com/gui/file/a1b9b882d3990b8465c7010a406ecd99) |
+| SHA1               | [58d47e6513a61b42d4c1c2a9150cf9fd051ec435](https://www.virustotal.com/gui/file/58d47e6513a61b42d4c1c2a9150cf9fd051ec435) |
+| SHA256             | [754952ff4187789c0269982d056f6a863409963f46d870c0a8d054e0fe69857b](https://www.virustotal.com/gui/file/754952ff4187789c0269982d056f6a863409963f46d870c0a8d054e0fe69857b) |
+| Authentihash MD5   | [c5fe8d0376e90b44fd565015cd7e82c9](https://www.virustotal.com/gui/search/authentihash%253Ac5fe8d0376e90b44fd565015cd7e82c9) |
+| Authentihash SHA1  | [a69b510efc63da996aa74d11e49b6748141d2803](https://www.virustotal.com/gui/search/authentihash%253Aa69b510efc63da996aa74d11e49b6748141d2803) |
+| Authentihash SHA256| [903d0d76ada77672c60a4d63be5f6e1b8f247cea9e7d32b6cb26e1a82815d09d](https://www.virustotal.com/gui/search/authentihash%253A903d0d76ada77672c60a4d63be5f6e1b8f247cea9e7d32b6cb26e1a82815d09d) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000002b4b79b3694d12118700010000002b
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 8d8a1f204c9c80213bd427fa58b387e2  |
+| ToBeSigned (TBS) SHA1             | 8d78e1742b948f0c8298e560dd71fe1594020386 |
+| ToBeSigned (TBS) SHA256           | 1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher |
+| ValidFrom                         | 2018-07-03 20:53:01 |
+| ValidTo                           | 2019-07-26 20:53:01 |
+| Signature                         | 54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000002b4b79b3694d12118700010000002b |
+| Version                           | 3 |
+###### Certificate 6108d3c4000000000004
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 1f23e75a000f0b6db92650dc26ac98e1  |
+| ToBeSigned (TBS) SHA1             | bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d |
+| ToBeSigned (TBS) SHA256           | 9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011 |
+| ValidFrom                         | 2011-06-27 21:22:45 |
+| ValidTo                           | 2026-06-27 21:32:45 |
+| Signature                         | 350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 6108d3c4000000000004 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* text, text
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* text, text
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+      "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+      "TBS": {
+        "MD5": "8d8a1f204c9c80213bd427fa58b387e2",
+        "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386",
+        "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0"
+      },
+      "ValidFrom": "2018-07-03 20:53:01",
+      "ValidTo": "2019-07-26 20:53:01",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "6108d3c4000000000004",
+      "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "TBS": {
+        "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+        "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+        "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+      },
+      "ValidFrom": "2011-06-27 21:22:45",
+      "ValidTo": "2026-06-27 21:32:45",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/2d38a9bc-5c3e-4871-9e74-a1181a10764d.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/2d78b89b-4a5d-4d38-8c20-2baf76df8699.md b/lolrmm.com/content/bootloaders/2d78b89b-4a5d-4d38-8c20-2baf76df8699.md
new file mode 100644
index 00000000..9de84e9c
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/2d78b89b-4a5d-4d38-8c20-2baf76df8699.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "2d78b89b-4a5d-4d38-8c20-2baf76df8699"
+weight = 10
+displayTitle = "2d78b89b-4a5d-4d38-8c20-2baf76df8699"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 2d78b89b-4a5d-4d38-8c20-2baf76df8699 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by The Broadband Computer Co and revoked Jul-20
+- **UUID**: 2d78b89b-4a5d-4d38-8c20-2baf76df8699
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [83B1D2B20830EE199D8845C999D4680B1B2B6D9C1F424DD13826DA3FA7F7139E](https://www.virustotal.com/gui/file/83B1D2B20830EE199D8845C999D4680B1B2B6D9C1F424DD13826DA3FA7F7139E) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [386D695CDF2D4576E01BCACCF5E49E78DA51AF9955C0B8FA7606373B007994B3](https://www.virustotal.com/gui/search/authentihash%253A386D695CDF2D4576E01BCACCF5E49E78DA51AF9955C0B8FA7606373B007994B3) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/2d78b89b-4a5d-4d38-8c20-2baf76df8699.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/2e3641bb-5bd7-42d3-8353-481b4593c641.md b/lolrmm.com/content/bootloaders/2e3641bb-5bd7-42d3-8353-481b4593c641.md
new file mode 100644
index 00000000..1b7d4171
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/2e3641bb-5bd7-42d3-8353-481b4593c641.md
@@ -0,0 +1,241 @@
++++
+
+description = ""
+title = "2e3641bb-5bd7-42d3-8353-481b4593c641"
+weight = 10
+displayTitle = "bootx64.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootx64.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Isoo Software Dev Co Ltd and revoked Jul-20
+- **UUID**: 2e3641bb-5bd7-42d3-8353-481b4593c641
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/89805fbe6421f1d03023514f8fd7215d.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootx64.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootx64.efi |
+| MD5                | [89805fbe6421f1d03023514f8fd7215d](https://www.virustotal.com/gui/file/89805fbe6421f1d03023514f8fd7215d) |
+| SHA1               | [f41fb5b7aaf48c05faed3e6622d2e2e70c95d2b7](https://www.virustotal.com/gui/file/f41fb5b7aaf48c05faed3e6622d2e2e70c95d2b7) |
+| SHA256             | [561d28e0888cdb0a8fce41754742aa8eb1bf5c8dd4eacbf9af0f40e0d36013c2](https://www.virustotal.com/gui/file/561d28e0888cdb0a8fce41754742aa8eb1bf5c8dd4eacbf9af0f40e0d36013c2) |
+| Authentihash MD5   | [2fb83ba40e7c8d9019f48dfa8269bdb8](https://www.virustotal.com/gui/search/authentihash%253A2fb83ba40e7c8d9019f48dfa8269bdb8) |
+| Authentihash SHA1  | [775705904e0748bc6210e1869f20765a2f1b027b](https://www.virustotal.com/gui/search/authentihash%253A775705904e0748bc6210e1869f20765a2f1b027b) |
+| Authentihash SHA256| [e24b315a551671483d8b9073b32de11b4de1eb2eab211afd2d9c319ff55e08d0](https://www.virustotal.com/gui/search/authentihash%253Ae24b315a551671483d8b9073b32de11b4de1eb2eab211afd2d9c319ff55e08d0) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000002530b3d3726ee3f72f000100000025
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | a5052527524f4998a7bd87f396196fe8  |
+| ToBeSigned (TBS) SHA1             | 2374a3e4f0499d106f0e4d71a22f7b0e709847c0 |
+| ToBeSigned (TBS) SHA256           | f5b4992e0bd1b102ae9d5aeec4bd213f5dd042bd27b9a345ad336d2dda10a138 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher |
+| ValidFrom                         | 2017-08-11 20:20:00 |
+| ValidTo                           | 2018-08-11 20:20:00 |
+| Signature                         | 6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000002530b3d3726ee3f72f000100000025 |
+| Version                           | 3 |
+###### Certificate 6108d3c4000000000004
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 1f23e75a000f0b6db92650dc26ac98e1  |
+| ToBeSigned (TBS) SHA1             | bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d |
+| ToBeSigned (TBS) SHA256           | 9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011 |
+| ValidFrom                         | 2011-06-27 21:22:45 |
+| ValidTo                           | 2026-06-27 21:32:45 |
+| Signature                         | 350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 6108d3c4000000000004 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+      "Signature": "6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+      "TBS": {
+        "MD5": "a5052527524f4998a7bd87f396196fe8",
+        "SHA1": "2374a3e4f0499d106f0e4d71a22f7b0e709847c0",
+        "SHA256": "f5b4992e0bd1b102ae9d5aeec4bd213f5dd042bd27b9a345ad336d2dda10a138"
+      },
+      "ValidFrom": "2017-08-11 20:20:00",
+      "ValidTo": "2018-08-11 20:20:00",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "6108d3c4000000000004",
+      "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "TBS": {
+        "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+        "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+        "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+      },
+      "ValidFrom": "2011-06-27 21:22:45",
+      "ValidTo": "2026-06-27 21:32:45",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/2e3641bb-5bd7-42d3-8353-481b4593c641.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/2e84c348-bc0b-46e8-aad0-77b20e8c534e.md b/lolrmm.com/content/bootloaders/2e84c348-bc0b-46e8-aad0-77b20e8c534e.md
new file mode 100644
index 00000000..7ec24dcd
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/2e84c348-bc0b-46e8-aad0-77b20e8c534e.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "2e84c348-bc0b-46e8-aad0-77b20e8c534e"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 2e84c348-bc0b-46e8-aad0-77b20e8c534e
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/c1feed742caf34c142f70956e0c1259b.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [c1feed742caf34c142f70956e0c1259b](https://www.virustotal.com/gui/file/c1feed742caf34c142f70956e0c1259b) |
+| SHA1               | [0e2909e38cccf18e7e44be9c12d9a4856a38b512](https://www.virustotal.com/gui/file/0e2909e38cccf18e7e44be9c12d9a4856a38b512) |
+| SHA256             | [e35cc798f138406bdc5e793574f62fe3be4c7dd6424aa6825e6ec7b2a345b591](https://www.virustotal.com/gui/file/e35cc798f138406bdc5e793574f62fe3be4c7dd6424aa6825e6ec7b2a345b591) |
+| Authentihash MD5   | [041babadd6d890113ca977dc8c8783b0](https://www.virustotal.com/gui/search/authentihash%253A041babadd6d890113ca977dc8c8783b0) |
+| Authentihash SHA1  | [a19c725dbf32822ebedb4b356cff0eb02d6d9c8e](https://www.virustotal.com/gui/search/authentihash%253Aa19c725dbf32822ebedb4b356cff0eb02d6d9c8e) |
+| Authentihash SHA256| [586898c60cff539b76d23dbf2c92e4105f6a7549e13f53d293708b793ca90d2d](https://www.virustotal.com/gui/search/authentihash%253A586898c60cff539b76d23dbf2c92e4105f6a7549e13f53d293708b793ca90d2d) |
+| RichPEHeaderHash MD5   | [bea299106bb70032737ee0f38109e096](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Abea299106bb70032737ee0f38109e096) |
+| RichPEHeaderHash SHA1  | [65f3332d76faa2a5ae73e63d26bfa69503b6c134](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A65f3332d76faa2a5ae73e63d26bfa69503b6c134) |
+| RichPEHeaderHash SHA256| [b6ad69793fc6b368aec09ba17c870dca193917afe40f10691983732cb4f36a5b](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Ab6ad69793fc6b368aec09ba17c870dca193917afe40f10691983732cb4f36a5b) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 33000000bce120fdd27cc8ee930000000000bc
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | f31f8c784e5d3986ccacb9c88c6d7044  |
+| ToBeSigned (TBS) SHA1             | 833498af9a41da339c83e0d384b521f72d053331 |
+| ToBeSigned (TBS) SHA256           | 1f47e616b2810165968d76ef4f6587611c276f4b52901bd6aa5822f9c6e52976 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2015-08-18 17:15:28 |
+| ValidTo                           | 2016-11-18 17:15:28 |
+| Signature                         | 60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 33000000bce120fdd27cc8ee930000000000bc |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+      "Signature": "60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "f31f8c784e5d3986ccacb9c88c6d7044",
+        "SHA1": "833498af9a41da339c83e0d384b521f72d053331",
+        "SHA256": "1f47e616b2810165968d76ef4f6587611c276f4b52901bd6aa5822f9c6e52976"
+      },
+      "ValidFrom": "2015-08-18 17:15:28",
+      "ValidTo": "2016-11-18 17:15:28",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/2e84c348-bc0b-46e8-aad0-77b20e8c534e.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/2e98c935-fda6-4fc9-b635-47a7d9157a02.md b/lolrmm.com/content/bootloaders/2e98c935-fda6-4fc9-b635-47a7d9157a02.md
new file mode 100644
index 00000000..a9572f62
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/2e98c935-fda6-4fc9-b635-47a7d9157a02.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "2e98c935-fda6-4fc9-b635-47a7d9157a02"
+weight = 10
+displayTitle = "shim-15+1552672080.a4a1fbe-0ubuntu1/shimaa64.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# shim-15+1552672080.a4a1fbe-0ubuntu1/shimaa64.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Canonical Ltd and revoked Apr-21
+- **UUID**: 2e98c935-fda6-4fc9-b635-47a7d9157a02
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\shim-15+1552672080.a4a1fbe-0ubuntu1/shimaa64.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372">CVE-2020-14372</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632">CVE-2020-25632</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647">CVE-2020-25647</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749">CVE-2020-27749</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779">CVE-2020-27779</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3418">CVE-2021-3418</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225">CVE-2021-20225</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233">CVE-2021-20233</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | shim-15+1552672080.a4a1fbe-0ubuntu1/shimaa64.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [B6F807D4488F132AB873DCDE8EDAD2875961895E503F263B86BA34958A290618](https://www.virustotal.com/gui/file/B6F807D4488F132AB873DCDE8EDAD2875961895E503F263B86BA34958A290618) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [A48B5E31477DA248680A8935D1E5E630E6FDE22277F9635DA7D6F7F9AA17E34A](https://www.virustotal.com/gui/search/authentihash%253AA48B5E31477DA248680A8935D1E5E630E6FDE22277F9635DA7D6F7F9AA17E34A) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/2e98c935-fda6-4fc9-b635-47a7d9157a02.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/2eba3138-0822-49f5-abb8-ea5cae849369.md b/lolrmm.com/content/bootloaders/2eba3138-0822-49f5-abb8-ea5cae849369.md
new file mode 100644
index 00000000..1e7a93f6
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/2eba3138-0822-49f5-abb8-ea5cae849369.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "2eba3138-0822-49f5-abb8-ea5cae849369"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 2eba3138-0822-49f5-abb8-ea5cae849369
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/bad97e7203aec2bd026403a7f70688b9.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [bad97e7203aec2bd026403a7f70688b9](https://www.virustotal.com/gui/file/bad97e7203aec2bd026403a7f70688b9) |
+| SHA1               | [cd3f23904459410ad9f11b26faff47ac28fa5f04](https://www.virustotal.com/gui/file/cd3f23904459410ad9f11b26faff47ac28fa5f04) |
+| SHA256             | [df216fa3f13f8f7472c9586da4d0a7cd11cd60a041f486a611a4667f1c3d2cc6](https://www.virustotal.com/gui/file/df216fa3f13f8f7472c9586da4d0a7cd11cd60a041f486a611a4667f1c3d2cc6) |
+| Authentihash MD5   | [29cf71c7b7ff3b63a229ec82bfc2708f](https://www.virustotal.com/gui/search/authentihash%253A29cf71c7b7ff3b63a229ec82bfc2708f) |
+| Authentihash SHA1  | [65bb31b71a030a3fe93ba4d64e4ae0cedabbfbcf](https://www.virustotal.com/gui/search/authentihash%253A65bb31b71a030a3fe93ba4d64e4ae0cedabbfbcf) |
+| Authentihash SHA256| [d5bc11fb619bfced64249b930c785ead5fca3927f0ce3c5efd3f1d9af04b37bf](https://www.virustotal.com/gui/search/authentihash%253Ad5bc11fb619bfced64249b930c785ead5fca3927f0ce3c5efd3f1d9af04b37bf) |
+| RichPEHeaderHash MD5   | [f946cf9d5023059fc9f2140cd5b159d7](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Af946cf9d5023059fc9f2140cd5b159d7) |
+| RichPEHeaderHash SHA1  | [13ecec12054fd579ab92638fb336a8a17c1264db](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A13ecec12054fd579ab92638fb336a8a17c1264db) |
+| RichPEHeaderHash SHA256| [f699df0555e9fe0fb7019c00aa9f4c2da8abeacc45ef7f11dd65541052afb896](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Af699df0555e9fe0fb7019c00aa9f4c2da8abeacc45ef7f11dd65541052afb896) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000002418fc0b689e7399d0000000000024
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 28b23b39f3bbd936a26a5b86451be0ac  |
+| ToBeSigned (TBS) SHA1             | 3b16f29295d5a7c323beb479c71d3d20c6b8acc2 |
+| ToBeSigned (TBS) SHA256           | 4383c9a796dc607ddaae1849d8e5d2e7ea211aad2c599fe1e251285ec87dd150 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2013-06-17 21:43:38 |
+| ValidTo                           | 2014-09-17 21:43:38 |
+| Signature                         | 78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000002418fc0b689e7399d0000000000024 |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+      "Signature": "78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "28b23b39f3bbd936a26a5b86451be0ac",
+        "SHA1": "3b16f29295d5a7c323beb479c71d3d20c6b8acc2",
+        "SHA256": "4383c9a796dc607ddaae1849d8e5d2e7ea211aad2c599fe1e251285ec87dd150"
+      },
+      "ValidFrom": "2013-06-17 21:43:38",
+      "ValidTo": "2014-09-17 21:43:38",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/2eba3138-0822-49f5-abb8-ea5cae849369.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/2f495b21-1d43-43c5-8770-c221121a2e6a.md b/lolrmm.com/content/bootloaders/2f495b21-1d43-43c5-8770-c221121a2e6a.md
new file mode 100644
index 00000000..804513e8
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/2f495b21-1d43-43c5-8770-c221121a2e6a.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "2f495b21-1d43-43c5-8770-c221121a2e6a"
+weight = 10
+displayTitle = "bootia32.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootia32.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 2f495b21-1d43-43c5-8770-c221121a2e6a
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootia32.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootia32.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [6FDB5AB3815A499948DF5ED732EE275FA44CE8313287A33B2875B2A2B1D60021](https://www.virustotal.com/gui/file/6FDB5AB3815A499948DF5ED732EE275FA44CE8313287A33B2875B2A2B1D60021) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [B7EA2FBD3FEEDA309912B2767BA80DD037813E80FED17CDA79EF7F62B6D1953B](https://www.virustotal.com/gui/search/authentihash%253AB7EA2FBD3FEEDA309912B2767BA80DD037813E80FED17CDA79EF7F62B6D1953B) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/2f495b21-1d43-43c5-8770-c221121a2e6a.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/30e370b5-bc05-4b98-96d1-8e71f41083fe.md b/lolrmm.com/content/bootloaders/30e370b5-bc05-4b98-96d1-8e71f41083fe.md
new file mode 100644
index 00000000..c2cb312b
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/30e370b5-bc05-4b98-96d1-8e71f41083fe.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "30e370b5-bc05-4b98-96d1-8e71f41083fe"
+weight = 10
+displayTitle = "30e370b5-bc05-4b98-96d1-8e71f41083fe"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 30e370b5-bc05-4b98-96d1-8e71f41083fe ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by SUSE Linux and revoked Jul-20
+- **UUID**: 30e370b5-bc05-4b98-96d1-8e71f41083fe
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [EE721020DB7794DE74F59992A2C6B4DCA5B9FD584BBCBDEF96930B9A7132BE1C](https://www.virustotal.com/gui/file/EE721020DB7794DE74F59992A2C6B4DCA5B9FD584BBCBDEF96930B9A7132BE1C) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [311A2AC55B50C09B30B3CC93B994A119153EEEAC54EF892FC447BBBD96101AA1](https://www.virustotal.com/gui/search/authentihash%253A311A2AC55B50C09B30B3CC93B994A119153EEEAC54EF892FC447BBBD96101AA1) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/30e370b5-bc05-4b98-96d1-8e71f41083fe.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/312c2d35-25a3-454a-a458-a797350273b1.md b/lolrmm.com/content/bootloaders/312c2d35-25a3-454a-a458-a797350273b1.md
new file mode 100644
index 00000000..bb568e72
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/312c2d35-25a3-454a-a458-a797350273b1.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "312c2d35-25a3-454a-a458-a797350273b1"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 312c2d35-25a3-454a-a458-a797350273b1
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [AEFCF3C2010344775B306EFA5FA4A9B7630AA95DA5B59C4E96A2524302B51E50](https://www.virustotal.com/gui/file/AEFCF3C2010344775B306EFA5FA4A9B7630AA95DA5B59C4E96A2524302B51E50) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [F330F23C09772A64E1478A19CE003FABCA4F52A9431A8C6803019AD532D7DDC8](https://www.virustotal.com/gui/search/authentihash%253AF330F23C09772A64E1478A19CE003FABCA4F52A9431A8C6803019AD532D7DDC8) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/312c2d35-25a3-454a-a458-a797350273b1.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/312efde5-1d57-4845-860d-cecb9a1af677.md b/lolrmm.com/content/bootloaders/312efde5-1d57-4845-860d-cecb9a1af677.md
new file mode 100644
index 00000000..2cca0efa
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/312efde5-1d57-4845-860d-cecb9a1af677.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "312efde5-1d57-4845-860d-cecb9a1af677"
+weight = 10
+displayTitle = "bootarm.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootarm.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 312efde5-1d57-4845-860d-cecb9a1af677
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootarm.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootarm.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [0EC7C340AE2DAA6D5F7B261BB64A5E7E2351073FC5B893E07D03595DEE28F544](https://www.virustotal.com/gui/file/0EC7C340AE2DAA6D5F7B261BB64A5E7E2351073FC5B893E07D03595DEE28F544) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [26ACA3C927095772FA26A4D63680597130AD161EEE8CBCE34B59E10C6167E92A](https://www.virustotal.com/gui/search/authentihash%253A26ACA3C927095772FA26A4D63680597130AD161EEE8CBCE34B59E10C6167E92A) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/312efde5-1d57-4845-860d-cecb9a1af677.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/3175132e-f5d7-4d88-b395-ca30351f8c69.md b/lolrmm.com/content/bootloaders/3175132e-f5d7-4d88-b395-ca30351f8c69.md
new file mode 100644
index 00000000..a5e5a1b2
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/3175132e-f5d7-4d88-b395-ca30351f8c69.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "3175132e-f5d7-4d88-b395-ca30351f8c69"
+weight = 10
+displayTitle = "bootia32.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootia32.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 3175132e-f5d7-4d88-b395-ca30351f8c69
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/45a7c3cf799b58b886c0b4c7f6f71d32.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootia32.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootia32.efi |
+| MD5                | [45a7c3cf799b58b886c0b4c7f6f71d32](https://www.virustotal.com/gui/file/45a7c3cf799b58b886c0b4c7f6f71d32) |
+| SHA1               | [52cad42539bc3f27a103e4a9bc0fd51a1b51a265](https://www.virustotal.com/gui/file/52cad42539bc3f27a103e4a9bc0fd51a1b51a265) |
+| SHA256             | [55a5bb13e3a985e0ab011e69b41704319de0843f9254cf91ed2964c13af345fe](https://www.virustotal.com/gui/file/55a5bb13e3a985e0ab011e69b41704319de0843f9254cf91ed2964c13af345fe) |
+| Authentihash MD5   | [439f829f38523f2c1e9995474cab6030](https://www.virustotal.com/gui/search/authentihash%253A439f829f38523f2c1e9995474cab6030) |
+| Authentihash SHA1  | [71d6ef211cc60fe99eb7f949640dabd36759b36a](https://www.virustotal.com/gui/search/authentihash%253A71d6ef211cc60fe99eb7f949640dabd36759b36a) |
+| Authentihash SHA256| [a6f13f3bb8132d248591f6762ced6d3a55efd8812db9730449e267cb6447145b](https://www.virustotal.com/gui/search/authentihash%253Aa6f13f3bb8132d248591f6762ced6d3a55efd8812db9730449e267cb6447145b) |
+| RichPEHeaderHash MD5   | [6bea06624768875081a9a967c3b37e7a](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A6bea06624768875081a9a967c3b37e7a) |
+| RichPEHeaderHash SHA1  | [7e16bd7ca20e183f5a6c2098ce732e7f91fde530](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A7e16bd7ca20e183f5a6c2098ce732e7f91fde530) |
+| RichPEHeaderHash SHA256| [61cb375839f46ec38deee3a50e5790ebde67d13cc9e41b745ca3368b5fe02620](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A61cb375839f46ec38deee3a50e5790ebde67d13cc9e41b745ca3368b5fe02620) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000004ea1d80770a9bbe94400000000004e
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 9da610547a25cbe89af7ecdb99229623  |
+| ToBeSigned (TBS) SHA1             | 6841cbcbd019586d045c2e9d6d0bc3a98fee3bf7 |
+| ToBeSigned (TBS) SHA256           | 1cfead8146399a4dfe6759e9303c30c521cff3830e7177e87e64021dc3da4931 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2014-07-01 20:32:01 |
+| ValidTo                           | 2015-10-01 20:32:01 |
+| Signature                         | 8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000004ea1d80770a9bbe94400000000004e |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+      "Signature": "8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "9da610547a25cbe89af7ecdb99229623",
+        "SHA1": "6841cbcbd019586d045c2e9d6d0bc3a98fee3bf7",
+        "SHA256": "1cfead8146399a4dfe6759e9303c30c521cff3830e7177e87e64021dc3da4931"
+      },
+      "ValidFrom": "2014-07-01 20:32:01",
+      "ValidTo": "2015-10-01 20:32:01",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/3175132e-f5d7-4d88-b395-ca30351f8c69.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/32544796-1bfd-476b-a4f6-8fccc5a593a3.md b/lolrmm.com/content/bootloaders/32544796-1bfd-476b-a4f6-8fccc5a593a3.md
new file mode 100644
index 00000000..e3a9b7e0
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/32544796-1bfd-476b-a4f6-8fccc5a593a3.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "32544796-1bfd-476b-a4f6-8fccc5a593a3"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 32544796-1bfd-476b-a4f6-8fccc5a593a3
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/f66d8bc26d38b7faaa1fbd4c4fdda3ff.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [f66d8bc26d38b7faaa1fbd4c4fdda3ff](https://www.virustotal.com/gui/file/f66d8bc26d38b7faaa1fbd4c4fdda3ff) |
+| SHA1               | [7098af963c0223858f2fa56cc226ee27048f35d3](https://www.virustotal.com/gui/file/7098af963c0223858f2fa56cc226ee27048f35d3) |
+| SHA256             | [e443176d6a0621e65cadde51f4019ec7fb25e91fa87cbb6cbaf09d94e9e49918](https://www.virustotal.com/gui/file/e443176d6a0621e65cadde51f4019ec7fb25e91fa87cbb6cbaf09d94e9e49918) |
+| Authentihash MD5   | [8cbc20535be05799179c23fb8354b9d3](https://www.virustotal.com/gui/search/authentihash%253A8cbc20535be05799179c23fb8354b9d3) |
+| Authentihash SHA1  | [458cad1c4b11da8201ca12a6ed0f50ec81261e1e](https://www.virustotal.com/gui/search/authentihash%253A458cad1c4b11da8201ca12a6ed0f50ec81261e1e) |
+| Authentihash SHA256| [61535caa144761fc48cc9d7a835dfaf020b569edfc7fa628f983d58a3ac25f2a](https://www.virustotal.com/gui/search/authentihash%253A61535caa144761fc48cc9d7a835dfaf020b569edfc7fa628f983d58a3ac25f2a) |
+| RichPEHeaderHash MD5   | [61ae12104fd32308c2c6da0ad0f4da3a](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A61ae12104fd32308c2c6da0ad0f4da3a) |
+| RichPEHeaderHash SHA1  | [5916de417c3548f9179b3fca1170571bd0615d62](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A5916de417c3548f9179b3fca1170571bd0615d62) |
+| RichPEHeaderHash SHA256| [9d016f97efd1b99cdeec92f9010dbe2695c277306c00fe7e352588a7f6e7be26](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A9d016f97efd1b99cdeec92f9010dbe2695c277306c00fe7e352588a7f6e7be26) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000002418fc0b689e7399d0000000000024
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 28b23b39f3bbd936a26a5b86451be0ac  |
+| ToBeSigned (TBS) SHA1             | 3b16f29295d5a7c323beb479c71d3d20c6b8acc2 |
+| ToBeSigned (TBS) SHA256           | 4383c9a796dc607ddaae1849d8e5d2e7ea211aad2c599fe1e251285ec87dd150 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2013-06-17 21:43:38 |
+| ValidTo                           | 2014-09-17 21:43:38 |
+| Signature                         | 78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000002418fc0b689e7399d0000000000024 |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+      "Signature": "78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "28b23b39f3bbd936a26a5b86451be0ac",
+        "SHA1": "3b16f29295d5a7c323beb479c71d3d20c6b8acc2",
+        "SHA256": "4383c9a796dc607ddaae1849d8e5d2e7ea211aad2c599fe1e251285ec87dd150"
+      },
+      "ValidFrom": "2013-06-17 21:43:38",
+      "ValidTo": "2014-09-17 21:43:38",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/32544796-1bfd-476b-a4f6-8fccc5a593a3.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/329800cf-dad0-4ca8-bdc9-6ec18ff01421.md b/lolrmm.com/content/bootloaders/329800cf-dad0-4ca8-bdc9-6ec18ff01421.md
new file mode 100644
index 00000000..e7414be8
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/329800cf-dad0-4ca8-bdc9-6ec18ff01421.md
@@ -0,0 +1,241 @@
++++
+
+description = ""
+title = "329800cf-dad0-4ca8-bdc9-6ec18ff01421"
+weight = 10
+displayTitle = "BOOTX64.EFI"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# BOOTX64.EFI ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Red Hat Inc. and revoked Jul-20
+- **UUID**: 329800cf-dad0-4ca8-bdc9-6ec18ff01421
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/c748cde9827385f9832a4f0ab1f02550.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\BOOTX64.EFI } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | BOOTX64.EFI |
+| MD5                | [c748cde9827385f9832a4f0ab1f02550](https://www.virustotal.com/gui/file/c748cde9827385f9832a4f0ab1f02550) |
+| SHA1               | [6436ae30f3f189f70f9043d91ede90058fbeb00a](https://www.virustotal.com/gui/file/6436ae30f3f189f70f9043d91ede90058fbeb00a) |
+| SHA256             | [338b89190177e950151a198823fd9d5f4ea25c1faf73e56ca5d9cf69d373fd66](https://www.virustotal.com/gui/file/338b89190177e950151a198823fd9d5f4ea25c1faf73e56ca5d9cf69d373fd66) |
+| Authentihash MD5   | [eff2e129dcbf0ddc1e70c9ae8b5d0c6f](https://www.virustotal.com/gui/search/authentihash%253Aeff2e129dcbf0ddc1e70c9ae8b5d0c6f) |
+| Authentihash SHA1  | [c5997af577c074aac5cf0fb290f24bec27618d73](https://www.virustotal.com/gui/search/authentihash%253Ac5997af577c074aac5cf0fb290f24bec27618d73) |
+| Authentihash SHA256| [835881f2a5572d7059b5c8635018552892e945626f115fc9ca07acf7bde857a4](https://www.virustotal.com/gui/search/authentihash%253A835881f2a5572d7059b5c8635018552892e945626f115fc9ca07acf7bde857a4) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000002b4b79b3694d12118700010000002b
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 8d8a1f204c9c80213bd427fa58b387e2  |
+| ToBeSigned (TBS) SHA1             | 8d78e1742b948f0c8298e560dd71fe1594020386 |
+| ToBeSigned (TBS) SHA256           | 1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher |
+| ValidFrom                         | 2018-07-03 20:53:01 |
+| ValidTo                           | 2019-07-26 20:53:01 |
+| Signature                         | 54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000002b4b79b3694d12118700010000002b |
+| Version                           | 3 |
+###### Certificate 6108d3c4000000000004
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 1f23e75a000f0b6db92650dc26ac98e1  |
+| ToBeSigned (TBS) SHA1             | bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d |
+| ToBeSigned (TBS) SHA256           | 9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011 |
+| ValidFrom                         | 2011-06-27 21:22:45 |
+| ValidTo                           | 2026-06-27 21:32:45 |
+| Signature                         | 350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 6108d3c4000000000004 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+      "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+      "TBS": {
+        "MD5": "8d8a1f204c9c80213bd427fa58b387e2",
+        "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386",
+        "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0"
+      },
+      "ValidFrom": "2018-07-03 20:53:01",
+      "ValidTo": "2019-07-26 20:53:01",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "6108d3c4000000000004",
+      "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "TBS": {
+        "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+        "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+        "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+      },
+      "ValidFrom": "2011-06-27 21:22:45",
+      "ValidTo": "2026-06-27 21:32:45",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/329800cf-dad0-4ca8-bdc9-6ec18ff01421.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/32eed29e-9d32-4120-8a43-02c7dfc4ae22.md b/lolrmm.com/content/bootloaders/32eed29e-9d32-4120-8a43-02c7dfc4ae22.md
new file mode 100644
index 00000000..c4f7ebab
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/32eed29e-9d32-4120-8a43-02c7dfc4ae22.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "32eed29e-9d32-4120-8a43-02c7dfc4ae22"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 32eed29e-9d32-4120-8a43-02c7dfc4ae22
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/dbed1f7ed9e19e53bfc7f43122ce3d83.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8">Black Lotus Microsoft Windows 8</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [dbed1f7ed9e19e53bfc7f43122ce3d83](https://www.virustotal.com/gui/file/dbed1f7ed9e19e53bfc7f43122ce3d83) |
+| SHA1               | [765ce680a932d9f36a6b09c2191c9e2cab1a89cd](https://www.virustotal.com/gui/file/765ce680a932d9f36a6b09c2191c9e2cab1a89cd) |
+| SHA256             | [c6b0d030bb3e54294742b3914ae76c949e52a065abb28d08054fdf90d7eed628](https://www.virustotal.com/gui/file/c6b0d030bb3e54294742b3914ae76c949e52a065abb28d08054fdf90d7eed628) |
+| Authentihash MD5   | [35434d7522f9aabb654847d66da05599](https://www.virustotal.com/gui/search/authentihash%253A35434d7522f9aabb654847d66da05599) |
+| Authentihash SHA1  | [638291271b5b95b647a7ee324dddc79bec196616](https://www.virustotal.com/gui/search/authentihash%253A638291271b5b95b647a7ee324dddc79bec196616) |
+| Authentihash SHA256| [1eaed62c4abcb2524643e1723f6aadcc31a74af4d2285d3b13880cc44c22dec5](https://www.virustotal.com/gui/search/authentihash%253A1eaed62c4abcb2524643e1723f6aadcc31a74af4d2285d3b13880cc44c22dec5) |
+| RichPEHeaderHash MD5   | [a387b0075e977009a7bb74d24fc388de](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Aa387b0075e977009a7bb74d24fc388de) |
+| RichPEHeaderHash SHA1  | [345e019b25904c911be9e3b6a9e2b0bb18652b04](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A345e019b25904c911be9e3b6a9e2b0bb18652b04) |
+| RichPEHeaderHash SHA256| [e04ed5674c66abbab401efb6e21e2481d4cbc485e5c8a6d34419bd7c8cc9fdad](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Ae04ed5674c66abbab401efb6e21e2481d4cbc485e5c8a6d34419bd7c8cc9fdad) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 610bbbd8000000000005
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 158438012e4dcd69b27b762c9358cfa2  |
+| ToBeSigned (TBS) SHA1             | 684ac167849404a4101f166b759f291a43d5f749 |
+| ToBeSigned (TBS) SHA256           | 95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2012-04-09 20:55:50 |
+| ValidTo                           | 2013-07-09 20:55:50 |
+| Signature                         | c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 610bbbd8000000000005 |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "610bbbd8000000000005",
+      "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "158438012e4dcd69b27b762c9358cfa2",
+        "SHA1": "684ac167849404a4101f166b759f291a43d5f749",
+        "SHA256": "95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c"
+      },
+      "ValidFrom": "2012-04-09 20:55:50",
+      "ValidTo": "2013-07-09 20:55:50",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "610bbbd8000000000005",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/32eed29e-9d32-4120-8a43-02c7dfc4ae22.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/33559284-bca8-4af2-917e-d209ee8d15c5.md b/lolrmm.com/content/bootloaders/33559284-bca8-4af2-917e-d209ee8d15c5.md
new file mode 100644
index 00000000..23e8fa9b
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/33559284-bca8-4af2-917e-d209ee8d15c5.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "33559284-bca8-4af2-917e-d209ee8d15c5"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 33559284-bca8-4af2-917e-d209ee8d15c5
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [A37FF7C979ED0E58633D61D00CDFF45A2488E86C740240C77834C8C8C651CB19](https://www.virustotal.com/gui/file/A37FF7C979ED0E58633D61D00CDFF45A2488E86C740240C77834C8C8C651CB19) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [8CB4FDAE88F4F492AC6C87716602366DF1AC84224B85AB2D3949F5AEE79CEFEB](https://www.virustotal.com/gui/search/authentihash%253A8CB4FDAE88F4F492AC6C87716602366DF1AC84224B85AB2D3949F5AEE79CEFEB) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/33559284-bca8-4af2-917e-d209ee8d15c5.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/33ce2528-8820-4680-bc5d-b48fcc1f9d2d.md b/lolrmm.com/content/bootloaders/33ce2528-8820-4680-bc5d-b48fcc1f9d2d.md
new file mode 100644
index 00000000..a57f39f4
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/33ce2528-8820-4680-bc5d-b48fcc1f9d2d.md
@@ -0,0 +1,241 @@
++++
+
+description = ""
+title = "33ce2528-8820-4680-bc5d-b48fcc1f9d2d"
+weight = 10
+displayTitle = "BOOTX64.EFI"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# BOOTX64.EFI ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Oracle Corporation and revoked Jul-20
+- **UUID**: 33ce2528-8820-4680-bc5d-b48fcc1f9d2d
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/53663cb5fea6bde711171523a2206e45.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\BOOTX64.EFI } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | BOOTX64.EFI |
+| MD5                | [53663cb5fea6bde711171523a2206e45](https://www.virustotal.com/gui/file/53663cb5fea6bde711171523a2206e45) |
+| SHA1               | [b0adec5a51e018cc50ef0497126ef4a8d9fd037c](https://www.virustotal.com/gui/file/b0adec5a51e018cc50ef0497126ef4a8d9fd037c) |
+| SHA256             | [899afe09e356003605b30dc209a5ba4ef6910baef23fac268bcac6db3cfee98d](https://www.virustotal.com/gui/file/899afe09e356003605b30dc209a5ba4ef6910baef23fac268bcac6db3cfee98d) |
+| Authentihash MD5   | [925441e09c4b9c8e30a467a29c16ee49](https://www.virustotal.com/gui/search/authentihash%253A925441e09c4b9c8e30a467a29c16ee49) |
+| Authentihash SHA1  | [7a26f6d09fcc80e5be03b7a6e5f8fe2a3652f29f](https://www.virustotal.com/gui/search/authentihash%253A7a26f6d09fcc80e5be03b7a6e5f8fe2a3652f29f) |
+| Authentihash SHA256| [894d7839368f3298cc915ae8742ef330d7a26699f459478cf22c2b6bb2850166](https://www.virustotal.com/gui/search/authentihash%253A894d7839368f3298cc915ae8742ef330d7a26699f459478cf22c2b6bb2850166) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000001e0d8474951a966ce400010000001e
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | b6f099bf203668f11a8f79ab08792ed8  |
+| ToBeSigned (TBS) SHA1             | 4713755a345940554eada6042e90b0151591fad6 |
+| ToBeSigned (TBS) SHA256           | 62a02001fda2712f35e5ba5f619a6403b6a2c10570eab455fdc69455535f49bb |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher |
+| ValidFrom                         | 2016-11-17 22:05:37 |
+| ValidTo                           | 2018-02-17 22:05:37 |
+| Signature                         | 0141873b6d85a37b5ac2a306448d73b6be76f7682ad14efef7ce4b377f0f7a5fbefd76377d59dc2caccd28d1be3eb180a8b66ab19a853bd14c7d5e955e8f07bc2ee0686ac3a2c9e997bd9f58de6dc9b93900c6b7824f64bf415ac51ebaa3dcfe8ad4fc2a41ad95b372c421c4f87835a59867c244e1c8df142abc4b23579f57431565eb8de6a7a0318b2fd17f93876a335c9450d2531f6a877baf43a569f83703a68e49987ca3c6dd42a595827f5be49151d3b79ea262e38ef5b37bda5b1be3462baa6ccb313193cdba21ea3cb1e9bbc751a769f354d63a0d1de3158c67d47b765b92d580ed5f1f1cdb5f61774c4b66c7deb15f4c71d605106064f33a17d31ca6 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000001e0d8474951a966ce400010000001e |
+| Version                           | 3 |
+###### Certificate 6108d3c4000000000004
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 1f23e75a000f0b6db92650dc26ac98e1  |
+| ToBeSigned (TBS) SHA1             | bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d |
+| ToBeSigned (TBS) SHA256           | 9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011 |
+| ValidFrom                         | 2011-06-27 21:22:45 |
+| ValidTo                           | 2026-06-27 21:32:45 |
+| Signature                         | 350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 6108d3c4000000000004 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000001e0d8474951a966ce400010000001e",
+      "Signature": "0141873b6d85a37b5ac2a306448d73b6be76f7682ad14efef7ce4b377f0f7a5fbefd76377d59dc2caccd28d1be3eb180a8b66ab19a853bd14c7d5e955e8f07bc2ee0686ac3a2c9e997bd9f58de6dc9b93900c6b7824f64bf415ac51ebaa3dcfe8ad4fc2a41ad95b372c421c4f87835a59867c244e1c8df142abc4b23579f57431565eb8de6a7a0318b2fd17f93876a335c9450d2531f6a877baf43a569f83703a68e49987ca3c6dd42a595827f5be49151d3b79ea262e38ef5b37bda5b1be3462baa6ccb313193cdba21ea3cb1e9bbc751a769f354d63a0d1de3158c67d47b765b92d580ed5f1f1cdb5f61774c4b66c7deb15f4c71d605106064f33a17d31ca6",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+      "TBS": {
+        "MD5": "b6f099bf203668f11a8f79ab08792ed8",
+        "SHA1": "4713755a345940554eada6042e90b0151591fad6",
+        "SHA256": "62a02001fda2712f35e5ba5f619a6403b6a2c10570eab455fdc69455535f49bb"
+      },
+      "ValidFrom": "2016-11-17 22:05:37",
+      "ValidTo": "2018-02-17 22:05:37",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "6108d3c4000000000004",
+      "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "TBS": {
+        "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+        "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+        "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+      },
+      "ValidFrom": "2011-06-27 21:22:45",
+      "ValidTo": "2026-06-27 21:32:45",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "SerialNumber": "330000001e0d8474951a966ce400010000001e",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/33ce2528-8820-4680-bc5d-b48fcc1f9d2d.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/347957db-bbbc-4322-a736-366891a369d0.md b/lolrmm.com/content/bootloaders/347957db-bbbc-4322-a736-366891a369d0.md
new file mode 100644
index 00000000..9dc3fd7e
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/347957db-bbbc-4322-a736-366891a369d0.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "347957db-bbbc-4322-a736-366891a369d0"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 347957db-bbbc-4322-a736-366891a369d0
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [F736ABAB18FA867218E4FBFEAA8A452C3B55F2981CC7E27E6CAF1FD9181EF294](https://www.virustotal.com/gui/file/F736ABAB18FA867218E4FBFEAA8A452C3B55F2981CC7E27E6CAF1FD9181EF294) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [A9CE2969A83982F80B6B2685568A7D6F8E58BCB5FABAA2F8168092175518A0C9](https://www.virustotal.com/gui/search/authentihash%253AA9CE2969A83982F80B6B2685568A7D6F8E58BCB5FABAA2F8168092175518A0C9) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/347957db-bbbc-4322-a736-366891a369d0.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/34cf714a-cbf0-4339-afb8-bae3643a4075.md b/lolrmm.com/content/bootloaders/34cf714a-cbf0-4339-afb8-bae3643a4075.md
new file mode 100644
index 00000000..dce04319
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/34cf714a-cbf0-4339-afb8-bae3643a4075.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "34cf714a-cbf0-4339-afb8-bae3643a4075"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 34cf714a-cbf0-4339-afb8-bae3643a4075
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8">Black Lotus Microsoft Windows 8</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [AA38D5E097A9853A25A1DAA838ED83BC43569DB871FDF24888512A434024A866](https://www.virustotal.com/gui/file/AA38D5E097A9853A25A1DAA838ED83BC43569DB871FDF24888512A434024A866) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [FE0E58846C40717FEDE6A1E0D6A0546CBF8B8CF0B82258FC16D05BAB58107D34](https://www.virustotal.com/gui/search/authentihash%253AFE0E58846C40717FEDE6A1E0D6A0546CBF8B8CF0B82258FC16D05BAB58107D34) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/34cf714a-cbf0-4339-afb8-bae3643a4075.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/34da0cf6-14d0-43a7-8e56-ea63c3b0c1bd.md b/lolrmm.com/content/bootloaders/34da0cf6-14d0-43a7-8e56-ea63c3b0c1bd.md
new file mode 100644
index 00000000..f14bfc82
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/34da0cf6-14d0-43a7-8e56-ea63c3b0c1bd.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "34da0cf6-14d0-43a7-8e56-ea63c3b0c1bd"
+weight = 10
+displayTitle = "bootaa64.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootaa64.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 34da0cf6-14d0-43a7-8e56-ea63c3b0c1bd
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootaa64.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootaa64.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [A7CEA30E7B024C8710F9AE5C1302545CEEAF23B8DEBE362FB26562ACDD807325](https://www.virustotal.com/gui/file/A7CEA30E7B024C8710F9AE5C1302545CEEAF23B8DEBE362FB26562ACDD807325) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [D465D63B0384F16A1610B0A86C5D73B36A33709828DE8FE26DBAC6DC6EFA007D](https://www.virustotal.com/gui/search/authentihash%253AD465D63B0384F16A1610B0A86C5D73B36A33709828DE8FE26DBAC6DC6EFA007D) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/34da0cf6-14d0-43a7-8e56-ea63c3b0c1bd.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/34e61740-5c56-404a-b796-1db5337dd86e.md b/lolrmm.com/content/bootloaders/34e61740-5c56-404a-b796-1db5337dd86e.md
new file mode 100644
index 00000000..a0cbef9f
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/34e61740-5c56-404a-b796-1db5337dd86e.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "34e61740-5c56-404a-b796-1db5337dd86e"
+weight = 10
+displayTitle = "34e61740-5c56-404a-b796-1db5337dd86e"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 34e61740-5c56-404a-b796-1db5337dd86e ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by SUSE Linux and revoked Jul-20
+- **UUID**: 34e61740-5c56-404a-b796-1db5337dd86e
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [EDE70AA6A98D8130019296CE64B5CCF634A997B26401C0E119B96BBF7ACE1C0C](https://www.virustotal.com/gui/file/EDE70AA6A98D8130019296CE64B5CCF634A997B26401C0E119B96BBF7ACE1C0C) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [DA3560FD0C32B54C83D4F2FF869003D2089369ACF2C89608F8AFA7436BFA4655](https://www.virustotal.com/gui/search/authentihash%253ADA3560FD0C32B54C83D4F2FF869003D2089369ACF2C89608F8AFA7436BFA4655) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/34e61740-5c56-404a-b796-1db5337dd86e.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/357e4bd3-4bc9-4b94-81a1-3833515e2d4e.md b/lolrmm.com/content/bootloaders/357e4bd3-4bc9-4b94-81a1-3833515e2d4e.md
new file mode 100644
index 00000000..f660b7ea
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/357e4bd3-4bc9-4b94-81a1-3833515e2d4e.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "357e4bd3-4bc9-4b94-81a1-3833515e2d4e"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 357e4bd3-4bc9-4b94-81a1-3833515e2d4e
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [9A59A2B53C8BBD2E536EADE26F26F3EE61129AB027812922B52C572364465E8C](https://www.virustotal.com/gui/file/9A59A2B53C8BBD2E536EADE26F26F3EE61129AB027812922B52C572364465E8C) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [7FC7196EBBFA0D7947DE66F37158DF23821F156F724FC3CC906F16E8EBFA3E9F](https://www.virustotal.com/gui/search/authentihash%253A7FC7196EBBFA0D7947DE66F37158DF23821F156F724FC3CC906F16E8EBFA3E9F) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/357e4bd3-4bc9-4b94-81a1-3833515e2d4e.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/3598ca7a-27b3-4c09-aaca-cb5108eca19f.md b/lolrmm.com/content/bootloaders/3598ca7a-27b3-4c09-aaca-cb5108eca19f.md
new file mode 100644
index 00000000..0a5724d8
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/3598ca7a-27b3-4c09-aaca-cb5108eca19f.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "3598ca7a-27b3-4c09-aaca-cb5108eca19f"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 3598ca7a-27b3-4c09-aaca-cb5108eca19f
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [1B455F745A6397C1B4FDFA43E634462EE1414DB21EF5A3391142B0F988F31FFE](https://www.virustotal.com/gui/file/1B455F745A6397C1B4FDFA43E634462EE1414DB21EF5A3391142B0F988F31FFE) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [39ABED2935891EEF96E2B733BBC6951DAFAD1A4C6B500D2D9B28C358355A6AB8](https://www.virustotal.com/gui/search/authentihash%253A39ABED2935891EEF96E2B733BBC6951DAFAD1A4C6B500D2D9B28C358355A6AB8) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/3598ca7a-27b3-4c09-aaca-cb5108eca19f.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/35a53e95-2bf9-43c3-b7ff-c8a176b73a7e.md b/lolrmm.com/content/bootloaders/35a53e95-2bf9-43c3-b7ff-c8a176b73a7e.md
new file mode 100644
index 00000000..4859d5f3
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/35a53e95-2bf9-43c3-b7ff-c8a176b73a7e.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "35a53e95-2bf9-43c3-b7ff-c8a176b73a7e"
+weight = 10
+displayTitle = "bootarm.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootarm.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 35a53e95-2bf9-43c3-b7ff-c8a176b73a7e
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootarm.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootarm.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [641A3F8E77A42F04B0F300399F0FE6545733DB7EE00FA402358723E84BC62741](https://www.virustotal.com/gui/file/641A3F8E77A42F04B0F300399F0FE6545733DB7EE00FA402358723E84BC62741) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [91D56D765B020B99B7716582E3C380147FF0ACDDF63BB09ACDED0C0249E5CC8C](https://www.virustotal.com/gui/search/authentihash%253A91D56D765B020B99B7716582E3C380147FF0ACDDF63BB09ACDED0C0249E5CC8C) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/35a53e95-2bf9-43c3-b7ff-c8a176b73a7e.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/35c8a2f7-287d-4251-a949-d1ad45040784.md b/lolrmm.com/content/bootloaders/35c8a2f7-287d-4251-a949-d1ad45040784.md
new file mode 100644
index 00000000..4e7b7739
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/35c8a2f7-287d-4251-a949-d1ad45040784.md
@@ -0,0 +1,241 @@
++++
+
+description = ""
+title = "35c8a2f7-287d-4251-a949-d1ad45040784"
+weight = 10
+displayTitle = "BOOTx64.EFI"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# BOOTx64.EFI ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by BITDEFENDER and revoked Jul-20
+- **UUID**: 35c8a2f7-287d-4251-a949-d1ad45040784
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/0887bbb1fff22018d425b56dfb642db7.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\BOOTx64.EFI } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | BOOTx64.EFI |
+| MD5                | [0887bbb1fff22018d425b56dfb642db7](https://www.virustotal.com/gui/file/0887bbb1fff22018d425b56dfb642db7) |
+| SHA1               | [db9c3757f8f341bd6be92611fbbfb3ca8bc80d6f](https://www.virustotal.com/gui/file/db9c3757f8f341bd6be92611fbbfb3ca8bc80d6f) |
+| SHA256             | [e352109145416e3b61dcf5e09492d24410828121e7d74c08ce0d3157b45a0831](https://www.virustotal.com/gui/file/e352109145416e3b61dcf5e09492d24410828121e7d74c08ce0d3157b45a0831) |
+| Authentihash MD5   | [93858168a4a5a02e0446ee0c003ecdf1](https://www.virustotal.com/gui/search/authentihash%253A93858168a4a5a02e0446ee0c003ecdf1) |
+| Authentihash SHA1  | [096dbcb4f3baa2a21cd0e267052430ccd175593a](https://www.virustotal.com/gui/search/authentihash%253A096dbcb4f3baa2a21cd0e267052430ccd175593a) |
+| Authentihash SHA256| [badff5e4f0fea711701ca8fb22e4c43821e31e210cf52d1d4f74dd50f1d039bc](https://www.virustotal.com/gui/search/authentihash%253Abadff5e4f0fea711701ca8fb22e4c43821e31e210cf52d1d4f74dd50f1d039bc) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000000a6642f3f49fb7379600010000000a
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | c52110f552e27ebb1e3fae114abafb3f  |
+| ToBeSigned (TBS) SHA1             | 4954e087123653ce38da4cdd31141b6a1bb999e4 |
+| ToBeSigned (TBS) SHA256           | 1cf7d28cfb21714522a9c91dda9d899ceadb0769f14b25e770799d88365aa54c |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher |
+| ValidFrom                         | 2013-09-24 17:54:03 |
+| ValidTo                           | 2014-12-24 17:54:03 |
+| Signature                         | 2a27d6bd2f34c68a9989ec856449fe4934ad5c0615ec5819664399053737a86be46c914b9478ce393534b759eec5eb6f015b706b853f1d2be51fe9807b178eaa9e0f9558d6a5d913c58c7492cbad106abb7395426801a42f363842e60bf72d046668865db5d8ce2c901c9673044d05abb74c171ac198c0f9376bb9185ec7523bb53e6d2c114642ffbfbe20efc6c2571c2006159cb70ff2c428e997f6ce83bf57ad9a47c47decce9830cf861a156471c62600a0260b44e29ea8e6e33c407c046f37be4a46dcaf38c018b24f969beb716d8e76cebc3d1d19134ed6f216cc2e357848b4998196ebd7326bca3e3ade1ba88e98612a569a46a1f45856f4e2dfa02a5d |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000000a6642f3f49fb7379600010000000a |
+| Version                           | 3 |
+###### Certificate 6108d3c4000000000004
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 1f23e75a000f0b6db92650dc26ac98e1  |
+| ToBeSigned (TBS) SHA1             | bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d |
+| ToBeSigned (TBS) SHA256           | 9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011 |
+| ValidFrom                         | 2011-06-27 21:22:45 |
+| ValidTo                           | 2026-06-27 21:32:45 |
+| Signature                         | 350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 6108d3c4000000000004 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000000a6642f3f49fb7379600010000000a",
+      "Signature": "2a27d6bd2f34c68a9989ec856449fe4934ad5c0615ec5819664399053737a86be46c914b9478ce393534b759eec5eb6f015b706b853f1d2be51fe9807b178eaa9e0f9558d6a5d913c58c7492cbad106abb7395426801a42f363842e60bf72d046668865db5d8ce2c901c9673044d05abb74c171ac198c0f9376bb9185ec7523bb53e6d2c114642ffbfbe20efc6c2571c2006159cb70ff2c428e997f6ce83bf57ad9a47c47decce9830cf861a156471c62600a0260b44e29ea8e6e33c407c046f37be4a46dcaf38c018b24f969beb716d8e76cebc3d1d19134ed6f216cc2e357848b4998196ebd7326bca3e3ade1ba88e98612a569a46a1f45856f4e2dfa02a5d",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+      "TBS": {
+        "MD5": "c52110f552e27ebb1e3fae114abafb3f",
+        "SHA1": "4954e087123653ce38da4cdd31141b6a1bb999e4",
+        "SHA256": "1cf7d28cfb21714522a9c91dda9d899ceadb0769f14b25e770799d88365aa54c"
+      },
+      "ValidFrom": "2013-09-24 17:54:03",
+      "ValidTo": "2014-12-24 17:54:03",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "6108d3c4000000000004",
+      "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "TBS": {
+        "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+        "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+        "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+      },
+      "ValidFrom": "2011-06-27 21:22:45",
+      "ValidTo": "2026-06-27 21:32:45",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "SerialNumber": "330000000a6642f3f49fb7379600010000000a",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/35c8a2f7-287d-4251-a949-d1ad45040784.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/3645f533-8562-4958-aaa3-7e5924aadd8e.md b/lolrmm.com/content/bootloaders/3645f533-8562-4958-aaa3-7e5924aadd8e.md
new file mode 100644
index 00000000..b67582af
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/3645f533-8562-4958-aaa3-7e5924aadd8e.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "3645f533-8562-4958-aaa3-7e5924aadd8e"
+weight = 10
+displayTitle = "3645f533-8562-4958-aaa3-7e5924aadd8e"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 3645f533-8562-4958-aaa3-7e5924aadd8e ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by SUSE Linux and revoked Jul-20
+- **UUID**: 3645f533-8562-4958-aaa3-7e5924aadd8e
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [A7094801F966FC5C253DBD17066AF5BBCB3AF5E281D0A4DAB24E30C7A4B0FB12](https://www.virustotal.com/gui/file/A7094801F966FC5C253DBD17066AF5BBCB3AF5E281D0A4DAB24E30C7A4B0FB12) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [3BE8E7EB348D35C1928F19C769846788991641D1F6CF09514CA10269934F7359](https://www.virustotal.com/gui/search/authentihash%253A3BE8E7EB348D35C1928F19C769846788991641D1F6CF09514CA10269934F7359) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/3645f533-8562-4958-aaa3-7e5924aadd8e.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/365019a1-7820-4c83-a483-15dfd2ca466c.md b/lolrmm.com/content/bootloaders/365019a1-7820-4c83-a483-15dfd2ca466c.md
new file mode 100644
index 00000000..8f95fce5
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/365019a1-7820-4c83-a483-15dfd2ca466c.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "365019a1-7820-4c83-a483-15dfd2ca466c"
+weight = 10
+displayTitle = "rhel-8.3-20200730-shim64-bit.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# rhel-8.3-20200730-shim64-bit.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Red Hat, Inc. and revoked Apr-21
+- **UUID**: 365019a1-7820-4c83-a483-15dfd2ca466c
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\rhel-8.3-20200730-shim64-bit.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372">CVE-2020-14372</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632">CVE-2020-25632</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647">CVE-2020-25647</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749">CVE-2020-27749</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779">CVE-2020-27779</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3418">CVE-2021-3418</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225">CVE-2021-20225</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233">CVE-2021-20233</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | rhel-8.3-20200730-shim64-bit.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [FE09433ECE56EFB74EDFFB10BB4E2C05EF9FA3C37C5E60BD5E87FBDEEAB3EB40](https://www.virustotal.com/gui/file/FE09433ECE56EFB74EDFFB10BB4E2C05EF9FA3C37C5E60BD5E87FBDEEAB3EB40) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [288878F12E8B9C6CCBF601C73D5F4E985CAC0FF3FCB0C24E4414912B3EB91F15](https://www.virustotal.com/gui/search/authentihash%253A288878F12E8B9C6CCBF601C73D5F4E985CAC0FF3FCB0C24E4414912B3EB91F15) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/365019a1-7820-4c83-a483-15dfd2ca466c.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/38e6bed7-1db9-4c15-8358-040edb77a39c.md b/lolrmm.com/content/bootloaders/38e6bed7-1db9-4c15-8358-040edb77a39c.md
new file mode 100644
index 00000000..c74bfddc
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/38e6bed7-1db9-4c15-8358-040edb77a39c.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "38e6bed7-1db9-4c15-8358-040edb77a39c"
+weight = 10
+displayTitle = "bootx64.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootx64.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 38e6bed7-1db9-4c15-8358-040edb77a39c
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootx64.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootx64.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [E438149CA86CF5F2FDD1318BF0D6C301593EA74B06940E031964F34561255BC8](https://www.virustotal.com/gui/file/E438149CA86CF5F2FDD1318BF0D6C301593EA74B06940E031964F34561255BC8) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [6B54497FF9915A6977428BDF8F45B116D874C4F8A836B5BDFC373D05F4C0EF87](https://www.virustotal.com/gui/search/authentihash%253A6B54497FF9915A6977428BDF8F45B116D874C4F8A836B5BDFC373D05F4C0EF87) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/38e6bed7-1db9-4c15-8358-040edb77a39c.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/3939d676-6d9d-48b4-8be9-d7d7f3528c08.md b/lolrmm.com/content/bootloaders/3939d676-6d9d-48b4-8be9-d7d7f3528c08.md
new file mode 100644
index 00000000..076f2fa0
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/3939d676-6d9d-48b4-8be9-d7d7f3528c08.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "3939d676-6d9d-48b4-8be9-d7d7f3528c08"
+weight = 10
+displayTitle = "3939d676-6d9d-48b4-8be9-d7d7f3528c08"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 3939d676-6d9d-48b4-8be9-d7d7f3528c08 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by SUSE Linux and revoked Jul-20
+- **UUID**: 3939d676-6d9d-48b4-8be9-d7d7f3528c08
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [EDFFF0969567FF1C1867AA921EAA5CF4C65D20F0511BA7EE7328F7B67238DF53](https://www.virustotal.com/gui/file/EDFFF0969567FF1C1867AA921EAA5CF4C65D20F0511BA7EE7328F7B67238DF53) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [C127F0EEFC2E451989D88E4D1DA8A3B08CA9D5884987A6157E04E9A71C01ADFC](https://www.virustotal.com/gui/search/authentihash%253AC127F0EEFC2E451989D88E4D1DA8A3B08CA9D5884987A6157E04E9A71C01ADFC) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/3939d676-6d9d-48b4-8be9-d7d7f3528c08.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/3a20e152-907d-41c3-8ae7-14c2a23e4880.md b/lolrmm.com/content/bootloaders/3a20e152-907d-41c3-8ae7-14c2a23e4880.md
new file mode 100644
index 00000000..ba860859
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/3a20e152-907d-41c3-8ae7-14c2a23e4880.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "3a20e152-907d-41c3-8ae7-14c2a23e4880"
+weight = 10
+displayTitle = "3a20e152-907d-41c3-8ae7-14c2a23e4880"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 3a20e152-907d-41c3-8ae7-14c2a23e4880 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by SUSE Linux and revoked Jul-20
+- **UUID**: 3a20e152-907d-41c3-8ae7-14c2a23e4880
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [299E3B66B0283E23793E03FBA6B795A2C6B6034864B6D571449945EBA0D90A20](https://www.virustotal.com/gui/file/299E3B66B0283E23793E03FBA6B795A2C6B6034864B6D571449945EBA0D90A20) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [3E3926F0B8A15AD5A14167BB647A843C3D4321E35DBC44DCE8C837417F2D28B0](https://www.virustotal.com/gui/search/authentihash%253A3E3926F0B8A15AD5A14167BB647A843C3D4321E35DBC44DCE8C837417F2D28B0) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/3a20e152-907d-41c3-8ae7-14c2a23e4880.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/3a74fd6f-8747-4f47-b44e-fa10af3da555.md b/lolrmm.com/content/bootloaders/3a74fd6f-8747-4f47-b44e-fa10af3da555.md
new file mode 100644
index 00000000..192d84a1
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/3a74fd6f-8747-4f47-b44e-fa10af3da555.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "3a74fd6f-8747-4f47-b44e-fa10af3da555"
+weight = 10
+displayTitle = "3a74fd6f-8747-4f47-b44e-fa10af3da555"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 3a74fd6f-8747-4f47-b44e-fa10af3da555 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Alt Linux LTD and revoked Jul-20
+- **UUID**: 3a74fd6f-8747-4f47-b44e-fa10af3da555
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [9EA346FCFE6DB7F3140DA8FFD5738F6CF97D6014DA61033B32049CB17696B372](https://www.virustotal.com/gui/file/9EA346FCFE6DB7F3140DA8FFD5738F6CF97D6014DA61033B32049CB17696B372) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [EED7E0EFF2ED559E2A79EE361F9962AF3B1E999131E30BB7FD07546FAE0A7267](https://www.virustotal.com/gui/search/authentihash%253AEED7E0EFF2ED559E2A79EE361F9962AF3B1E999131E30BB7FD07546FAE0A7267) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/3a74fd6f-8747-4f47-b44e-fa10af3da555.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/3b215ee9-89b8-4437-bd89-dc9fa92cb727.md b/lolrmm.com/content/bootloaders/3b215ee9-89b8-4437-bd89-dc9fa92cb727.md
new file mode 100644
index 00000000..d7bfd343
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/3b215ee9-89b8-4437-bd89-dc9fa92cb727.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "3b215ee9-89b8-4437-bd89-dc9fa92cb727"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 3b215ee9-89b8-4437-bd89-dc9fa92cb727
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [21BB3AD3C8E0198CA40E2636E5C3F27EAC047C1C0B39F19D81332FCA03DC4FC0](https://www.virustotal.com/gui/file/21BB3AD3C8E0198CA40E2636E5C3F27EAC047C1C0B39F19D81332FCA03DC4FC0) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [09F7699631C18DB0C33491EB4B3C65B8F279238C5FC5E3AB0BA52737DBBD26F3](https://www.virustotal.com/gui/search/authentihash%253A09F7699631C18DB0C33491EB4B3C65B8F279238C5FC5E3AB0BA52737DBBD26F3) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/3b215ee9-89b8-4437-bd89-dc9fa92cb727.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/3b5b838e-359b-483e-94e9-a1c1ed3077d6.md b/lolrmm.com/content/bootloaders/3b5b838e-359b-483e-94e9-a1c1ed3077d6.md
new file mode 100644
index 00000000..2bcb1612
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/3b5b838e-359b-483e-94e9-a1c1ed3077d6.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "3b5b838e-359b-483e-94e9-a1c1ed3077d6"
+weight = 10
+displayTitle = "rhel-8.3-20200917-shim64-bit.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# rhel-8.3-20200917-shim64-bit.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Red Hat, Inc. and revoked Apr-21
+- **UUID**: 3b5b838e-359b-483e-94e9-a1c1ed3077d6
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\rhel-8.3-20200917-shim64-bit.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372">CVE-2020-14372</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632">CVE-2020-25632</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647">CVE-2020-25647</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749">CVE-2020-27749</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779">CVE-2020-27779</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3418">CVE-2021-3418</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225">CVE-2021-20225</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233">CVE-2021-20233</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | rhel-8.3-20200917-shim64-bit.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [258C72394A0D163E9196A16682D3881E6CB24171EDA78FE026CC9CA9BEBFF22E](https://www.virustotal.com/gui/file/258C72394A0D163E9196A16682D3881E6CB24171EDA78FE026CC9CA9BEBFF22E) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [40D6CAE02973789080CF4C3A9AD11B5A0A4D8BBA4438AB96E276CC784454DEE7](https://www.virustotal.com/gui/search/authentihash%253A40D6CAE02973789080CF4C3A9AD11B5A0A4D8BBA4438AB96E276CC784454DEE7) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/3b5b838e-359b-483e-94e9-a1c1ed3077d6.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/3b7197b1-fac3-4680-b8a4-b91cc56d984b.md b/lolrmm.com/content/bootloaders/3b7197b1-fac3-4680-b8a4-b91cc56d984b.md
new file mode 100644
index 00000000..170621ea
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/3b7197b1-fac3-4680-b8a4-b91cc56d984b.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "3b7197b1-fac3-4680-b8a4-b91cc56d984b"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 3b7197b1-fac3-4680-b8a4-b91cc56d984b
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [E012F7C26EC6DE9D336AF7843DE0A4278D6191FA7989DDCAC40A978FD927BB6C](https://www.virustotal.com/gui/file/E012F7C26EC6DE9D336AF7843DE0A4278D6191FA7989DDCAC40A978FD927BB6C) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [0A620707ACF23A4E6CDC357A1499E14852B605D9EB6186422F57D458E627D6C0](https://www.virustotal.com/gui/search/authentihash%253A0A620707ACF23A4E6CDC357A1499E14852B605D9EB6186422F57D458E627D6C0) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/3b7197b1-fac3-4680-b8a4-b91cc56d984b.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/3b905385-bf3a-4181-9c49-646bb5fb1e6d.md b/lolrmm.com/content/bootloaders/3b905385-bf3a-4181-9c49-646bb5fb1e6d.md
new file mode 100644
index 00000000..9a1d3348
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/3b905385-bf3a-4181-9c49-646bb5fb1e6d.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "3b905385-bf3a-4181-9c49-646bb5fb1e6d"
+weight = 10
+displayTitle = "3b905385-bf3a-4181-9c49-646bb5fb1e6d"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 3b905385-bf3a-4181-9c49-646bb5fb1e6d ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Oracle Corporation and revoked Jul-20
+- **UUID**: 3b905385-bf3a-4181-9c49-646bb5fb1e6d
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [65C4AAB0884825A8A2E4C114020E4FDB58A1D2B0CB68B7714A05D6CDE3F821D1](https://www.virustotal.com/gui/file/65C4AAB0884825A8A2E4C114020E4FDB58A1D2B0CB68B7714A05D6CDE3F821D1) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [408B8B3DF5ABB043521A493525023175AB1261B1DE21064D6BF247CE142153B9](https://www.virustotal.com/gui/search/authentihash%253A408B8B3DF5ABB043521A493525023175AB1261B1DE21064D6BF247CE142153B9) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/3b905385-bf3a-4181-9c49-646bb5fb1e6d.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/3c5c1c32-6c09-4fea-863a-2e5cb48bb099.md b/lolrmm.com/content/bootloaders/3c5c1c32-6c09-4fea-863a-2e5cb48bb099.md
new file mode 100644
index 00000000..f5f64463
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/3c5c1c32-6c09-4fea-863a-2e5cb48bb099.md
@@ -0,0 +1,241 @@
++++
+
+description = ""
+title = "3c5c1c32-6c09-4fea-863a-2e5cb48bb099"
+weight = 10
+displayTitle = "HfiPcieGen3"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# HfiPcieGen3 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Intel Corporation and revoked Jul-20
+- **UUID**: 3c5c1c32-6c09-4fea-863a-2e5cb48bb099
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/ffa0df6d1cb927f4cde2741d63c7125b.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\HfiPcieGen3 } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | HfiPcieGen3 |
+| MD5                | [ffa0df6d1cb927f4cde2741d63c7125b](https://www.virustotal.com/gui/file/ffa0df6d1cb927f4cde2741d63c7125b) |
+| SHA1               | [a2c8bf15abcb90da814748bb150d66f842f23a38](https://www.virustotal.com/gui/file/a2c8bf15abcb90da814748bb150d66f842f23a38) |
+| SHA256             | [98acba206e9f3843a4a7e07c66ead4366fbe7976653b65ed0c311d4efae878ab](https://www.virustotal.com/gui/file/98acba206e9f3843a4a7e07c66ead4366fbe7976653b65ed0c311d4efae878ab) |
+| Authentihash MD5   | [e599f74cf93986aafae680c20c7b3723](https://www.virustotal.com/gui/search/authentihash%253Ae599f74cf93986aafae680c20c7b3723) |
+| Authentihash SHA1  | [36a6e60b2512bfd940eadb7ff3fdba23fa970a8c](https://www.virustotal.com/gui/search/authentihash%253A36a6e60b2512bfd940eadb7ff3fdba23fa970a8c) |
+| Authentihash SHA256| [9fa4d5023fd43ecaff4200ba7e8d4353259d2b7e5e72b5096eff8027d66d1043](https://www.virustotal.com/gui/search/authentihash%253A9fa4d5023fd43ecaff4200ba7e8d4353259d2b7e5e72b5096eff8027d66d1043) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000001e0d8474951a966ce400010000001e
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | b6f099bf203668f11a8f79ab08792ed8  |
+| ToBeSigned (TBS) SHA1             | 4713755a345940554eada6042e90b0151591fad6 |
+| ToBeSigned (TBS) SHA256           | 62a02001fda2712f35e5ba5f619a6403b6a2c10570eab455fdc69455535f49bb |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher |
+| ValidFrom                         | 2016-11-17 22:05:37 |
+| ValidTo                           | 2018-02-17 22:05:37 |
+| Signature                         | 0141873b6d85a37b5ac2a306448d73b6be76f7682ad14efef7ce4b377f0f7a5fbefd76377d59dc2caccd28d1be3eb180a8b66ab19a853bd14c7d5e955e8f07bc2ee0686ac3a2c9e997bd9f58de6dc9b93900c6b7824f64bf415ac51ebaa3dcfe8ad4fc2a41ad95b372c421c4f87835a59867c244e1c8df142abc4b23579f57431565eb8de6a7a0318b2fd17f93876a335c9450d2531f6a877baf43a569f83703a68e49987ca3c6dd42a595827f5be49151d3b79ea262e38ef5b37bda5b1be3462baa6ccb313193cdba21ea3cb1e9bbc751a769f354d63a0d1de3158c67d47b765b92d580ed5f1f1cdb5f61774c4b66c7deb15f4c71d605106064f33a17d31ca6 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000001e0d8474951a966ce400010000001e |
+| Version                           | 3 |
+###### Certificate 6108d3c4000000000004
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 1f23e75a000f0b6db92650dc26ac98e1  |
+| ToBeSigned (TBS) SHA1             | bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d |
+| ToBeSigned (TBS) SHA256           | 9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011 |
+| ValidFrom                         | 2011-06-27 21:22:45 |
+| ValidTo                           | 2026-06-27 21:32:45 |
+| Signature                         | 350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 6108d3c4000000000004 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000001e0d8474951a966ce400010000001e",
+      "Signature": "0141873b6d85a37b5ac2a306448d73b6be76f7682ad14efef7ce4b377f0f7a5fbefd76377d59dc2caccd28d1be3eb180a8b66ab19a853bd14c7d5e955e8f07bc2ee0686ac3a2c9e997bd9f58de6dc9b93900c6b7824f64bf415ac51ebaa3dcfe8ad4fc2a41ad95b372c421c4f87835a59867c244e1c8df142abc4b23579f57431565eb8de6a7a0318b2fd17f93876a335c9450d2531f6a877baf43a569f83703a68e49987ca3c6dd42a595827f5be49151d3b79ea262e38ef5b37bda5b1be3462baa6ccb313193cdba21ea3cb1e9bbc751a769f354d63a0d1de3158c67d47b765b92d580ed5f1f1cdb5f61774c4b66c7deb15f4c71d605106064f33a17d31ca6",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+      "TBS": {
+        "MD5": "b6f099bf203668f11a8f79ab08792ed8",
+        "SHA1": "4713755a345940554eada6042e90b0151591fad6",
+        "SHA256": "62a02001fda2712f35e5ba5f619a6403b6a2c10570eab455fdc69455535f49bb"
+      },
+      "ValidFrom": "2016-11-17 22:05:37",
+      "ValidTo": "2018-02-17 22:05:37",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "6108d3c4000000000004",
+      "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "TBS": {
+        "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+        "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+        "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+      },
+      "ValidFrom": "2011-06-27 21:22:45",
+      "ValidTo": "2026-06-27 21:32:45",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "SerialNumber": "330000001e0d8474951a966ce400010000001e",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/3c5c1c32-6c09-4fea-863a-2e5cb48bb099.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/3cd9faa5-1675-4640-8304-86e162b60451.md b/lolrmm.com/content/bootloaders/3cd9faa5-1675-4640-8304-86e162b60451.md
new file mode 100644
index 00000000..fed90267
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/3cd9faa5-1675-4640-8304-86e162b60451.md
@@ -0,0 +1,241 @@
++++
+
+description = ""
+title = "3cd9faa5-1675-4640-8304-86e162b60451"
+weight = 10
+displayTitle = "Signed_13652009334930799/shimia32.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# Signed_13652009334930799/shimia32.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Debian and revoked Apr-21
+- **UUID**: 3cd9faa5-1675-4640-8304-86e162b60451
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/22f93e6ecea58e543fcffa73f5c466b3.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\Signed_13652009334930799/shimia32.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372">CVE-2020-14372</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632">CVE-2020-25632</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647">CVE-2020-25647</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749">CVE-2020-27749</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779">CVE-2020-27779</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3418">CVE-2021-3418</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225">CVE-2021-20225</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233">CVE-2021-20233</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | Signed_13652009334930799/shimia32.efi |
+| MD5                | [22f93e6ecea58e543fcffa73f5c466b3](https://www.virustotal.com/gui/file/22f93e6ecea58e543fcffa73f5c466b3) |
+| SHA1               | [0945ed2479004a84b2d743244ff7dacdb688aa9e](https://www.virustotal.com/gui/file/0945ed2479004a84b2d743244ff7dacdb688aa9e) |
+| SHA256             | [ff9f39869baafa17592820f7f5cf101b15a8423831abfa97c89cf193cdd98e89](https://www.virustotal.com/gui/file/ff9f39869baafa17592820f7f5cf101b15a8423831abfa97c89cf193cdd98e89) |
+| Authentihash MD5   | [a9a003cc7225b64519ee59289a90f3e2](https://www.virustotal.com/gui/search/authentihash%253Aa9a003cc7225b64519ee59289a90f3e2) |
+| Authentihash SHA1  | [dfc22f0bbe6a3ed81106a30d61010fd1510465cc](https://www.virustotal.com/gui/search/authentihash%253Adfc22f0bbe6a3ed81106a30d61010fd1510465cc) |
+| Authentihash SHA256| [8aa509fb461c099a3c1b806d281a1e1275771eda0b0e3f7d95e0c11b3c1734eb](https://www.virustotal.com/gui/search/authentihash%253A8aa509fb461c099a3c1b806d281a1e1275771eda0b0e3f7d95e0c11b3c1734eb) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000002b4b79b3694d12118700010000002b
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 8d8a1f204c9c80213bd427fa58b387e2  |
+| ToBeSigned (TBS) SHA1             | 8d78e1742b948f0c8298e560dd71fe1594020386 |
+| ToBeSigned (TBS) SHA256           | 1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher |
+| ValidFrom                         | 2018-07-03 20:53:01 |
+| ValidTo                           | 2019-07-26 20:53:01 |
+| Signature                         | 54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000002b4b79b3694d12118700010000002b |
+| Version                           | 3 |
+###### Certificate 6108d3c4000000000004
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 1f23e75a000f0b6db92650dc26ac98e1  |
+| ToBeSigned (TBS) SHA1             | bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d |
+| ToBeSigned (TBS) SHA256           | 9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011 |
+| ValidFrom                         | 2011-06-27 21:22:45 |
+| ValidTo                           | 2026-06-27 21:32:45 |
+| Signature                         | 350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 6108d3c4000000000004 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+      "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+      "TBS": {
+        "MD5": "8d8a1f204c9c80213bd427fa58b387e2",
+        "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386",
+        "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0"
+      },
+      "ValidFrom": "2018-07-03 20:53:01",
+      "ValidTo": "2019-07-26 20:53:01",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "6108d3c4000000000004",
+      "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "TBS": {
+        "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+        "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+        "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+      },
+      "ValidFrom": "2011-06-27 21:22:45",
+      "ValidTo": "2026-06-27 21:32:45",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/3cd9faa5-1675-4640-8304-86e162b60451.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/3cddc9bb-dc68-4cd7-aee9-227b47b47966.md b/lolrmm.com/content/bootloaders/3cddc9bb-dc68-4cd7-aee9-227b47b47966.md
new file mode 100644
index 00000000..e6493809
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/3cddc9bb-dc68-4cd7-aee9-227b47b47966.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "3cddc9bb-dc68-4cd7-aee9-227b47b47966"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 3cddc9bb-dc68-4cd7-aee9-227b47b47966
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [413782A6CEE2CFF718F87A737CD989E2A6067E67212B575AD8A7D80B1A62F206](https://www.virustotal.com/gui/file/413782A6CEE2CFF718F87A737CD989E2A6067E67212B575AD8A7D80B1A62F206) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [9414F5FA5853978C07FC6BB17A1CA9460FE443FFCA021FA52C8672A94460F44F](https://www.virustotal.com/gui/search/authentihash%253A9414F5FA5853978C07FC6BB17A1CA9460FE443FFCA021FA52C8672A94460F44F) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/3cddc9bb-dc68-4cd7-aee9-227b47b47966.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/3cf4dc5f-5fc3-4a44-b069-bced755a5e5d.md b/lolrmm.com/content/bootloaders/3cf4dc5f-5fc3-4a44-b069-bced755a5e5d.md
new file mode 100644
index 00000000..7ea9c786
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/3cf4dc5f-5fc3-4a44-b069-bced755a5e5d.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "3cf4dc5f-5fc3-4a44-b069-bced755a5e5d"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 3cf4dc5f-5fc3-4a44-b069-bced755a5e5d
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8">Black Lotus Microsoft Windows 8</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [C990C8BF9D0C8E5A50CAF28C9FF6E8EA1949C5DD6AAAC5AB08B3A77CC0D5F011](https://www.virustotal.com/gui/file/C990C8BF9D0C8E5A50CAF28C9FF6E8EA1949C5DD6AAAC5AB08B3A77CC0D5F011) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [1C19A5A240A361131DCC5EC25363DA6E79C7D55B3C79C0976C947F1D04A38AAA](https://www.virustotal.com/gui/search/authentihash%253A1C19A5A240A361131DCC5EC25363DA6E79C7D55B3C79C0976C947F1D04A38AAA) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/3cf4dc5f-5fc3-4a44-b069-bced755a5e5d.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/3d65bba8-925b-4fcc-849e-ddfc0bdf1c49.md b/lolrmm.com/content/bootloaders/3d65bba8-925b-4fcc-849e-ddfc0bdf1c49.md
new file mode 100644
index 00000000..c4c45234
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/3d65bba8-925b-4fcc-849e-ddfc0bdf1c49.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "3d65bba8-925b-4fcc-849e-ddfc0bdf1c49"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 3d65bba8-925b-4fcc-849e-ddfc0bdf1c49
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [C655C36EA5160603D4134B038D732604394031E177D1C32CFD582CCE0C037887](https://www.virustotal.com/gui/file/C655C36EA5160603D4134B038D732604394031E177D1C32CFD582CCE0C037887) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [DC7CC8D1DC11E304ABDF6E6227838F35B223B780F030DE7B341E88A3F6A361B4](https://www.virustotal.com/gui/search/authentihash%253ADC7CC8D1DC11E304ABDF6E6227838F35B223B780F030DE7B341E88A3F6A361B4) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/3d65bba8-925b-4fcc-849e-ddfc0bdf1c49.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/3dfbbf26-7e19-4d38-9b5a-6e332ba5fc34.md b/lolrmm.com/content/bootloaders/3dfbbf26-7e19-4d38-9b5a-6e332ba5fc34.md
new file mode 100644
index 00000000..fc54009d
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/3dfbbf26-7e19-4d38-9b5a-6e332ba5fc34.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "3dfbbf26-7e19-4d38-9b5a-6e332ba5fc34"
+weight = 10
+displayTitle = "cent-8.3-20200730-shim64-bit.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# cent-8.3-20200730-shim64-bit.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Red Hat, Inc. and revoked Apr-21
+- **UUID**: 3dfbbf26-7e19-4d38-9b5a-6e332ba5fc34
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\cent-8.3-20200730-shim64-bit.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372">CVE-2020-14372</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632">CVE-2020-25632</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647">CVE-2020-25647</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749">CVE-2020-27749</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779">CVE-2020-27779</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3418">CVE-2021-3418</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225">CVE-2021-20225</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233">CVE-2021-20233</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | cent-8.3-20200730-shim64-bit.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [DA649429AA5899D242782ED21EC332A217C3D530296FC9D7A0E3F1F694EB7FE1](https://www.virustotal.com/gui/file/DA649429AA5899D242782ED21EC332A217C3D530296FC9D7A0E3F1F694EB7FE1) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [CB994B400590B66CBF55FC663555CAF0D4F1CE267464D0452C2361E05EE1CD50](https://www.virustotal.com/gui/search/authentihash%253ACB994B400590B66CBF55FC663555CAF0D4F1CE267464D0452C2361E05EE1CD50) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/3dfbbf26-7e19-4d38-9b5a-6e332ba5fc34.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/3e375fd6-edc4-48ff-801e-cf5d4fef7d2e.md b/lolrmm.com/content/bootloaders/3e375fd6-edc4-48ff-801e-cf5d4fef7d2e.md
new file mode 100644
index 00000000..0a786397
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/3e375fd6-edc4-48ff-801e-cf5d4fef7d2e.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "3e375fd6-edc4-48ff-801e-cf5d4fef7d2e"
+weight = 10
+displayTitle = "shim64-bit.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# shim64-bit.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by VMware, Inc. and revoked Apr-21
+- **UUID**: 3e375fd6-edc4-48ff-801e-cf5d4fef7d2e
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\shim64-bit.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372">CVE-2020-14372</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632">CVE-2020-25632</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647">CVE-2020-25647</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749">CVE-2020-27749</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779">CVE-2020-27779</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3418">CVE-2021-3418</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225">CVE-2021-20225</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233">CVE-2021-20233</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | shim64-bit.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [10914C967939CA831D9D39B87332A6E8882FE99901DC0E4DE4931CA5A065B9FF](https://www.virustotal.com/gui/file/10914C967939CA831D9D39B87332A6E8882FE99901DC0E4DE4931CA5A065B9FF) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [1142A0CC7C9004DFF64C5948484D6A7EC3514E176F5CA6BDEED7A093940B93CC](https://www.virustotal.com/gui/search/authentihash%253A1142A0CC7C9004DFF64C5948484D6A7EC3514E176F5CA6BDEED7A093940B93CC) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/3e375fd6-edc4-48ff-801e-cf5d4fef7d2e.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/3f2c9d56-984f-41b4-a2b2-49bf97e6ef71.md b/lolrmm.com/content/bootloaders/3f2c9d56-984f-41b4-a2b2-49bf97e6ef71.md
new file mode 100644
index 00000000..4d10dba5
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/3f2c9d56-984f-41b4-a2b2-49bf97e6ef71.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "3f2c9d56-984f-41b4-a2b2-49bf97e6ef71"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 3f2c9d56-984f-41b4-a2b2-49bf97e6ef71
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [C2BC0ADF3826972A0F8EF7E63C008C52D68215CCAE493CCEF14C3D3F4F67BDD0](https://www.virustotal.com/gui/file/C2BC0ADF3826972A0F8EF7E63C008C52D68215CCAE493CCEF14C3D3F4F67BDD0) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [B632A6286C6FAA6643EC34311E0B9710A3508FC952E9A04263C33179E32814F8](https://www.virustotal.com/gui/search/authentihash%253AB632A6286C6FAA6643EC34311E0B9710A3508FC952E9A04263C33179E32814F8) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/3f2c9d56-984f-41b4-a2b2-49bf97e6ef71.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/3f6b5528-2fd7-427f-967e-e89cd9e77182.md b/lolrmm.com/content/bootloaders/3f6b5528-2fd7-427f-967e-e89cd9e77182.md
new file mode 100644
index 00000000..a51c612f
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/3f6b5528-2fd7-427f-967e-e89cd9e77182.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "3f6b5528-2fd7-427f-967e-e89cd9e77182"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 3f6b5528-2fd7-427f-967e-e89cd9e77182
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [540CABD0862F121CE200DCEBB6C9D3B209B266F0CD413CEA2385886F965E5062](https://www.virustotal.com/gui/file/540CABD0862F121CE200DCEBB6C9D3B209B266F0CD413CEA2385886F965E5062) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [D860D3DC4D9A412E8FE8036100BDA7637B57A0168CA811781ED4A00815A97E0C](https://www.virustotal.com/gui/search/authentihash%253AD860D3DC4D9A412E8FE8036100BDA7637B57A0168CA811781ED4A00815A97E0C) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/3f6b5528-2fd7-427f-967e-e89cd9e77182.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/3f7d85db-fd3c-4a8e-a83d-ac9d89dda3d8.md b/lolrmm.com/content/bootloaders/3f7d85db-fd3c-4a8e-a83d-ac9d89dda3d8.md
new file mode 100644
index 00000000..8831739a
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/3f7d85db-fd3c-4a8e-a83d-ac9d89dda3d8.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "3f7d85db-fd3c-4a8e-a83d-ac9d89dda3d8"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 3f7d85db-fd3c-4a8e-a83d-ac9d89dda3d8
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8">Black Lotus Microsoft Windows 8</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [626AD87C1D3475B2599DFD36B430BE3ECBFED207A20D9FBAA01F7AE808C0271B](https://www.virustotal.com/gui/file/626AD87C1D3475B2599DFD36B430BE3ECBFED207A20D9FBAA01F7AE808C0271B) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [A4B3FEE324D25C53FB5CB48630DC80DD7EE78C1AAC8C8DEEA927396997E33BCE](https://www.virustotal.com/gui/search/authentihash%253AA4B3FEE324D25C53FB5CB48630DC80DD7EE78C1AAC8C8DEEA927396997E33BCE) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/3f7d85db-fd3c-4a8e-a83d-ac9d89dda3d8.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/3fd56670-7eb8-406e-af51-68998459de7d.md b/lolrmm.com/content/bootloaders/3fd56670-7eb8-406e-af51-68998459de7d.md
new file mode 100644
index 00000000..cdb08aeb
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/3fd56670-7eb8-406e-af51-68998459de7d.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "3fd56670-7eb8-406e-af51-68998459de7d"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 3fd56670-7eb8-406e-af51-68998459de7d
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [894C9E5370DA9DF83426F92C42CFDC5D79CE004ADBD45A7663E9F5E9A6A198C6](https://www.virustotal.com/gui/file/894C9E5370DA9DF83426F92C42CFDC5D79CE004ADBD45A7663E9F5E9A6A198C6) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [E226D6F3A332238FEE8A42A8FD57E8B009725DB5F8DF4DC1CB54F17C6F47A9C7](https://www.virustotal.com/gui/search/authentihash%253AE226D6F3A332238FEE8A42A8FD57E8B009725DB5F8DF4DC1CB54F17C6F47A9C7) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/3fd56670-7eb8-406e-af51-68998459de7d.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/4002b7f5-487f-4822-a1bd-6fbf1167f00a.md b/lolrmm.com/content/bootloaders/4002b7f5-487f-4822-a1bd-6fbf1167f00a.md
new file mode 100644
index 00000000..fd379bfd
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/4002b7f5-487f-4822-a1bd-6fbf1167f00a.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "4002b7f5-487f-4822-a1bd-6fbf1167f00a"
+weight = 10
+displayTitle = "bootarm.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootarm.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 4002b7f5-487f-4822-a1bd-6fbf1167f00a
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootarm.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootarm.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [3142879893B677C1B25C92F9CF1DF3F90B209509992D52E9C64C3371296A9A08](https://www.virustotal.com/gui/file/3142879893B677C1B25C92F9CF1DF3F90B209509992D52E9C64C3371296A9A08) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [4F93ED05AD7E20BDDE6241D24B196D6334C8C4010D92757E4868FF4BBD6A0F98](https://www.virustotal.com/gui/search/authentihash%253A4F93ED05AD7E20BDDE6241D24B196D6334C8C4010D92757E4868FF4BBD6A0F98) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/4002b7f5-487f-4822-a1bd-6fbf1167f00a.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/40519b35-c303-4cb2-aa20-c08545506e08.md b/lolrmm.com/content/bootloaders/40519b35-c303-4cb2-aa20-c08545506e08.md
new file mode 100644
index 00000000..9fb8baa4
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/40519b35-c303-4cb2-aa20-c08545506e08.md
@@ -0,0 +1,241 @@
++++
+
+description = ""
+title = "40519b35-c303-4cb2-aa20-c08545506e08"
+weight = 10
+displayTitle = "Signed_14173467011297444/shimia32.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# Signed_14173467011297444/shimia32.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Debian and revoked Apr-21
+- **UUID**: 40519b35-c303-4cb2-aa20-c08545506e08
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/c77a847cc9c46de840d61ec8e3453f29.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\Signed_14173467011297444/shimia32.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372">CVE-2020-14372</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632">CVE-2020-25632</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647">CVE-2020-25647</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749">CVE-2020-27749</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779">CVE-2020-27779</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3418">CVE-2021-3418</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225">CVE-2021-20225</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233">CVE-2021-20233</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | Signed_14173467011297444/shimia32.efi |
+| MD5                | [c77a847cc9c46de840d61ec8e3453f29](https://www.virustotal.com/gui/file/c77a847cc9c46de840d61ec8e3453f29) |
+| SHA1               | [cba6f1df00f5220288d92686d84ae7e10c950c32](https://www.virustotal.com/gui/file/cba6f1df00f5220288d92686d84ae7e10c950c32) |
+| SHA256             | [a80b37c9749d6f2c2fdf64922a3142eb0fd63c72fd2989d7e75dcb4be367299a](https://www.virustotal.com/gui/file/a80b37c9749d6f2c2fdf64922a3142eb0fd63c72fd2989d7e75dcb4be367299a) |
+| Authentihash MD5   | [b857ca99527ef8704d481f4901948705](https://www.virustotal.com/gui/search/authentihash%253Ab857ca99527ef8704d481f4901948705) |
+| Authentihash SHA1  | [e4e5ede245103cde830e02c847c59abeeea32025](https://www.virustotal.com/gui/search/authentihash%253Ae4e5ede245103cde830e02c847c59abeeea32025) |
+| Authentihash SHA256| [a8a3300e33a0a2692839ccba84803c5e742d12501b6d58c46eb87f32017f2cff](https://www.virustotal.com/gui/search/authentihash%253Aa8a3300e33a0a2692839ccba84803c5e742d12501b6d58c46eb87f32017f2cff) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000002b4b79b3694d12118700010000002b
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 8d8a1f204c9c80213bd427fa58b387e2  |
+| ToBeSigned (TBS) SHA1             | 8d78e1742b948f0c8298e560dd71fe1594020386 |
+| ToBeSigned (TBS) SHA256           | 1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher |
+| ValidFrom                         | 2018-07-03 20:53:01 |
+| ValidTo                           | 2019-07-26 20:53:01 |
+| Signature                         | 54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000002b4b79b3694d12118700010000002b |
+| Version                           | 3 |
+###### Certificate 6108d3c4000000000004
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 1f23e75a000f0b6db92650dc26ac98e1  |
+| ToBeSigned (TBS) SHA1             | bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d |
+| ToBeSigned (TBS) SHA256           | 9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011 |
+| ValidFrom                         | 2011-06-27 21:22:45 |
+| ValidTo                           | 2026-06-27 21:32:45 |
+| Signature                         | 350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 6108d3c4000000000004 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+      "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+      "TBS": {
+        "MD5": "8d8a1f204c9c80213bd427fa58b387e2",
+        "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386",
+        "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0"
+      },
+      "ValidFrom": "2018-07-03 20:53:01",
+      "ValidTo": "2019-07-26 20:53:01",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "6108d3c4000000000004",
+      "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "TBS": {
+        "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+        "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+        "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+      },
+      "ValidFrom": "2011-06-27 21:22:45",
+      "ValidTo": "2026-06-27 21:32:45",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/40519b35-c303-4cb2-aa20-c08545506e08.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/406a9495-809e-4065-8c57-b6aa66dc4029.md b/lolrmm.com/content/bootloaders/406a9495-809e-4065-8c57-b6aa66dc4029.md
new file mode 100644
index 00000000..9455c82f
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/406a9495-809e-4065-8c57-b6aa66dc4029.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "406a9495-809e-4065-8c57-b6aa66dc4029"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 406a9495-809e-4065-8c57-b6aa66dc4029
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [B6FDF73C4B54F57935671B1C6F03FF5F104F8092C72574C2DF2C6FFB1E5F2E61](https://www.virustotal.com/gui/file/B6FDF73C4B54F57935671B1C6F03FF5F104F8092C72574C2DF2C6FFB1E5F2E61) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [0CA5E602468258B0685A2B2B7F028B977354602A82ADA86C9919FC472AE4CA40](https://www.virustotal.com/gui/search/authentihash%253A0CA5E602468258B0685A2B2B7F028B977354602A82ADA86C9919FC472AE4CA40) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/406a9495-809e-4065-8c57-b6aa66dc4029.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/40f5cc74-badf-47d0-8fd7-021190a05953.md b/lolrmm.com/content/bootloaders/40f5cc74-badf-47d0-8fd7-021190a05953.md
new file mode 100644
index 00000000..e01bf44c
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/40f5cc74-badf-47d0-8fd7-021190a05953.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "40f5cc74-badf-47d0-8fd7-021190a05953"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 40f5cc74-badf-47d0-8fd7-021190a05953
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [A7BF87F519397CA73C79AB94079E0E8218661C149713A8A286DBF1079E57B4BE](https://www.virustotal.com/gui/file/A7BF87F519397CA73C79AB94079E0E8218661C149713A8A286DBF1079E57B4BE) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [A5BCFC748DA415BD7F00B669E1237C9898A6D03517CC80B3626F0BE326046B28](https://www.virustotal.com/gui/search/authentihash%253AA5BCFC748DA415BD7F00B669E1237C9898A6D03517CC80B3626F0BE326046B28) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/40f5cc74-badf-47d0-8fd7-021190a05953.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/41327687-8774-4304-bbda-cc7c5835b54b.md b/lolrmm.com/content/bootloaders/41327687-8774-4304-bbda-cc7c5835b54b.md
new file mode 100644
index 00000000..a3247259
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/41327687-8774-4304-bbda-cc7c5835b54b.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "41327687-8774-4304-bbda-cc7c5835b54b"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 41327687-8774-4304-bbda-cc7c5835b54b
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8">Black Lotus Microsoft Windows 8</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [67D204E0E5DBC0C5B2549FC2C003024525378DB4DE12E5CA1451DD996561AED5](https://www.virustotal.com/gui/file/67D204E0E5DBC0C5B2549FC2C003024525378DB4DE12E5CA1451DD996561AED5) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [DD5E4E9F20CE8BF8F3512261F176ECDD046C079D32585D9B259AFE0A28C973DF](https://www.virustotal.com/gui/search/authentihash%253ADD5E4E9F20CE8BF8F3512261F176ECDD046C079D32585D9B259AFE0A28C973DF) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/41327687-8774-4304-bbda-cc7c5835b54b.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/42952e7b-6913-40b6-bc44-5eacd9c673a7.md b/lolrmm.com/content/bootloaders/42952e7b-6913-40b6-bc44-5eacd9c673a7.md
new file mode 100644
index 00000000..e9d0ee21
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/42952e7b-6913-40b6-bc44-5eacd9c673a7.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "42952e7b-6913-40b6-bc44-5eacd9c673a7"
+weight = 10
+displayTitle = "shim-15+1552672080.a4a1fbe-0ubuntu1/shim64-bit.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# shim-15+1552672080.a4a1fbe-0ubuntu1/shim64-bit.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Canonical Ltd and revoked Apr-21
+- **UUID**: 42952e7b-6913-40b6-bc44-5eacd9c673a7
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\shim-15+1552672080.a4a1fbe-0ubuntu1/shim64-bit.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372">CVE-2020-14372</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632">CVE-2020-25632</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647">CVE-2020-25647</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749">CVE-2020-27749</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779">CVE-2020-27779</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3418">CVE-2021-3418</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225">CVE-2021-20225</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233">CVE-2021-20233</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | shim-15+1552672080.a4a1fbe-0ubuntu1/shim64-bit.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [CE7A0A3D718747C7263D099FD1477E363ECFE75BD2F639EE47AC1271EC229D80](https://www.virustotal.com/gui/file/CE7A0A3D718747C7263D099FD1477E363ECFE75BD2F639EE47AC1271EC229D80) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [E060DA09561AE00DCFB1769D6E8E846868A1E99A54B14AA5D0689F2840CEC6DF](https://www.virustotal.com/gui/search/authentihash%253AE060DA09561AE00DCFB1769D6E8E846868A1E99A54B14AA5D0689F2840CEC6DF) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/42952e7b-6913-40b6-bc44-5eacd9c673a7.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/43311ee4-a044-4086-9a53-ae01c3ef7f4f.md b/lolrmm.com/content/bootloaders/43311ee4-a044-4086-9a53-ae01c3ef7f4f.md
new file mode 100644
index 00000000..41f69906
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/43311ee4-a044-4086-9a53-ae01c3ef7f4f.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "43311ee4-a044-4086-9a53-ae01c3ef7f4f"
+weight = 10
+displayTitle = "bootx64.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootx64.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 43311ee4-a044-4086-9a53-ae01c3ef7f4f
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/8d9e858d7fc95bfcc3690f3bddfac320.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootx64.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootx64.efi |
+| MD5                | [8d9e858d7fc95bfcc3690f3bddfac320](https://www.virustotal.com/gui/file/8d9e858d7fc95bfcc3690f3bddfac320) |
+| SHA1               | [0d0e3c0e73f5561985e6a004d8d160be88d64ee7](https://www.virustotal.com/gui/file/0d0e3c0e73f5561985e6a004d8d160be88d64ee7) |
+| SHA256             | [0b753bd95ae643b2543f501533ca54db34ddc9d20f336358067a7069240a6214](https://www.virustotal.com/gui/file/0b753bd95ae643b2543f501533ca54db34ddc9d20f336358067a7069240a6214) |
+| Authentihash MD5   | [2da35b95ebf3903dcaf2ec18fcd2c975](https://www.virustotal.com/gui/search/authentihash%253A2da35b95ebf3903dcaf2ec18fcd2c975) |
+| Authentihash SHA1  | [9006b56e7af152fae72c7095cf9155515a1c5a97](https://www.virustotal.com/gui/search/authentihash%253A9006b56e7af152fae72c7095cf9155515a1c5a97) |
+| Authentihash SHA256| [f8f38c4febe9d8e45e71a459c5bff171755c348d5f619f3c6ef30a3f8fd02bd1](https://www.virustotal.com/gui/search/authentihash%253Af8f38c4febe9d8e45e71a459c5bff171755c348d5f619f3c6ef30a3f8fd02bd1) |
+| RichPEHeaderHash MD5   | [8b6b2892c15ff00e4ddf7eb144e1ae12](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A8b6b2892c15ff00e4ddf7eb144e1ae12) |
+| RichPEHeaderHash SHA1  | [89115214dfec813ecfa5a23bed633254c214e62c](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A89115214dfec813ecfa5a23bed633254c214e62c) |
+| RichPEHeaderHash SHA256| [97ff062fbed8c63a4a2526daab5b76fde0b0c54540be4264d13a9116216a1be1](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A97ff062fbed8c63a4a2526daab5b76fde0b0c54540be4264d13a9116216a1be1) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000004ea1d80770a9bbe94400000000004e
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 9da610547a25cbe89af7ecdb99229623  |
+| ToBeSigned (TBS) SHA1             | 6841cbcbd019586d045c2e9d6d0bc3a98fee3bf7 |
+| ToBeSigned (TBS) SHA256           | 1cfead8146399a4dfe6759e9303c30c521cff3830e7177e87e64021dc3da4931 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2014-07-01 20:32:01 |
+| ValidTo                           | 2015-10-01 20:32:01 |
+| Signature                         | 8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000004ea1d80770a9bbe94400000000004e |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+      "Signature": "8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "9da610547a25cbe89af7ecdb99229623",
+        "SHA1": "6841cbcbd019586d045c2e9d6d0bc3a98fee3bf7",
+        "SHA256": "1cfead8146399a4dfe6759e9303c30c521cff3830e7177e87e64021dc3da4931"
+      },
+      "ValidFrom": "2014-07-01 20:32:01",
+      "ValidTo": "2015-10-01 20:32:01",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/43311ee4-a044-4086-9a53-ae01c3ef7f4f.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/44560d47-de27-4691-bee4-6306bc160643.md b/lolrmm.com/content/bootloaders/44560d47-de27-4691-bee4-6306bc160643.md
new file mode 100644
index 00000000..c0d9e706
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/44560d47-de27-4691-bee4-6306bc160643.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "44560d47-de27-4691-bee4-6306bc160643"
+weight = 10
+displayTitle = "bootarm.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootarm.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 44560d47-de27-4691-bee4-6306bc160643
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootarm.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootarm.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [7391D51035BE75620EE4F0F597DF65F54D3518A7CFB74276D7A778AAF7B39477](https://www.virustotal.com/gui/file/7391D51035BE75620EE4F0F597DF65F54D3518A7CFB74276D7A778AAF7B39477) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [8810B37003E7CDDA026663968AA9E1B9CCCC96EED98528CF5A975BDE7B8084B7](https://www.virustotal.com/gui/search/authentihash%253A8810B37003E7CDDA026663968AA9E1B9CCCC96EED98528CF5A975BDE7B8084B7) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/44560d47-de27-4691-bee4-6306bc160643.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/44795d05-39b3-4605-a58c-cd20de64f934.md b/lolrmm.com/content/bootloaders/44795d05-39b3-4605-a58c-cd20de64f934.md
new file mode 100644
index 00000000..13bf4aca
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/44795d05-39b3-4605-a58c-cd20de64f934.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "44795d05-39b3-4605-a58c-cd20de64f934"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 44795d05-39b3-4605-a58c-cd20de64f934
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [34776096730EB7B0CAA5415414943E2C31AAA464BB545FBCB8E341E7EBACFAB5](https://www.virustotal.com/gui/file/34776096730EB7B0CAA5415414943E2C31AAA464BB545FBCB8E341E7EBACFAB5) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [1A74740EBBE6A0E7DD44CC3D8E29F8FCF42B642298A5C5A586D77BE0DB15C2F9](https://www.virustotal.com/gui/search/authentihash%253A1A74740EBBE6A0E7DD44CC3D8E29F8FCF42B642298A5C5A586D77BE0DB15C2F9) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/44795d05-39b3-4605-a58c-cd20de64f934.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/454bb2af-6ee7-483d-8a15-73f2fec386ba.md b/lolrmm.com/content/bootloaders/454bb2af-6ee7-483d-8a15-73f2fec386ba.md
new file mode 100644
index 00000000..ea693256
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/454bb2af-6ee7-483d-8a15-73f2fec386ba.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "454bb2af-6ee7-483d-8a15-73f2fec386ba"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 454bb2af-6ee7-483d-8a15-73f2fec386ba
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [1B9401C47B0837F1FA315F2F29F304ED360B5B2E2843141367562B60EDB1CCA9](https://www.virustotal.com/gui/file/1B9401C47B0837F1FA315F2F29F304ED360B5B2E2843141367562B60EDB1CCA9) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [2116183BBAB5D6964C001C931A09ECA1DC0FD6651A61BE4A8A9548DC476B90B1](https://www.virustotal.com/gui/search/authentihash%253A2116183BBAB5D6964C001C931A09ECA1DC0FD6651A61BE4A8A9548DC476B90B1) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/454bb2af-6ee7-483d-8a15-73f2fec386ba.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/45647cc8-3eeb-483b-97c3-170693cfea9a.md b/lolrmm.com/content/bootloaders/45647cc8-3eeb-483b-97c3-170693cfea9a.md
new file mode 100644
index 00000000..a4bf0092
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/45647cc8-3eeb-483b-97c3-170693cfea9a.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "45647cc8-3eeb-483b-97c3-170693cfea9a"
+weight = 10
+displayTitle = "bootarm.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootarm.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 45647cc8-3eeb-483b-97c3-170693cfea9a
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootarm.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootarm.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [E8E83E3E343C069277EC4C1E79C5C61D20917E0451B9A980346732EEB7B840C1](https://www.virustotal.com/gui/file/E8E83E3E343C069277EC4C1E79C5C61D20917E0451B9A980346732EEB7B840C1) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [A109E71AE3A0376CA0059A421250508EDB2BB624B6517A291F51E249F16B5CE7](https://www.virustotal.com/gui/search/authentihash%253AA109E71AE3A0376CA0059A421250508EDB2BB624B6517A291F51E249F16B5CE7) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/45647cc8-3eeb-483b-97c3-170693cfea9a.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/45ac4276-741b-4e22-92bd-bb97042ed4bb.md b/lolrmm.com/content/bootloaders/45ac4276-741b-4e22-92bd-bb97042ed4bb.md
new file mode 100644
index 00000000..9fd117cb
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/45ac4276-741b-4e22-92bd-bb97042ed4bb.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "45ac4276-741b-4e22-92bd-bb97042ed4bb"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 45ac4276-741b-4e22-92bd-bb97042ed4bb
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [0CCF098A0B3F109F35C763E69DFA54190365999A78707EF63863A812C1C07F9C](https://www.virustotal.com/gui/file/0CCF098A0B3F109F35C763E69DFA54190365999A78707EF63863A812C1C07F9C) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [1F535987EA7386DF6BFE75F51EFD35E4D2DA4B002DCA2999C0CB4B767BAFAFFD](https://www.virustotal.com/gui/search/authentihash%253A1F535987EA7386DF6BFE75F51EFD35E4D2DA4B002DCA2999C0CB4B767BAFAFFD) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/45ac4276-741b-4e22-92bd-bb97042ed4bb.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/463dc6a9-273b-448d-b189-ec577fc29317.md b/lolrmm.com/content/bootloaders/463dc6a9-273b-448d-b189-ec577fc29317.md
new file mode 100644
index 00000000..7fbc8121
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/463dc6a9-273b-448d-b189-ec577fc29317.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "463dc6a9-273b-448d-b189-ec577fc29317"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 463dc6a9-273b-448d-b189-ec577fc29317
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8">Black Lotus Microsoft Windows 8</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [C2B1E1BB8F016D310FEA7225EEF9DC6B6F0E33E5C9DD74E9F24835DF6287296E](https://www.virustotal.com/gui/file/C2B1E1BB8F016D310FEA7225EEF9DC6B6F0E33E5C9DD74E9F24835DF6287296E) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [E9C71B7CD5A4DF0BA48D2CA48E6C468E657257F73F66017DE45E18EE746ED7D5](https://www.virustotal.com/gui/search/authentihash%253AE9C71B7CD5A4DF0BA48D2CA48E6C468E657257F73F66017DE45E18EE746ED7D5) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/463dc6a9-273b-448d-b189-ec577fc29317.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/46412487-6c24-4809-8b77-f2165d5a8395.md b/lolrmm.com/content/bootloaders/46412487-6c24-4809-8b77-f2165d5a8395.md
new file mode 100644
index 00000000..79550cba
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/46412487-6c24-4809-8b77-f2165d5a8395.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "46412487-6c24-4809-8b77-f2165d5a8395"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 46412487-6c24-4809-8b77-f2165d5a8395
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [DEB3FC384826610AD277DDD592F6CA8FA9D00E56457724D470DAAC32962532F9](https://www.virustotal.com/gui/file/DEB3FC384826610AD277DDD592F6CA8FA9D00E56457724D470DAAC32962532F9) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [2E6921DC970AAC433DE9AE4ED66B2681A4CD2BE649D2EE9A561871C335E8B1B7](https://www.virustotal.com/gui/search/authentihash%253A2E6921DC970AAC433DE9AE4ED66B2681A4CD2BE649D2EE9A561871C335E8B1B7) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/46412487-6c24-4809-8b77-f2165d5a8395.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/465c1250-966d-4d32-b168-3b2c614e17f2.md b/lolrmm.com/content/bootloaders/465c1250-966d-4d32-b168-3b2c614e17f2.md
new file mode 100644
index 00000000..a947b8f6
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/465c1250-966d-4d32-b168-3b2c614e17f2.md
@@ -0,0 +1,164 @@
++++
+
+description = ""
+title = "465c1250-966d-4d32-b168-3b2c614e17f2"
+weight = 10
+displayTitle = "shim-0.7-0ubuntu4/shim64-bit.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# shim-0.7-0ubuntu4/shim64-bit.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Canonical Ltd and revoked Apr-21
+- **UUID**: 465c1250-966d-4d32-b168-3b2c614e17f2
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/1bdc36814a6f20464e94616f0d98a521.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\shim-0.7-0ubuntu4/shim64-bit.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372">CVE-2020-14372</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632">CVE-2020-25632</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647">CVE-2020-25647</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749">CVE-2020-27749</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779">CVE-2020-27779</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3418">CVE-2021-3418</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225">CVE-2021-20225</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233">CVE-2021-20233</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | shim-0.7-0ubuntu4/shim64-bit.efi |
+| MD5                | [1bdc36814a6f20464e94616f0d98a521](https://www.virustotal.com/gui/file/1bdc36814a6f20464e94616f0d98a521) |
+| SHA1               | [093660339cf8e3fc1d8a80855e4f3a72e9a92f30](https://www.virustotal.com/gui/file/093660339cf8e3fc1d8a80855e4f3a72e9a92f30) |
+| SHA256             | [17864e719e9c61d84e29a3cedf2b63aeaecfc10867211efc3077dd216b0a4965](https://www.virustotal.com/gui/file/17864e719e9c61d84e29a3cedf2b63aeaecfc10867211efc3077dd216b0a4965) |
+| Authentihash MD5   | [2f0397316df4c2f34530fa28716256ae](https://www.virustotal.com/gui/search/authentihash%253A2f0397316df4c2f34530fa28716256ae) |
+| Authentihash SHA1  | [0c4ed758c59239c84740373a3a1da56d5d4b400b](https://www.virustotal.com/gui/search/authentihash%253A0c4ed758c59239c84740373a3a1da56d5d4b400b) |
+| Authentihash SHA256| [dd8f3f048db46f3983348d35cd77d121f56d856cf33234857073e25a7f450b2c](https://www.virustotal.com/gui/search/authentihash%253Add8f3f048db46f3983348d35cd77d121f56d856cf33234857073e25a7f450b2c) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/465c1250-966d-4d32-b168-3b2c614e17f2.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/46629c02-f2d8-440a-bc46-d67ad73ea772.md b/lolrmm.com/content/bootloaders/46629c02-f2d8-440a-bc46-d67ad73ea772.md
new file mode 100644
index 00000000..7fb7be7c
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/46629c02-f2d8-440a-bc46-d67ad73ea772.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "46629c02-f2d8-440a-bc46-d67ad73ea772"
+weight = 10
+displayTitle = "46629c02-f2d8-440a-bc46-d67ad73ea772"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 46629c02-f2d8-440a-bc46-d67ad73ea772 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Intel Corporation and revoked Jul-20
+- **UUID**: 46629c02-f2d8-440a-bc46-d67ad73ea772
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [3141C6EF9FCE61084D16F0659A9596B0156F24D6F4B03837C4B7543CFB378D61](https://www.virustotal.com/gui/file/3141C6EF9FCE61084D16F0659A9596B0156F24D6F4B03837C4B7543CFB378D61) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [147730B42F11FE493FE902B6251E97CD2B6F34D36AF59330F11D02A42F940D07](https://www.virustotal.com/gui/search/authentihash%253A147730B42F11FE493FE902B6251E97CD2B6F34D36AF59330F11D02A42F940D07) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/46629c02-f2d8-440a-bc46-d67ad73ea772.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/469544ed-d70a-42d6-aca2-690d5ebecb4a.md b/lolrmm.com/content/bootloaders/469544ed-d70a-42d6-aca2-690d5ebecb4a.md
new file mode 100644
index 00000000..39272005
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/469544ed-d70a-42d6-aca2-690d5ebecb4a.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "469544ed-d70a-42d6-aca2-690d5ebecb4a"
+weight = 10
+displayTitle = "469544ed-d70a-42d6-aca2-690d5ebecb4a"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 469544ed-d70a-42d6-aca2-690d5ebecb4a ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked Jul-20
+- **UUID**: 469544ed-d70a-42d6-aca2-690d5ebecb4a
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [2B91C0C8C0F156ABC8F85274C1320C038AF0179FE4696260B1011D5361E50AEA](https://www.virustotal.com/gui/file/2B91C0C8C0F156ABC8F85274C1320C038AF0179FE4696260B1011D5361E50AEA) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [41CCE0FC467609CA368BEDBA45C292F2BE1B622FB9BE0473CF51E7A96EE65652](https://www.virustotal.com/gui/search/authentihash%253A41CCE0FC467609CA368BEDBA45C292F2BE1B622FB9BE0473CF51E7A96EE65652) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/469544ed-d70a-42d6-aca2-690d5ebecb4a.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/46a49cc4-2dcb-4c79-b1d1-2c49f6df0af0.md b/lolrmm.com/content/bootloaders/46a49cc4-2dcb-4c79-b1d1-2c49f6df0af0.md
new file mode 100644
index 00000000..a866f07a
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/46a49cc4-2dcb-4c79-b1d1-2c49f6df0af0.md
@@ -0,0 +1,241 @@
++++
+
+description = ""
+title = "46a49cc4-2dcb-4c79-b1d1-2c49f6df0af0"
+weight = 10
+displayTitle = "bootx64.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootx64.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Unknown and revoked Jul-20
+- **UUID**: 46a49cc4-2dcb-4c79-b1d1-2c49f6df0af0
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/658f77c25877b5ceb68bc7e046d37ec3.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootx64.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootx64.efi |
+| MD5                | [658f77c25877b5ceb68bc7e046d37ec3](https://www.virustotal.com/gui/file/658f77c25877b5ceb68bc7e046d37ec3) |
+| SHA1               | [8276fccfe7c6ec83b5340aedcb77fb1e24cb1c4d](https://www.virustotal.com/gui/file/8276fccfe7c6ec83b5340aedcb77fb1e24cb1c4d) |
+| SHA256             | [d92b8ac828b827e4e5b9e9aeb02676783cdb1884f42194823769ccf033a7b9c5](https://www.virustotal.com/gui/file/d92b8ac828b827e4e5b9e9aeb02676783cdb1884f42194823769ccf033a7b9c5) |
+| Authentihash MD5   | [6178f6bbcb3eea01cc915b8a348a3637](https://www.virustotal.com/gui/search/authentihash%253A6178f6bbcb3eea01cc915b8a348a3637) |
+| Authentihash SHA1  | [cc3d816d02da15fb70878fa6590b69c9f23f8441](https://www.virustotal.com/gui/search/authentihash%253Acc3d816d02da15fb70878fa6590b69c9f23f8441) |
+| Authentihash SHA256| [8e53efdc15f852cee5a6e92931bc42e6163cd30ff649cca7e87252c3a459960b](https://www.virustotal.com/gui/search/authentihash%253A8e53efdc15f852cee5a6e92931bc42e6163cd30ff649cca7e87252c3a459960b) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 3300000010a4912943d94ce62e000100000010
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 61509fd4e01160eb7d8007dc182bee5b  |
+| ToBeSigned (TBS) SHA1             | febd34ec96d90e498d9b6fa54d7fab80ce1464d3 |
+| ToBeSigned (TBS) SHA256           | 7d79e52d96bc7c571299d90c3bc4bff9d08e36eb74b7e8b0cd69114980737953 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher |
+| ValidFrom                         | 2014-10-01 18:02:10 |
+| ValidTo                           | 2016-01-01 18:02:10 |
+| Signature                         | 2b1b08b20674b8acbad524875a42f0b4d4ba6df424b9adb1e83c9309e657fe499f386cdf93a4f71393ab57da5eee4e346ebccdf9a7e990b44a76433af4071e90ee0e0fc8744003f9afe6bdda1cbd132fef8235d39c932bb9960f52bbea2062ed773a52beef26b333f603d8e9a0a9652c222a013cb1bd44bb5dc96c1a4135284c91784f0d66a2d7d97c59e26fd19d645e730b656d56e7a8166f228a751a745c4491f1865c8d5a4b1bf61fd4a564811e32699deff03a3328829cd888ae53fccb0819957ee499a2ad79d1c1d73ef7324562bee86575193983b41f66c12c95eb5d171df5c4beda799c4fb314e8e27bc47b195e1c8a2cd2d3bfbb29c8264ebddf95da |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 3300000010a4912943d94ce62e000100000010 |
+| Version                           | 3 |
+###### Certificate 6108d3c4000000000004
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 1f23e75a000f0b6db92650dc26ac98e1  |
+| ToBeSigned (TBS) SHA1             | bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d |
+| ToBeSigned (TBS) SHA256           | 9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011 |
+| ValidFrom                         | 2011-06-27 21:22:45 |
+| ValidTo                           | 2026-06-27 21:32:45 |
+| Signature                         | 350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 6108d3c4000000000004 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "3300000010a4912943d94ce62e000100000010",
+      "Signature": "2b1b08b20674b8acbad524875a42f0b4d4ba6df424b9adb1e83c9309e657fe499f386cdf93a4f71393ab57da5eee4e346ebccdf9a7e990b44a76433af4071e90ee0e0fc8744003f9afe6bdda1cbd132fef8235d39c932bb9960f52bbea2062ed773a52beef26b333f603d8e9a0a9652c222a013cb1bd44bb5dc96c1a4135284c91784f0d66a2d7d97c59e26fd19d645e730b656d56e7a8166f228a751a745c4491f1865c8d5a4b1bf61fd4a564811e32699deff03a3328829cd888ae53fccb0819957ee499a2ad79d1c1d73ef7324562bee86575193983b41f66c12c95eb5d171df5c4beda799c4fb314e8e27bc47b195e1c8a2cd2d3bfbb29c8264ebddf95da",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+      "TBS": {
+        "MD5": "61509fd4e01160eb7d8007dc182bee5b",
+        "SHA1": "febd34ec96d90e498d9b6fa54d7fab80ce1464d3",
+        "SHA256": "7d79e52d96bc7c571299d90c3bc4bff9d08e36eb74b7e8b0cd69114980737953"
+      },
+      "ValidFrom": "2014-10-01 18:02:10",
+      "ValidTo": "2016-01-01 18:02:10",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "6108d3c4000000000004",
+      "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "TBS": {
+        "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+        "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+        "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+      },
+      "ValidFrom": "2011-06-27 21:22:45",
+      "ValidTo": "2026-06-27 21:32:45",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "SerialNumber": "3300000010a4912943d94ce62e000100000010",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/46a49cc4-2dcb-4c79-b1d1-2c49f6df0af0.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/46e2d5a7-6b08-4c8f-b90a-dac8418621e2.md b/lolrmm.com/content/bootloaders/46e2d5a7-6b08-4c8f-b90a-dac8418621e2.md
new file mode 100644
index 00000000..89964b13
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/46e2d5a7-6b08-4c8f-b90a-dac8418621e2.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "46e2d5a7-6b08-4c8f-b90a-dac8418621e2"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 46e2d5a7-6b08-4c8f-b90a-dac8418621e2
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/087617bd4578c903f0a66bd157217f0f.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8">Black Lotus Microsoft Windows 8</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [087617bd4578c903f0a66bd157217f0f](https://www.virustotal.com/gui/file/087617bd4578c903f0a66bd157217f0f) |
+| SHA1               | [1128abbba4480920fc7a0a772239cd1d132a1910](https://www.virustotal.com/gui/file/1128abbba4480920fc7a0a772239cd1d132a1910) |
+| SHA256             | [b65fe0af8297168749dc235340cba7c08cf6b956fdd25fc2c9f16d20da536713](https://www.virustotal.com/gui/file/b65fe0af8297168749dc235340cba7c08cf6b956fdd25fc2c9f16d20da536713) |
+| Authentihash MD5   | [f9dc5d54b477c66ca23b879546b650b7](https://www.virustotal.com/gui/search/authentihash%253Af9dc5d54b477c66ca23b879546b650b7) |
+| Authentihash SHA1  | [6f16c59cb8e6b3febb9e73702914f06475dff19a](https://www.virustotal.com/gui/search/authentihash%253A6f16c59cb8e6b3febb9e73702914f06475dff19a) |
+| Authentihash SHA256| [c3297e35c3a9efc4c051706aab77d29a26e62d9a38de256dffeb77a0eec8666a](https://www.virustotal.com/gui/search/authentihash%253Ac3297e35c3a9efc4c051706aab77d29a26e62d9a38de256dffeb77a0eec8666a) |
+| RichPEHeaderHash MD5   | [a387b0075e977009a7bb74d24fc388de](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Aa387b0075e977009a7bb74d24fc388de) |
+| RichPEHeaderHash SHA1  | [345e019b25904c911be9e3b6a9e2b0bb18652b04](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A345e019b25904c911be9e3b6a9e2b0bb18652b04) |
+| RichPEHeaderHash SHA256| [e04ed5674c66abbab401efb6e21e2481d4cbc485e5c8a6d34419bd7c8cc9fdad](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Ae04ed5674c66abbab401efb6e21e2481d4cbc485e5c8a6d34419bd7c8cc9fdad) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 610bbbd8000000000005
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 158438012e4dcd69b27b762c9358cfa2  |
+| ToBeSigned (TBS) SHA1             | 684ac167849404a4101f166b759f291a43d5f749 |
+| ToBeSigned (TBS) SHA256           | 95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2012-04-09 20:55:50 |
+| ValidTo                           | 2013-07-09 20:55:50 |
+| Signature                         | c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 610bbbd8000000000005 |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "610bbbd8000000000005",
+      "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "158438012e4dcd69b27b762c9358cfa2",
+        "SHA1": "684ac167849404a4101f166b759f291a43d5f749",
+        "SHA256": "95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c"
+      },
+      "ValidFrom": "2012-04-09 20:55:50",
+      "ValidTo": "2013-07-09 20:55:50",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "610bbbd8000000000005",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/46e2d5a7-6b08-4c8f-b90a-dac8418621e2.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/47020b30-de49-4937-9908-9d72b3d153d5.md b/lolrmm.com/content/bootloaders/47020b30-de49-4937-9908-9d72b3d153d5.md
new file mode 100644
index 00000000..8aa82873
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/47020b30-de49-4937-9908-9d72b3d153d5.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "47020b30-de49-4937-9908-9d72b3d153d5"
+weight = 10
+displayTitle = "BOOTX64.EFI"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# BOOTX64.EFI ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Red Hat Inc. and revoked Jul-20
+- **UUID**: 47020b30-de49-4937-9908-9d72b3d153d5
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\BOOTX64.EFI } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | BOOTX64.EFI |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [B76C5689D45E7F40F8D78468D4484074167563CB06368CBB9CB4DBED65E1192A](https://www.virustotal.com/gui/file/B76C5689D45E7F40F8D78468D4484074167563CB06368CBB9CB4DBED65E1192A) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [631F0857B41845362C90C6980B4B10C4B628E23DBE24B6E96C128AE3DCB0D5AC](https://www.virustotal.com/gui/search/authentihash%253A631F0857B41845362C90C6980B4B10C4B628E23DBE24B6E96C128AE3DCB0D5AC) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/47020b30-de49-4937-9908-9d72b3d153d5.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/4750d526-693a-4831-991f-4ace2cbe92ad.md b/lolrmm.com/content/bootloaders/4750d526-693a-4831-991f-4ace2cbe92ad.md
new file mode 100644
index 00000000..c5a81502
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/4750d526-693a-4831-991f-4ace2cbe92ad.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "4750d526-693a-4831-991f-4ace2cbe92ad"
+weight = 10
+displayTitle = "4750d526-693a-4831-991f-4ace2cbe92ad"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 4750d526-693a-4831-991f-4ace2cbe92ad ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by SUSE Linux and revoked Jul-20
+- **UUID**: 4750d526-693a-4831-991f-4ace2cbe92ad
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [D764AC6251FD2641EEBBFBF7A5A95E212DF5997875990D90562CA65D5D966BAE](https://www.virustotal.com/gui/file/D764AC6251FD2641EEBBFBF7A5A95E212DF5997875990D90562CA65D5D966BAE) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [0D85DAAA481B1BE84320E12B5078794DA29628ACB43B69C8909D291BB995CA72](https://www.virustotal.com/gui/search/authentihash%253A0D85DAAA481B1BE84320E12B5078794DA29628ACB43B69C8909D291BB995CA72) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/4750d526-693a-4831-991f-4ace2cbe92ad.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/47601d49-9a7e-4402-b5e3-69bc03788afc.md b/lolrmm.com/content/bootloaders/47601d49-9a7e-4402-b5e3-69bc03788afc.md
new file mode 100644
index 00000000..d38d4eed
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/47601d49-9a7e-4402-b5e3-69bc03788afc.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "47601d49-9a7e-4402-b5e3-69bc03788afc"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 47601d49-9a7e-4402-b5e3-69bc03788afc
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [AA4931B170DA278A4A954FEB76CBF7310B657AB9232D1C7A4B6EB628D8A98073](https://www.virustotal.com/gui/file/AA4931B170DA278A4A954FEB76CBF7310B657AB9232D1C7A4B6EB628D8A98073) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [C999EB66393506C8149C35C8A8CE87671895D65167E4B0140B54DA72A92D7C88](https://www.virustotal.com/gui/search/authentihash%253AC999EB66393506C8149C35C8A8CE87671895D65167E4B0140B54DA72A92D7C88) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/47601d49-9a7e-4402-b5e3-69bc03788afc.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/4814d421-23eb-4222-8cc1-aab6645981fb.md b/lolrmm.com/content/bootloaders/4814d421-23eb-4222-8cc1-aab6645981fb.md
new file mode 100644
index 00000000..631c050a
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/4814d421-23eb-4222-8cc1-aab6645981fb.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "4814d421-23eb-4222-8cc1-aab6645981fb"
+weight = 10
+displayTitle = "4814d421-23eb-4222-8cc1-aab6645981fb"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 4814d421-23eb-4222-8cc1-aab6645981fb ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by SUSE Linux and revoked Jul-20
+- **UUID**: 4814d421-23eb-4222-8cc1-aab6645981fb
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [103FE82E5F090184D8DB7A48801D1E503E3C6FC0726783E9A49A84F9FFD4C78A](https://www.virustotal.com/gui/file/103FE82E5F090184D8DB7A48801D1E503E3C6FC0726783E9A49A84F9FFD4C78A) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [9783B5EE4492E9E891C655F1F48035959DAD453C0E623AF0FE7BF2C0A57885E3](https://www.virustotal.com/gui/search/authentihash%253A9783B5EE4492E9E891C655F1F48035959DAD453C0E623AF0FE7BF2C0A57885E3) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/4814d421-23eb-4222-8cc1-aab6645981fb.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/4885e5bd-31eb-4f63-af7f-efff02e753ee.md b/lolrmm.com/content/bootloaders/4885e5bd-31eb-4f63-af7f-efff02e753ee.md
new file mode 100644
index 00000000..85a7808c
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/4885e5bd-31eb-4f63-af7f-efff02e753ee.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "4885e5bd-31eb-4f63-af7f-efff02e753ee"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 4885e5bd-31eb-4f63-af7f-efff02e753ee
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [53E9CF33ED9379862E5A5424E0C3FBE6D81D0D622368F773C81658F408A642E3](https://www.virustotal.com/gui/file/53E9CF33ED9379862E5A5424E0C3FBE6D81D0D622368F773C81658F408A642E3) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [92F858F6A02BD2014618B05D7759E34E7781B15C34C8814BA4C930B320F8DB09](https://www.virustotal.com/gui/search/authentihash%253A92F858F6A02BD2014618B05D7759E34E7781B15C34C8814BA4C930B320F8DB09) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/4885e5bd-31eb-4f63-af7f-efff02e753ee.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/48c8b841-9f1e-4557-ba59-91461142b90f.md b/lolrmm.com/content/bootloaders/48c8b841-9f1e-4557-ba59-91461142b90f.md
new file mode 100644
index 00000000..1773a423
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/48c8b841-9f1e-4557-ba59-91461142b90f.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "48c8b841-9f1e-4557-ba59-91461142b90f"
+weight = 10
+displayTitle = "48c8b841-9f1e-4557-ba59-91461142b90f"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 48c8b841-9f1e-4557-ba59-91461142b90f ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Unknown and revoked Jul-20
+- **UUID**: 48c8b841-9f1e-4557-ba59-91461142b90f
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [571B2AA6CA8EDF6479D3472814B8CDF34A0B8544939E5CE9F50261968E382B45](https://www.virustotal.com/gui/file/571B2AA6CA8EDF6479D3472814B8CDF34A0B8544939E5CE9F50261968E382B45) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [E800395DBE0E045781E8005178B4BAF5A257F06E159121A67C595F6AE22506FD](https://www.virustotal.com/gui/search/authentihash%253AE800395DBE0E045781E8005178B4BAF5A257F06E159121A67C595F6AE22506FD) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/48c8b841-9f1e-4557-ba59-91461142b90f.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/48d8feab-a988-4578-a65e-c6ba5f43ffac.md b/lolrmm.com/content/bootloaders/48d8feab-a988-4578-a65e-c6ba5f43ffac.md
new file mode 100644
index 00000000..01feb75d
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/48d8feab-a988-4578-a65e-c6ba5f43ffac.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "48d8feab-a988-4578-a65e-c6ba5f43ffac"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 48d8feab-a988-4578-a65e-c6ba5f43ffac
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [ABF6F968CF9ACDDC04BA5F287F857551CC9D3237CE402D527279930AB5F84894](https://www.virustotal.com/gui/file/ABF6F968CF9ACDDC04BA5F287F857551CC9D3237CE402D527279930AB5F84894) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [77CDCFC9644F8F80FF407CDE316AC235DDD1ADA9C3B6A5AA9544DB2D64B79FED](https://www.virustotal.com/gui/search/authentihash%253A77CDCFC9644F8F80FF407CDE316AC235DDD1ADA9C3B6A5AA9544DB2D64B79FED) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/48d8feab-a988-4578-a65e-c6ba5f43ffac.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/48eb1fa0-a607-4967-8faf-20dc68913367.md b/lolrmm.com/content/bootloaders/48eb1fa0-a607-4967-8faf-20dc68913367.md
new file mode 100644
index 00000000..fc16d85d
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/48eb1fa0-a607-4967-8faf-20dc68913367.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "48eb1fa0-a607-4967-8faf-20dc68913367"
+weight = 10
+displayTitle = "48eb1fa0-a607-4967-8faf-20dc68913367"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 48eb1fa0-a607-4967-8faf-20dc68913367 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by SUSE Linux and revoked Jul-20
+- **UUID**: 48eb1fa0-a607-4967-8faf-20dc68913367
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [7D092A6101832F2CF3F9DE42C66A9948751B05D3D4005FB9C0E8BDF9B8DAEC6B](https://www.virustotal.com/gui/file/7D092A6101832F2CF3F9DE42C66A9948751B05D3D4005FB9C0E8BDF9B8DAEC6B) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [82ACBA48D5236CCFF7659AFC14594DEE902BD6082EF1A30A0B9B508628CF34F4](https://www.virustotal.com/gui/search/authentihash%253A82ACBA48D5236CCFF7659AFC14594DEE902BD6082EF1A30A0B9B508628CF34F4) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/48eb1fa0-a607-4967-8faf-20dc68913367.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/4936b474-694a-4b6d-b023-1c868be1b2ff.md b/lolrmm.com/content/bootloaders/4936b474-694a-4b6d-b023-1c868be1b2ff.md
new file mode 100644
index 00000000..d75ed859
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/4936b474-694a-4b6d-b023-1c868be1b2ff.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "4936b474-694a-4b6d-b023-1c868be1b2ff"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 4936b474-694a-4b6d-b023-1c868be1b2ff
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8">Black Lotus Microsoft Windows 8</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [FDD173678810D9F9F887B428EB260CF42C837EACC41A11E89C08131E262E2C01](https://www.virustotal.com/gui/file/FDD173678810D9F9F887B428EB260CF42C837EACC41A11E89C08131E262E2C01) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [5E2BB7BC8B16E0B9DDFF75606668E69D76AF1219C17180EF0A5B9B383F00B995](https://www.virustotal.com/gui/search/authentihash%253A5E2BB7BC8B16E0B9DDFF75606668E69D76AF1219C17180EF0A5B9B383F00B995) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/4936b474-694a-4b6d-b023-1c868be1b2ff.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/495a811b-db1c-41f6-88db-36688933fcec.md b/lolrmm.com/content/bootloaders/495a811b-db1c-41f6-88db-36688933fcec.md
new file mode 100644
index 00000000..0f7c4f1e
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/495a811b-db1c-41f6-88db-36688933fcec.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "495a811b-db1c-41f6-88db-36688933fcec"
+weight = 10
+displayTitle = "495a811b-db1c-41f6-88db-36688933fcec"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 495a811b-db1c-41f6-88db-36688933fcec ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by SUSE Linux and revoked Jul-20
+- **UUID**: 495a811b-db1c-41f6-88db-36688933fcec
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [DF224EF3B05794CBCE084C11BAAF3D85F380A5213D9097E400D9FA42FC412933](https://www.virustotal.com/gui/file/DF224EF3B05794CBCE084C11BAAF3D85F380A5213D9097E400D9FA42FC412933) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [CB340011AFEB0D74C4A588B36EBAA441961608E8D2FA80DCA8C13872C850796B](https://www.virustotal.com/gui/search/authentihash%253ACB340011AFEB0D74C4A588B36EBAA441961608E8D2FA80DCA8C13872C850796B) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/495a811b-db1c-41f6-88db-36688933fcec.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/4a9f5a2f-87ca-4a7e-9a16-15d7e8a44c14.md b/lolrmm.com/content/bootloaders/4a9f5a2f-87ca-4a7e-9a16-15d7e8a44c14.md
new file mode 100644
index 00000000..62ea0ca8
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/4a9f5a2f-87ca-4a7e-9a16-15d7e8a44c14.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "4a9f5a2f-87ca-4a7e-9a16-15d7e8a44c14"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 4a9f5a2f-87ca-4a7e-9a16-15d7e8a44c14
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/e2f5112aec3a2bdc5f267c18f8a6c071.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [e2f5112aec3a2bdc5f267c18f8a6c071](https://www.virustotal.com/gui/file/e2f5112aec3a2bdc5f267c18f8a6c071) |
+| SHA1               | [513e0049089f66a29eb06adef56eb24f1689c24d](https://www.virustotal.com/gui/file/513e0049089f66a29eb06adef56eb24f1689c24d) |
+| SHA256             | [c643c3cc182443893728101f5303aaa05b08ec8616310546edc903635c692b5e](https://www.virustotal.com/gui/file/c643c3cc182443893728101f5303aaa05b08ec8616310546edc903635c692b5e) |
+| Authentihash MD5   | [a114f82ee953917e2718ad7f4765ab20](https://www.virustotal.com/gui/search/authentihash%253Aa114f82ee953917e2718ad7f4765ab20) |
+| Authentihash SHA1  | [5c145f3f55a53c1db47c568cd76eff5b0092e95b](https://www.virustotal.com/gui/search/authentihash%253A5c145f3f55a53c1db47c568cd76eff5b0092e95b) |
+| Authentihash SHA256| [f0b3d0d4c5457880e2d9b7728eb64bd288b5d4a26ec883f3c0941d8af29d9466](https://www.virustotal.com/gui/search/authentihash%253Af0b3d0d4c5457880e2d9b7728eb64bd288b5d4a26ec883f3c0941d8af29d9466) |
+| RichPEHeaderHash MD5   | [a02554021493291650ba1e2951aef07f](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Aa02554021493291650ba1e2951aef07f) |
+| RichPEHeaderHash SHA1  | [3cb0d2f0d1a2046caf0027cfd995294a09eeda72](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3cb0d2f0d1a2046caf0027cfd995294a09eeda72) |
+| RichPEHeaderHash SHA256| [3089fe7fa4527043c200fafe2a7272e48a1f7c54725a623f22d12f2cdbb48350](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3089fe7fa4527043c200fafe2a7272e48a1f7c54725a623f22d12f2cdbb48350) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000004ea1d80770a9bbe94400000000004e
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 9da610547a25cbe89af7ecdb99229623  |
+| ToBeSigned (TBS) SHA1             | 6841cbcbd019586d045c2e9d6d0bc3a98fee3bf7 |
+| ToBeSigned (TBS) SHA256           | 1cfead8146399a4dfe6759e9303c30c521cff3830e7177e87e64021dc3da4931 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2014-07-01 20:32:01 |
+| ValidTo                           | 2015-10-01 20:32:01 |
+| Signature                         | 8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000004ea1d80770a9bbe94400000000004e |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+      "Signature": "8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "9da610547a25cbe89af7ecdb99229623",
+        "SHA1": "6841cbcbd019586d045c2e9d6d0bc3a98fee3bf7",
+        "SHA256": "1cfead8146399a4dfe6759e9303c30c521cff3830e7177e87e64021dc3da4931"
+      },
+      "ValidFrom": "2014-07-01 20:32:01",
+      "ValidTo": "2015-10-01 20:32:01",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/4a9f5a2f-87ca-4a7e-9a16-15d7e8a44c14.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/4b37df07-e561-4581-977f-6eb984d0afbf.md b/lolrmm.com/content/bootloaders/4b37df07-e561-4581-977f-6eb984d0afbf.md
new file mode 100644
index 00000000..5ffc7758
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/4b37df07-e561-4581-977f-6eb984d0afbf.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "4b37df07-e561-4581-977f-6eb984d0afbf"
+weight = 10
+displayTitle = "rhel-7.9-shim-20200726-shim64-bit.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# rhel-7.9-shim-20200726-shim64-bit.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Red Hat, Inc. and revoked Apr-21
+- **UUID**: 4b37df07-e561-4581-977f-6eb984d0afbf
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\rhel-7.9-shim-20200726-shim64-bit.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372">CVE-2020-14372</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632">CVE-2020-25632</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647">CVE-2020-25647</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749">CVE-2020-27749</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779">CVE-2020-27779</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3418">CVE-2021-3418</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225">CVE-2021-20225</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233">CVE-2021-20233</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | rhel-7.9-shim-20200726-shim64-bit.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [BD8020CC80D5F842DDFD5AC110C189707A83E85415EEA3386884ABDCFD7F3135](https://www.virustotal.com/gui/file/BD8020CC80D5F842DDFD5AC110C189707A83E85415EEA3386884ABDCFD7F3135) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [99D7ADA0D67E5233108DBD76702F4B168087CFC4EC65494D6CA8ABA858FEBADA](https://www.virustotal.com/gui/search/authentihash%253A99D7ADA0D67E5233108DBD76702F4B168087CFC4EC65494D6CA8ABA858FEBADA) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/4b37df07-e561-4581-977f-6eb984d0afbf.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/4c768cdf-df02-45b1-9342-63389224b997.md b/lolrmm.com/content/bootloaders/4c768cdf-df02-45b1-9342-63389224b997.md
new file mode 100644
index 00000000..d4a0e6d9
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/4c768cdf-df02-45b1-9342-63389224b997.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "4c768cdf-df02-45b1-9342-63389224b997"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 4c768cdf-df02-45b1-9342-63389224b997
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [593148805FC70C5FBE0299A185DD367DF00A8E7AA95242C90C6567A73C1CD259](https://www.virustotal.com/gui/file/593148805FC70C5FBE0299A185DD367DF00A8E7AA95242C90C6567A73C1CD259) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [7B94F0505F37B19B432ABA08BE2E3E003038C02CEB531E169D460DB60C351649](https://www.virustotal.com/gui/search/authentihash%253A7B94F0505F37B19B432ABA08BE2E3E003038C02CEB531E169D460DB60C351649) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/4c768cdf-df02-45b1-9342-63389224b997.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/4c9eca9d-f738-4fde-99da-f5f1536910f5.md b/lolrmm.com/content/bootloaders/4c9eca9d-f738-4fde-99da-f5f1536910f5.md
new file mode 100644
index 00000000..53af93c7
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/4c9eca9d-f738-4fde-99da-f5f1536910f5.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "4c9eca9d-f738-4fde-99da-f5f1536910f5"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 4c9eca9d-f738-4fde-99da-f5f1536910f5
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [399BDFB85E5A072F763B3692AC5B34FDB00D7C5DA4180219E99A2E0693D72B39](https://www.virustotal.com/gui/file/399BDFB85E5A072F763B3692AC5B34FDB00D7C5DA4180219E99A2E0693D72B39) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [A330FDE65C067A5F0B75C80D0A300767C301EB75E0CF9B4EE240F0D60B3DC503](https://www.virustotal.com/gui/search/authentihash%253AA330FDE65C067A5F0B75C80D0A300767C301EB75E0CF9B4EE240F0D60B3DC503) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/4c9eca9d-f738-4fde-99da-f5f1536910f5.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/4cc6cdc2-6f4e-4b25-b3a2-383174f52460.md b/lolrmm.com/content/bootloaders/4cc6cdc2-6f4e-4b25-b3a2-383174f52460.md
new file mode 100644
index 00000000..1d6b3ff2
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/4cc6cdc2-6f4e-4b25-b3a2-383174f52460.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "4cc6cdc2-6f4e-4b25-b3a2-383174f52460"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 4cc6cdc2-6f4e-4b25-b3a2-383174f52460
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8">Black Lotus Microsoft Windows 8</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [24C0732D77F6BC85BE8A6CA9B0FA3BA8611F950CA4E0194E972E59A433DC05C6](https://www.virustotal.com/gui/file/24C0732D77F6BC85BE8A6CA9B0FA3BA8611F950CA4E0194E972E59A433DC05C6) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [9AF92541E63EACBC5784BB44DB66F9B60726174F4EC178C6CE32EAF647EEBCA2](https://www.virustotal.com/gui/search/authentihash%253A9AF92541E63EACBC5784BB44DB66F9B60726174F4EC178C6CE32EAF647EEBCA2) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/4cc6cdc2-6f4e-4b25-b3a2-383174f52460.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/4d2c43e5-7a66-4890-93c7-3f9ce734f78e.md b/lolrmm.com/content/bootloaders/4d2c43e5-7a66-4890-93c7-3f9ce734f78e.md
new file mode 100644
index 00000000..86f1d65f
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/4d2c43e5-7a66-4890-93c7-3f9ce734f78e.md
@@ -0,0 +1,241 @@
++++
+
+description = ""
+title = "4d2c43e5-7a66-4890-93c7-3f9ce734f78e"
+weight = 10
+displayTitle = "bootx64.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootx64.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Blancco Technology Group and revoked Jul-20
+- **UUID**: 4d2c43e5-7a66-4890-93c7-3f9ce734f78e
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/22534ca115844f647fd2698572201490.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootx64.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootx64.efi |
+| MD5                | [22534ca115844f647fd2698572201490](https://www.virustotal.com/gui/file/22534ca115844f647fd2698572201490) |
+| SHA1               | [7a21dd6f0289ca16c6f2a46cd37a965721f07518](https://www.virustotal.com/gui/file/7a21dd6f0289ca16c6f2a46cd37a965721f07518) |
+| SHA256             | [24d6b301a1268ba8b373275981538855205eb0115609800f2b5b95377483b108](https://www.virustotal.com/gui/file/24d6b301a1268ba8b373275981538855205eb0115609800f2b5b95377483b108) |
+| Authentihash MD5   | [757b01c0eb9ed075c6e93d2fac4b0e4e](https://www.virustotal.com/gui/search/authentihash%253A757b01c0eb9ed075c6e93d2fac4b0e4e) |
+| Authentihash SHA1  | [948d8090a1f360db50a84f3cab750f95d76044b6](https://www.virustotal.com/gui/search/authentihash%253A948d8090a1f360db50a84f3cab750f95d76044b6) |
+| Authentihash SHA256| [5b248e913d71853d3da5aedd8d9a4bc57a917126573817fb5fcb2d86a2f1c886](https://www.virustotal.com/gui/search/authentihash%253A5b248e913d71853d3da5aedd8d9a4bc57a917126573817fb5fcb2d86a2f1c886) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000002530b3d3726ee3f72f000100000025
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | a5052527524f4998a7bd87f396196fe8  |
+| ToBeSigned (TBS) SHA1             | 2374a3e4f0499d106f0e4d71a22f7b0e709847c0 |
+| ToBeSigned (TBS) SHA256           | f5b4992e0bd1b102ae9d5aeec4bd213f5dd042bd27b9a345ad336d2dda10a138 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher |
+| ValidFrom                         | 2017-08-11 20:20:00 |
+| ValidTo                           | 2018-08-11 20:20:00 |
+| Signature                         | 6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000002530b3d3726ee3f72f000100000025 |
+| Version                           | 3 |
+###### Certificate 6108d3c4000000000004
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 1f23e75a000f0b6db92650dc26ac98e1  |
+| ToBeSigned (TBS) SHA1             | bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d |
+| ToBeSigned (TBS) SHA256           | 9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011 |
+| ValidFrom                         | 2011-06-27 21:22:45 |
+| ValidTo                           | 2026-06-27 21:32:45 |
+| Signature                         | 350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 6108d3c4000000000004 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+      "Signature": "6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+      "TBS": {
+        "MD5": "a5052527524f4998a7bd87f396196fe8",
+        "SHA1": "2374a3e4f0499d106f0e4d71a22f7b0e709847c0",
+        "SHA256": "f5b4992e0bd1b102ae9d5aeec4bd213f5dd042bd27b9a345ad336d2dda10a138"
+      },
+      "ValidFrom": "2017-08-11 20:20:00",
+      "ValidTo": "2018-08-11 20:20:00",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "6108d3c4000000000004",
+      "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "TBS": {
+        "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+        "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+        "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+      },
+      "ValidFrom": "2011-06-27 21:22:45",
+      "ValidTo": "2026-06-27 21:32:45",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/4d2c43e5-7a66-4890-93c7-3f9ce734f78e.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/4d31cfeb-3005-497a-b566-7062066398ab.md b/lolrmm.com/content/bootloaders/4d31cfeb-3005-497a-b566-7062066398ab.md
new file mode 100644
index 00000000..e5f83a5a
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/4d31cfeb-3005-497a-b566-7062066398ab.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "4d31cfeb-3005-497a-b566-7062066398ab"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 4d31cfeb-3005-497a-b566-7062066398ab
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/02e7a063eae0c4b80a6793fd63bac013.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8">Black Lotus Microsoft Windows 8</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [02e7a063eae0c4b80a6793fd63bac013](https://www.virustotal.com/gui/file/02e7a063eae0c4b80a6793fd63bac013) |
+| SHA1               | [c7a420758542a22c9db7c9f75a4709ac53ec8da2](https://www.virustotal.com/gui/file/c7a420758542a22c9db7c9f75a4709ac53ec8da2) |
+| SHA256             | [9da10b25786d8db0167fd66c051f7e2655781bb561b99584312b439a32be4c32](https://www.virustotal.com/gui/file/9da10b25786d8db0167fd66c051f7e2655781bb561b99584312b439a32be4c32) |
+| Authentihash MD5   | [cb9d3c514e9a2a200235c093312630ca](https://www.virustotal.com/gui/search/authentihash%253Acb9d3c514e9a2a200235c093312630ca) |
+| Authentihash SHA1  | [3779679707ac8e825d6195b8106efe77ce33bfc8](https://www.virustotal.com/gui/search/authentihash%253A3779679707ac8e825d6195b8106efe77ce33bfc8) |
+| Authentihash SHA256| [ce8c44e185faaa03959cf23229607854ef7e316ed0773d66d7be5e0a48061de5](https://www.virustotal.com/gui/search/authentihash%253Ace8c44e185faaa03959cf23229607854ef7e316ed0773d66d7be5e0a48061de5) |
+| RichPEHeaderHash MD5   | [fa6462badb7aa537a9d3ecf604e9fbd7](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Afa6462badb7aa537a9d3ecf604e9fbd7) |
+| RichPEHeaderHash SHA1  | [caefdafc6f3620830b306d429c83bb077f6bdaa4](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Acaefdafc6f3620830b306d429c83bb077f6bdaa4) |
+| RichPEHeaderHash SHA256| [4689fe3d6e35db99759219db2adef6cefa62105e8b636c0c5bd2a6bec395e471](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A4689fe3d6e35db99759219db2adef6cefa62105e8b636c0c5bd2a6bec395e471) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 610bbbd8000000000005
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 158438012e4dcd69b27b762c9358cfa2  |
+| ToBeSigned (TBS) SHA1             | 684ac167849404a4101f166b759f291a43d5f749 |
+| ToBeSigned (TBS) SHA256           | 95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2012-04-09 20:55:50 |
+| ValidTo                           | 2013-07-09 20:55:50 |
+| Signature                         | c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 610bbbd8000000000005 |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "610bbbd8000000000005",
+      "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "158438012e4dcd69b27b762c9358cfa2",
+        "SHA1": "684ac167849404a4101f166b759f291a43d5f749",
+        "SHA256": "95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c"
+      },
+      "ValidFrom": "2012-04-09 20:55:50",
+      "ValidTo": "2013-07-09 20:55:50",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "610bbbd8000000000005",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/4d31cfeb-3005-497a-b566-7062066398ab.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/4e4ca92c-52eb-4289-a935-f6ec64b79e3a.md b/lolrmm.com/content/bootloaders/4e4ca92c-52eb-4289-a935-f6ec64b79e3a.md
new file mode 100644
index 00000000..52ab29fe
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/4e4ca92c-52eb-4289-a935-f6ec64b79e3a.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "4e4ca92c-52eb-4289-a935-f6ec64b79e3a"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 4e4ca92c-52eb-4289-a935-f6ec64b79e3a
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [DA9C62E148457AFB0629FAB0C2D58623F9AC35A9A95EF23388ECFE85451C60C0](https://www.virustotal.com/gui/file/DA9C62E148457AFB0629FAB0C2D58623F9AC35A9A95EF23388ECFE85451C60C0) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [326967C7FFC1B86DB8B32B0570E88A89CC1534CFCF300B98C077E473F9B18FA1](https://www.virustotal.com/gui/search/authentihash%253A326967C7FFC1B86DB8B32B0570E88A89CC1534CFCF300B98C077E473F9B18FA1) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/4e4ca92c-52eb-4289-a935-f6ec64b79e3a.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/4e6a6f59-083f-4829-baa5-0c388a9a7634.md b/lolrmm.com/content/bootloaders/4e6a6f59-083f-4829-baa5-0c388a9a7634.md
new file mode 100644
index 00000000..33f414dc
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/4e6a6f59-083f-4829-baa5-0c388a9a7634.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "4e6a6f59-083f-4829-baa5-0c388a9a7634"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 4e6a6f59-083f-4829-baa5-0c388a9a7634
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [5ED5BD6952F8E520D74AA3001BC587493AFB6D628C0A3BF80875676C63F07B75](https://www.virustotal.com/gui/file/5ED5BD6952F8E520D74AA3001BC587493AFB6D628C0A3BF80875676C63F07B75) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [6078C0FA37D9D35DADAC7AD90E90A3A95C44985A3D305BD22A5D838ED45491EE](https://www.virustotal.com/gui/search/authentihash%253A6078C0FA37D9D35DADAC7AD90E90A3A95C44985A3D305BD22A5D838ED45491EE) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/4e6a6f59-083f-4829-baa5-0c388a9a7634.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/4e70304f-ec00-41a5-b542-69701b5df29b.md b/lolrmm.com/content/bootloaders/4e70304f-ec00-41a5-b542-69701b5df29b.md
new file mode 100644
index 00000000..7ea469c5
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/4e70304f-ec00-41a5-b542-69701b5df29b.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "4e70304f-ec00-41a5-b542-69701b5df29b"
+weight = 10
+displayTitle = "bootx64.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootx64.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 4e70304f-ec00-41a5-b542-69701b5df29b
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootx64.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootx64.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [A6E8C6906E4845A30A036FB669BA82146E334908706778AC569DF45CBF8637F7](https://www.virustotal.com/gui/file/A6E8C6906E4845A30A036FB669BA82146E334908706778AC569DF45CBF8637F7) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [8806CF0C7BD5DF7E01D120F56734113BE916E183755577BD48026C25DB268680](https://www.virustotal.com/gui/search/authentihash%253A8806CF0C7BD5DF7E01D120F56734113BE916E183755577BD48026C25DB268680) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/4e70304f-ec00-41a5-b542-69701b5df29b.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/4f2db5df-2730-4e9e-aa70-51029d2540d1.md b/lolrmm.com/content/bootloaders/4f2db5df-2730-4e9e-aa70-51029d2540d1.md
new file mode 100644
index 00000000..fb84d73f
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/4f2db5df-2730-4e9e-aa70-51029d2540d1.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "4f2db5df-2730-4e9e-aa70-51029d2540d1"
+weight = 10
+displayTitle = "4f2db5df-2730-4e9e-aa70-51029d2540d1"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 4f2db5df-2730-4e9e-aa70-51029d2540d1 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Intel Corporation and revoked Jul-20
+- **UUID**: 4f2db5df-2730-4e9e-aa70-51029d2540d1
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [55A3628537C4FBDA0FA7D27001EB2DFCDC515D8A48649715A31E1D0065A7DA35](https://www.virustotal.com/gui/file/55A3628537C4FBDA0FA7D27001EB2DFCDC515D8A48649715A31E1D0065A7DA35) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [2DCF8E8D817023D1E8E1451A3D68D6EC30D9BED94CBCB87F19DDC1CC0116AC1A](https://www.virustotal.com/gui/search/authentihash%253A2DCF8E8D817023D1E8E1451A3D68D6EC30D9BED94CBCB87F19DDC1CC0116AC1A) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/4f2db5df-2730-4e9e-aa70-51029d2540d1.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/4f434341-9305-4574-9289-5bd1370108c7.md b/lolrmm.com/content/bootloaders/4f434341-9305-4574-9289-5bd1370108c7.md
new file mode 100644
index 00000000..35fd7088
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/4f434341-9305-4574-9289-5bd1370108c7.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "4f434341-9305-4574-9289-5bd1370108c7"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 4f434341-9305-4574-9289-5bd1370108c7
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8">Black Lotus Microsoft Windows 8</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [854AD42E44FBE19122072E177080C2AA9F729BFDE223FA6EA98BE1490BB9A4C0](https://www.virustotal.com/gui/file/854AD42E44FBE19122072E177080C2AA9F729BFDE223FA6EA98BE1490BB9A4C0) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [399F9DA6CF5A87839637B55F62BB2CC6A93FA5AF7FE7AD76B4AF0FB320C98127](https://www.virustotal.com/gui/search/authentihash%253A399F9DA6CF5A87839637B55F62BB2CC6A93FA5AF7FE7AD76B4AF0FB320C98127) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/4f434341-9305-4574-9289-5bd1370108c7.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/4feb177a-ce68-4853-9874-5b834a0b9cb6.md b/lolrmm.com/content/bootloaders/4feb177a-ce68-4853-9874-5b834a0b9cb6.md
new file mode 100644
index 00000000..c63fba83
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/4feb177a-ce68-4853-9874-5b834a0b9cb6.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "4feb177a-ce68-4853-9874-5b834a0b9cb6"
+weight = 10
+displayTitle = "shim64-bit.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# shim64-bit.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Oracle America, Inc. and revoked Apr-21
+- **UUID**: 4feb177a-ce68-4853-9874-5b834a0b9cb6
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\shim64-bit.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372">CVE-2020-14372</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632">CVE-2020-25632</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647">CVE-2020-25647</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749">CVE-2020-27749</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779">CVE-2020-27779</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3418">CVE-2021-3418</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225">CVE-2021-20225</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233">CVE-2021-20233</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | shim64-bit.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [3898A72298BBF39E2E9B268DA9661B47B6AC5C160518089E27BF8DF25B77D584](https://www.virustotal.com/gui/file/3898A72298BBF39E2E9B268DA9661B47B6AC5C160518089E27BF8DF25B77D584) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [BDD4086C019F5D388453C6D93475D39A576572BAFF75612C321B46A35A5329B1](https://www.virustotal.com/gui/search/authentihash%253ABDD4086C019F5D388453C6D93475D39A576572BAFF75612C321B46A35A5329B1) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/4feb177a-ce68-4853-9874-5b834a0b9cb6.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/513ff7cf-418a-4405-9020-8044f5ce24cd.md b/lolrmm.com/content/bootloaders/513ff7cf-418a-4405-9020-8044f5ce24cd.md
new file mode 100644
index 00000000..8bae41e5
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/513ff7cf-418a-4405-9020-8044f5ce24cd.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "513ff7cf-418a-4405-9020-8044f5ce24cd"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 513ff7cf-418a-4405-9020-8044f5ce24cd
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8">Black Lotus Microsoft Windows 8</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [4489FA289C24EC5745E69F476FEBB3FA0103501D95349E795BE481E678429DDE](https://www.virustotal.com/gui/file/4489FA289C24EC5745E69F476FEBB3FA0103501D95349E795BE481E678429DDE) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [E11BDBFBAC4736918C497798D6ED018F529726A6B1894BE0658D1B9519538B22](https://www.virustotal.com/gui/search/authentihash%253AE11BDBFBAC4736918C497798D6ED018F529726A6B1894BE0658D1B9519538B22) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/513ff7cf-418a-4405-9020-8044f5ce24cd.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/518b78e7-eeb3-43b0-a377-acfa0e831ce0.md b/lolrmm.com/content/bootloaders/518b78e7-eeb3-43b0-a377-acfa0e831ce0.md
new file mode 100644
index 00000000..20a59449
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/518b78e7-eeb3-43b0-a377-acfa0e831ce0.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "518b78e7-eeb3-43b0-a377-acfa0e831ce0"
+weight = 10
+displayTitle = "518b78e7-eeb3-43b0-a377-acfa0e831ce0"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 518b78e7-eeb3-43b0-a377-acfa0e831ce0 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Intel Corporation and revoked Jul-20
+- **UUID**: 518b78e7-eeb3-43b0-a377-acfa0e831ce0
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [5875DB0835E08A9189F23833B21774FDD1C4C3BD4C5D3459471A49B85CFFD1E1](https://www.virustotal.com/gui/file/5875DB0835E08A9189F23833B21774FDD1C4C3BD4C5D3459471A49B85CFFD1E1) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [5D1E9ACBBB4A7D024B6852DF025970E2CED66FF622EE019CD0ED7FD841CCAD02](https://www.virustotal.com/gui/search/authentihash%253A5D1E9ACBBB4A7D024B6852DF025970E2CED66FF622EE019CD0ED7FD841CCAD02) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/518b78e7-eeb3-43b0-a377-acfa0e831ce0.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/51d3afbe-d378-492d-86fc-3afcf9396417.md b/lolrmm.com/content/bootloaders/51d3afbe-d378-492d-86fc-3afcf9396417.md
new file mode 100644
index 00000000..ef47e769
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/51d3afbe-d378-492d-86fc-3afcf9396417.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "51d3afbe-d378-492d-86fc-3afcf9396417"
+weight = 10
+displayTitle = "51d3afbe-d378-492d-86fc-3afcf9396417"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 51d3afbe-d378-492d-86fc-3afcf9396417 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Now Computing LLC and revoked Jul-20
+- **UUID**: 51d3afbe-d378-492d-86fc-3afcf9396417
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [0FB12613BC1D4AB6FBB256574EBA9347AE3A87F96E4A3C259028B55CDE1D8053](https://www.virustotal.com/gui/file/0FB12613BC1D4AB6FBB256574EBA9347AE3A87F96E4A3C259028B55CDE1D8053) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [BC75F910FF320F5CB5999E66BBD4034F4AE537A42FDFEF35161C5348E366E216](https://www.virustotal.com/gui/search/authentihash%253ABC75F910FF320F5CB5999E66BBD4034F4AE537A42FDFEF35161C5348E366E216) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/51d3afbe-d378-492d-86fc-3afcf9396417.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/51f20c00-6e15-4b45-852a-8f62e6f55436.md b/lolrmm.com/content/bootloaders/51f20c00-6e15-4b45-852a-8f62e6f55436.md
new file mode 100644
index 00000000..5436cc60
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/51f20c00-6e15-4b45-852a-8f62e6f55436.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "51f20c00-6e15-4b45-852a-8f62e6f55436"
+weight = 10
+displayTitle = "shim-0~20120906.bcd0a4e8-0ubuntu4/shim64-bit.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# shim-0~20120906.bcd0a4e8-0ubuntu4/shim64-bit.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Canonical Ltd and revoked Apr-21
+- **UUID**: 51f20c00-6e15-4b45-852a-8f62e6f55436
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\shim-0~20120906.bcd0a4e8-0ubuntu4/shim64-bit.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372">CVE-2020-14372</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632">CVE-2020-25632</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647">CVE-2020-25647</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749">CVE-2020-27749</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779">CVE-2020-27779</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3418">CVE-2021-3418</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225">CVE-2021-20225</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233">CVE-2021-20233</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | shim-0~20120906.bcd0a4e8-0ubuntu4/shim64-bit.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [DD33B966BE5F3882EED189E583AA4CA4D28E74B356DDEFFA164234DD7E89ABCA](https://www.virustotal.com/gui/file/DD33B966BE5F3882EED189E583AA4CA4D28E74B356DDEFFA164234DD7E89ABCA) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [23142E14424FB3FF4EFC75D00B63867727841ABA5005149070EE2417DF8AB799](https://www.virustotal.com/gui/search/authentihash%253A23142E14424FB3FF4EFC75D00B63867727841ABA5005149070EE2417DF8AB799) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/51f20c00-6e15-4b45-852a-8f62e6f55436.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/52a629bd-deb4-4e92-aa7c-3e4c301a086a.md b/lolrmm.com/content/bootloaders/52a629bd-deb4-4e92-aa7c-3e4c301a086a.md
new file mode 100644
index 00000000..32f4454f
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/52a629bd-deb4-4e92-aa7c-3e4c301a086a.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "52a629bd-deb4-4e92-aa7c-3e4c301a086a"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 52a629bd-deb4-4e92-aa7c-3e4c301a086a
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/ec46eab41a4c2ffd8c352d6e0dea430b.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [ec46eab41a4c2ffd8c352d6e0dea430b](https://www.virustotal.com/gui/file/ec46eab41a4c2ffd8c352d6e0dea430b) |
+| SHA1               | [5b65a8b1427f80e9c997bbad4e66dd36742314f7](https://www.virustotal.com/gui/file/5b65a8b1427f80e9c997bbad4e66dd36742314f7) |
+| SHA256             | [e0df7ce01e42a61228f4005fcdb9c42675ff7280a0be9ec1c32ad9d5e0493f10](https://www.virustotal.com/gui/file/e0df7ce01e42a61228f4005fcdb9c42675ff7280a0be9ec1c32ad9d5e0493f10) |
+| Authentihash MD5   | [00a62b0feb53c1c76e1e5246aab69123](https://www.virustotal.com/gui/search/authentihash%253A00a62b0feb53c1c76e1e5246aab69123) |
+| Authentihash SHA1  | [4654356766b9e062ffd65fd26bf3d0916430881c](https://www.virustotal.com/gui/search/authentihash%253A4654356766b9e062ffd65fd26bf3d0916430881c) |
+| Authentihash SHA256| [d87817f76309b1e420547808cb573aea0c8e7de14123793a42388582184286b7](https://www.virustotal.com/gui/search/authentihash%253Ad87817f76309b1e420547808cb573aea0c8e7de14123793a42388582184286b7) |
+| RichPEHeaderHash MD5   | [2777dfee3c799f841a25c53df5d11e39](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2777dfee3c799f841a25c53df5d11e39) |
+| RichPEHeaderHash SHA1  | [6a4457a8f18e185baf0a0352666728176d377faf](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A6a4457a8f18e185baf0a0352666728176d377faf) |
+| RichPEHeaderHash SHA256| [1ae942cee9560dc7ed300190c7efbe6312d44ec378914f3c09554d816a51b45e](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A1ae942cee9560dc7ed300190c7efbe6312d44ec378914f3c09554d816a51b45e) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000004ea1d80770a9bbe94400000000004e
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 9da610547a25cbe89af7ecdb99229623  |
+| ToBeSigned (TBS) SHA1             | 6841cbcbd019586d045c2e9d6d0bc3a98fee3bf7 |
+| ToBeSigned (TBS) SHA256           | 1cfead8146399a4dfe6759e9303c30c521cff3830e7177e87e64021dc3da4931 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2014-07-01 20:32:01 |
+| ValidTo                           | 2015-10-01 20:32:01 |
+| Signature                         | 8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000004ea1d80770a9bbe94400000000004e |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+      "Signature": "8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "9da610547a25cbe89af7ecdb99229623",
+        "SHA1": "6841cbcbd019586d045c2e9d6d0bc3a98fee3bf7",
+        "SHA256": "1cfead8146399a4dfe6759e9303c30c521cff3830e7177e87e64021dc3da4931"
+      },
+      "ValidFrom": "2014-07-01 20:32:01",
+      "ValidTo": "2015-10-01 20:32:01",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/52a629bd-deb4-4e92-aa7c-3e4c301a086a.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/52d2d179-addb-4556-a244-d085e0aefad2.md b/lolrmm.com/content/bootloaders/52d2d179-addb-4556-a244-d085e0aefad2.md
new file mode 100644
index 00000000..2d8efca9
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/52d2d179-addb-4556-a244-d085e0aefad2.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "52d2d179-addb-4556-a244-d085e0aefad2"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 52d2d179-addb-4556-a244-d085e0aefad2
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8">Black Lotus Microsoft Windows 8</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [EA21E2A1F1779F77C35060CD8690D2E74116C4402DD10B6F8260DB2D00B4A9E5](https://www.virustotal.com/gui/file/EA21E2A1F1779F77C35060CD8690D2E74116C4402DD10B6F8260DB2D00B4A9E5) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [941A51239ED416A788B5059DD647631B16E506C8F6AD87B1D5F3B8C97199A160](https://www.virustotal.com/gui/search/authentihash%253A941A51239ED416A788B5059DD647631B16E506C8F6AD87B1D5F3B8C97199A160) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/52d2d179-addb-4556-a244-d085e0aefad2.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/52f8c789-bc20-45cd-a1b6-8a564b18fff6.md b/lolrmm.com/content/bootloaders/52f8c789-bc20-45cd-a1b6-8a564b18fff6.md
new file mode 100644
index 00000000..9f4a7e06
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/52f8c789-bc20-45cd-a1b6-8a564b18fff6.md
@@ -0,0 +1,241 @@
++++
+
+description = ""
+title = "52f8c789-bc20-45cd-a1b6-8a564b18fff6"
+weight = 10
+displayTitle = "BOOTX64.EFI"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# BOOTX64.EFI ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Red Hat Inc. and revoked Jul-20
+- **UUID**: 52f8c789-bc20-45cd-a1b6-8a564b18fff6
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/6d83b980fd7541fbe793a891b95d5621.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\BOOTX64.EFI } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | BOOTX64.EFI |
+| MD5                | [6d83b980fd7541fbe793a891b95d5621](https://www.virustotal.com/gui/file/6d83b980fd7541fbe793a891b95d5621) |
+| SHA1               | [224b166130e25c00ac9a6c33d7816acc6b98cde5](https://www.virustotal.com/gui/file/224b166130e25c00ac9a6c33d7816acc6b98cde5) |
+| SHA256             | [d57f40a0e9018765cd79393a0d57d8e6d6d880d93b95fa57cedbda5a0b4a1ae3](https://www.virustotal.com/gui/file/d57f40a0e9018765cd79393a0d57d8e6d6d880d93b95fa57cedbda5a0b4a1ae3) |
+| Authentihash MD5   | [5557985ad6236a2e6f4dc5efcb052bd7](https://www.virustotal.com/gui/search/authentihash%253A5557985ad6236a2e6f4dc5efcb052bd7) |
+| Authentihash SHA1  | [36f2525fb6ae3fed1191d10ae9b4a524fe5914e1](https://www.virustotal.com/gui/search/authentihash%253A36f2525fb6ae3fed1191d10ae9b4a524fe5914e1) |
+| Authentihash SHA256| [6efefe0b5b01478b7b944c10d3a8aca2cca4208888e2059f8a06cb5824d7bab0](https://www.virustotal.com/gui/search/authentihash%253A6efefe0b5b01478b7b944c10d3a8aca2cca4208888e2059f8a06cb5824d7bab0) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000001e0d8474951a966ce400010000001e
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | b6f099bf203668f11a8f79ab08792ed8  |
+| ToBeSigned (TBS) SHA1             | 4713755a345940554eada6042e90b0151591fad6 |
+| ToBeSigned (TBS) SHA256           | 62a02001fda2712f35e5ba5f619a6403b6a2c10570eab455fdc69455535f49bb |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher |
+| ValidFrom                         | 2016-11-17 22:05:37 |
+| ValidTo                           | 2018-02-17 22:05:37 |
+| Signature                         | 0141873b6d85a37b5ac2a306448d73b6be76f7682ad14efef7ce4b377f0f7a5fbefd76377d59dc2caccd28d1be3eb180a8b66ab19a853bd14c7d5e955e8f07bc2ee0686ac3a2c9e997bd9f58de6dc9b93900c6b7824f64bf415ac51ebaa3dcfe8ad4fc2a41ad95b372c421c4f87835a59867c244e1c8df142abc4b23579f57431565eb8de6a7a0318b2fd17f93876a335c9450d2531f6a877baf43a569f83703a68e49987ca3c6dd42a595827f5be49151d3b79ea262e38ef5b37bda5b1be3462baa6ccb313193cdba21ea3cb1e9bbc751a769f354d63a0d1de3158c67d47b765b92d580ed5f1f1cdb5f61774c4b66c7deb15f4c71d605106064f33a17d31ca6 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000001e0d8474951a966ce400010000001e |
+| Version                           | 3 |
+###### Certificate 6108d3c4000000000004
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 1f23e75a000f0b6db92650dc26ac98e1  |
+| ToBeSigned (TBS) SHA1             | bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d |
+| ToBeSigned (TBS) SHA256           | 9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011 |
+| ValidFrom                         | 2011-06-27 21:22:45 |
+| ValidTo                           | 2026-06-27 21:32:45 |
+| Signature                         | 350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 6108d3c4000000000004 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000001e0d8474951a966ce400010000001e",
+      "Signature": "0141873b6d85a37b5ac2a306448d73b6be76f7682ad14efef7ce4b377f0f7a5fbefd76377d59dc2caccd28d1be3eb180a8b66ab19a853bd14c7d5e955e8f07bc2ee0686ac3a2c9e997bd9f58de6dc9b93900c6b7824f64bf415ac51ebaa3dcfe8ad4fc2a41ad95b372c421c4f87835a59867c244e1c8df142abc4b23579f57431565eb8de6a7a0318b2fd17f93876a335c9450d2531f6a877baf43a569f83703a68e49987ca3c6dd42a595827f5be49151d3b79ea262e38ef5b37bda5b1be3462baa6ccb313193cdba21ea3cb1e9bbc751a769f354d63a0d1de3158c67d47b765b92d580ed5f1f1cdb5f61774c4b66c7deb15f4c71d605106064f33a17d31ca6",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+      "TBS": {
+        "MD5": "b6f099bf203668f11a8f79ab08792ed8",
+        "SHA1": "4713755a345940554eada6042e90b0151591fad6",
+        "SHA256": "62a02001fda2712f35e5ba5f619a6403b6a2c10570eab455fdc69455535f49bb"
+      },
+      "ValidFrom": "2016-11-17 22:05:37",
+      "ValidTo": "2018-02-17 22:05:37",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "6108d3c4000000000004",
+      "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "TBS": {
+        "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+        "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+        "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+      },
+      "ValidFrom": "2011-06-27 21:22:45",
+      "ValidTo": "2026-06-27 21:32:45",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "SerialNumber": "330000001e0d8474951a966ce400010000001e",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/52f8c789-bc20-45cd-a1b6-8a564b18fff6.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/530ab1a9-d9a6-4f01-986a-5b69c99400b4.md b/lolrmm.com/content/bootloaders/530ab1a9-d9a6-4f01-986a-5b69c99400b4.md
new file mode 100644
index 00000000..697dc9f1
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/530ab1a9-d9a6-4f01-986a-5b69c99400b4.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "530ab1a9-d9a6-4f01-986a-5b69c99400b4"
+weight = 10
+displayTitle = "shim.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# shim.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by CPSD and revoked Aug-22
+- **UUID**: 530ab1a9-d9a6-4f01-986a-5b69c99400b4
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\shim.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34303">CVE-2022-34303</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | shim.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [51BD59697B4E1DF61DF32AD57CEBE394BE54E3E9DBFEB8DC00A3A176D13A5767](https://www.virustotal.com/gui/file/51BD59697B4E1DF61DF32AD57CEBE394BE54E3E9DBFEB8DC00A3A176D13A5767) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [284153E7D04A9F187E5C3DBFE17B2672AD2FBDD119F27BEC789417B7919853EC](https://www.virustotal.com/gui/search/authentihash%253A284153E7D04A9F187E5C3DBFE17B2672AD2FBDD119F27BEC789417B7919853EC) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/530ab1a9-d9a6-4f01-986a-5b69c99400b4.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/536cb2d9-c5ae-4fbc-90af-4502d0f6c9c3.md b/lolrmm.com/content/bootloaders/536cb2d9-c5ae-4fbc-90af-4502d0f6c9c3.md
new file mode 100644
index 00000000..f4c518f4
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/536cb2d9-c5ae-4fbc-90af-4502d0f6c9c3.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "536cb2d9-c5ae-4fbc-90af-4502d0f6c9c3"
+weight = 10
+displayTitle = "536cb2d9-c5ae-4fbc-90af-4502d0f6c9c3"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 536cb2d9-c5ae-4fbc-90af-4502d0f6c9c3 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Oracle Corporation and revoked Jul-20
+- **UUID**: 536cb2d9-c5ae-4fbc-90af-4502d0f6c9c3
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [0CA03AD1A65AFE81EC23E2B20E05D80C41AAEB5D6D5F98E2D0C5661F46E0CE9F](https://www.virustotal.com/gui/file/0CA03AD1A65AFE81EC23E2B20E05D80C41AAEB5D6D5F98E2D0C5661F46E0CE9F) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [47FF1B63B140B6FC04ED79131331E651DA5B2E2F170F5DAEF4153DC2FBC532B1](https://www.virustotal.com/gui/search/authentihash%253A47FF1B63B140B6FC04ED79131331E651DA5B2E2F170F5DAEF4153DC2FBC532B1) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/536cb2d9-c5ae-4fbc-90af-4502d0f6c9c3.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/5466b767-bb4f-4044-a72c-1a7aab0d1d4f.md b/lolrmm.com/content/bootloaders/5466b767-bb4f-4044-a72c-1a7aab0d1d4f.md
new file mode 100644
index 00000000..2601b0c3
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/5466b767-bb4f-4044-a72c-1a7aab0d1d4f.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "5466b767-bb4f-4044-a72c-1a7aab0d1d4f"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 5466b767-bb4f-4044-a72c-1a7aab0d1d4f
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [1EC66D5D99383D9EB6CB553965D6ADEF787ABDDEC162844AF1CC04F24EDBCE08](https://www.virustotal.com/gui/file/1EC66D5D99383D9EB6CB553965D6ADEF787ABDDEC162844AF1CC04F24EDBCE08) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [D084AC3FCD80893B1878653C8BA9B71FB9C53E25843A989EF51A9B44C7EAFCBC](https://www.virustotal.com/gui/search/authentihash%253AD084AC3FCD80893B1878653C8BA9B71FB9C53E25843A989EF51A9B44C7EAFCBC) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/5466b767-bb4f-4044-a72c-1a7aab0d1d4f.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/54a6f135-0fba-459b-8749-4a0764d690c1.md b/lolrmm.com/content/bootloaders/54a6f135-0fba-459b-8749-4a0764d690c1.md
new file mode 100644
index 00000000..c9cd0e2b
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/54a6f135-0fba-459b-8749-4a0764d690c1.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "54a6f135-0fba-459b-8749-4a0764d690c1"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 54a6f135-0fba-459b-8749-4a0764d690c1
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [8D76482F549D66048611DE6C4E67289E3B0BF051130B546E9A4B98B8DE0C4EA8](https://www.virustotal.com/gui/file/8D76482F549D66048611DE6C4E67289E3B0BF051130B546E9A4B98B8DE0C4EA8) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [0A3C2072EF4FBDBF045E1876E855BB8AD5DD0809F66AD1442239A7D856AD908E](https://www.virustotal.com/gui/search/authentihash%253A0A3C2072EF4FBDBF045E1876E855BB8AD5DD0809F66AD1442239A7D856AD908E) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/54a6f135-0fba-459b-8749-4a0764d690c1.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/55b45543-5130-4632-b2a9-12f11c8da501.md b/lolrmm.com/content/bootloaders/55b45543-5130-4632-b2a9-12f11c8da501.md
new file mode 100644
index 00000000..c6f5bae6
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/55b45543-5130-4632-b2a9-12f11c8da501.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "55b45543-5130-4632-b2a9-12f11c8da501"
+weight = 10
+displayTitle = "55b45543-5130-4632-b2a9-12f11c8da501"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 55b45543-5130-4632-b2a9-12f11c8da501 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by HP and revoked Jul-20
+- **UUID**: 55b45543-5130-4632-b2a9-12f11c8da501
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [BBD53435E3881C13F6EF3D7C17DDE9BCCF2BB2D95D303DC4623CD1AA8F51EF23](https://www.virustotal.com/gui/file/BBD53435E3881C13F6EF3D7C17DDE9BCCF2BB2D95D303DC4623CD1AA8F51EF23) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [781764102188A8B4B173D4A8F5EC94D828647156097F99357A581E624B377509](https://www.virustotal.com/gui/search/authentihash%253A781764102188A8B4B173D4A8F5EC94D828647156097F99357A581E624B377509) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/55b45543-5130-4632-b2a9-12f11c8da501.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/568b07e2-3499-46e8-928a-843aff3217f5.md b/lolrmm.com/content/bootloaders/568b07e2-3499-46e8-928a-843aff3217f5.md
new file mode 100644
index 00000000..bdc78d3e
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/568b07e2-3499-46e8-928a-843aff3217f5.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "568b07e2-3499-46e8-928a-843aff3217f5"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 568b07e2-3499-46e8-928a-843aff3217f5
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/9a3221899f456225679f8e54739100ac.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [9a3221899f456225679f8e54739100ac](https://www.virustotal.com/gui/file/9a3221899f456225679f8e54739100ac) |
+| SHA1               | [19a0cfa98525d7ac0edc5b0770e5b1e5dcc4a992](https://www.virustotal.com/gui/file/19a0cfa98525d7ac0edc5b0770e5b1e5dcc4a992) |
+| SHA256             | [fd69741dcd1bc0d9ab8a02c2a7ee8d466a58613562536aa8aab5ea260bbdf9c3](https://www.virustotal.com/gui/file/fd69741dcd1bc0d9ab8a02c2a7ee8d466a58613562536aa8aab5ea260bbdf9c3) |
+| Authentihash MD5   | [d70a1a6c6f9861a0e59fdf7f22d78658](https://www.virustotal.com/gui/search/authentihash%253Ad70a1a6c6f9861a0e59fdf7f22d78658) |
+| Authentihash SHA1  | [50343f4e379f1dfa6364a89d9075f5150ad481f6](https://www.virustotal.com/gui/search/authentihash%253A50343f4e379f1dfa6364a89d9075f5150ad481f6) |
+| Authentihash SHA256| [7c09d8b90b72b7c2ccf1a413e335c2d1a25d75bb8541f9bc16b4c4e26bda6855](https://www.virustotal.com/gui/search/authentihash%253A7c09d8b90b72b7c2ccf1a413e335c2d1a25d75bb8541f9bc16b4c4e26bda6855) |
+| RichPEHeaderHash MD5   | [85fa20421a65e83905361d389b335669](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A85fa20421a65e83905361d389b335669) |
+| RichPEHeaderHash SHA1  | [fad704c4353c271f61f7ffcecc3bc5aceb3a15b7](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Afad704c4353c271f61f7ffcecc3bc5aceb3a15b7) |
+| RichPEHeaderHash SHA256| [60bb1a6f5f679831418c16a7c2000159d31507690560194ca357bfd0b4018f9c](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A60bb1a6f5f679831418c16a7c2000159d31507690560194ca357bfd0b4018f9c) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 33000000bce120fdd27cc8ee930000000000bc
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | f31f8c784e5d3986ccacb9c88c6d7044  |
+| ToBeSigned (TBS) SHA1             | 833498af9a41da339c83e0d384b521f72d053331 |
+| ToBeSigned (TBS) SHA256           | 1f47e616b2810165968d76ef4f6587611c276f4b52901bd6aa5822f9c6e52976 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2015-08-18 17:15:28 |
+| ValidTo                           | 2016-11-18 17:15:28 |
+| Signature                         | 60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 33000000bce120fdd27cc8ee930000000000bc |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+      "Signature": "60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "f31f8c784e5d3986ccacb9c88c6d7044",
+        "SHA1": "833498af9a41da339c83e0d384b521f72d053331",
+        "SHA256": "1f47e616b2810165968d76ef4f6587611c276f4b52901bd6aa5822f9c6e52976"
+      },
+      "ValidFrom": "2015-08-18 17:15:28",
+      "ValidTo": "2016-11-18 17:15:28",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/568b07e2-3499-46e8-928a-843aff3217f5.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/57416bf8-a14e-42bb-b668-d424222ffcdd.md b/lolrmm.com/content/bootloaders/57416bf8-a14e-42bb-b668-d424222ffcdd.md
new file mode 100644
index 00000000..066ce099
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/57416bf8-a14e-42bb-b668-d424222ffcdd.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "57416bf8-a14e-42bb-b668-d424222ffcdd"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 57416bf8-a14e-42bb-b668-d424222ffcdd
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [6E90699DC49B40F02790D085E3A1B9CEB2F81D85F55D2054163B3432FB87F59B](https://www.virustotal.com/gui/file/6E90699DC49B40F02790D085E3A1B9CEB2F81D85F55D2054163B3432FB87F59B) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [6B8EEC829F0373931099F070CBD4E2E1380CD5644201D05D80D86B1E7ED0B08B](https://www.virustotal.com/gui/search/authentihash%253A6B8EEC829F0373931099F070CBD4E2E1380CD5644201D05D80D86B1E7ED0B08B) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/57416bf8-a14e-42bb-b668-d424222ffcdd.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/57a68cb9-ec2e-4a8b-881b-62a8da44a03b.md b/lolrmm.com/content/bootloaders/57a68cb9-ec2e-4a8b-881b-62a8da44a03b.md
new file mode 100644
index 00000000..b0a15f44
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/57a68cb9-ec2e-4a8b-881b-62a8da44a03b.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "57a68cb9-ec2e-4a8b-881b-62a8da44a03b"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 57a68cb9-ec2e-4a8b-881b-62a8da44a03b
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8">Black Lotus Microsoft Windows 8</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [3E73CE2DF3D7B01132C2ED47BC7D1B28E421B0600F0B8D4DECF7F7C23E83EE1B](https://www.virustotal.com/gui/file/3E73CE2DF3D7B01132C2ED47BC7D1B28E421B0600F0B8D4DECF7F7C23E83EE1B) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [1DC8A3F59B23CCC411D46691FC9B5C35993BCA20E7E2299F1A95223B9F112E43](https://www.virustotal.com/gui/search/authentihash%253A1DC8A3F59B23CCC411D46691FC9B5C35993BCA20E7E2299F1A95223B9F112E43) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/57a68cb9-ec2e-4a8b-881b-62a8da44a03b.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/57f3ded8-3e38-4146-88ad-92ae83c627d5.md b/lolrmm.com/content/bootloaders/57f3ded8-3e38-4146-88ad-92ae83c627d5.md
new file mode 100644
index 00000000..1e67cbdd
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/57f3ded8-3e38-4146-88ad-92ae83c627d5.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "57f3ded8-3e38-4146-88ad-92ae83c627d5"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 57f3ded8-3e38-4146-88ad-92ae83c627d5
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [85C838E95601A4B1CFA64600FC4A16330CB50D575FB2E89ECAA08D6B12B50CDF](https://www.virustotal.com/gui/file/85C838E95601A4B1CFA64600FC4A16330CB50D575FB2E89ECAA08D6B12B50CDF) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [C0530BADC4D066D5C4B8B955023E9EFA7FB9337ECB7E1298E7CBA172D8680485](https://www.virustotal.com/gui/search/authentihash%253AC0530BADC4D066D5C4B8B955023E9EFA7FB9337ECB7E1298E7CBA172D8680485) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/57f3ded8-3e38-4146-88ad-92ae83c627d5.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/58907c65-5be5-4821-9c87-8d27b5a8840d.md b/lolrmm.com/content/bootloaders/58907c65-5be5-4821-9c87-8d27b5a8840d.md
new file mode 100644
index 00000000..4288c075
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/58907c65-5be5-4821-9c87-8d27b5a8840d.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "58907c65-5be5-4821-9c87-8d27b5a8840d"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 58907c65-5be5-4821-9c87-8d27b5a8840d
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [376E727A97432EE289CE9485988E24C0E20321DDC45443D7916D20D9C8824883](https://www.virustotal.com/gui/file/376E727A97432EE289CE9485988E24C0E20321DDC45443D7916D20D9C8824883) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [17C2B5B96693CDC2951C89DDE641D14716063F5FC8795CEBC635378B73044E8B](https://www.virustotal.com/gui/search/authentihash%253A17C2B5B96693CDC2951C89DDE641D14716063F5FC8795CEBC635378B73044E8B) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/58907c65-5be5-4821-9c87-8d27b5a8840d.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/5891ca2a-61e6-4938-942b-bfcc61dcb929.md b/lolrmm.com/content/bootloaders/5891ca2a-61e6-4938-942b-bfcc61dcb929.md
new file mode 100644
index 00000000..f7a1a34c
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/5891ca2a-61e6-4938-942b-bfcc61dcb929.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "5891ca2a-61e6-4938-942b-bfcc61dcb929"
+weight = 10
+displayTitle = "bootarm.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootarm.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 5891ca2a-61e6-4938-942b-bfcc61dcb929
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootarm.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootarm.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [CD4A508F248776D8679ECEDB7BB1AF1752C23FDF66284522B4B36F242471B72C](https://www.virustotal.com/gui/file/CD4A508F248776D8679ECEDB7BB1AF1752C23FDF66284522B4B36F242471B72C) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [0021B5B11CEB03402D618134800A36C54E1C4328AD389D50B40EACC1E881DCB5](https://www.virustotal.com/gui/search/authentihash%253A0021B5B11CEB03402D618134800A36C54E1C4328AD389D50B40EACC1E881DCB5) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/5891ca2a-61e6-4938-942b-bfcc61dcb929.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/58c24252-f076-486b-90fb-5a1c7b922efa.md b/lolrmm.com/content/bootloaders/58c24252-f076-486b-90fb-5a1c7b922efa.md
new file mode 100644
index 00000000..de42c966
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/58c24252-f076-486b-90fb-5a1c7b922efa.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "58c24252-f076-486b-90fb-5a1c7b922efa"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 58c24252-f076-486b-90fb-5a1c7b922efa
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [C334B9CA48819E7E408A3A3418879978828AA302BAA3ED86DE64D8AE5ACA0EAB](https://www.virustotal.com/gui/file/C334B9CA48819E7E408A3A3418879978828AA302BAA3ED86DE64D8AE5ACA0EAB) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [AB311E737112E4D34ABF545836BC671637663E93738CEFA37405214CE8C92A58](https://www.virustotal.com/gui/search/authentihash%253AAB311E737112E4D34ABF545836BC671637663E93738CEFA37405214CE8C92A58) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/58c24252-f076-486b-90fb-5a1c7b922efa.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/59605f2c-5575-464b-aacc-af09e949f153.md b/lolrmm.com/content/bootloaders/59605f2c-5575-464b-aacc-af09e949f153.md
new file mode 100644
index 00000000..bb9701fa
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/59605f2c-5575-464b-aacc-af09e949f153.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "59605f2c-5575-464b-aacc-af09e949f153"
+weight = 10
+displayTitle = "59605f2c-5575-464b-aacc-af09e949f153"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 59605f2c-5575-464b-aacc-af09e949f153 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by SUSE Linux and revoked Jul-20
+- **UUID**: 59605f2c-5575-464b-aacc-af09e949f153
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [BA0610793FAA746150C0FD5689158B01DEEEA7320E2F14B31EE9AF4F2C4D1587](https://www.virustotal.com/gui/file/BA0610793FAA746150C0FD5689158B01DEEEA7320E2F14B31EE9AF4F2C4D1587) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [32AD3296829BC46DCFAC5EDDCB9DBF2C1EED5C11F83B2210CF9C6E60C798D4A7](https://www.virustotal.com/gui/search/authentihash%253A32AD3296829BC46DCFAC5EDDCB9DBF2C1EED5C11F83B2210CF9C6E60C798D4A7) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/59605f2c-5575-464b-aacc-af09e949f153.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/59b5e207-bca6-4425-b392-2fd0ed44935e.md b/lolrmm.com/content/bootloaders/59b5e207-bca6-4425-b392-2fd0ed44935e.md
new file mode 100644
index 00000000..da691944
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/59b5e207-bca6-4425-b392-2fd0ed44935e.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "59b5e207-bca6-4425-b392-2fd0ed44935e"
+weight = 10
+displayTitle = "59b5e207-bca6-4425-b392-2fd0ed44935e"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 59b5e207-bca6-4425-b392-2fd0ed44935e ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Unknown and revoked Jul-20
+- **UUID**: 59b5e207-bca6-4425-b392-2fd0ed44935e
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [610D0A80FD4E876EAD581903B33C96ECC4B8BD7115FC9DF5579B3A25416FDAEF](https://www.virustotal.com/gui/file/610D0A80FD4E876EAD581903B33C96ECC4B8BD7115FC9DF5579B3A25416FDAEF) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [9BAF4F76D76BF5D6A897BFBD5F429BA14D04E08B48C3EE8D76930A828FFF3891](https://www.virustotal.com/gui/search/authentihash%253A9BAF4F76D76BF5D6A897BFBD5F429BA14D04E08B48C3EE8D76930A828FFF3891) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/59b5e207-bca6-4425-b392-2fd0ed44935e.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/59b7d19b-fb7b-4641-b158-0d2f498e375d.md b/lolrmm.com/content/bootloaders/59b7d19b-fb7b-4641-b158-0d2f498e375d.md
new file mode 100644
index 00000000..530f2ec2
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/59b7d19b-fb7b-4641-b158-0d2f498e375d.md
@@ -0,0 +1,241 @@
++++
+
+description = ""
+title = "59b7d19b-fb7b-4641-b158-0d2f498e375d"
+weight = 10
+displayTitle = "bootx64.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootx64.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Alt Linux LTD and revoked Jul-20
+- **UUID**: 59b7d19b-fb7b-4641-b158-0d2f498e375d
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/aed4e671b03d6e093a423c7593d423c0.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootx64.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootx64.efi |
+| MD5                | [aed4e671b03d6e093a423c7593d423c0](https://www.virustotal.com/gui/file/aed4e671b03d6e093a423c7593d423c0) |
+| SHA1               | [0795b77ff05d9365bfc1ce099e4edf239f64a073](https://www.virustotal.com/gui/file/0795b77ff05d9365bfc1ce099e4edf239f64a073) |
+| SHA256             | [5156a8ae596c06692aef13ac6524c7f1e20d52e4ea0f5a5ad43a6874edcc5e1f](https://www.virustotal.com/gui/file/5156a8ae596c06692aef13ac6524c7f1e20d52e4ea0f5a5ad43a6874edcc5e1f) |
+| Authentihash MD5   | [19d9ca04dfe150f7ed275c0522308b48](https://www.virustotal.com/gui/search/authentihash%253A19d9ca04dfe150f7ed275c0522308b48) |
+| Authentihash SHA1  | [fed3c32a930572d743108d45a16103a34c0c6b73](https://www.virustotal.com/gui/search/authentihash%253Afed3c32a930572d743108d45a16103a34c0c6b73) |
+| Authentihash SHA256| [3a91f0f9e5287fa2994c7d930b2c1a5ee14ce8e1c8304ae495adc58cc4453c0c](https://www.virustotal.com/gui/search/authentihash%253A3a91f0f9e5287fa2994c7d930b2c1a5ee14ce8e1c8304ae495adc58cc4453c0c) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000000a6642f3f49fb7379600010000000a
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | c52110f552e27ebb1e3fae114abafb3f  |
+| ToBeSigned (TBS) SHA1             | 4954e087123653ce38da4cdd31141b6a1bb999e4 |
+| ToBeSigned (TBS) SHA256           | 1cf7d28cfb21714522a9c91dda9d899ceadb0769f14b25e770799d88365aa54c |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher |
+| ValidFrom                         | 2013-09-24 17:54:03 |
+| ValidTo                           | 2014-12-24 17:54:03 |
+| Signature                         | 2a27d6bd2f34c68a9989ec856449fe4934ad5c0615ec5819664399053737a86be46c914b9478ce393534b759eec5eb6f015b706b853f1d2be51fe9807b178eaa9e0f9558d6a5d913c58c7492cbad106abb7395426801a42f363842e60bf72d046668865db5d8ce2c901c9673044d05abb74c171ac198c0f9376bb9185ec7523bb53e6d2c114642ffbfbe20efc6c2571c2006159cb70ff2c428e997f6ce83bf57ad9a47c47decce9830cf861a156471c62600a0260b44e29ea8e6e33c407c046f37be4a46dcaf38c018b24f969beb716d8e76cebc3d1d19134ed6f216cc2e357848b4998196ebd7326bca3e3ade1ba88e98612a569a46a1f45856f4e2dfa02a5d |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000000a6642f3f49fb7379600010000000a |
+| Version                           | 3 |
+###### Certificate 6108d3c4000000000004
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 1f23e75a000f0b6db92650dc26ac98e1  |
+| ToBeSigned (TBS) SHA1             | bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d |
+| ToBeSigned (TBS) SHA256           | 9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011 |
+| ValidFrom                         | 2011-06-27 21:22:45 |
+| ValidTo                           | 2026-06-27 21:32:45 |
+| Signature                         | 350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 6108d3c4000000000004 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000000a6642f3f49fb7379600010000000a",
+      "Signature": "2a27d6bd2f34c68a9989ec856449fe4934ad5c0615ec5819664399053737a86be46c914b9478ce393534b759eec5eb6f015b706b853f1d2be51fe9807b178eaa9e0f9558d6a5d913c58c7492cbad106abb7395426801a42f363842e60bf72d046668865db5d8ce2c901c9673044d05abb74c171ac198c0f9376bb9185ec7523bb53e6d2c114642ffbfbe20efc6c2571c2006159cb70ff2c428e997f6ce83bf57ad9a47c47decce9830cf861a156471c62600a0260b44e29ea8e6e33c407c046f37be4a46dcaf38c018b24f969beb716d8e76cebc3d1d19134ed6f216cc2e357848b4998196ebd7326bca3e3ade1ba88e98612a569a46a1f45856f4e2dfa02a5d",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+      "TBS": {
+        "MD5": "c52110f552e27ebb1e3fae114abafb3f",
+        "SHA1": "4954e087123653ce38da4cdd31141b6a1bb999e4",
+        "SHA256": "1cf7d28cfb21714522a9c91dda9d899ceadb0769f14b25e770799d88365aa54c"
+      },
+      "ValidFrom": "2013-09-24 17:54:03",
+      "ValidTo": "2014-12-24 17:54:03",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "6108d3c4000000000004",
+      "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "TBS": {
+        "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+        "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+        "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+      },
+      "ValidFrom": "2011-06-27 21:22:45",
+      "ValidTo": "2026-06-27 21:32:45",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "SerialNumber": "330000000a6642f3f49fb7379600010000000a",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/59b7d19b-fb7b-4641-b158-0d2f498e375d.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/5a1e393f-1595-4e4e-993e-7097a184ce42.md b/lolrmm.com/content/bootloaders/5a1e393f-1595-4e4e-993e-7097a184ce42.md
new file mode 100644
index 00000000..31a548b2
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/5a1e393f-1595-4e4e-993e-7097a184ce42.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "5a1e393f-1595-4e4e-993e-7097a184ce42"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 5a1e393f-1595-4e4e-993e-7097a184ce42
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8">Black Lotus Microsoft Windows 8</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [8DA046540148E1E146DE2F96C7D860962ED059A923E9685E868DC4C6065684AA](https://www.virustotal.com/gui/file/8DA046540148E1E146DE2F96C7D860962ED059A923E9685E868DC4C6065684AA) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [3FE9F8D11EDCA3FC1899100484DE4CC2C626ABB38B73985A441B7C3A0D39CA54](https://www.virustotal.com/gui/search/authentihash%253A3FE9F8D11EDCA3FC1899100484DE4CC2C626ABB38B73985A441B7C3A0D39CA54) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/5a1e393f-1595-4e4e-993e-7097a184ce42.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/5abbd1d8-5850-4e54-9375-6a9639a8db58.md b/lolrmm.com/content/bootloaders/5abbd1d8-5850-4e54-9375-6a9639a8db58.md
new file mode 100644
index 00000000..f084f513
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/5abbd1d8-5850-4e54-9375-6a9639a8db58.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "5abbd1d8-5850-4e54-9375-6a9639a8db58"
+weight = 10
+displayTitle = "5abbd1d8-5850-4e54-9375-6a9639a8db58"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 5abbd1d8-5850-4e54-9375-6a9639a8db58 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by TrueCrypt Foundation and revoked Jul-20
+- **UUID**: 5abbd1d8-5850-4e54-9375-6a9639a8db58
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [77F55C6E07D808021F9E66017605D8B2DED6C55944693641902C4CE821E37878](https://www.virustotal.com/gui/file/77F55C6E07D808021F9E66017605D8B2DED6C55944693641902C4CE821E37878) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [80B4D96931BF0D02FD91A61E19D14F1DA452E66DB2408CA8604D411F92659F0A](https://www.virustotal.com/gui/search/authentihash%253A80B4D96931BF0D02FD91A61E19D14F1DA452E66DB2408CA8604D411F92659F0A) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/5abbd1d8-5850-4e54-9375-6a9639a8db58.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/5b0c97fd-1a72-4f30-af67-1f398fef3675.md b/lolrmm.com/content/bootloaders/5b0c97fd-1a72-4f30-af67-1f398fef3675.md
new file mode 100644
index 00000000..a57477a4
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/5b0c97fd-1a72-4f30-af67-1f398fef3675.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "5b0c97fd-1a72-4f30-af67-1f398fef3675"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 5b0c97fd-1a72-4f30-af67-1f398fef3675
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [37CAA54424C152D84DE63C288DF7CE27BA97B8671CF27DE4101066EEAE8BE90C](https://www.virustotal.com/gui/file/37CAA54424C152D84DE63C288DF7CE27BA97B8671CF27DE4101066EEAE8BE90C) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [F3D38950A3CACF61C94DB9153576194E953B5785637159B3AA6F1E923220EAD4](https://www.virustotal.com/gui/search/authentihash%253AF3D38950A3CACF61C94DB9153576194E953B5785637159B3AA6F1E923220EAD4) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/5b0c97fd-1a72-4f30-af67-1f398fef3675.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/5cab3a24-4bf3-427a-887e-92ec2ed8f1a7.md b/lolrmm.com/content/bootloaders/5cab3a24-4bf3-427a-887e-92ec2ed8f1a7.md
new file mode 100644
index 00000000..6770ed61
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/5cab3a24-4bf3-427a-887e-92ec2ed8f1a7.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "5cab3a24-4bf3-427a-887e-92ec2ed8f1a7"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 5cab3a24-4bf3-427a-887e-92ec2ed8f1a7
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/cd78242cb85f016a3ea62002c8f07c0d.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [cd78242cb85f016a3ea62002c8f07c0d](https://www.virustotal.com/gui/file/cd78242cb85f016a3ea62002c8f07c0d) |
+| SHA1               | [1df5dc38345eee82fcb606f8c5140c619f187946](https://www.virustotal.com/gui/file/1df5dc38345eee82fcb606f8c5140c619f187946) |
+| SHA256             | [4628ec2698cfbca38d3bb4872df8e65a370ed4591e3fbd613a28b394942b8976](https://www.virustotal.com/gui/file/4628ec2698cfbca38d3bb4872df8e65a370ed4591e3fbd613a28b394942b8976) |
+| Authentihash MD5   | [7f11c44bb3fd9f28c453ed0545ce1fd2](https://www.virustotal.com/gui/search/authentihash%253A7f11c44bb3fd9f28c453ed0545ce1fd2) |
+| Authentihash SHA1  | [e5e7294536819a91f69d03c57425ad2576a1055d](https://www.virustotal.com/gui/search/authentihash%253Ae5e7294536819a91f69d03c57425ad2576a1055d) |
+| Authentihash SHA256| [74b39c206dc8a11cd196d5998d2996b6ad477d72eaf86e19a3dc14ec0eab0f1e](https://www.virustotal.com/gui/search/authentihash%253A74b39c206dc8a11cd196d5998d2996b6ad477d72eaf86e19a3dc14ec0eab0f1e) |
+| RichPEHeaderHash MD5   | [61ae12104fd32308c2c6da0ad0f4da3a](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A61ae12104fd32308c2c6da0ad0f4da3a) |
+| RichPEHeaderHash SHA1  | [5916de417c3548f9179b3fca1170571bd0615d62](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A5916de417c3548f9179b3fca1170571bd0615d62) |
+| RichPEHeaderHash SHA256| [9d016f97efd1b99cdeec92f9010dbe2695c277306c00fe7e352588a7f6e7be26](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A9d016f97efd1b99cdeec92f9010dbe2695c277306c00fe7e352588a7f6e7be26) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000002418fc0b689e7399d0000000000024
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 28b23b39f3bbd936a26a5b86451be0ac  |
+| ToBeSigned (TBS) SHA1             | 3b16f29295d5a7c323beb479c71d3d20c6b8acc2 |
+| ToBeSigned (TBS) SHA256           | 4383c9a796dc607ddaae1849d8e5d2e7ea211aad2c599fe1e251285ec87dd150 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2013-06-17 21:43:38 |
+| ValidTo                           | 2014-09-17 21:43:38 |
+| Signature                         | 78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000002418fc0b689e7399d0000000000024 |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+      "Signature": "78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "28b23b39f3bbd936a26a5b86451be0ac",
+        "SHA1": "3b16f29295d5a7c323beb479c71d3d20c6b8acc2",
+        "SHA256": "4383c9a796dc607ddaae1849d8e5d2e7ea211aad2c599fe1e251285ec87dd150"
+      },
+      "ValidFrom": "2013-06-17 21:43:38",
+      "ValidTo": "2014-09-17 21:43:38",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/5cab3a24-4bf3-427a-887e-92ec2ed8f1a7.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/5cb571f7-050a-40db-a196-9ad7cd8afed6.md b/lolrmm.com/content/bootloaders/5cb571f7-050a-40db-a196-9ad7cd8afed6.md
new file mode 100644
index 00000000..76ffff12
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/5cb571f7-050a-40db-a196-9ad7cd8afed6.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "5cb571f7-050a-40db-a196-9ad7cd8afed6"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 5cb571f7-050a-40db-a196-9ad7cd8afed6
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8">Black Lotus Microsoft Windows 8</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [079A26143F5CD9862331F7C1850FFCF2D6E081FCFA8617F6FFA94FA212834DD1](https://www.virustotal.com/gui/file/079A26143F5CD9862331F7C1850FFCF2D6E081FCFA8617F6FFA94FA212834DD1) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [E808A337ED6911EF561C27CABACABF4EA6D6E20FB70F5413B121AC251ABCC10C](https://www.virustotal.com/gui/search/authentihash%253AE808A337ED6911EF561C27CABACABF4EA6D6E20FB70F5413B121AC251ABCC10C) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/5cb571f7-050a-40db-a196-9ad7cd8afed6.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/5d92da13-8976-4b19-871d-a9266e342121.md b/lolrmm.com/content/bootloaders/5d92da13-8976-4b19-871d-a9266e342121.md
new file mode 100644
index 00000000..b4f01890
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/5d92da13-8976-4b19-871d-a9266e342121.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "5d92da13-8976-4b19-871d-a9266e342121"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 5d92da13-8976-4b19-871d-a9266e342121
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [A84526FB39B09F95A0A1CABE23D34CC28FA554242405EB653D6EAB8669B3C1BC](https://www.virustotal.com/gui/file/A84526FB39B09F95A0A1CABE23D34CC28FA554242405EB653D6EAB8669B3C1BC) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [19F4C7030AD74035F5BC07ACE285BD7538F231D25787755D72071EDE879C6978](https://www.virustotal.com/gui/search/authentihash%253A19F4C7030AD74035F5BC07ACE285BD7538F231D25787755D72071EDE879C6978) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/5d92da13-8976-4b19-871d-a9266e342121.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/5df619c2-4db7-43f4-95b6-a2e16ebf847f.md b/lolrmm.com/content/bootloaders/5df619c2-4db7-43f4-95b6-a2e16ebf847f.md
new file mode 100644
index 00000000..6c9cd0f9
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/5df619c2-4db7-43f4-95b6-a2e16ebf847f.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "5df619c2-4db7-43f4-95b6-a2e16ebf847f"
+weight = 10
+displayTitle = "5df619c2-4db7-43f4-95b6-a2e16ebf847f"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 5df619c2-4db7-43f4-95b6-a2e16ebf847f ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Alt Linux LTD and revoked Jul-20
+- **UUID**: 5df619c2-4db7-43f4-95b6-a2e16ebf847f
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [CEF9A1B433C4ED851EC0C373F7E1F19A2B8C306A821D114F177B14E8C070276F](https://www.virustotal.com/gui/file/CEF9A1B433C4ED851EC0C373F7E1F19A2B8C306A821D114F177B14E8C070276F) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [1B909115A8D473E51328A87823BD621CE655DFAE54FA2BFA72FDC0298611D6B8](https://www.virustotal.com/gui/search/authentihash%253A1B909115A8D473E51328A87823BD621CE655DFAE54FA2BFA72FDC0298611D6B8) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/5df619c2-4db7-43f4-95b6-a2e16ebf847f.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/5ea7cfb0-5f73-4d02-925e-8161b423fa88.md b/lolrmm.com/content/bootloaders/5ea7cfb0-5f73-4d02-925e-8161b423fa88.md
new file mode 100644
index 00000000..864bcd07
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/5ea7cfb0-5f73-4d02-925e-8161b423fa88.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "5ea7cfb0-5f73-4d02-925e-8161b423fa88"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 5ea7cfb0-5f73-4d02-925e-8161b423fa88
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [45A04261C55E72E48C90A5C821C3A519B4A0D9B1A6C3561CE7477AC399D23C5B](https://www.virustotal.com/gui/file/45A04261C55E72E48C90A5C821C3A519B4A0D9B1A6C3561CE7477AC399D23C5B) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [A372DA66E15D456DC4200BD3908E0943BA4EAF864F7A35062B6B1704320D090A](https://www.virustotal.com/gui/search/authentihash%253AA372DA66E15D456DC4200BD3908E0943BA4EAF864F7A35062B6B1704320D090A) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/5ea7cfb0-5f73-4d02-925e-8161b423fa88.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/5ef6ea24-838e-4df6-b00d-3deb0ec3fa33.md b/lolrmm.com/content/bootloaders/5ef6ea24-838e-4df6-b00d-3deb0ec3fa33.md
new file mode 100644
index 00000000..9b38ee8a
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/5ef6ea24-838e-4df6-b00d-3deb0ec3fa33.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "5ef6ea24-838e-4df6-b00d-3deb0ec3fa33"
+weight = 10
+displayTitle = "5ef6ea24-838e-4df6-b00d-3deb0ec3fa33"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 5ef6ea24-838e-4df6-b00d-3deb0ec3fa33 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by SUSE Linux and revoked Jul-20
+- **UUID**: 5ef6ea24-838e-4df6-b00d-3deb0ec3fa33
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [0692A9566F22F280715080EE24B8FF54ED7372A98BD4994670FCF862035281B5](https://www.virustotal.com/gui/file/0692A9566F22F280715080EE24B8FF54ED7372A98BD4994670FCF862035281B5) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [4667BF250CD7C1A06B8474C613CDB1DF648A7F58736FBF57D05D6F755DAB67F4](https://www.virustotal.com/gui/search/authentihash%253A4667BF250CD7C1A06B8474C613CDB1DF648A7F58736FBF57D05D6F755DAB67F4) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/5ef6ea24-838e-4df6-b00d-3deb0ec3fa33.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/5efb08ce-213c-49be-8c2b-0ae849f64b3c.md b/lolrmm.com/content/bootloaders/5efb08ce-213c-49be-8c2b-0ae849f64b3c.md
new file mode 100644
index 00000000..cb7902db
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/5efb08ce-213c-49be-8c2b-0ae849f64b3c.md
@@ -0,0 +1,241 @@
++++
+
+description = ""
+title = "5efb08ce-213c-49be-8c2b-0ae849f64b3c"
+weight = 10
+displayTitle = "bootx64.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootx64.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Miray Software AG and revoked Jul-20
+- **UUID**: 5efb08ce-213c-49be-8c2b-0ae849f64b3c
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/077432d8b1ae0ceea719297360357320.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootx64.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootx64.efi |
+| MD5                | [077432d8b1ae0ceea719297360357320](https://www.virustotal.com/gui/file/077432d8b1ae0ceea719297360357320) |
+| SHA1               | [d537e7c393d18329197e079601678b9b476247d3](https://www.virustotal.com/gui/file/d537e7c393d18329197e079601678b9b476247d3) |
+| SHA256             | [4e371dd0448f1de869ee087b59ff88d11865463715272bcc6c29b0d5e21dbd82](https://www.virustotal.com/gui/file/4e371dd0448f1de869ee087b59ff88d11865463715272bcc6c29b0d5e21dbd82) |
+| Authentihash MD5   | [9e12eb37ae8b46c4010ec3e1b7201f21](https://www.virustotal.com/gui/search/authentihash%253A9e12eb37ae8b46c4010ec3e1b7201f21) |
+| Authentihash SHA1  | [90a6b60c5051a3b00d779c03ac1e07f5df376347](https://www.virustotal.com/gui/search/authentihash%253A90a6b60c5051a3b00d779c03ac1e07f5df376347) |
+| Authentihash SHA256| [f277af4f9bdc918ae89fa35cc1b34e34984c04ae9765322c3cb049574d36509c](https://www.virustotal.com/gui/search/authentihash%253Af277af4f9bdc918ae89fa35cc1b34e34984c04ae9765322c3cb049574d36509c) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 3300000024c1fb0e65d9747386000100000024
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 82b02850f57505f0830f6dd30b6aeffd  |
+| ToBeSigned (TBS) SHA1             | e600e0efe4030190c5e0cab9aaad72f4e76db429 |
+| ToBeSigned (TBS) SHA256           | 1c1d5edaeb9a5feef85e34eb40607816e98464127723d284f99b69c0c15e42f7 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher |
+| ValidFrom                         | 2017-08-11 20:20:00 |
+| ValidTo                           | 2018-08-11 20:20:00 |
+| Signature                         | 47f27d2f6c0691c8e54b4403f9ec6c6b4423a43467cca7e8cf8afe60457f3b5703cde9d840ac3dd35567d791af1d1146376ba1fba9a8a502b5c9601232f24349ca5c324d1806150540cc5823d7dd777b3166268a26734c21b32862e300c8ca42856ec161633c1a076f4213c4c2a63e2ffd0ee16a301ae0c6dba732bc500a5986742520022ce33746f96c4ea8641b2a68a902872a41a8e6701e96158ab91c54c6695bc736fa047ec57b40d732abeb61e34414454e6702ef7bc5518a0d77ab42ed5efc23b01683b5c3c95c4aeb564b6f76cdae4d2e33ac59fca4cfdeb4c215549e1f43b64fd3eb9ba35171be9dab9375a1a94107dd4f95bbf88e9c239136619e20 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 3300000024c1fb0e65d9747386000100000024 |
+| Version                           | 3 |
+###### Certificate 6108d3c4000000000004
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 1f23e75a000f0b6db92650dc26ac98e1  |
+| ToBeSigned (TBS) SHA1             | bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d |
+| ToBeSigned (TBS) SHA256           | 9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011 |
+| ValidFrom                         | 2011-06-27 21:22:45 |
+| ValidTo                           | 2026-06-27 21:32:45 |
+| Signature                         | 350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 6108d3c4000000000004 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "3300000024c1fb0e65d9747386000100000024",
+      "Signature": "47f27d2f6c0691c8e54b4403f9ec6c6b4423a43467cca7e8cf8afe60457f3b5703cde9d840ac3dd35567d791af1d1146376ba1fba9a8a502b5c9601232f24349ca5c324d1806150540cc5823d7dd777b3166268a26734c21b32862e300c8ca42856ec161633c1a076f4213c4c2a63e2ffd0ee16a301ae0c6dba732bc500a5986742520022ce33746f96c4ea8641b2a68a902872a41a8e6701e96158ab91c54c6695bc736fa047ec57b40d732abeb61e34414454e6702ef7bc5518a0d77ab42ed5efc23b01683b5c3c95c4aeb564b6f76cdae4d2e33ac59fca4cfdeb4c215549e1f43b64fd3eb9ba35171be9dab9375a1a94107dd4f95bbf88e9c239136619e20",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+      "TBS": {
+        "MD5": "82b02850f57505f0830f6dd30b6aeffd",
+        "SHA1": "e600e0efe4030190c5e0cab9aaad72f4e76db429",
+        "SHA256": "1c1d5edaeb9a5feef85e34eb40607816e98464127723d284f99b69c0c15e42f7"
+      },
+      "ValidFrom": "2017-08-11 20:20:00",
+      "ValidTo": "2018-08-11 20:20:00",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "6108d3c4000000000004",
+      "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "TBS": {
+        "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+        "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+        "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+      },
+      "ValidFrom": "2011-06-27 21:22:45",
+      "ValidTo": "2026-06-27 21:32:45",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "SerialNumber": "3300000024c1fb0e65d9747386000100000024",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/5efb08ce-213c-49be-8c2b-0ae849f64b3c.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/5f398d53-d42c-4c4c-acc2-b3766bf08b97.md b/lolrmm.com/content/bootloaders/5f398d53-d42c-4c4c-acc2-b3766bf08b97.md
new file mode 100644
index 00000000..5bcc02c4
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/5f398d53-d42c-4c4c-acc2-b3766bf08b97.md
@@ -0,0 +1,164 @@
++++
+
+description = ""
+title = "5f398d53-d42c-4c4c-acc2-b3766bf08b97"
+weight = 10
+displayTitle = "gcdx64.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# gcdx64.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Canonical and revoked Jul-20
+- **UUID**: 5f398d53-d42c-4c4c-acc2-b3766bf08b97
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/4a7dcdd069fcdf8d7319ea5e135403fb.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\gcdx64.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | gcdx64.efi |
+| MD5                | [4a7dcdd069fcdf8d7319ea5e135403fb](https://www.virustotal.com/gui/file/4a7dcdd069fcdf8d7319ea5e135403fb) |
+| SHA1               | [f48de3320923666bd1a9690f993a6d83ed420c24](https://www.virustotal.com/gui/file/f48de3320923666bd1a9690f993a6d83ed420c24) |
+| SHA256             | [0ac2943abf5ef953b939247b74331fb2c437e405a81dd5569d9cff1d6183d53a](https://www.virustotal.com/gui/file/0ac2943abf5ef953b939247b74331fb2c437e405a81dd5569d9cff1d6183d53a) |
+| Authentihash MD5   | [5b234f54fbe2396c8248e75ee4f691d2](https://www.virustotal.com/gui/search/authentihash%253A5b234f54fbe2396c8248e75ee4f691d2) |
+| Authentihash SHA1  | [ba379da7ab2c2c99c24e004f4357da5cb6acaa6d](https://www.virustotal.com/gui/search/authentihash%253Aba379da7ab2c2c99c24e004f4357da5cb6acaa6d) |
+| Authentihash SHA256| [e7681f153121ea1e67f74bbcb0cdc5e502702c1b8cc55fb65d702dfba948b5f4](https://www.virustotal.com/gui/search/authentihash%253Ae7681f153121ea1e67f74bbcb0cdc5e502702c1b8cc55fb65d702dfba948b5f4) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/5f398d53-d42c-4c4c-acc2-b3766bf08b97.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/60383f5c-6dcc-4df4-aad0-510733820a1b.md b/lolrmm.com/content/bootloaders/60383f5c-6dcc-4df4-aad0-510733820a1b.md
new file mode 100644
index 00000000..e17e3356
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/60383f5c-6dcc-4df4-aad0-510733820a1b.md
@@ -0,0 +1,241 @@
++++
+
+description = ""
+title = "60383f5c-6dcc-4df4-aad0-510733820a1b"
+weight = 10
+displayTitle = "BOOTIA32.EFI"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# BOOTIA32.EFI ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Red Hat Inc. and revoked Jul-20
+- **UUID**: 60383f5c-6dcc-4df4-aad0-510733820a1b
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/69b63c494c676d3a1013a775b18568e8.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\BOOTIA32.EFI } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | BOOTIA32.EFI |
+| MD5                | [69b63c494c676d3a1013a775b18568e8](https://www.virustotal.com/gui/file/69b63c494c676d3a1013a775b18568e8) |
+| SHA1               | [09c724498ed275fb4a76f04700f5b2d39413405f](https://www.virustotal.com/gui/file/09c724498ed275fb4a76f04700f5b2d39413405f) |
+| SHA256             | [953a7719b50073e701730fcff79b2fee7054c72c54d1f0b0f2571d3ce7fdb925](https://www.virustotal.com/gui/file/953a7719b50073e701730fcff79b2fee7054c72c54d1f0b0f2571d3ce7fdb925) |
+| Authentihash MD5   | [752f28cd2893f6dc4e568c9a15f6b456](https://www.virustotal.com/gui/search/authentihash%253A752f28cd2893f6dc4e568c9a15f6b456) |
+| Authentihash SHA1  | [22cbe49e2494a44bf823958840b6e1291ffe6d11](https://www.virustotal.com/gui/search/authentihash%253A22cbe49e2494a44bf823958840b6e1291ffe6d11) |
+| Authentihash SHA256| [3e333de87d211247b2ab00093cab48f6069d718afd29e9917a3d5f60e87557b6](https://www.virustotal.com/gui/search/authentihash%253A3e333de87d211247b2ab00093cab48f6069d718afd29e9917a3d5f60e87557b6) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000001e0d8474951a966ce400010000001e
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | b6f099bf203668f11a8f79ab08792ed8  |
+| ToBeSigned (TBS) SHA1             | 4713755a345940554eada6042e90b0151591fad6 |
+| ToBeSigned (TBS) SHA256           | 62a02001fda2712f35e5ba5f619a6403b6a2c10570eab455fdc69455535f49bb |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher |
+| ValidFrom                         | 2016-11-17 22:05:37 |
+| ValidTo                           | 2018-02-17 22:05:37 |
+| Signature                         | 0141873b6d85a37b5ac2a306448d73b6be76f7682ad14efef7ce4b377f0f7a5fbefd76377d59dc2caccd28d1be3eb180a8b66ab19a853bd14c7d5e955e8f07bc2ee0686ac3a2c9e997bd9f58de6dc9b93900c6b7824f64bf415ac51ebaa3dcfe8ad4fc2a41ad95b372c421c4f87835a59867c244e1c8df142abc4b23579f57431565eb8de6a7a0318b2fd17f93876a335c9450d2531f6a877baf43a569f83703a68e49987ca3c6dd42a595827f5be49151d3b79ea262e38ef5b37bda5b1be3462baa6ccb313193cdba21ea3cb1e9bbc751a769f354d63a0d1de3158c67d47b765b92d580ed5f1f1cdb5f61774c4b66c7deb15f4c71d605106064f33a17d31ca6 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000001e0d8474951a966ce400010000001e |
+| Version                           | 3 |
+###### Certificate 6108d3c4000000000004
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 1f23e75a000f0b6db92650dc26ac98e1  |
+| ToBeSigned (TBS) SHA1             | bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d |
+| ToBeSigned (TBS) SHA256           | 9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011 |
+| ValidFrom                         | 2011-06-27 21:22:45 |
+| ValidTo                           | 2026-06-27 21:32:45 |
+| Signature                         | 350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 6108d3c4000000000004 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000001e0d8474951a966ce400010000001e",
+      "Signature": "0141873b6d85a37b5ac2a306448d73b6be76f7682ad14efef7ce4b377f0f7a5fbefd76377d59dc2caccd28d1be3eb180a8b66ab19a853bd14c7d5e955e8f07bc2ee0686ac3a2c9e997bd9f58de6dc9b93900c6b7824f64bf415ac51ebaa3dcfe8ad4fc2a41ad95b372c421c4f87835a59867c244e1c8df142abc4b23579f57431565eb8de6a7a0318b2fd17f93876a335c9450d2531f6a877baf43a569f83703a68e49987ca3c6dd42a595827f5be49151d3b79ea262e38ef5b37bda5b1be3462baa6ccb313193cdba21ea3cb1e9bbc751a769f354d63a0d1de3158c67d47b765b92d580ed5f1f1cdb5f61774c4b66c7deb15f4c71d605106064f33a17d31ca6",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+      "TBS": {
+        "MD5": "b6f099bf203668f11a8f79ab08792ed8",
+        "SHA1": "4713755a345940554eada6042e90b0151591fad6",
+        "SHA256": "62a02001fda2712f35e5ba5f619a6403b6a2c10570eab455fdc69455535f49bb"
+      },
+      "ValidFrom": "2016-11-17 22:05:37",
+      "ValidTo": "2018-02-17 22:05:37",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "6108d3c4000000000004",
+      "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "TBS": {
+        "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+        "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+        "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+      },
+      "ValidFrom": "2011-06-27 21:22:45",
+      "ValidTo": "2026-06-27 21:32:45",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "SerialNumber": "330000001e0d8474951a966ce400010000001e",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/60383f5c-6dcc-4df4-aad0-510733820a1b.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/60aaedd4-4eb0-485b-a534-82645695a185.md b/lolrmm.com/content/bootloaders/60aaedd4-4eb0-485b-a534-82645695a185.md
new file mode 100644
index 00000000..36cb0a0d
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/60aaedd4-4eb0-485b-a534-82645695a185.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "60aaedd4-4eb0-485b-a534-82645695a185"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 60aaedd4-4eb0-485b-a534-82645695a185
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [A0946E9C77C27E5E9D19BCEEFE4DC147F97BF1CA7FE12F15280D390BA7A0D67A](https://www.virustotal.com/gui/file/A0946E9C77C27E5E9D19BCEEFE4DC147F97BF1CA7FE12F15280D390BA7A0D67A) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [4A4873A319A3A3DE35EA325771DFFCBB31EC14550A4E029CF0FEB9CD686B8C92](https://www.virustotal.com/gui/search/authentihash%253A4A4873A319A3A3DE35EA325771DFFCBB31EC14550A4E029CF0FEB9CD686B8C92) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/60aaedd4-4eb0-485b-a534-82645695a185.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/61d9e3c8-8cc0-4c53-b886-e6e2e676f475.md b/lolrmm.com/content/bootloaders/61d9e3c8-8cc0-4c53-b886-e6e2e676f475.md
new file mode 100644
index 00000000..172645a7
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/61d9e3c8-8cc0-4c53-b886-e6e2e676f475.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "61d9e3c8-8cc0-4c53-b886-e6e2e676f475"
+weight = 10
+displayTitle = "61d9e3c8-8cc0-4c53-b886-e6e2e676f475"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 61d9e3c8-8cc0-4c53-b886-e6e2e676f475 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Unknown and revoked Jul-20
+- **UUID**: 61d9e3c8-8cc0-4c53-b886-e6e2e676f475
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [AA909ADBB83E05F92BA2E1144C6A33CB320A760409E1015B00A9EED666063510](https://www.virustotal.com/gui/file/AA909ADBB83E05F92BA2E1144C6A33CB320A760409E1015B00A9EED666063510) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [4EE45A217B38A8C13777DF0860F1255E52BAF3CF9D075373E31AD7E2C85E2CDB](https://www.virustotal.com/gui/search/authentihash%253A4EE45A217B38A8C13777DF0860F1255E52BAF3CF9D075373E31AD7E2C85E2CDB) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/61d9e3c8-8cc0-4c53-b886-e6e2e676f475.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/61dad3bb-db5d-497c-8aca-74ae55991a3b.md b/lolrmm.com/content/bootloaders/61dad3bb-db5d-497c-8aca-74ae55991a3b.md
new file mode 100644
index 00000000..59c703c7
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/61dad3bb-db5d-497c-8aca-74ae55991a3b.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "61dad3bb-db5d-497c-8aca-74ae55991a3b"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 61dad3bb-db5d-497c-8aca-74ae55991a3b
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/3560dd8322a15d0e23d3747e32a04ebc.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [3560dd8322a15d0e23d3747e32a04ebc](https://www.virustotal.com/gui/file/3560dd8322a15d0e23d3747e32a04ebc) |
+| SHA1               | [5ecee585f6f31b380d65407f6b73dbaf03388624](https://www.virustotal.com/gui/file/5ecee585f6f31b380d65407f6b73dbaf03388624) |
+| SHA256             | [7c6f0f7062aca9c286fb921917747c8b65ff4a69eb71102b90c1570b4c521fea](https://www.virustotal.com/gui/file/7c6f0f7062aca9c286fb921917747c8b65ff4a69eb71102b90c1570b4c521fea) |
+| Authentihash MD5   | [6f065bbb5d76aa5fb79975c9480b9ee6](https://www.virustotal.com/gui/search/authentihash%253A6f065bbb5d76aa5fb79975c9480b9ee6) |
+| Authentihash SHA1  | [6dc5e016421e15ec84239bf6a643dabeed536cdc](https://www.virustotal.com/gui/search/authentihash%253A6dc5e016421e15ec84239bf6a643dabeed536cdc) |
+| Authentihash SHA256| [03df4500273c43189296f09d734977c882a008fc056f43c309b9d2351f31792e](https://www.virustotal.com/gui/search/authentihash%253A03df4500273c43189296f09d734977c882a008fc056f43c309b9d2351f31792e) |
+| RichPEHeaderHash MD5   | [85fa20421a65e83905361d389b335669](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A85fa20421a65e83905361d389b335669) |
+| RichPEHeaderHash SHA1  | [fad704c4353c271f61f7ffcecc3bc5aceb3a15b7](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Afad704c4353c271f61f7ffcecc3bc5aceb3a15b7) |
+| RichPEHeaderHash SHA256| [60bb1a6f5f679831418c16a7c2000159d31507690560194ca357bfd0b4018f9c](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A60bb1a6f5f679831418c16a7c2000159d31507690560194ca357bfd0b4018f9c) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 33000000bce120fdd27cc8ee930000000000bc
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | f31f8c784e5d3986ccacb9c88c6d7044  |
+| ToBeSigned (TBS) SHA1             | 833498af9a41da339c83e0d384b521f72d053331 |
+| ToBeSigned (TBS) SHA256           | 1f47e616b2810165968d76ef4f6587611c276f4b52901bd6aa5822f9c6e52976 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2015-08-18 17:15:28 |
+| ValidTo                           | 2016-11-18 17:15:28 |
+| Signature                         | 60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 33000000bce120fdd27cc8ee930000000000bc |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+      "Signature": "60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "f31f8c784e5d3986ccacb9c88c6d7044",
+        "SHA1": "833498af9a41da339c83e0d384b521f72d053331",
+        "SHA256": "1f47e616b2810165968d76ef4f6587611c276f4b52901bd6aa5822f9c6e52976"
+      },
+      "ValidFrom": "2015-08-18 17:15:28",
+      "ValidTo": "2016-11-18 17:15:28",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/61dad3bb-db5d-497c-8aca-74ae55991a3b.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/635f3ff1-ab0a-468c-b6a3-6a8aa39301d5.md b/lolrmm.com/content/bootloaders/635f3ff1-ab0a-468c-b6a3-6a8aa39301d5.md
new file mode 100644
index 00000000..cf323301
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/635f3ff1-ab0a-468c-b6a3-6a8aa39301d5.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "635f3ff1-ab0a-468c-b6a3-6a8aa39301d5"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 635f3ff1-ab0a-468c-b6a3-6a8aa39301d5
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/83e596b8944ed413e5bbc0c51c0b64c6.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [83e596b8944ed413e5bbc0c51c0b64c6](https://www.virustotal.com/gui/file/83e596b8944ed413e5bbc0c51c0b64c6) |
+| SHA1               | [fab234f84e488343ea0f65072d8785217cabef40](https://www.virustotal.com/gui/file/fab234f84e488343ea0f65072d8785217cabef40) |
+| SHA256             | [165a5dcdea3a7de7cfae38298597445eba59282308c7243be50f568aa610f4f2](https://www.virustotal.com/gui/file/165a5dcdea3a7de7cfae38298597445eba59282308c7243be50f568aa610f4f2) |
+| Authentihash MD5   | [576bde13122eaba63fa0734baecf5a48](https://www.virustotal.com/gui/search/authentihash%253A576bde13122eaba63fa0734baecf5a48) |
+| Authentihash SHA1  | [cf7b3cc939f51462213b3b05b81fbc42ee05afd8](https://www.virustotal.com/gui/search/authentihash%253Acf7b3cc939f51462213b3b05b81fbc42ee05afd8) |
+| Authentihash SHA256| [e2cf881cf07195454505047d74810ed79ae20dfd0f1593afbbf08270a486c038](https://www.virustotal.com/gui/search/authentihash%253Ae2cf881cf07195454505047d74810ed79ae20dfd0f1593afbbf08270a486c038) |
+| RichPEHeaderHash MD5   | [95c181375ef93e118f930024df1bff96](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A95c181375ef93e118f930024df1bff96) |
+| RichPEHeaderHash SHA1  | [e3a24ad3c9b07df2a4fb39a1432ba3597faa48f7](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Ae3a24ad3c9b07df2a4fb39a1432ba3597faa48f7) |
+| RichPEHeaderHash SHA256| [0708c72d17d4892e2deab31b567c830ee261f5e5730997a47366c0e1e58dec0e](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A0708c72d17d4892e2deab31b567c830ee261f5e5730997a47366c0e1e58dec0e) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 33000001066ec325c431c9180e000000000106
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | dde4566ad877cdd7257537c5a15caff8  |
+| ToBeSigned (TBS) SHA1             | 61ccf092df4eb7534ffc8df983b362e10eb895c2 |
+| ToBeSigned (TBS) SHA256           | 0ae3a29cfb54cd16c853b2246cc428219bb87f7e4ea299b0374b2ac43f2a61d8 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2016-10-11 20:39:31 |
+| ValidTo                           | 2018-01-11 20:39:31 |
+| Signature                         | bd80b589ac202a8c57028b505da374963d49e555f4d7fba7ec9c9b645e2c3cc1b869ca054fce40a3953a4cae404cf07bc8f52e9408afa7cf74f03c131aa37e26eea21fe524bc06fe6bf59c1d510cc505cae5e385344eb27a4500ac119b30d5a54c5ae9c249665539cbf51fb8680a5311ee884d3d4a2c38a8e6e170f7c9f94aa821f889f4ef7733ca24c6ecc56105ec5b39f8609dc897a2e7deca1c32d696208e8b92a92419b386e3714c104f01a54b619de5afb79db9618e7f90852b33228d4ae67d6e74b3c55ad9f6f41b86952aed4d73efe4e09f36d2ce97679ce82ca30d073a1dc401342b1b255abaa86b506d8344fa287e2a1214e2d3b98dfdb9c6d85fda |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 33000001066ec325c431c9180e000000000106 |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "33000001066ec325c431c9180e000000000106",
+      "Signature": "bd80b589ac202a8c57028b505da374963d49e555f4d7fba7ec9c9b645e2c3cc1b869ca054fce40a3953a4cae404cf07bc8f52e9408afa7cf74f03c131aa37e26eea21fe524bc06fe6bf59c1d510cc505cae5e385344eb27a4500ac119b30d5a54c5ae9c249665539cbf51fb8680a5311ee884d3d4a2c38a8e6e170f7c9f94aa821f889f4ef7733ca24c6ecc56105ec5b39f8609dc897a2e7deca1c32d696208e8b92a92419b386e3714c104f01a54b619de5afb79db9618e7f90852b33228d4ae67d6e74b3c55ad9f6f41b86952aed4d73efe4e09f36d2ce97679ce82ca30d073a1dc401342b1b255abaa86b506d8344fa287e2a1214e2d3b98dfdb9c6d85fda",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "dde4566ad877cdd7257537c5a15caff8",
+        "SHA1": "61ccf092df4eb7534ffc8df983b362e10eb895c2",
+        "SHA256": "0ae3a29cfb54cd16c853b2246cc428219bb87f7e4ea299b0374b2ac43f2a61d8"
+      },
+      "ValidFrom": "2016-10-11 20:39:31",
+      "ValidTo": "2018-01-11 20:39:31",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "33000001066ec325c431c9180e000000000106",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/635f3ff1-ab0a-468c-b6a3-6a8aa39301d5.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/63cbc1a5-3884-4049-ad87-f32f77644986.md b/lolrmm.com/content/bootloaders/63cbc1a5-3884-4049-ad87-f32f77644986.md
new file mode 100644
index 00000000..5eb89767
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/63cbc1a5-3884-4049-ad87-f32f77644986.md
@@ -0,0 +1,241 @@
++++
+
+description = ""
+title = "63cbc1a5-3884-4049-ad87-f32f77644986"
+weight = 10
+displayTitle = "Signed_13652009334930799/shim64-bit.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# Signed_13652009334930799/shim64-bit.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Debian and revoked Apr-21
+- **UUID**: 63cbc1a5-3884-4049-ad87-f32f77644986
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/8572a7c437a9bc92225906ce5fc04497.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\Signed_13652009334930799/shim64-bit.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372">CVE-2020-14372</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632">CVE-2020-25632</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647">CVE-2020-25647</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749">CVE-2020-27749</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779">CVE-2020-27779</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3418">CVE-2021-3418</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225">CVE-2021-20225</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233">CVE-2021-20233</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | Signed_13652009334930799/shim64-bit.efi |
+| MD5                | [8572a7c437a9bc92225906ce5fc04497](https://www.virustotal.com/gui/file/8572a7c437a9bc92225906ce5fc04497) |
+| SHA1               | [6d2ce22514e2dffca0e31eedd4804280f8c37e4c](https://www.virustotal.com/gui/file/6d2ce22514e2dffca0e31eedd4804280f8c37e4c) |
+| SHA256             | [cc5c7db3068d99d6271fb38ab15b78c633c92249c4d783db0cdae2b918e97969](https://www.virustotal.com/gui/file/cc5c7db3068d99d6271fb38ab15b78c633c92249c4d783db0cdae2b918e97969) |
+| Authentihash MD5   | [3c80cdb2f0833095f9f77027e2431b0a](https://www.virustotal.com/gui/search/authentihash%253A3c80cdb2f0833095f9f77027e2431b0a) |
+| Authentihash SHA1  | [21b20549df4909eeb13f64d4641ef60cd5c5a682](https://www.virustotal.com/gui/search/authentihash%253A21b20549df4909eeb13f64d4641ef60cd5c5a682) |
+| Authentihash SHA256| [48f4584de1c5ec650c25e6c623635ce101bd82617fc400d4150f0aee2355b4ca](https://www.virustotal.com/gui/search/authentihash%253A48f4584de1c5ec650c25e6c623635ce101bd82617fc400d4150f0aee2355b4ca) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000002b4b79b3694d12118700010000002b
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 8d8a1f204c9c80213bd427fa58b387e2  |
+| ToBeSigned (TBS) SHA1             | 8d78e1742b948f0c8298e560dd71fe1594020386 |
+| ToBeSigned (TBS) SHA256           | 1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher |
+| ValidFrom                         | 2018-07-03 20:53:01 |
+| ValidTo                           | 2019-07-26 20:53:01 |
+| Signature                         | 54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000002b4b79b3694d12118700010000002b |
+| Version                           | 3 |
+###### Certificate 6108d3c4000000000004
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 1f23e75a000f0b6db92650dc26ac98e1  |
+| ToBeSigned (TBS) SHA1             | bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d |
+| ToBeSigned (TBS) SHA256           | 9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011 |
+| ValidFrom                         | 2011-06-27 21:22:45 |
+| ValidTo                           | 2026-06-27 21:32:45 |
+| Signature                         | 350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 6108d3c4000000000004 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+      "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+      "TBS": {
+        "MD5": "8d8a1f204c9c80213bd427fa58b387e2",
+        "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386",
+        "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0"
+      },
+      "ValidFrom": "2018-07-03 20:53:01",
+      "ValidTo": "2019-07-26 20:53:01",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "6108d3c4000000000004",
+      "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "TBS": {
+        "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+        "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+        "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+      },
+      "ValidFrom": "2011-06-27 21:22:45",
+      "ValidTo": "2026-06-27 21:32:45",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/63cbc1a5-3884-4049-ad87-f32f77644986.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/63cf9ba5-5aec-4ed7-9f58-97d1eff8aa0f.md b/lolrmm.com/content/bootloaders/63cf9ba5-5aec-4ed7-9f58-97d1eff8aa0f.md
new file mode 100644
index 00000000..ebc32ef4
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/63cf9ba5-5aec-4ed7-9f58-97d1eff8aa0f.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "63cf9ba5-5aec-4ed7-9f58-97d1eff8aa0f"
+weight = 10
+displayTitle = "bootx64.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootx64.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by TeraByte Inc. and revoked Jul-20
+- **UUID**: 63cf9ba5-5aec-4ed7-9f58-97d1eff8aa0f
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootx64.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootx64.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [1BABF3FB76AE149CCB95B8E33B193CE7408B7134E0A5CC8CE1E884BCD01DFCF2](https://www.virustotal.com/gui/file/1BABF3FB76AE149CCB95B8E33B193CE7408B7134E0A5CC8CE1E884BCD01DFCF2) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [0A75EA0B1D70EAA4D3F374246DB54FC7B43E7F596A353309B9C36B4FD975725E](https://www.virustotal.com/gui/search/authentihash%253A0A75EA0B1D70EAA4D3F374246DB54FC7B43E7F596A353309B9C36B4FD975725E) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/63cf9ba5-5aec-4ed7-9f58-97d1eff8aa0f.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/64508479-d4fc-4415-b202-d787a4d094e6.md b/lolrmm.com/content/bootloaders/64508479-d4fc-4415-b202-d787a4d094e6.md
new file mode 100644
index 00000000..64146ea0
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/64508479-d4fc-4415-b202-d787a4d094e6.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "64508479-d4fc-4415-b202-d787a4d094e6"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 64508479-d4fc-4415-b202-d787a4d094e6
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8">Black Lotus Microsoft Windows 8</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [0EF0AD66BA9A0C4E4815BFD072FE7E281DC382D8DE08A4529DF3FF997B19E705](https://www.virustotal.com/gui/file/0EF0AD66BA9A0C4E4815BFD072FE7E281DC382D8DE08A4529DF3FF997B19E705) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [F4D8EAD6C325030538D10EBB39F0EFDC2F553794C14A5E45F9555C335925D9D3](https://www.virustotal.com/gui/search/authentihash%253AF4D8EAD6C325030538D10EBB39F0EFDC2F553794C14A5E45F9555C335925D9D3) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/64508479-d4fc-4415-b202-d787a4d094e6.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/64c9ea42-80a1-425d-ae59-d9ee4eadf4ba.md b/lolrmm.com/content/bootloaders/64c9ea42-80a1-425d-ae59-d9ee4eadf4ba.md
new file mode 100644
index 00000000..3fb79bea
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/64c9ea42-80a1-425d-ae59-d9ee4eadf4ba.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "64c9ea42-80a1-425d-ae59-d9ee4eadf4ba"
+weight = 10
+displayTitle = "BOOTX64.EFI"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# BOOTX64.EFI ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Red Hat Inc. and revoked Jul-20
+- **UUID**: 64c9ea42-80a1-425d-ae59-d9ee4eadf4ba
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\BOOTX64.EFI } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | BOOTX64.EFI |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [BDD96B78F3AA4B123851342995451880CB2498E785ED12E48CEB36F1A3F49B2B](https://www.virustotal.com/gui/file/BDD96B78F3AA4B123851342995451880CB2498E785ED12E48CEB36F1A3F49B2B) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [A924D3CAD6DA42B7399B96A095A06F18F6B1ABA5B873B0D5F3A0EE2173B48B6C](https://www.virustotal.com/gui/search/authentihash%253AA924D3CAD6DA42B7399B96A095A06F18F6B1ABA5B873B0D5F3A0EE2173B48B6C) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/64c9ea42-80a1-425d-ae59-d9ee4eadf4ba.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/66314d3b-bec0-4042-94f3-2744b5a337ee.md b/lolrmm.com/content/bootloaders/66314d3b-bec0-4042-94f3-2744b5a337ee.md
new file mode 100644
index 00000000..2d3649b4
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/66314d3b-bec0-4042-94f3-2744b5a337ee.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "66314d3b-bec0-4042-94f3-2744b5a337ee"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 66314d3b-bec0-4042-94f3-2744b5a337ee
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/e7ae8ab50eae0f2730780d6e87a165cc.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [e7ae8ab50eae0f2730780d6e87a165cc](https://www.virustotal.com/gui/file/e7ae8ab50eae0f2730780d6e87a165cc) |
+| SHA1               | [339702656fbb6e001e9a283dbd54567323f0332f](https://www.virustotal.com/gui/file/339702656fbb6e001e9a283dbd54567323f0332f) |
+| SHA256             | [88582f3cae30afd77990944709ac4e272d68cdc009d9c3ff6f7c2e19e74f5975](https://www.virustotal.com/gui/file/88582f3cae30afd77990944709ac4e272d68cdc009d9c3ff6f7c2e19e74f5975) |
+| Authentihash MD5   | [61dcd3b5b1b343f78cdba79267151107](https://www.virustotal.com/gui/search/authentihash%253A61dcd3b5b1b343f78cdba79267151107) |
+| Authentihash SHA1  | [f62b5d4321be185905a65037dfcdeb277a4f6169](https://www.virustotal.com/gui/search/authentihash%253Af62b5d4321be185905a65037dfcdeb277a4f6169) |
+| Authentihash SHA256| [490c927242cc6227ca439a7e9aa9d771ad4d1686eede1f331cbb6c69e9be746e](https://www.virustotal.com/gui/search/authentihash%253A490c927242cc6227ca439a7e9aa9d771ad4d1686eede1f331cbb6c69e9be746e) |
+| RichPEHeaderHash MD5   | [76b472327057a88cd36ca28afc4c0e33](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A76b472327057a88cd36ca28afc4c0e33) |
+| RichPEHeaderHash SHA1  | [3111a9f1a2306b44b216f95d22c5d3780e200bb4](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3111a9f1a2306b44b216f95d22c5d3780e200bb4) |
+| RichPEHeaderHash SHA256| [99f483be10e4f3d7da9abe8eabdf67c61589c0ecec750aac0991666c9bc4e518](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A99f483be10e4f3d7da9abe8eabdf67c61589c0ecec750aac0991666c9bc4e518) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000002418fc0b689e7399d0000000000024
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 28b23b39f3bbd936a26a5b86451be0ac  |
+| ToBeSigned (TBS) SHA1             | 3b16f29295d5a7c323beb479c71d3d20c6b8acc2 |
+| ToBeSigned (TBS) SHA256           | 4383c9a796dc607ddaae1849d8e5d2e7ea211aad2c599fe1e251285ec87dd150 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2013-06-17 21:43:38 |
+| ValidTo                           | 2014-09-17 21:43:38 |
+| Signature                         | 78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000002418fc0b689e7399d0000000000024 |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+      "Signature": "78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "28b23b39f3bbd936a26a5b86451be0ac",
+        "SHA1": "3b16f29295d5a7c323beb479c71d3d20c6b8acc2",
+        "SHA256": "4383c9a796dc607ddaae1849d8e5d2e7ea211aad2c599fe1e251285ec87dd150"
+      },
+      "ValidFrom": "2013-06-17 21:43:38",
+      "ValidTo": "2014-09-17 21:43:38",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/66314d3b-bec0-4042-94f3-2744b5a337ee.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/663a9b38-509f-4a27-b2b8-13801ce4ee89.md b/lolrmm.com/content/bootloaders/663a9b38-509f-4a27-b2b8-13801ce4ee89.md
new file mode 100644
index 00000000..b14d8e01
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/663a9b38-509f-4a27-b2b8-13801ce4ee89.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "663a9b38-509f-4a27-b2b8-13801ce4ee89"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 663a9b38-509f-4a27-b2b8-13801ce4ee89
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [3E8EE29691F1F22F5B46C301EDFE411821D466E7A39672A416E387060A0EEFE0](https://www.virustotal.com/gui/file/3E8EE29691F1F22F5B46C301EDFE411821D466E7A39672A416E387060A0EEFE0) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [B2BEAECAC1BDE409F82933D80FA3BF5FA0D1FF8D1F97E5260BB25C0FBBA35CA7](https://www.virustotal.com/gui/search/authentihash%253AB2BEAECAC1BDE409F82933D80FA3BF5FA0D1FF8D1F97E5260BB25C0FBBA35CA7) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/663a9b38-509f-4a27-b2b8-13801ce4ee89.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/66d407b1-5e65-4314-89c3-cc6dd5c10d59.md b/lolrmm.com/content/bootloaders/66d407b1-5e65-4314-89c3-cc6dd5c10d59.md
new file mode 100644
index 00000000..692d9ec8
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/66d407b1-5e65-4314-89c3-cc6dd5c10d59.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "66d407b1-5e65-4314-89c3-cc6dd5c10d59"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 66d407b1-5e65-4314-89c3-cc6dd5c10d59
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [EBB480F63BB81A4C88F42E97A1B40DAB2EBB926A358EACC1C52A5DB88A2BC6CA](https://www.virustotal.com/gui/file/EBB480F63BB81A4C88F42E97A1B40DAB2EBB926A358EACC1C52A5DB88A2BC6CA) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [28CE0DAD50730900C5D18CC58D5255293452CA37D764868C16EAA9EAF6BD7C83](https://www.virustotal.com/gui/search/authentihash%253A28CE0DAD50730900C5D18CC58D5255293452CA37D764868C16EAA9EAF6BD7C83) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/66d407b1-5e65-4314-89c3-cc6dd5c10d59.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/66da17c5-7c1b-43c3-8520-4d3efea91899.md b/lolrmm.com/content/bootloaders/66da17c5-7c1b-43c3-8520-4d3efea91899.md
new file mode 100644
index 00000000..e35a6a41
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/66da17c5-7c1b-43c3-8520-4d3efea91899.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "66da17c5-7c1b-43c3-8520-4d3efea91899"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 66da17c5-7c1b-43c3-8520-4d3efea91899
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/5624304dd2172b7edb81741a5e7d2d06.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [5624304dd2172b7edb81741a5e7d2d06](https://www.virustotal.com/gui/file/5624304dd2172b7edb81741a5e7d2d06) |
+| SHA1               | [5ebb525eefc7d35d664bf29bf8fbff40832dcefb](https://www.virustotal.com/gui/file/5ebb525eefc7d35d664bf29bf8fbff40832dcefb) |
+| SHA256             | [0e93c368f8177bc0fe1a09d79b897a94286f3c374a18a40522c3358cb627d7e2](https://www.virustotal.com/gui/file/0e93c368f8177bc0fe1a09d79b897a94286f3c374a18a40522c3358cb627d7e2) |
+| Authentihash MD5   | [a0455533de7422bc348d8c282d26254d](https://www.virustotal.com/gui/search/authentihash%253Aa0455533de7422bc348d8c282d26254d) |
+| Authentihash SHA1  | [f8f7d3c1f985120b648ab2d7daedeb98ed618189](https://www.virustotal.com/gui/search/authentihash%253Af8f7d3c1f985120b648ab2d7daedeb98ed618189) |
+| Authentihash SHA256| [16598ee39b716ed9e4765a44abf86906c9b25c25abf631cc78ece6f7211b0365](https://www.virustotal.com/gui/search/authentihash%253A16598ee39b716ed9e4765a44abf86906c9b25c25abf631cc78ece6f7211b0365) |
+| RichPEHeaderHash MD5   | [2fbc53c18b773e0990639d636825b0ba](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2fbc53c18b773e0990639d636825b0ba) |
+| RichPEHeaderHash SHA1  | [2a1d3ef0d46e4b8b403cdf0c29bcefbe41250cb3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2a1d3ef0d46e4b8b403cdf0c29bcefbe41250cb3) |
+| RichPEHeaderHash SHA256| [d1a38cd90fba6fb39948b1c0ee836f9542268bb74c4379963c2920d11f696f22](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Ad1a38cd90fba6fb39948b1c0ee836f9542268bb74c4379963c2920d11f696f22) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000004ea1d80770a9bbe94400000000004e
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 9da610547a25cbe89af7ecdb99229623  |
+| ToBeSigned (TBS) SHA1             | 6841cbcbd019586d045c2e9d6d0bc3a98fee3bf7 |
+| ToBeSigned (TBS) SHA256           | 1cfead8146399a4dfe6759e9303c30c521cff3830e7177e87e64021dc3da4931 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2014-07-01 20:32:01 |
+| ValidTo                           | 2015-10-01 20:32:01 |
+| Signature                         | 8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000004ea1d80770a9bbe94400000000004e |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+      "Signature": "8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "9da610547a25cbe89af7ecdb99229623",
+        "SHA1": "6841cbcbd019586d045c2e9d6d0bc3a98fee3bf7",
+        "SHA256": "1cfead8146399a4dfe6759e9303c30c521cff3830e7177e87e64021dc3da4931"
+      },
+      "ValidFrom": "2014-07-01 20:32:01",
+      "ValidTo": "2015-10-01 20:32:01",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/66da17c5-7c1b-43c3-8520-4d3efea91899.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/670b1089-ea21-40d1-ac0a-1dc0adeb7b05.md b/lolrmm.com/content/bootloaders/670b1089-ea21-40d1-ac0a-1dc0adeb7b05.md
new file mode 100644
index 00000000..853f9e68
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/670b1089-ea21-40d1-ac0a-1dc0adeb7b05.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "670b1089-ea21-40d1-ac0a-1dc0adeb7b05"
+weight = 10
+displayTitle = "670b1089-ea21-40d1-ac0a-1dc0adeb7b05"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 670b1089-ea21-40d1-ac0a-1dc0adeb7b05 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Unknown and revoked Jul-20
+- **UUID**: 670b1089-ea21-40d1-ac0a-1dc0adeb7b05
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [30A947ED2F95D0E7F2746F3A4F3C458FC64554295BA5B4C302FE0EE4F8027C0C](https://www.virustotal.com/gui/file/30A947ED2F95D0E7F2746F3A4F3C458FC64554295BA5B4C302FE0EE4F8027C0C) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [D9668AB52785086786C134B5E4BDDBF72452813B6973229AB92AA1A54D201BF5](https://www.virustotal.com/gui/search/authentihash%253AD9668AB52785086786C134B5E4BDDBF72452813B6973229AB92AA1A54D201BF5) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/670b1089-ea21-40d1-ac0a-1dc0adeb7b05.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/67ae7723-5130-48c6-b24b-22a876c9c2c0.md b/lolrmm.com/content/bootloaders/67ae7723-5130-48c6-b24b-22a876c9c2c0.md
new file mode 100644
index 00000000..14df3dc0
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/67ae7723-5130-48c6-b24b-22a876c9c2c0.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "67ae7723-5130-48c6-b24b-22a876c9c2c0"
+weight = 10
+displayTitle = "shim-15+1533136590.3beb971-0ubuntu1/shimaa64.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# shim-15+1533136590.3beb971-0ubuntu1/shimaa64.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Canonical Ltd and revoked Apr-21
+- **UUID**: 67ae7723-5130-48c6-b24b-22a876c9c2c0
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\shim-15+1533136590.3beb971-0ubuntu1/shimaa64.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372">CVE-2020-14372</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632">CVE-2020-25632</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647">CVE-2020-25647</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749">CVE-2020-27749</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779">CVE-2020-27779</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3418">CVE-2021-3418</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225">CVE-2021-20225</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233">CVE-2021-20233</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | shim-15+1533136590.3beb971-0ubuntu1/shimaa64.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [C58ABF55F773FEE60CDB21D01D02229C4A3FEEB29F5D904CEB3106BC4B435EE7](https://www.virustotal.com/gui/file/C58ABF55F773FEE60CDB21D01D02229C4A3FEEB29F5D904CEB3106BC4B435EE7) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [339C2BCF0445BAA7345A02CDE505E172D24CC9CEA29A92EBEE3F3901693FD2C8](https://www.virustotal.com/gui/search/authentihash%253A339C2BCF0445BAA7345A02CDE505E172D24CC9CEA29A92EBEE3F3901693FD2C8) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/67ae7723-5130-48c6-b24b-22a876c9c2c0.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/68bce846-d710-4c06-a74c-bdf24a87157b.md b/lolrmm.com/content/bootloaders/68bce846-d710-4c06-a74c-bdf24a87157b.md
new file mode 100644
index 00000000..9a6d32a1
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/68bce846-d710-4c06-a74c-bdf24a87157b.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "68bce846-d710-4c06-a74c-bdf24a87157b"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 68bce846-d710-4c06-a74c-bdf24a87157b
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/11ca417bc767273a9de7b1355cb2908e.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [11ca417bc767273a9de7b1355cb2908e](https://www.virustotal.com/gui/file/11ca417bc767273a9de7b1355cb2908e) |
+| SHA1               | [8de2b54c1204ea7491174a94c1a283695952155b](https://www.virustotal.com/gui/file/8de2b54c1204ea7491174a94c1a283695952155b) |
+| SHA256             | [0b16ad93ee38243d72ff0acd790107767b6d7d3563a4ba8edb7a23eec5c8d531](https://www.virustotal.com/gui/file/0b16ad93ee38243d72ff0acd790107767b6d7d3563a4ba8edb7a23eec5c8d531) |
+| Authentihash MD5   | [8bbbe505bcaf280a57c1bbd361585c0d](https://www.virustotal.com/gui/search/authentihash%253A8bbbe505bcaf280a57c1bbd361585c0d) |
+| Authentihash SHA1  | [df47daa733f498b29d1b3daf28724cc400710a63](https://www.virustotal.com/gui/search/authentihash%253Adf47daa733f498b29d1b3daf28724cc400710a63) |
+| Authentihash SHA256| [2b21029fa033526d1dcd9e87ad8893f9b5a08987c3271b8a86716865de53d958](https://www.virustotal.com/gui/search/authentihash%253A2b21029fa033526d1dcd9e87ad8893f9b5a08987c3271b8a86716865de53d958) |
+| RichPEHeaderHash MD5   | [e754010390655ad90064d6113e5dd792](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Ae754010390655ad90064d6113e5dd792) |
+| RichPEHeaderHash SHA1  | [235cedf98ee575630be68e22dcb4bdf096629ba4](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A235cedf98ee575630be68e22dcb4bdf096629ba4) |
+| RichPEHeaderHash SHA256| [691116109e663ec85f12f05de1670ed2caa11b641bdcccb4d2a8907a46033e0e](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A691116109e663ec85f12f05de1670ed2caa11b641bdcccb4d2a8907a46033e0e) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000002418fc0b689e7399d0000000000024
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 28b23b39f3bbd936a26a5b86451be0ac  |
+| ToBeSigned (TBS) SHA1             | 3b16f29295d5a7c323beb479c71d3d20c6b8acc2 |
+| ToBeSigned (TBS) SHA256           | 4383c9a796dc607ddaae1849d8e5d2e7ea211aad2c599fe1e251285ec87dd150 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2013-06-17 21:43:38 |
+| ValidTo                           | 2014-09-17 21:43:38 |
+| Signature                         | 78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000002418fc0b689e7399d0000000000024 |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+      "Signature": "78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "28b23b39f3bbd936a26a5b86451be0ac",
+        "SHA1": "3b16f29295d5a7c323beb479c71d3d20c6b8acc2",
+        "SHA256": "4383c9a796dc607ddaae1849d8e5d2e7ea211aad2c599fe1e251285ec87dd150"
+      },
+      "ValidFrom": "2013-06-17 21:43:38",
+      "ValidTo": "2014-09-17 21:43:38",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/68bce846-d710-4c06-a74c-bdf24a87157b.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/696a399a-9f49-485d-9753-63edd677f144.md b/lolrmm.com/content/bootloaders/696a399a-9f49-485d-9753-63edd677f144.md
new file mode 100644
index 00000000..6e91ea79
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/696a399a-9f49-485d-9753-63edd677f144.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "696a399a-9f49-485d-9753-63edd677f144"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 696a399a-9f49-485d-9753-63edd677f144
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [944E6F803D3E1B0C1AA767B14B0F4D960A45F80F0A0A459253CA65147E947F72](https://www.virustotal.com/gui/file/944E6F803D3E1B0C1AA767B14B0F4D960A45F80F0A0A459253CA65147E947F72) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [99B2BD1FCF17B52C64E8506B97FA10CF8B6397C9D05D8D543F86893B210DBA62](https://www.virustotal.com/gui/search/authentihash%253A99B2BD1FCF17B52C64E8506B97FA10CF8B6397C9D05D8D543F86893B210DBA62) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/696a399a-9f49-485d-9753-63edd677f144.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/6a65ed03-95af-404a-8ac0-95fa8ac8eb99.md b/lolrmm.com/content/bootloaders/6a65ed03-95af-404a-8ac0-95fa8ac8eb99.md
new file mode 100644
index 00000000..d41949f3
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/6a65ed03-95af-404a-8ac0-95fa8ac8eb99.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "6a65ed03-95af-404a-8ac0-95fa8ac8eb99"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 6a65ed03-95af-404a-8ac0-95fa8ac8eb99
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [0CF738DD9BEA4F3BA350C805AE7A59076147080BC46F1D6D6C994382E77F8486](https://www.virustotal.com/gui/file/0CF738DD9BEA4F3BA350C805AE7A59076147080BC46F1D6D6C994382E77F8486) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [E7D9BDBCC68B5BED590C29B72DCA2B96779B8B68B12A47DED074B8F1B32F8FBE](https://www.virustotal.com/gui/search/authentihash%253AE7D9BDBCC68B5BED590C29B72DCA2B96779B8B68B12A47DED074B8F1B32F8FBE) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/6a65ed03-95af-404a-8ac0-95fa8ac8eb99.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/6e1223b2-5193-4ba9-b9b5-b09c45dd4286.md b/lolrmm.com/content/bootloaders/6e1223b2-5193-4ba9-b9b5-b09c45dd4286.md
new file mode 100644
index 00000000..5b6eb10d
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/6e1223b2-5193-4ba9-b9b5-b09c45dd4286.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "6e1223b2-5193-4ba9-b9b5-b09c45dd4286"
+weight = 10
+displayTitle = "centos-8.3-shim-20200726-shim64-bit.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# centos-8.3-shim-20200726-shim64-bit.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Red Hat, Inc. and revoked Apr-21
+- **UUID**: 6e1223b2-5193-4ba9-b9b5-b09c45dd4286
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\centos-8.3-shim-20200726-shim64-bit.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372">CVE-2020-14372</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632">CVE-2020-25632</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647">CVE-2020-25647</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749">CVE-2020-27749</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779">CVE-2020-27779</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3418">CVE-2021-3418</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225">CVE-2021-20225</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233">CVE-2021-20233</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | centos-8.3-shim-20200726-shim64-bit.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [D662EF94388DB203CE52DF9902D77E9E5EFB25A202B5B096351D604FD3E63080](https://www.virustotal.com/gui/file/D662EF94388DB203CE52DF9902D77E9E5EFB25A202B5B096351D604FD3E63080) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [4F0214FCE4FA8897D0C80A46D6DAB4124726D136FC2492EFD01BFEDFA3887A9C](https://www.virustotal.com/gui/search/authentihash%253A4F0214FCE4FA8897D0C80A46D6DAB4124726D136FC2492EFD01BFEDFA3887A9C) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/6e1223b2-5193-4ba9-b9b5-b09c45dd4286.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/6ea89297-74dd-4581-b268-475a282c9592.md b/lolrmm.com/content/bootloaders/6ea89297-74dd-4581-b268-475a282c9592.md
new file mode 100644
index 00000000..fd01b77c
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/6ea89297-74dd-4581-b268-475a282c9592.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "6ea89297-74dd-4581-b268-475a282c9592"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 6ea89297-74dd-4581-b268-475a282c9592
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [9C1812CF5B1D61DC08BD6683D143511BCB5B14798116D1D2714963CD468933FF](https://www.virustotal.com/gui/file/9C1812CF5B1D61DC08BD6683D143511BCB5B14798116D1D2714963CD468933FF) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [92185C264285741FA7F198CAD8F307C60891AD932D9E3C2A08D92546FF7099ED](https://www.virustotal.com/gui/search/authentihash%253A92185C264285741FA7F198CAD8F307C60891AD932D9E3C2A08D92546FF7099ED) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/6ea89297-74dd-4581-b268-475a282c9592.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/6f2d1488-6c25-477a-97ad-e0a570723b20.md b/lolrmm.com/content/bootloaders/6f2d1488-6c25-477a-97ad-e0a570723b20.md
new file mode 100644
index 00000000..6b85baca
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/6f2d1488-6c25-477a-97ad-e0a570723b20.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "6f2d1488-6c25-477a-97ad-e0a570723b20"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 6f2d1488-6c25-477a-97ad-e0a570723b20
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [A8CE55447F57564F1CE95A7B3C505A7996BDAC4A06710DD101ECD5B818653E27](https://www.virustotal.com/gui/file/A8CE55447F57564F1CE95A7B3C505A7996BDAC4A06710DD101ECD5B818653E27) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [90A483526B4238C55BC5DED289D7C1D376109B9D5F3E93529EDA75C4D451523A](https://www.virustotal.com/gui/search/authentihash%253A90A483526B4238C55BC5DED289D7C1D376109B9D5F3E93529EDA75C4D451523A) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/6f2d1488-6c25-477a-97ad-e0a570723b20.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/70316201-97eb-4739-a72b-abdcd208e20b.md b/lolrmm.com/content/bootloaders/70316201-97eb-4739-a72b-abdcd208e20b.md
new file mode 100644
index 00000000..6b0a1090
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/70316201-97eb-4739-a72b-abdcd208e20b.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "70316201-97eb-4739-a72b-abdcd208e20b"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 70316201-97eb-4739-a72b-abdcd208e20b
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [EFA5CA12CFC70DEA81EB71088B4BDBD44D5B45A8F8D81B7DB243D6A03A7F11C4](https://www.virustotal.com/gui/file/EFA5CA12CFC70DEA81EB71088B4BDBD44D5B45A8F8D81B7DB243D6A03A7F11C4) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [5EB2C76843B253ACBCECBB84767697128F000C18358C78C5BAF135A5996C037F](https://www.virustotal.com/gui/search/authentihash%253A5EB2C76843B253ACBCECBB84767697128F000C18358C78C5BAF135A5996C037F) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/70316201-97eb-4739-a72b-abdcd208e20b.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/7191ca91-6b37-4c4f-821c-a2df6c16e91c.md b/lolrmm.com/content/bootloaders/7191ca91-6b37-4c4f-821c-a2df6c16e91c.md
new file mode 100644
index 00000000..bf5f4ddd
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/7191ca91-6b37-4c4f-821c-a2df6c16e91c.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "7191ca91-6b37-4c4f-821c-a2df6c16e91c"
+weight = 10
+displayTitle = "bootia32.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootia32.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 7191ca91-6b37-4c4f-821c-a2df6c16e91c
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootia32.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8">Black Lotus Microsoft Windows 8</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootia32.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [3E964DC8AAE03D464F3DEB556C4927075AA9F3A1998C66D65EFDE178F465D7B3](https://www.virustotal.com/gui/file/3E964DC8AAE03D464F3DEB556C4927075AA9F3A1998C66D65EFDE178F465D7B3) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [57AEAB53DB02CCD1E307AD3BE524EB507D0339BB2AAB3BC9B653088B7E790FCC](https://www.virustotal.com/gui/search/authentihash%253A57AEAB53DB02CCD1E307AD3BE524EB507D0339BB2AAB3BC9B653088B7E790FCC) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/7191ca91-6b37-4c4f-821c-a2df6c16e91c.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/71999c6f-6195-4944-ad16-105579c98549.md b/lolrmm.com/content/bootloaders/71999c6f-6195-4944-ad16-105579c98549.md
new file mode 100644
index 00000000..ca5ea7b6
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/71999c6f-6195-4944-ad16-105579c98549.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "71999c6f-6195-4944-ad16-105579c98549"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 71999c6f-6195-4944-ad16-105579c98549
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [50A8B3CD4F80C8C27FA47242869FDE8B6B7709A8AD1AF0EF0A726D20623007D8](https://www.virustotal.com/gui/file/50A8B3CD4F80C8C27FA47242869FDE8B6B7709A8AD1AF0EF0A726D20623007D8) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [CB6722995D4821AEAA9871C1B9782A02ED2F3D2BC6C1AAFD3E6B7673A210A8FB](https://www.virustotal.com/gui/search/authentihash%253ACB6722995D4821AEAA9871C1B9782A02ED2F3D2BC6C1AAFD3E6B7673A210A8FB) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/71999c6f-6195-4944-ad16-105579c98549.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/72b28839-6c76-40b4-b8ec-6582be7d81eb.md b/lolrmm.com/content/bootloaders/72b28839-6c76-40b4-b8ec-6582be7d81eb.md
new file mode 100644
index 00000000..a6728cb4
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/72b28839-6c76-40b4-b8ec-6582be7d81eb.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "72b28839-6c76-40b4-b8ec-6582be7d81eb"
+weight = 10
+displayTitle = "72b28839-6c76-40b4-b8ec-6582be7d81eb"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 72b28839-6c76-40b4-b8ec-6582be7d81eb ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Unknown and revoked Jul-20
+- **UUID**: 72b28839-6c76-40b4-b8ec-6582be7d81eb
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [F69D87F5BC30026B00110DADD0264311D15DECE6B67F046506755284AF5EC002](https://www.virustotal.com/gui/file/F69D87F5BC30026B00110DADD0264311D15DECE6B67F046506755284AF5EC002) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [05D87E15713454616F5B0ED7849AB5C1712AB84F02349478EC2A38F970C01489](https://www.virustotal.com/gui/search/authentihash%253A05D87E15713454616F5B0ED7849AB5C1712AB84F02349478EC2A38F970C01489) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/72b28839-6c76-40b4-b8ec-6582be7d81eb.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/73af3c3c-dce6-48b2-bebf-ea167cbaef2a.md b/lolrmm.com/content/bootloaders/73af3c3c-dce6-48b2-bebf-ea167cbaef2a.md
new file mode 100644
index 00000000..84edf7e4
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/73af3c3c-dce6-48b2-bebf-ea167cbaef2a.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "73af3c3c-dce6-48b2-bebf-ea167cbaef2a"
+weight = 10
+displayTitle = "73af3c3c-dce6-48b2-bebf-ea167cbaef2a"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 73af3c3c-dce6-48b2-bebf-ea167cbaef2a ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by HP and revoked Jul-20
+- **UUID**: 73af3c3c-dce6-48b2-bebf-ea167cbaef2a
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [A2BE1EB17E12E0A66A87342C9D1CFD4D7DB81504A16B4FCB32F15C6BAA3F589D](https://www.virustotal.com/gui/file/A2BE1EB17E12E0A66A87342C9D1CFD4D7DB81504A16B4FCB32F15C6BAA3F589D) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [E6856F137F79992DC94FA2F43297EC32D2D9A76F7BE66114C6A13EFC3BCDF5C8](https://www.virustotal.com/gui/search/authentihash%253AE6856F137F79992DC94FA2F43297EC32D2D9A76F7BE66114C6A13EFC3BCDF5C8) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/73af3c3c-dce6-48b2-bebf-ea167cbaef2a.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/73fc4a00-2d2f-46c4-a597-bd0cc015dfdc.md b/lolrmm.com/content/bootloaders/73fc4a00-2d2f-46c4-a597-bd0cc015dfdc.md
new file mode 100644
index 00000000..5ca372e0
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/73fc4a00-2d2f-46c4-a597-bd0cc015dfdc.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "73fc4a00-2d2f-46c4-a597-bd0cc015dfdc"
+weight = 10
+displayTitle = "73fc4a00-2d2f-46c4-a597-bd0cc015dfdc"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 73fc4a00-2d2f-46c4-a597-bd0cc015dfdc ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Intel Corporation and revoked Jul-20
+- **UUID**: 73fc4a00-2d2f-46c4-a597-bd0cc015dfdc
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [690B765C38BE3FBA65B829677D98A67943F92E24E9860EE2A13273F5932B8A0A](https://www.virustotal.com/gui/file/690B765C38BE3FBA65B829677D98A67943F92E24E9860EE2A13273F5932B8A0A) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [BEF7663BE5EA4DBFD8686E24701E036F4C03FB7FCD67A6C566ED94CE09C44470](https://www.virustotal.com/gui/search/authentihash%253ABEF7663BE5EA4DBFD8686E24701E036F4C03FB7FCD67A6C566ED94CE09C44470) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/73fc4a00-2d2f-46c4-a597-bd0cc015dfdc.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/73fcc470-7c81-4385-8c78-933467e404cf.md b/lolrmm.com/content/bootloaders/73fcc470-7c81-4385-8c78-933467e404cf.md
new file mode 100644
index 00000000..e6a043ec
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/73fcc470-7c81-4385-8c78-933467e404cf.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "73fcc470-7c81-4385-8c78-933467e404cf"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 73fcc470-7c81-4385-8c78-933467e404cf
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [35F731A87345B78EAC85100D339ED77CE83B7DF6151B401B446A79D9FEBCD36D](https://www.virustotal.com/gui/file/35F731A87345B78EAC85100D339ED77CE83B7DF6151B401B446A79D9FEBCD36D) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [DE7F766E4454DA118A6C42BEE476C4BB66F660BFDB88DB572C4621C43EC1836E](https://www.virustotal.com/gui/search/authentihash%253ADE7F766E4454DA118A6C42BEE476C4BB66F660BFDB88DB572C4621C43EC1836E) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/73fcc470-7c81-4385-8c78-933467e404cf.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/7480e25e-d4dd-4e39-b652-33861111c011.md b/lolrmm.com/content/bootloaders/7480e25e-d4dd-4e39-b652-33861111c011.md
new file mode 100644
index 00000000..174dea34
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/7480e25e-d4dd-4e39-b652-33861111c011.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "7480e25e-d4dd-4e39-b652-33861111c011"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 7480e25e-d4dd-4e39-b652-33861111c011
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [55C6D083A4E3BE8FF842A5D39EF6F0C82D3DD29FE377C7AEA920C7B419F660D8](https://www.virustotal.com/gui/file/55C6D083A4E3BE8FF842A5D39EF6F0C82D3DD29FE377C7AEA920C7B419F660D8) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [3153B3E305575439914605D976CF6EAD5A500E54D0B6ABCDAAFCCED1BC47E04F](https://www.virustotal.com/gui/search/authentihash%253A3153B3E305575439914605D976CF6EAD5A500E54D0B6ABCDAAFCCED1BC47E04F) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/7480e25e-d4dd-4e39-b652-33861111c011.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/7489f724-a3b3-435d-b34e-9ca0a94c6ceb.md b/lolrmm.com/content/bootloaders/7489f724-a3b3-435d-b34e-9ca0a94c6ceb.md
new file mode 100644
index 00000000..f6735e73
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/7489f724-a3b3-435d-b34e-9ca0a94c6ceb.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "7489f724-a3b3-435d-b34e-9ca0a94c6ceb"
+weight = 10
+displayTitle = "7489f724-a3b3-435d-b34e-9ca0a94c6ceb"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 7489f724-a3b3-435d-b34e-9ca0a94c6ceb ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by SUSE Linux and revoked Jul-20
+- **UUID**: 7489f724-a3b3-435d-b34e-9ca0a94c6ceb
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [707BEEAE9B9CBF0D56AEE48AE398F127D3B52FD37D25B95C561CDA1DB5233C50](https://www.virustotal.com/gui/file/707BEEAE9B9CBF0D56AEE48AE398F127D3B52FD37D25B95C561CDA1DB5233C50) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [9C259FCB301D5FC7397ED5759963E0EF6B36E42057FD73046E6BD08B149F751C](https://www.virustotal.com/gui/search/authentihash%253A9C259FCB301D5FC7397ED5759963E0EF6B36E42057FD73046E6BD08B149F751C) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/7489f724-a3b3-435d-b34e-9ca0a94c6ceb.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/7520fd68-dbc4-4182-ab8e-2cc005024183.md b/lolrmm.com/content/bootloaders/7520fd68-dbc4-4182-ab8e-2cc005024183.md
new file mode 100644
index 00000000..5c7bba76
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/7520fd68-dbc4-4182-ab8e-2cc005024183.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "7520fd68-dbc4-4182-ab8e-2cc005024183"
+weight = 10
+displayTitle = "rhel-8.3-20200917-shimia32.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# rhel-8.3-20200917-shimia32.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Red Hat, Inc. and revoked Apr-21
+- **UUID**: 7520fd68-dbc4-4182-ab8e-2cc005024183
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\rhel-8.3-20200917-shimia32.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372">CVE-2020-14372</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632">CVE-2020-25632</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647">CVE-2020-25647</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749">CVE-2020-27749</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779">CVE-2020-27779</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3418">CVE-2021-3418</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225">CVE-2021-20225</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233">CVE-2021-20233</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | rhel-8.3-20200917-shimia32.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [3BA74313087DB77CF93A00E072A2FAE00C0A472DAC5DD6988F9C0993A0769159](https://www.virustotal.com/gui/file/3BA74313087DB77CF93A00E072A2FAE00C0A472DAC5DD6988F9C0993A0769159) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [4AAC0A9E089DF8E9AC6725E0DFCA3AC11A17747A2E35F43A2B38A58F8AE2A273](https://www.virustotal.com/gui/search/authentihash%253A4AAC0A9E089DF8E9AC6725E0DFCA3AC11A17747A2E35F43A2B38A58F8AE2A273) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/7520fd68-dbc4-4182-ab8e-2cc005024183.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/7550a473-863a-43f8-aad7-fff5be3977f0.md b/lolrmm.com/content/bootloaders/7550a473-863a-43f8-aad7-fff5be3977f0.md
new file mode 100644
index 00000000..bcc1dae8
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/7550a473-863a-43f8-aad7-fff5be3977f0.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "7550a473-863a-43f8-aad7-fff5be3977f0"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 7550a473-863a-43f8-aad7-fff5be3977f0
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [4640438E0AAEEE87664C893198B41AA03BBF3214E181AAC4E2DE81A5400D2C27](https://www.virustotal.com/gui/file/4640438E0AAEEE87664C893198B41AA03BBF3214E181AAC4E2DE81A5400D2C27) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [199F3CF990816D710F556722CA068597C4341B7F346642339839AE30495309D0](https://www.virustotal.com/gui/search/authentihash%253A199F3CF990816D710F556722CA068597C4341B7F346642339839AE30495309D0) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/7550a473-863a-43f8-aad7-fff5be3977f0.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/7662d98a-0476-48dd-b532-8e6142d251ec.md b/lolrmm.com/content/bootloaders/7662d98a-0476-48dd-b532-8e6142d251ec.md
new file mode 100644
index 00000000..909fdf3f
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/7662d98a-0476-48dd-b532-8e6142d251ec.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "7662d98a-0476-48dd-b532-8e6142d251ec"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 7662d98a-0476-48dd-b532-8e6142d251ec
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/a168299b9ced4e289f438408b6a047b6.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8">Black Lotus Microsoft Windows 8</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [a168299b9ced4e289f438408b6a047b6](https://www.virustotal.com/gui/file/a168299b9ced4e289f438408b6a047b6) |
+| SHA1               | [cd0498821da3074abf0b1c44819f1bd2f3a13355](https://www.virustotal.com/gui/file/cd0498821da3074abf0b1c44819f1bd2f3a13355) |
+| SHA256             | [90ea447ccfdcd9771de40de9721d0256d6d8a30d68963e82485c2e92b7eb5257](https://www.virustotal.com/gui/file/90ea447ccfdcd9771de40de9721d0256d6d8a30d68963e82485c2e92b7eb5257) |
+| Authentihash MD5   | [e2a3feaa3ac65bd8ceec1f6430f81121](https://www.virustotal.com/gui/search/authentihash%253Ae2a3feaa3ac65bd8ceec1f6430f81121) |
+| Authentihash SHA1  | [80257f616bfa48d64053b0198af7280152e8243f](https://www.virustotal.com/gui/search/authentihash%253A80257f616bfa48d64053b0198af7280152e8243f) |
+| Authentihash SHA256| [8ed8aa03199de7d541ccbb3009a2b1ff575219662d8b23fba7fdff02d80abd29](https://www.virustotal.com/gui/search/authentihash%253A8ed8aa03199de7d541ccbb3009a2b1ff575219662d8b23fba7fdff02d80abd29) |
+| RichPEHeaderHash MD5   | [fa6462badb7aa537a9d3ecf604e9fbd7](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Afa6462badb7aa537a9d3ecf604e9fbd7) |
+| RichPEHeaderHash SHA1  | [caefdafc6f3620830b306d429c83bb077f6bdaa4](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Acaefdafc6f3620830b306d429c83bb077f6bdaa4) |
+| RichPEHeaderHash SHA256| [4689fe3d6e35db99759219db2adef6cefa62105e8b636c0c5bd2a6bec395e471](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A4689fe3d6e35db99759219db2adef6cefa62105e8b636c0c5bd2a6bec395e471) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 33000000bce120fdd27cc8ee930000000000bc
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | f31f8c784e5d3986ccacb9c88c6d7044  |
+| ToBeSigned (TBS) SHA1             | 833498af9a41da339c83e0d384b521f72d053331 |
+| ToBeSigned (TBS) SHA256           | 1f47e616b2810165968d76ef4f6587611c276f4b52901bd6aa5822f9c6e52976 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2015-08-18 17:15:28 |
+| ValidTo                           | 2016-11-18 17:15:28 |
+| Signature                         | 60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 33000000bce120fdd27cc8ee930000000000bc |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+      "Signature": "60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "f31f8c784e5d3986ccacb9c88c6d7044",
+        "SHA1": "833498af9a41da339c83e0d384b521f72d053331",
+        "SHA256": "1f47e616b2810165968d76ef4f6587611c276f4b52901bd6aa5822f9c6e52976"
+      },
+      "ValidFrom": "2015-08-18 17:15:28",
+      "ValidTo": "2016-11-18 17:15:28",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/7662d98a-0476-48dd-b532-8e6142d251ec.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/76724735-ec57-4c1a-8712-f0267d21f0c4.md b/lolrmm.com/content/bootloaders/76724735-ec57-4c1a-8712-f0267d21f0c4.md
new file mode 100644
index 00000000..43e09b18
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/76724735-ec57-4c1a-8712-f0267d21f0c4.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "76724735-ec57-4c1a-8712-f0267d21f0c4"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 76724735-ec57-4c1a-8712-f0267d21f0c4
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/5cdb3b41abea2f625c0a632f4ad2cddb.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8">Black Lotus Microsoft Windows 8</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [5cdb3b41abea2f625c0a632f4ad2cddb](https://www.virustotal.com/gui/file/5cdb3b41abea2f625c0a632f4ad2cddb) |
+| SHA1               | [68041e64a6a90537c6f7d7c6c1b07ccee8fd92a3](https://www.virustotal.com/gui/file/68041e64a6a90537c6f7d7c6c1b07ccee8fd92a3) |
+| SHA256             | [4f9398592553ee138d8db48b95789eca19324b8408cafd0f0bc46d030e7b4fd4](https://www.virustotal.com/gui/file/4f9398592553ee138d8db48b95789eca19324b8408cafd0f0bc46d030e7b4fd4) |
+| Authentihash MD5   | [a7e340723a992f0a725fa1e394e5a655](https://www.virustotal.com/gui/search/authentihash%253Aa7e340723a992f0a725fa1e394e5a655) |
+| Authentihash SHA1  | [882ef0e748b0ba689bb0af982c499db1fb1c8ab1](https://www.virustotal.com/gui/search/authentihash%253A882ef0e748b0ba689bb0af982c499db1fb1c8ab1) |
+| Authentihash SHA256| [65625a143d220ea184dbd5cdfb1b9e9c3bd9654294eaa2b98628bc273ebc18b5](https://www.virustotal.com/gui/search/authentihash%253A65625a143d220ea184dbd5cdfb1b9e9c3bd9654294eaa2b98628bc273ebc18b5) |
+| RichPEHeaderHash MD5   | [b91ca2bc17ae097c0cea2d2fa5ca52ee](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Ab91ca2bc17ae097c0cea2d2fa5ca52ee) |
+| RichPEHeaderHash SHA1  | [1a8fb4b3991fa408332afc5f95422941ab4d33bc](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A1a8fb4b3991fa408332afc5f95422941ab4d33bc) |
+| RichPEHeaderHash SHA256| [2cf47ce7a3c1eddb148d65b646a875561cd62faa54a32d5c903707f24f27e688](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2cf47ce7a3c1eddb148d65b646a875561cd62faa54a32d5c903707f24f27e688) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 610bbbd8000000000005
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 158438012e4dcd69b27b762c9358cfa2  |
+| ToBeSigned (TBS) SHA1             | 684ac167849404a4101f166b759f291a43d5f749 |
+| ToBeSigned (TBS) SHA256           | 95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2012-04-09 20:55:50 |
+| ValidTo                           | 2013-07-09 20:55:50 |
+| Signature                         | c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 610bbbd8000000000005 |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "610bbbd8000000000005",
+      "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "158438012e4dcd69b27b762c9358cfa2",
+        "SHA1": "684ac167849404a4101f166b759f291a43d5f749",
+        "SHA256": "95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c"
+      },
+      "ValidFrom": "2012-04-09 20:55:50",
+      "ValidTo": "2013-07-09 20:55:50",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "610bbbd8000000000005",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/76724735-ec57-4c1a-8712-f0267d21f0c4.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/76afa72a-2b55-4649-9fc2-3dbdc27456e6.md b/lolrmm.com/content/bootloaders/76afa72a-2b55-4649-9fc2-3dbdc27456e6.md
new file mode 100644
index 00000000..134cae77
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/76afa72a-2b55-4649-9fc2-3dbdc27456e6.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "76afa72a-2b55-4649-9fc2-3dbdc27456e6"
+weight = 10
+displayTitle = "bootarm.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootarm.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 76afa72a-2b55-4649-9fc2-3dbdc27456e6
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootarm.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootarm.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [5AA8E7418AE78250745BE3ACFC2B8D1FC1DD4D1DEFB54F19A508BD8247CC958F](https://www.virustotal.com/gui/file/5AA8E7418AE78250745BE3ACFC2B8D1FC1DD4D1DEFB54F19A508BD8247CC958F) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [AF93D5A2238F01D595A1BC2092F0AB29A550B2B96BDE7356EBF64D8F04234958](https://www.virustotal.com/gui/search/authentihash%253AAF93D5A2238F01D595A1BC2092F0AB29A550B2B96BDE7356EBF64D8F04234958) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/76afa72a-2b55-4649-9fc2-3dbdc27456e6.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/77a4c1f2-a194-4778-8074-4ba1d052129f.md b/lolrmm.com/content/bootloaders/77a4c1f2-a194-4778-8074-4ba1d052129f.md
new file mode 100644
index 00000000..9d2d4cf4
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/77a4c1f2-a194-4778-8074-4ba1d052129f.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "77a4c1f2-a194-4778-8074-4ba1d052129f"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 77a4c1f2-a194-4778-8074-4ba1d052129f
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/b93d4a486013424efe0fb34668b50b85.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [b93d4a486013424efe0fb34668b50b85](https://www.virustotal.com/gui/file/b93d4a486013424efe0fb34668b50b85) |
+| SHA1               | [71ff189bcbb7e43d0793a0efb827f7225fb122b0](https://www.virustotal.com/gui/file/71ff189bcbb7e43d0793a0efb827f7225fb122b0) |
+| SHA256             | [4f3e97e36ec05236dc378c544310a9685d57409b87020bee731d7ddbf90987c6](https://www.virustotal.com/gui/file/4f3e97e36ec05236dc378c544310a9685d57409b87020bee731d7ddbf90987c6) |
+| Authentihash MD5   | [26019df09c3d207b9be1a2f395b8645a](https://www.virustotal.com/gui/search/authentihash%253A26019df09c3d207b9be1a2f395b8645a) |
+| Authentihash SHA1  | [db3344e8cb837776d854dc6adbfa5473a19bd611](https://www.virustotal.com/gui/search/authentihash%253Adb3344e8cb837776d854dc6adbfa5473a19bd611) |
+| Authentihash SHA256| [b67db8d53c925febadafce4356206c85f73e22456eae4ed6ee77f6a9e11a078c](https://www.virustotal.com/gui/search/authentihash%253Ab67db8d53c925febadafce4356206c85f73e22456eae4ed6ee77f6a9e11a078c) |
+| RichPEHeaderHash MD5   | [95c181375ef93e118f930024df1bff96](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A95c181375ef93e118f930024df1bff96) |
+| RichPEHeaderHash SHA1  | [e3a24ad3c9b07df2a4fb39a1432ba3597faa48f7](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Ae3a24ad3c9b07df2a4fb39a1432ba3597faa48f7) |
+| RichPEHeaderHash SHA256| [0708c72d17d4892e2deab31b567c830ee261f5e5730997a47366c0e1e58dec0e](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A0708c72d17d4892e2deab31b567c830ee261f5e5730997a47366c0e1e58dec0e) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 33000000bce120fdd27cc8ee930000000000bc
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | f31f8c784e5d3986ccacb9c88c6d7044  |
+| ToBeSigned (TBS) SHA1             | 833498af9a41da339c83e0d384b521f72d053331 |
+| ToBeSigned (TBS) SHA256           | 1f47e616b2810165968d76ef4f6587611c276f4b52901bd6aa5822f9c6e52976 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2015-08-18 17:15:28 |
+| ValidTo                           | 2016-11-18 17:15:28 |
+| Signature                         | 60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 33000000bce120fdd27cc8ee930000000000bc |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+      "Signature": "60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "f31f8c784e5d3986ccacb9c88c6d7044",
+        "SHA1": "833498af9a41da339c83e0d384b521f72d053331",
+        "SHA256": "1f47e616b2810165968d76ef4f6587611c276f4b52901bd6aa5822f9c6e52976"
+      },
+      "ValidFrom": "2015-08-18 17:15:28",
+      "ValidTo": "2016-11-18 17:15:28",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/77a4c1f2-a194-4778-8074-4ba1d052129f.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/78f886c7-28cd-4686-ac8f-ee82f3e0fbcb.md b/lolrmm.com/content/bootloaders/78f886c7-28cd-4686-ac8f-ee82f3e0fbcb.md
new file mode 100644
index 00000000..92e32ecd
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/78f886c7-28cd-4686-ac8f-ee82f3e0fbcb.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "78f886c7-28cd-4686-ac8f-ee82f3e0fbcb"
+weight = 10
+displayTitle = "78f886c7-28cd-4686-ac8f-ee82f3e0fbcb"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 78f886c7-28cd-4686-ac8f-ee82f3e0fbcb ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by BITDEFENDER and revoked Jul-20
+- **UUID**: 78f886c7-28cd-4686-ac8f-ee82f3e0fbcb
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [A95666BFAF48FD9C4CAF2F3ED4EB593145C48BD3C93E4B00638088CE7EE962CF](https://www.virustotal.com/gui/file/A95666BFAF48FD9C4CAF2F3ED4EB593145C48BD3C93E4B00638088CE7EE962CF) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [D89A11D16C488DD4FBBC541D4B07FAF8670D660994488FE54B1FBFF2704E4288](https://www.virustotal.com/gui/search/authentihash%253AD89A11D16C488DD4FBBC541D4B07FAF8670D660994488FE54B1FBFF2704E4288) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/78f886c7-28cd-4686-ac8f-ee82f3e0fbcb.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/795fbec7-a5f6-4e5d-b2c3-c968bf758e26.md b/lolrmm.com/content/bootloaders/795fbec7-a5f6-4e5d-b2c3-c968bf758e26.md
new file mode 100644
index 00000000..d87ddf25
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/795fbec7-a5f6-4e5d-b2c3-c968bf758e26.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "795fbec7-a5f6-4e5d-b2c3-c968bf758e26"
+weight = 10
+displayTitle = "shim-sles.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# shim-sles.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by SUSE Linux Products GmbH and revoked Apr-21
+- **UUID**: 795fbec7-a5f6-4e5d-b2c3-c968bf758e26
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\shim-sles.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372">CVE-2020-14372</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632">CVE-2020-25632</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647">CVE-2020-25647</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749">CVE-2020-27749</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779">CVE-2020-27779</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3418">CVE-2021-3418</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225">CVE-2021-20225</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233">CVE-2021-20233</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | shim-sles.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [3166EE4CE65D10105DEEE3A0163E236AC872E2C45652DC1DD78F8CE984463C12](https://www.virustotal.com/gui/file/3166EE4CE65D10105DEEE3A0163E236AC872E2C45652DC1DD78F8CE984463C12) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [040B3BC339E9B6F9ACD828B88F3482A5C3F64E67E5A714BA1DA8A70453B34AF6](https://www.virustotal.com/gui/search/authentihash%253A040B3BC339E9B6F9ACD828B88F3482A5C3F64E67E5A714BA1DA8A70453B34AF6) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/795fbec7-a5f6-4e5d-b2c3-c968bf758e26.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/79c58c75-492b-46fc-9788-59514261788a.md b/lolrmm.com/content/bootloaders/79c58c75-492b-46fc-9788-59514261788a.md
new file mode 100644
index 00000000..b2f9c273
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/79c58c75-492b-46fc-9788-59514261788a.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "79c58c75-492b-46fc-9788-59514261788a"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 79c58c75-492b-46fc-9788-59514261788a
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8">Black Lotus Microsoft Windows 8</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [E1A44BDE59714FE31A77476FCF73CFB784105333F05755D8F1C05EDE4056D4C6](https://www.virustotal.com/gui/file/E1A44BDE59714FE31A77476FCF73CFB784105333F05755D8F1C05EDE4056D4C6) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [E637002526221BC32E477455B12F864F20B27C44679A2E78E5C56DA1FFCE8B41](https://www.virustotal.com/gui/search/authentihash%253AE637002526221BC32E477455B12F864F20B27C44679A2E78E5C56DA1FFCE8B41) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/79c58c75-492b-46fc-9788-59514261788a.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/7a216607-3204-4536-9507-a3beccc529a8.md b/lolrmm.com/content/bootloaders/7a216607-3204-4536-9507-a3beccc529a8.md
new file mode 100644
index 00000000..a7b6babd
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/7a216607-3204-4536-9507-a3beccc529a8.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "7a216607-3204-4536-9507-a3beccc529a8"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 7a216607-3204-4536-9507-a3beccc529a8
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/87b6d22295a16073d8d456fc574441a8.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8">Black Lotus Microsoft Windows 8</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [87b6d22295a16073d8d456fc574441a8](https://www.virustotal.com/gui/file/87b6d22295a16073d8d456fc574441a8) |
+| SHA1               | [0c26596b3297d5e5a06f8d3788579edc7895a622](https://www.virustotal.com/gui/file/0c26596b3297d5e5a06f8d3788579edc7895a622) |
+| SHA256             | [783d088ce72996a064c0da796579475e0aef23c5e6e0e5905c98571bf8620e20](https://www.virustotal.com/gui/file/783d088ce72996a064c0da796579475e0aef23c5e6e0e5905c98571bf8620e20) |
+| Authentihash MD5   | [dd9b5d03a87f0e8ddba5df77f7a98999](https://www.virustotal.com/gui/search/authentihash%253Add9b5d03a87f0e8ddba5df77f7a98999) |
+| Authentihash SHA1  | [a18abd2b659c6d0eb756052a05e463f4c2eab7cd](https://www.virustotal.com/gui/search/authentihash%253Aa18abd2b659c6d0eb756052a05e463f4c2eab7cd) |
+| Authentihash SHA256| [8ede7732284dab4aa384606ca07be29e72fded094597261a2f6473494a8aca0a](https://www.virustotal.com/gui/search/authentihash%253A8ede7732284dab4aa384606ca07be29e72fded094597261a2f6473494a8aca0a) |
+| RichPEHeaderHash MD5   | [a387b0075e977009a7bb74d24fc388de](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Aa387b0075e977009a7bb74d24fc388de) |
+| RichPEHeaderHash SHA1  | [345e019b25904c911be9e3b6a9e2b0bb18652b04](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A345e019b25904c911be9e3b6a9e2b0bb18652b04) |
+| RichPEHeaderHash SHA256| [e04ed5674c66abbab401efb6e21e2481d4cbc485e5c8a6d34419bd7c8cc9fdad](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Ae04ed5674c66abbab401efb6e21e2481d4cbc485e5c8a6d34419bd7c8cc9fdad) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 610bbbd8000000000005
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 158438012e4dcd69b27b762c9358cfa2  |
+| ToBeSigned (TBS) SHA1             | 684ac167849404a4101f166b759f291a43d5f749 |
+| ToBeSigned (TBS) SHA256           | 95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2012-04-09 20:55:50 |
+| ValidTo                           | 2013-07-09 20:55:50 |
+| Signature                         | c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 610bbbd8000000000005 |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "610bbbd8000000000005",
+      "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "158438012e4dcd69b27b762c9358cfa2",
+        "SHA1": "684ac167849404a4101f166b759f291a43d5f749",
+        "SHA256": "95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c"
+      },
+      "ValidFrom": "2012-04-09 20:55:50",
+      "ValidTo": "2013-07-09 20:55:50",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "610bbbd8000000000005",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/7a216607-3204-4536-9507-a3beccc529a8.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/7ad06c0c-5595-41e6-8049-b051fa3e931b.md b/lolrmm.com/content/bootloaders/7ad06c0c-5595-41e6-8049-b051fa3e931b.md
new file mode 100644
index 00000000..c4144685
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/7ad06c0c-5595-41e6-8049-b051fa3e931b.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "7ad06c0c-5595-41e6-8049-b051fa3e931b"
+weight = 10
+displayTitle = "shimia32.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# shimia32.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Oracle America, Inc. and revoked Apr-21
+- **UUID**: 7ad06c0c-5595-41e6-8049-b051fa3e931b
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\shimia32.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372">CVE-2020-14372</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632">CVE-2020-25632</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647">CVE-2020-25647</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749">CVE-2020-27749</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779">CVE-2020-27779</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3418">CVE-2021-3418</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225">CVE-2021-20225</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233">CVE-2021-20233</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | shimia32.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [7B9D76B66E9E3503682EB5B6CCC8F70B8B5082F140252A7F6127AD9764D8F297](https://www.virustotal.com/gui/file/7B9D76B66E9E3503682EB5B6CCC8F70B8B5082F140252A7F6127AD9764D8F297) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [D472D0DCBA3F5DD61BE3931244717BF2230BABD30E9E2F6B2880BFCDC8FD6665](https://www.virustotal.com/gui/search/authentihash%253AD472D0DCBA3F5DD61BE3931244717BF2230BABD30E9E2F6B2880BFCDC8FD6665) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/7ad06c0c-5595-41e6-8049-b051fa3e931b.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/7b45ea3e-38d4-4bac-aac7-54806c6ffb28.md b/lolrmm.com/content/bootloaders/7b45ea3e-38d4-4bac-aac7-54806c6ffb28.md
new file mode 100644
index 00000000..9418e4ce
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/7b45ea3e-38d4-4bac-aac7-54806c6ffb28.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "7b45ea3e-38d4-4bac-aac7-54806c6ffb28"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 7b45ea3e-38d4-4bac-aac7-54806c6ffb28
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [3E5206C60B696D3B81696DF457D74881F0188ADFD75404A4C0AA627688975671](https://www.virustotal.com/gui/file/3E5206C60B696D3B81696DF457D74881F0188ADFD75404A4C0AA627688975671) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [3E1A6021B3C6066E94F7F06AD7B29E35B1BD9EE496827A290EFB9BE7A27C5D63](https://www.virustotal.com/gui/search/authentihash%253A3E1A6021B3C6066E94F7F06AD7B29E35B1BD9EE496827A290EFB9BE7A27C5D63) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/7b45ea3e-38d4-4bac-aac7-54806c6ffb28.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/7c5fa8fd-40fd-437f-a2cd-e21aaa43336f.md b/lolrmm.com/content/bootloaders/7c5fa8fd-40fd-437f-a2cd-e21aaa43336f.md
new file mode 100644
index 00000000..be7ed1b8
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/7c5fa8fd-40fd-437f-a2cd-e21aaa43336f.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "7c5fa8fd-40fd-437f-a2cd-e21aaa43336f"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 7c5fa8fd-40fd-437f-a2cd-e21aaa43336f
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [176693F4060E5330AE384BBB5470A0F3C936EC725DAABA81D5DB2B820141D282](https://www.virustotal.com/gui/file/176693F4060E5330AE384BBB5470A0F3C936EC725DAABA81D5DB2B820141D282) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [633F9806BC96A831CC2C8D521D71E9EBD02180DABA1A50978EF6B72E5034E9EF](https://www.virustotal.com/gui/search/authentihash%253A633F9806BC96A831CC2C8D521D71E9EBD02180DABA1A50978EF6B72E5034E9EF) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/7c5fa8fd-40fd-437f-a2cd-e21aaa43336f.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/7c6d9a9a-0ec1-43b7-8e1f-053fb98e9fbf.md b/lolrmm.com/content/bootloaders/7c6d9a9a-0ec1-43b7-8e1f-053fb98e9fbf.md
new file mode 100644
index 00000000..09dd137b
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/7c6d9a9a-0ec1-43b7-8e1f-053fb98e9fbf.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "7c6d9a9a-0ec1-43b7-8e1f-053fb98e9fbf"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 7c6d9a9a-0ec1-43b7-8e1f-053fb98e9fbf
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/a442859fd33fbf61ed0ea28bbf33bdbb.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [a442859fd33fbf61ed0ea28bbf33bdbb](https://www.virustotal.com/gui/file/a442859fd33fbf61ed0ea28bbf33bdbb) |
+| SHA1               | [a1aee57f1fd4a6768950f74dfb2e2a97853d4733](https://www.virustotal.com/gui/file/a1aee57f1fd4a6768950f74dfb2e2a97853d4733) |
+| SHA256             | [c9f47991e981394076050cb8b5cddfcbf9fb01b6d7272b9079082e20e4875cc8](https://www.virustotal.com/gui/file/c9f47991e981394076050cb8b5cddfcbf9fb01b6d7272b9079082e20e4875cc8) |
+| Authentihash MD5   | [9dc081d5f69234c2bbe8fbf881510703](https://www.virustotal.com/gui/search/authentihash%253A9dc081d5f69234c2bbe8fbf881510703) |
+| Authentihash SHA1  | [99c709c98c1d9548ab82b298f47782597c767601](https://www.virustotal.com/gui/search/authentihash%253A99c709c98c1d9548ab82b298f47782597c767601) |
+| Authentihash SHA256| [915009d1cf9d68b9e53064de82d4b70b58d2f014a03805cc406427d323d9fc35](https://www.virustotal.com/gui/search/authentihash%253A915009d1cf9d68b9e53064de82d4b70b58d2f014a03805cc406427d323d9fc35) |
+| RichPEHeaderHash MD5   | [aaf18af925d829095e017c505f1a0039](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Aaaf18af925d829095e017c505f1a0039) |
+| RichPEHeaderHash SHA1  | [c3d13f7d96127a3b16c7a8c0a3dd98fd9f22c3cf](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Ac3d13f7d96127a3b16c7a8c0a3dd98fd9f22c3cf) |
+| RichPEHeaderHash SHA256| [05367ecae4cf78cc575048fb931468b1d210df8c38ff8ca05481124b1a1a6917](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A05367ecae4cf78cc575048fb931468b1d210df8c38ff8ca05481124b1a1a6917) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000033c89c66a7b45bb1fbd00000000033c
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 46f57c3b860b08484cb79066ac1014ad  |
+| ToBeSigned (TBS) SHA1             | c1fe3ab97b834a98460e4ae92fe2468d16f61a92 |
+| ToBeSigned (TBS) SHA256           | d78e6b22fec42de5200f6c56731dd6742c79fa2bf7c01c8dc04d3d5738474c9b |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2021-09-02 18:23:41 |
+| ValidTo                           | 2022-09-01 18:23:41 |
+| Signature                         | 699045742c403812de1bdf9ea2be22132e82a7c006ab278e0c9f460bd435386348031a6b5cbdf450ae5a243331dcb2cc7eace8371cf71ec35a6f663147bd211ea357614e6a611eeacca6486a778d4cd788106ade12d6625574e7a89ecab4eb0bb99295c498dd5f565680a2d26bf2545e727c4204023c48d8021b608fd901c6fefd16ce0c3a669fb0ce758dc671f2cdd7434c163f9de9453e5523d94a78205c828a4615e50330d9f52a8a77f7683d2b61ff1324382d40d31001c518b56b286fbb8c754f6940590c2071385ed0a9387b529c06bf71fff89c74634550fc331b389d558696ace05787144e5af53d20a75a84981bf8380ddac3743f407d8ff27c089e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000033c89c66a7b45bb1fbd00000000033c |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c",
+      "Signature": "699045742c403812de1bdf9ea2be22132e82a7c006ab278e0c9f460bd435386348031a6b5cbdf450ae5a243331dcb2cc7eace8371cf71ec35a6f663147bd211ea357614e6a611eeacca6486a778d4cd788106ade12d6625574e7a89ecab4eb0bb99295c498dd5f565680a2d26bf2545e727c4204023c48d8021b608fd901c6fefd16ce0c3a669fb0ce758dc671f2cdd7434c163f9de9453e5523d94a78205c828a4615e50330d9f52a8a77f7683d2b61ff1324382d40d31001c518b56b286fbb8c754f6940590c2071385ed0a9387b529c06bf71fff89c74634550fc331b389d558696ace05787144e5af53d20a75a84981bf8380ddac3743f407d8ff27c089e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "46f57c3b860b08484cb79066ac1014ad",
+        "SHA1": "c1fe3ab97b834a98460e4ae92fe2468d16f61a92",
+        "SHA256": "d78e6b22fec42de5200f6c56731dd6742c79fa2bf7c01c8dc04d3d5738474c9b"
+      },
+      "ValidFrom": "2021-09-02 18:23:41",
+      "ValidTo": "2022-09-01 18:23:41",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/7c6d9a9a-0ec1-43b7-8e1f-053fb98e9fbf.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/7ca92d66-191e-469f-8320-a1f67a1eaa64.md b/lolrmm.com/content/bootloaders/7ca92d66-191e-469f-8320-a1f67a1eaa64.md
new file mode 100644
index 00000000..718cb1d9
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/7ca92d66-191e-469f-8320-a1f67a1eaa64.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "7ca92d66-191e-469f-8320-a1f67a1eaa64"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 7ca92d66-191e-469f-8320-a1f67a1eaa64
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8">Black Lotus Microsoft Windows 8</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [AB66D5C1C320900FC15984D7E1D44331411F2339DA9376F3E9BC2A4CB9B06014](https://www.virustotal.com/gui/file/AB66D5C1C320900FC15984D7E1D44331411F2339DA9376F3E9BC2A4CB9B06014) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [DB1E5C6152A28D3EB6B1AFEAAD4974F3654AC6FBBE769D870ABB74EDE632B9E5](https://www.virustotal.com/gui/search/authentihash%253ADB1E5C6152A28D3EB6B1AFEAAD4974F3654AC6FBBE769D870ABB74EDE632B9E5) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/7ca92d66-191e-469f-8320-a1f67a1eaa64.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/7cb68e8b-c07d-4b76-9af0-0936553f516c.md b/lolrmm.com/content/bootloaders/7cb68e8b-c07d-4b76-9af0-0936553f516c.md
new file mode 100644
index 00000000..81ca8983
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/7cb68e8b-c07d-4b76-9af0-0936553f516c.md
@@ -0,0 +1,241 @@
++++
+
+description = ""
+title = "7cb68e8b-c07d-4b76-9af0-0936553f516c"
+weight = 10
+displayTitle = "BOOTX64.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# BOOTX64.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Oracle Corporation and revoked Jul-20
+- **UUID**: 7cb68e8b-c07d-4b76-9af0-0936553f516c
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/92f1d7fd78d0353c62e5dc8e81f558e2.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\BOOTX64.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | BOOTX64.efi |
+| MD5                | [92f1d7fd78d0353c62e5dc8e81f558e2](https://www.virustotal.com/gui/file/92f1d7fd78d0353c62e5dc8e81f558e2) |
+| SHA1               | [a63dbf2c3b022c5d70c20e674ab8066a2b3290c7](https://www.virustotal.com/gui/file/a63dbf2c3b022c5d70c20e674ab8066a2b3290c7) |
+| SHA256             | [06edb9f17a9007c8b6db6ee2fc240e88e238f06c7c983f987cd9be1b80010d04](https://www.virustotal.com/gui/file/06edb9f17a9007c8b6db6ee2fc240e88e238f06c7c983f987cd9be1b80010d04) |
+| Authentihash MD5   | [e933dba3a6ab068b91601eb1828cec97](https://www.virustotal.com/gui/search/authentihash%253Ae933dba3a6ab068b91601eb1828cec97) |
+| Authentihash SHA1  | [4b496c6b76d4ddafb0e2b3c0fb27f47639005f98](https://www.virustotal.com/gui/search/authentihash%253A4b496c6b76d4ddafb0e2b3c0fb27f47639005f98) |
+| Authentihash SHA256| [2679650fe341f2cf1ea883460b3556aaaf77a70d6b8dc484c9301d1b746cf7b5](https://www.virustotal.com/gui/search/authentihash%253A2679650fe341f2cf1ea883460b3556aaaf77a70d6b8dc484c9301d1b746cf7b5) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000002b4b79b3694d12118700010000002b
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 8d8a1f204c9c80213bd427fa58b387e2  |
+| ToBeSigned (TBS) SHA1             | 8d78e1742b948f0c8298e560dd71fe1594020386 |
+| ToBeSigned (TBS) SHA256           | 1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher |
+| ValidFrom                         | 2018-07-03 20:53:01 |
+| ValidTo                           | 2019-07-26 20:53:01 |
+| Signature                         | 54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000002b4b79b3694d12118700010000002b |
+| Version                           | 3 |
+###### Certificate 6108d3c4000000000004
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 1f23e75a000f0b6db92650dc26ac98e1  |
+| ToBeSigned (TBS) SHA1             | bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d |
+| ToBeSigned (TBS) SHA256           | 9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011 |
+| ValidFrom                         | 2011-06-27 21:22:45 |
+| ValidTo                           | 2026-06-27 21:32:45 |
+| Signature                         | 350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 6108d3c4000000000004 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+      "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+      "TBS": {
+        "MD5": "8d8a1f204c9c80213bd427fa58b387e2",
+        "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386",
+        "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0"
+      },
+      "ValidFrom": "2018-07-03 20:53:01",
+      "ValidTo": "2019-07-26 20:53:01",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "6108d3c4000000000004",
+      "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "TBS": {
+        "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+        "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+        "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+      },
+      "ValidFrom": "2011-06-27 21:22:45",
+      "ValidTo": "2026-06-27 21:32:45",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/7cb68e8b-c07d-4b76-9af0-0936553f516c.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/7cd28475-a974-4b4b-becd-b57b605d2b9e.md b/lolrmm.com/content/bootloaders/7cd28475-a974-4b4b-becd-b57b605d2b9e.md
new file mode 100644
index 00000000..f2e678ce
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/7cd28475-a974-4b4b-becd-b57b605d2b9e.md
@@ -0,0 +1,241 @@
++++
+
+description = ""
+title = "7cd28475-a974-4b4b-becd-b57b605d2b9e"
+weight = 10
+displayTitle = "BOOTX64.EFI"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# BOOTX64.EFI ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Fedora Project and revoked Jul-20
+- **UUID**: 7cd28475-a974-4b4b-becd-b57b605d2b9e
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/aa8eae148f6ac90c370eb50c88b974e1.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\BOOTX64.EFI } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | BOOTX64.EFI |
+| MD5                | [aa8eae148f6ac90c370eb50c88b974e1](https://www.virustotal.com/gui/file/aa8eae148f6ac90c370eb50c88b974e1) |
+| SHA1               | [2f8b409981580582bfe5fd5e36f8d3e23c061966](https://www.virustotal.com/gui/file/2f8b409981580582bfe5fd5e36f8d3e23c061966) |
+| SHA256             | [a120f42de7b5bfcb55c40afc857b6baf4d1ac60725500c27a5b2942bda970ccf](https://www.virustotal.com/gui/file/a120f42de7b5bfcb55c40afc857b6baf4d1ac60725500c27a5b2942bda970ccf) |
+| Authentihash MD5   | [831541e64bf58f95339e2e1fbc08b9a8](https://www.virustotal.com/gui/search/authentihash%253A831541e64bf58f95339e2e1fbc08b9a8) |
+| Authentihash SHA1  | [78d90cb632f7b98b3c39ef79f5a8079654b27e5b](https://www.virustotal.com/gui/search/authentihash%253A78d90cb632f7b98b3c39ef79f5a8079654b27e5b) |
+| Authentihash SHA256| [f1b4f6513b0d544a688d13adc291efa8c59f420ca5dcb23e0b5a06fa7e0d083d](https://www.virustotal.com/gui/search/authentihash%253Af1b4f6513b0d544a688d13adc291efa8c59f420ca5dcb23e0b5a06fa7e0d083d) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000000a6642f3f49fb7379600010000000a
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | c52110f552e27ebb1e3fae114abafb3f  |
+| ToBeSigned (TBS) SHA1             | 4954e087123653ce38da4cdd31141b6a1bb999e4 |
+| ToBeSigned (TBS) SHA256           | 1cf7d28cfb21714522a9c91dda9d899ceadb0769f14b25e770799d88365aa54c |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher |
+| ValidFrom                         | 2013-09-24 17:54:03 |
+| ValidTo                           | 2014-12-24 17:54:03 |
+| Signature                         | 2a27d6bd2f34c68a9989ec856449fe4934ad5c0615ec5819664399053737a86be46c914b9478ce393534b759eec5eb6f015b706b853f1d2be51fe9807b178eaa9e0f9558d6a5d913c58c7492cbad106abb7395426801a42f363842e60bf72d046668865db5d8ce2c901c9673044d05abb74c171ac198c0f9376bb9185ec7523bb53e6d2c114642ffbfbe20efc6c2571c2006159cb70ff2c428e997f6ce83bf57ad9a47c47decce9830cf861a156471c62600a0260b44e29ea8e6e33c407c046f37be4a46dcaf38c018b24f969beb716d8e76cebc3d1d19134ed6f216cc2e357848b4998196ebd7326bca3e3ade1ba88e98612a569a46a1f45856f4e2dfa02a5d |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000000a6642f3f49fb7379600010000000a |
+| Version                           | 3 |
+###### Certificate 6108d3c4000000000004
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 1f23e75a000f0b6db92650dc26ac98e1  |
+| ToBeSigned (TBS) SHA1             | bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d |
+| ToBeSigned (TBS) SHA256           | 9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011 |
+| ValidFrom                         | 2011-06-27 21:22:45 |
+| ValidTo                           | 2026-06-27 21:32:45 |
+| Signature                         | 350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 6108d3c4000000000004 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000000a6642f3f49fb7379600010000000a",
+      "Signature": "2a27d6bd2f34c68a9989ec856449fe4934ad5c0615ec5819664399053737a86be46c914b9478ce393534b759eec5eb6f015b706b853f1d2be51fe9807b178eaa9e0f9558d6a5d913c58c7492cbad106abb7395426801a42f363842e60bf72d046668865db5d8ce2c901c9673044d05abb74c171ac198c0f9376bb9185ec7523bb53e6d2c114642ffbfbe20efc6c2571c2006159cb70ff2c428e997f6ce83bf57ad9a47c47decce9830cf861a156471c62600a0260b44e29ea8e6e33c407c046f37be4a46dcaf38c018b24f969beb716d8e76cebc3d1d19134ed6f216cc2e357848b4998196ebd7326bca3e3ade1ba88e98612a569a46a1f45856f4e2dfa02a5d",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+      "TBS": {
+        "MD5": "c52110f552e27ebb1e3fae114abafb3f",
+        "SHA1": "4954e087123653ce38da4cdd31141b6a1bb999e4",
+        "SHA256": "1cf7d28cfb21714522a9c91dda9d899ceadb0769f14b25e770799d88365aa54c"
+      },
+      "ValidFrom": "2013-09-24 17:54:03",
+      "ValidTo": "2014-12-24 17:54:03",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "6108d3c4000000000004",
+      "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "TBS": {
+        "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+        "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+        "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+      },
+      "ValidFrom": "2011-06-27 21:22:45",
+      "ValidTo": "2026-06-27 21:32:45",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "SerialNumber": "330000000a6642f3f49fb7379600010000000a",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/7cd28475-a974-4b4b-becd-b57b605d2b9e.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/7cefffba-3701-43ff-96a7-7a66f008805e.md b/lolrmm.com/content/bootloaders/7cefffba-3701-43ff-96a7-7a66f008805e.md
new file mode 100644
index 00000000..0eb34f53
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/7cefffba-3701-43ff-96a7-7a66f008805e.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "7cefffba-3701-43ff-96a7-7a66f008805e"
+weight = 10
+displayTitle = "bootia32.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootia32.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 7cefffba-3701-43ff-96a7-7a66f008805e
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootia32.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootia32.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [C443B4E3083BDBF2296A5E0986022520535C01ECC6CA3E0F0F83F3B683672368](https://www.virustotal.com/gui/file/C443B4E3083BDBF2296A5E0986022520535C01ECC6CA3E0F0F83F3B683672368) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [50F93402B66127D87B947067E9689DF5B2B36B253833FFE1E6CECA685FAE2D85](https://www.virustotal.com/gui/search/authentihash%253A50F93402B66127D87B947067E9689DF5B2B36B253833FFE1E6CECA685FAE2D85) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/7cefffba-3701-43ff-96a7-7a66f008805e.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/7e14af6f-c8b8-4c15-a2ef-bc0a2b39e085.md b/lolrmm.com/content/bootloaders/7e14af6f-c8b8-4c15-a2ef-bc0a2b39e085.md
new file mode 100644
index 00000000..ff12bb89
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/7e14af6f-c8b8-4c15-a2ef-bc0a2b39e085.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "7e14af6f-c8b8-4c15-a2ef-bc0a2b39e085"
+weight = 10
+displayTitle = "7e14af6f-c8b8-4c15-a2ef-bc0a2b39e085"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 7e14af6f-c8b8-4c15-a2ef-bc0a2b39e085 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Unknown and revoked Jul-20
+- **UUID**: 7e14af6f-c8b8-4c15-a2ef-bc0a2b39e085
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [88B530624B67FAA0C0C1039618958F4DE983A997A6FF762BCCA82B8201194F28](https://www.virustotal.com/gui/file/88B530624B67FAA0C0C1039618958F4DE983A997A6FF762BCCA82B8201194F28) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [6DBBEAD23E8C860CF8B47F74FBFCA5204DE3E28B881313BB1D1ECCDC4747934E](https://www.virustotal.com/gui/search/authentihash%253A6DBBEAD23E8C860CF8B47F74FBFCA5204DE3E28B881313BB1D1ECCDC4747934E) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/7e14af6f-c8b8-4c15-a2ef-bc0a2b39e085.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/7e81b1d7-7526-4958-98cf-688b36cf8ea0.md b/lolrmm.com/content/bootloaders/7e81b1d7-7526-4958-98cf-688b36cf8ea0.md
new file mode 100644
index 00000000..5bc59ce6
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/7e81b1d7-7526-4958-98cf-688b36cf8ea0.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "7e81b1d7-7526-4958-98cf-688b36cf8ea0"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 7e81b1d7-7526-4958-98cf-688b36cf8ea0
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [FE4B7349F21EE077096B6986693C3F250758C5DDF96C14AF4BBFD96EE74A70A0](https://www.virustotal.com/gui/file/FE4B7349F21EE077096B6986693C3F250758C5DDF96C14AF4BBFD96EE74A70A0) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [3A9E49E6E644C0ABEC17D32D020339D171439ABA327409A7797E6686BD0F641C](https://www.virustotal.com/gui/search/authentihash%253A3A9E49E6E644C0ABEC17D32D020339D171439ABA327409A7797E6686BD0F641C) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/7e81b1d7-7526-4958-98cf-688b36cf8ea0.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/8041563b-fe86-4183-9409-a479ef4f9b46.md b/lolrmm.com/content/bootloaders/8041563b-fe86-4183-9409-a479ef4f9b46.md
new file mode 100644
index 00000000..6348e7fd
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/8041563b-fe86-4183-9409-a479ef4f9b46.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "8041563b-fe86-4183-9409-a479ef4f9b46"
+weight = 10
+displayTitle = "cent-8.3-20200730-shimia32.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# cent-8.3-20200730-shimia32.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Red Hat, Inc. and revoked Apr-21
+- **UUID**: 8041563b-fe86-4183-9409-a479ef4f9b46
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\cent-8.3-20200730-shimia32.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372">CVE-2020-14372</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632">CVE-2020-25632</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647">CVE-2020-25647</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749">CVE-2020-27749</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779">CVE-2020-27779</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3418">CVE-2021-3418</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225">CVE-2021-20225</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233">CVE-2021-20233</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | cent-8.3-20200730-shimia32.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [5E9D231F7BC2F98E9CBFBE65DA29F7B663A1E84FEE090250BD0976D65DB3FC0A](https://www.virustotal.com/gui/file/5E9D231F7BC2F98E9CBFBE65DA29F7B663A1E84FEE090250BD0976D65DB3FC0A) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [F5D396FC5AD8B7EAC22652129D56449DC30B6965CE3E41F5D76590E3B1ECFE62](https://www.virustotal.com/gui/search/authentihash%253AF5D396FC5AD8B7EAC22652129D56449DC30B6965CE3E41F5D76590E3B1ECFE62) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/8041563b-fe86-4183-9409-a479ef4f9b46.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/81ea3a10-a003-4839-ae9f-52cb700d38d4.md b/lolrmm.com/content/bootloaders/81ea3a10-a003-4839-ae9f-52cb700d38d4.md
new file mode 100644
index 00000000..539e94a4
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/81ea3a10-a003-4839-ae9f-52cb700d38d4.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "81ea3a10-a003-4839-ae9f-52cb700d38d4"
+weight = 10
+displayTitle = "shim-0.9+1465500757.14a5905-0ubuntu1/shim64-bit.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# shim-0.9+1465500757.14a5905-0ubuntu1/shim64-bit.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Canonical Ltd and revoked Apr-21
+- **UUID**: 81ea3a10-a003-4839-ae9f-52cb700d38d4
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\shim-0.9+1465500757.14a5905-0ubuntu1/shim64-bit.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372">CVE-2020-14372</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632">CVE-2020-25632</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647">CVE-2020-25647</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749">CVE-2020-27749</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779">CVE-2020-27779</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3418">CVE-2021-3418</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225">CVE-2021-20225</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233">CVE-2021-20233</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | shim-0.9+1465500757.14a5905-0ubuntu1/shim64-bit.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [889337B0F67FFBDDD260CEE774DFA332DBB4EAE7D11333B2DDBAD7CA7FA773A2](https://www.virustotal.com/gui/file/889337B0F67FFBDDD260CEE774DFA332DBB4EAE7D11333B2DDBAD7CA7FA773A2) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [FABC379DF395E6F52472B44FA5082F9F0E0DA480F05198C66814B7055B03F446](https://www.virustotal.com/gui/search/authentihash%253AFABC379DF395E6F52472B44FA5082F9F0E0DA480F05198C66814B7055B03F446) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/81ea3a10-a003-4839-ae9f-52cb700d38d4.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/81f3828a-1a59-4fc2-a34e-d1f297f0f719.md b/lolrmm.com/content/bootloaders/81f3828a-1a59-4fc2-a34e-d1f297f0f719.md
new file mode 100644
index 00000000..5c010a26
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/81f3828a-1a59-4fc2-a34e-d1f297f0f719.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "81f3828a-1a59-4fc2-a34e-d1f297f0f719"
+weight = 10
+displayTitle = "bootia32.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootia32.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 81f3828a-1a59-4fc2-a34e-d1f297f0f719
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootia32.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootia32.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [CF960A60921EF186A0A511BECC06B264407111D2AE6875C93496121887318EDE](https://www.virustotal.com/gui/file/CF960A60921EF186A0A511BECC06B264407111D2AE6875C93496121887318EDE) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [32D4BA3A03D1F2B6BC80D011C0FA107747B7B573FE96AAFFF21735ECF562D337](https://www.virustotal.com/gui/search/authentihash%253A32D4BA3A03D1F2B6BC80D011C0FA107747B7B573FE96AAFFF21735ECF562D337) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/81f3828a-1a59-4fc2-a34e-d1f297f0f719.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/82bfbd61-4cd5-490f-853a-3486090e0d3e.md b/lolrmm.com/content/bootloaders/82bfbd61-4cd5-490f-853a-3486090e0d3e.md
new file mode 100644
index 00000000..a1b1294e
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/82bfbd61-4cd5-490f-853a-3486090e0d3e.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "82bfbd61-4cd5-490f-853a-3486090e0d3e"
+weight = 10
+displayTitle = "miniloader.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# miniloader.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by CPSD and revoked Aug-22
+- **UUID**: 82bfbd61-4cd5-490f-853a-3486090e0d3e
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\miniloader.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34303">CVE-2022-34303</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | miniloader.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [61F2D843B99AC93FA2ED40A50E5C3F0EAD7C75894BB92C32DF33052804CFB77C](https://www.virustotal.com/gui/file/61F2D843B99AC93FA2ED40A50E5C3F0EAD7C75894BB92C32DF33052804CFB77C) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [90AEC5C4995674A849C1D1384463F3B02B5AA625A5C320FC4FE7D9BB58A62398](https://www.virustotal.com/gui/search/authentihash%253A90AEC5C4995674A849C1D1384463F3B02B5AA625A5C320FC4FE7D9BB58A62398) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/82bfbd61-4cd5-490f-853a-3486090e0d3e.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/837d8bdc-6458-4eba-87cf-c82a32d1eca6.md b/lolrmm.com/content/bootloaders/837d8bdc-6458-4eba-87cf-c82a32d1eca6.md
new file mode 100644
index 00000000..f6accb6e
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/837d8bdc-6458-4eba-87cf-c82a32d1eca6.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "837d8bdc-6458-4eba-87cf-c82a32d1eca6"
+weight = 10
+displayTitle = "bootx64.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootx64.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 837d8bdc-6458-4eba-87cf-c82a32d1eca6
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootx64.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootx64.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [106E99968A816752C4A0F5DF6AEACC0400C688DE35832798029040CDB41E1F09](https://www.virustotal.com/gui/file/106E99968A816752C4A0F5DF6AEACC0400C688DE35832798029040CDB41E1F09) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [F254087746FDB5D9D9EAE6DF458485752BEB0FCF295C36D273511B45F7480287](https://www.virustotal.com/gui/search/authentihash%253AF254087746FDB5D9D9EAE6DF458485752BEB0FCF295C36D273511B45F7480287) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/837d8bdc-6458-4eba-87cf-c82a32d1eca6.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/841c43d9-b7a0-40a7-ae7c-fc1affb759af.md b/lolrmm.com/content/bootloaders/841c43d9-b7a0-40a7-ae7c-fc1affb759af.md
new file mode 100644
index 00000000..5887aa14
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/841c43d9-b7a0-40a7-ae7c-fc1affb759af.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "841c43d9-b7a0-40a7-ae7c-fc1affb759af"
+weight = 10
+displayTitle = "841c43d9-b7a0-40a7-ae7c-fc1affb759af"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 841c43d9-b7a0-40a7-ae7c-fc1affb759af ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by SUSE Linux and revoked Jul-20
+- **UUID**: 841c43d9-b7a0-40a7-ae7c-fc1affb759af
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [439983268FC8238CB2DC187B033904DBD682929852D846FB69A22DDA1561A422](https://www.virustotal.com/gui/file/439983268FC8238CB2DC187B033904DBD682929852D846FB69A22DDA1561A422) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [57E6913AFACC5222BD76CDAF31F8ED88895464255374EF097A82D7F59AD39596](https://www.virustotal.com/gui/search/authentihash%253A57E6913AFACC5222BD76CDAF31F8ED88895464255374EF097A82D7F59AD39596) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/841c43d9-b7a0-40a7-ae7c-fc1affb759af.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/84dbe789-ccc2-4988-a6f0-b4c74b74e133.md b/lolrmm.com/content/bootloaders/84dbe789-ccc2-4988-a6f0-b4c74b74e133.md
new file mode 100644
index 00000000..e7f5a8d7
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/84dbe789-ccc2-4988-a6f0-b4c74b74e133.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "84dbe789-ccc2-4988-a6f0-b4c74b74e133"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 84dbe789-ccc2-4988-a6f0-b4c74b74e133
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/86f6426a9b47dc73eb8c8bafbb46799f.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [86f6426a9b47dc73eb8c8bafbb46799f](https://www.virustotal.com/gui/file/86f6426a9b47dc73eb8c8bafbb46799f) |
+| SHA1               | [c730aa1c864f3b802de8d123b5b883dc9b2ce81b](https://www.virustotal.com/gui/file/c730aa1c864f3b802de8d123b5b883dc9b2ce81b) |
+| SHA256             | [00550ccee4edfefd7b7fb54864d0aa5df059885e9e79ff80d4fb134b4487c05d](https://www.virustotal.com/gui/file/00550ccee4edfefd7b7fb54864d0aa5df059885e9e79ff80d4fb134b4487c05d) |
+| Authentihash MD5   | [f0056ccaf2bb46ff7e936a2e371f94b7](https://www.virustotal.com/gui/search/authentihash%253Af0056ccaf2bb46ff7e936a2e371f94b7) |
+| Authentihash SHA1  | [56b864169cb1f986f5103c248d6e83caab52154c](https://www.virustotal.com/gui/search/authentihash%253A56b864169cb1f986f5103c248d6e83caab52154c) |
+| Authentihash SHA256| [065d94b9ea00397a2addb747e1e0978e4de6bf175339778fb9b0760fec3d3b61](https://www.virustotal.com/gui/search/authentihash%253A065d94b9ea00397a2addb747e1e0978e4de6bf175339778fb9b0760fec3d3b61) |
+| RichPEHeaderHash MD5   | [f946cf9d5023059fc9f2140cd5b159d7](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Af946cf9d5023059fc9f2140cd5b159d7) |
+| RichPEHeaderHash SHA1  | [13ecec12054fd579ab92638fb336a8a17c1264db](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A13ecec12054fd579ab92638fb336a8a17c1264db) |
+| RichPEHeaderHash SHA256| [f699df0555e9fe0fb7019c00aa9f4c2da8abeacc45ef7f11dd65541052afb896](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Af699df0555e9fe0fb7019c00aa9f4c2da8abeacc45ef7f11dd65541052afb896) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000002418fc0b689e7399d0000000000024
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 28b23b39f3bbd936a26a5b86451be0ac  |
+| ToBeSigned (TBS) SHA1             | 3b16f29295d5a7c323beb479c71d3d20c6b8acc2 |
+| ToBeSigned (TBS) SHA256           | 4383c9a796dc607ddaae1849d8e5d2e7ea211aad2c599fe1e251285ec87dd150 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2013-06-17 21:43:38 |
+| ValidTo                           | 2014-09-17 21:43:38 |
+| Signature                         | 78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000002418fc0b689e7399d0000000000024 |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+      "Signature": "78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "28b23b39f3bbd936a26a5b86451be0ac",
+        "SHA1": "3b16f29295d5a7c323beb479c71d3d20c6b8acc2",
+        "SHA256": "4383c9a796dc607ddaae1849d8e5d2e7ea211aad2c599fe1e251285ec87dd150"
+      },
+      "ValidFrom": "2013-06-17 21:43:38",
+      "ValidTo": "2014-09-17 21:43:38",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/84dbe789-ccc2-4988-a6f0-b4c74b74e133.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/84fbccc2-01e7-4a24-adbd-a1d3ca0acc50.md b/lolrmm.com/content/bootloaders/84fbccc2-01e7-4a24-adbd-a1d3ca0acc50.md
new file mode 100644
index 00000000..96f832f2
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/84fbccc2-01e7-4a24-adbd-a1d3ca0acc50.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "84fbccc2-01e7-4a24-adbd-a1d3ca0acc50"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 84fbccc2-01e7-4a24-adbd-a1d3ca0acc50
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [574695D73FF3813C780728858B4A6D2CE6D24B41308B23281E438B66A60E4424](https://www.virustotal.com/gui/file/574695D73FF3813C780728858B4A6D2CE6D24B41308B23281E438B66A60E4424) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [35C16AA2BB4DADF5028F4801185CD368B922C6CF7651CB7FEF30DFB95920FB99](https://www.virustotal.com/gui/search/authentihash%253A35C16AA2BB4DADF5028F4801185CD368B922C6CF7651CB7FEF30DFB95920FB99) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/84fbccc2-01e7-4a24-adbd-a1d3ca0acc50.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/854018eb-0eb9-4c45-8c0c-edb859445cb9.md b/lolrmm.com/content/bootloaders/854018eb-0eb9-4c45-8c0c-edb859445cb9.md
new file mode 100644
index 00000000..7ba56e19
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/854018eb-0eb9-4c45-8c0c-edb859445cb9.md
@@ -0,0 +1,241 @@
++++
+
+description = ""
+title = "854018eb-0eb9-4c45-8c0c-edb859445cb9"
+weight = 10
+displayTitle = "BOOTIA32.EFI"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# BOOTIA32.EFI ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Fedora Project and revoked Jul-20
+- **UUID**: 854018eb-0eb9-4c45-8c0c-edb859445cb9
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/87e606dee08705c7ac75737a83a6e063.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\BOOTIA32.EFI } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | BOOTIA32.EFI |
+| MD5                | [87e606dee08705c7ac75737a83a6e063](https://www.virustotal.com/gui/file/87e606dee08705c7ac75737a83a6e063) |
+| SHA1               | [56ebc1fe5d75203a8fd8669eb86d80cda4c13d91](https://www.virustotal.com/gui/file/56ebc1fe5d75203a8fd8669eb86d80cda4c13d91) |
+| SHA256             | [6a6f1c13eefcba07c0fc8aa0b70ab6fe2bc709a9eaf83090b735fec8e0dd576b](https://www.virustotal.com/gui/file/6a6f1c13eefcba07c0fc8aa0b70ab6fe2bc709a9eaf83090b735fec8e0dd576b) |
+| Authentihash MD5   | [be4303f658c8f9c5541a6bdac9dc2c2d](https://www.virustotal.com/gui/search/authentihash%253Abe4303f658c8f9c5541a6bdac9dc2c2d) |
+| Authentihash SHA1  | [faa088677fbfb6eb7266526835f878855ee767d6](https://www.virustotal.com/gui/search/authentihash%253Afaa088677fbfb6eb7266526835f878855ee767d6) |
+| Authentihash SHA256| [cf3f7c24af6d46e133bb6a936902a47413394b2a8addc63a8890c75eb7c3a6c7](https://www.virustotal.com/gui/search/authentihash%253Acf3f7c24af6d46e133bb6a936902a47413394b2a8addc63a8890c75eb7c3a6c7) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000002530b3d3726ee3f72f000100000025
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | a5052527524f4998a7bd87f396196fe8  |
+| ToBeSigned (TBS) SHA1             | 2374a3e4f0499d106f0e4d71a22f7b0e709847c0 |
+| ToBeSigned (TBS) SHA256           | f5b4992e0bd1b102ae9d5aeec4bd213f5dd042bd27b9a345ad336d2dda10a138 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher |
+| ValidFrom                         | 2017-08-11 20:20:00 |
+| ValidTo                           | 2018-08-11 20:20:00 |
+| Signature                         | 6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000002530b3d3726ee3f72f000100000025 |
+| Version                           | 3 |
+###### Certificate 6108d3c4000000000004
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 1f23e75a000f0b6db92650dc26ac98e1  |
+| ToBeSigned (TBS) SHA1             | bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d |
+| ToBeSigned (TBS) SHA256           | 9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011 |
+| ValidFrom                         | 2011-06-27 21:22:45 |
+| ValidTo                           | 2026-06-27 21:32:45 |
+| Signature                         | 350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 6108d3c4000000000004 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+      "Signature": "6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+      "TBS": {
+        "MD5": "a5052527524f4998a7bd87f396196fe8",
+        "SHA1": "2374a3e4f0499d106f0e4d71a22f7b0e709847c0",
+        "SHA256": "f5b4992e0bd1b102ae9d5aeec4bd213f5dd042bd27b9a345ad336d2dda10a138"
+      },
+      "ValidFrom": "2017-08-11 20:20:00",
+      "ValidTo": "2018-08-11 20:20:00",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "6108d3c4000000000004",
+      "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "TBS": {
+        "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+        "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+        "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+      },
+      "ValidFrom": "2011-06-27 21:22:45",
+      "ValidTo": "2026-06-27 21:32:45",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/854018eb-0eb9-4c45-8c0c-edb859445cb9.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/85443af0-4180-4b3e-978c-e3d8c8d35422.md b/lolrmm.com/content/bootloaders/85443af0-4180-4b3e-978c-e3d8c8d35422.md
new file mode 100644
index 00000000..f636afdf
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/85443af0-4180-4b3e-978c-e3d8c8d35422.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "85443af0-4180-4b3e-978c-e3d8c8d35422"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 85443af0-4180-4b3e-978c-e3d8c8d35422
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/bf4168403960a0df177f58277f06250c.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [bf4168403960a0df177f58277f06250c](https://www.virustotal.com/gui/file/bf4168403960a0df177f58277f06250c) |
+| SHA1               | [6a3777265403ea83fb91ab07988464303e66b172](https://www.virustotal.com/gui/file/6a3777265403ea83fb91ab07988464303e66b172) |
+| SHA256             | [669353cc31e65f896a755db94a045d9dc1b4a24baba14fce11d623bdfacec78c](https://www.virustotal.com/gui/file/669353cc31e65f896a755db94a045d9dc1b4a24baba14fce11d623bdfacec78c) |
+| Authentihash MD5   | [bc8921a85faf4205abd65c8b0263e795](https://www.virustotal.com/gui/search/authentihash%253Abc8921a85faf4205abd65c8b0263e795) |
+| Authentihash SHA1  | [b820221890353f2d702024c23c19cbf17ed25f20](https://www.virustotal.com/gui/search/authentihash%253Ab820221890353f2d702024c23c19cbf17ed25f20) |
+| Authentihash SHA256| [5e67bf240b1d05f6f618908868a494c50a30ab255b06619fa28411eb260f674a](https://www.virustotal.com/gui/search/authentihash%253A5e67bf240b1d05f6f618908868a494c50a30ab255b06619fa28411eb260f674a) |
+| RichPEHeaderHash MD5   | [7c1182353e1a18467ac8596eb17c533e](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A7c1182353e1a18467ac8596eb17c533e) |
+| RichPEHeaderHash SHA1  | [3dbd444a114f18bb9cfb639f095ee5a0915ba297](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3dbd444a114f18bb9cfb639f095ee5a0915ba297) |
+| RichPEHeaderHash SHA256| [3556b638af47e65fa07578b156ff85afa0145f715fc594c65a97aab98841c601](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3556b638af47e65fa07578b156ff85afa0145f715fc594c65a97aab98841c601) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000002418fc0b689e7399d0000000000024
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 28b23b39f3bbd936a26a5b86451be0ac  |
+| ToBeSigned (TBS) SHA1             | 3b16f29295d5a7c323beb479c71d3d20c6b8acc2 |
+| ToBeSigned (TBS) SHA256           | 4383c9a796dc607ddaae1849d8e5d2e7ea211aad2c599fe1e251285ec87dd150 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2013-06-17 21:43:38 |
+| ValidTo                           | 2014-09-17 21:43:38 |
+| Signature                         | 78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000002418fc0b689e7399d0000000000024 |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+      "Signature": "78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "28b23b39f3bbd936a26a5b86451be0ac",
+        "SHA1": "3b16f29295d5a7c323beb479c71d3d20c6b8acc2",
+        "SHA256": "4383c9a796dc607ddaae1849d8e5d2e7ea211aad2c599fe1e251285ec87dd150"
+      },
+      "ValidFrom": "2013-06-17 21:43:38",
+      "ValidTo": "2014-09-17 21:43:38",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/85443af0-4180-4b3e-978c-e3d8c8d35422.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/85ef0c80-cca4-48f1-8ace-0ab2fda03b79.md b/lolrmm.com/content/bootloaders/85ef0c80-cca4-48f1-8ace-0ab2fda03b79.md
new file mode 100644
index 00000000..8eca9932
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/85ef0c80-cca4-48f1-8ace-0ab2fda03b79.md
@@ -0,0 +1,234 @@
++++
+
+description = ""
+title = "85ef0c80-cca4-48f1-8ace-0ab2fda03b79"
+weight = 10
+displayTitle = "shdloader.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# shdloader.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by New Horizon Datasys Inc and revoked Aug-22
+- **UUID**: 85ef0c80-cca4-48f1-8ace-0ab2fda03b79
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/1c9670b5add3e4d6aa442a53427f422a.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\shdloader.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34302">CVE-2022-34302</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | shdloader.efi |
+| MD5                | [1c9670b5add3e4d6aa442a53427f422a](https://www.virustotal.com/gui/file/1c9670b5add3e4d6aa442a53427f422a) |
+| SHA1               | [11ddf040e749c8362e91c58fd17cb9c7aea4be91](https://www.virustotal.com/gui/file/11ddf040e749c8362e91c58fd17cb9c7aea4be91) |
+| SHA256             | [c3d65e174d47d3772cb431ea599bba76b8670bfaa51081895796432e2ef6461f](https://www.virustotal.com/gui/file/c3d65e174d47d3772cb431ea599bba76b8670bfaa51081895796432e2ef6461f) |
+| Authentihash MD5   | [431612322a95c76c8bbfb190f00aa9cc](https://www.virustotal.com/gui/search/authentihash%253A431612322a95c76c8bbfb190f00aa9cc) |
+| Authentihash SHA1  | [e0b9eb89abfb711dc3600589fcdceafb74ecaaed](https://www.virustotal.com/gui/search/authentihash%253Ae0b9eb89abfb711dc3600589fcdceafb74ecaaed) |
+| Authentihash SHA256| [c55be4a2a6ac574a9d46f1e1c54cac29d29dcd7b9040389e7157bb32c4591c4c](https://www.virustotal.com/gui/search/authentihash%253Ac55be4a2a6ac574a9d46f1e1c54cac29d29dcd7b9040389e7157bb32c4591c4c) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 33000000081eb17e9c15fc837a000100000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | c5e24205d04c09c94d81b6935af7ec09  |
+| ToBeSigned (TBS) SHA1             | 12622dccb5b07edfd65cae6fc018e24b80ff2c82 |
+| ToBeSigned (TBS) SHA256           | d6afbff1c283d7777501bd3b2adb4aadb8ce32649ee401dfbb06f884362f7507 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher |
+| ValidFrom                         | 2012-07-02 22:25:14 |
+| ValidTo                           | 2013-10-02 22:25:14 |
+| Signature                         | 840831439e4e63e88d00e1b0c0678d70bb89f466e9027ab28177926d5def8175b3240e729f943f1e6bd94a0f27c92e696a5001c0747f6bf7574c09e8485a5eb6d7024244ddd73236c28e9dfad58ec5098b74516234232552d9230c1d0ddae73108b0a0144bd9e9265dac56ebdcce7512cf3627a6858d41876ede19d35e0e27957a6896aae9ea150098327450fe7c72385aac6feff0616b3d066cd0be7e5a537bb18488c67db9f0731c30ac7918fe977b4250ffbfbeea81e1ba3b8a0305b9374f0d22453781cc5823b5faad5e50e84306381f83382fe0ed8b176a9c9ff1868cc6543e7f12b1f112adc62430fd1ba530d877a290f0d2e09eacce07ed37ec439c25 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 33000000081eb17e9c15fc837a000100000008 |
+| Version                           | 3 |
+###### Certificate 6108d3c4000000000004
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 1f23e75a000f0b6db92650dc26ac98e1  |
+| ToBeSigned (TBS) SHA1             | bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d |
+| ToBeSigned (TBS) SHA256           | 9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011 |
+| ValidFrom                         | 2011-06-27 21:22:45 |
+| ValidTo                           | 2026-06-27 21:32:45 |
+| Signature                         | 350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 6108d3c4000000000004 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "33000000081eb17e9c15fc837a000100000008",
+      "Signature": "840831439e4e63e88d00e1b0c0678d70bb89f466e9027ab28177926d5def8175b3240e729f943f1e6bd94a0f27c92e696a5001c0747f6bf7574c09e8485a5eb6d7024244ddd73236c28e9dfad58ec5098b74516234232552d9230c1d0ddae73108b0a0144bd9e9265dac56ebdcce7512cf3627a6858d41876ede19d35e0e27957a6896aae9ea150098327450fe7c72385aac6feff0616b3d066cd0be7e5a537bb18488c67db9f0731c30ac7918fe977b4250ffbfbeea81e1ba3b8a0305b9374f0d22453781cc5823b5faad5e50e84306381f83382fe0ed8b176a9c9ff1868cc6543e7f12b1f112adc62430fd1ba530d877a290f0d2e09eacce07ed37ec439c25",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+      "TBS": {
+        "MD5": "c5e24205d04c09c94d81b6935af7ec09",
+        "SHA1": "12622dccb5b07edfd65cae6fc018e24b80ff2c82",
+        "SHA256": "d6afbff1c283d7777501bd3b2adb4aadb8ce32649ee401dfbb06f884362f7507"
+      },
+      "ValidFrom": "2012-07-02 22:25:14",
+      "ValidTo": "2013-10-02 22:25:14",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "6108d3c4000000000004",
+      "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "TBS": {
+        "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+        "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+        "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+      },
+      "ValidFrom": "2011-06-27 21:22:45",
+      "ValidTo": "2026-06-27 21:32:45",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "SerialNumber": "33000000081eb17e9c15fc837a000100000008",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/85ef0c80-cca4-48f1-8ace-0ab2fda03b79.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/865cadf5-d63e-438b-a8e9-44591fb69d2a.md b/lolrmm.com/content/bootloaders/865cadf5-d63e-438b-a8e9-44591fb69d2a.md
new file mode 100644
index 00000000..5928f4ed
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/865cadf5-d63e-438b-a8e9-44591fb69d2a.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "865cadf5-d63e-438b-a8e9-44591fb69d2a"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 865cadf5-d63e-438b-a8e9-44591fb69d2a
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/f512804db694f319cf51306dd2c2c618.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [f512804db694f319cf51306dd2c2c618](https://www.virustotal.com/gui/file/f512804db694f319cf51306dd2c2c618) |
+| SHA1               | [d1bfb94ce4288f7f4e3f27ef22618991485e06ec](https://www.virustotal.com/gui/file/d1bfb94ce4288f7f4e3f27ef22618991485e06ec) |
+| SHA256             | [3f28c4f2fb32c10e5faed1debf7db6ae8c821bf286ffdb57a5b31fce0730e111](https://www.virustotal.com/gui/file/3f28c4f2fb32c10e5faed1debf7db6ae8c821bf286ffdb57a5b31fce0730e111) |
+| Authentihash MD5   | [3c5fa521303c8b5564f3c2ce44596d69](https://www.virustotal.com/gui/search/authentihash%253A3c5fa521303c8b5564f3c2ce44596d69) |
+| Authentihash SHA1  | [599dbc2acbec93f50c653471403aab7be0b978d1](https://www.virustotal.com/gui/search/authentihash%253A599dbc2acbec93f50c653471403aab7be0b978d1) |
+| Authentihash SHA256| [736afb5df29ec9c88532be9c620ef80901bf23e72f2d3488b757aff17e734ace](https://www.virustotal.com/gui/search/authentihash%253A736afb5df29ec9c88532be9c620ef80901bf23e72f2d3488b757aff17e734ace) |
+| RichPEHeaderHash MD5   | [7c1182353e1a18467ac8596eb17c533e](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A7c1182353e1a18467ac8596eb17c533e) |
+| RichPEHeaderHash SHA1  | [3dbd444a114f18bb9cfb639f095ee5a0915ba297](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3dbd444a114f18bb9cfb639f095ee5a0915ba297) |
+| RichPEHeaderHash SHA256| [3556b638af47e65fa07578b156ff85afa0145f715fc594c65a97aab98841c601](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3556b638af47e65fa07578b156ff85afa0145f715fc594c65a97aab98841c601) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000002418fc0b689e7399d0000000000024
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 28b23b39f3bbd936a26a5b86451be0ac  |
+| ToBeSigned (TBS) SHA1             | 3b16f29295d5a7c323beb479c71d3d20c6b8acc2 |
+| ToBeSigned (TBS) SHA256           | 4383c9a796dc607ddaae1849d8e5d2e7ea211aad2c599fe1e251285ec87dd150 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2013-06-17 21:43:38 |
+| ValidTo                           | 2014-09-17 21:43:38 |
+| Signature                         | 78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000002418fc0b689e7399d0000000000024 |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+      "Signature": "78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "28b23b39f3bbd936a26a5b86451be0ac",
+        "SHA1": "3b16f29295d5a7c323beb479c71d3d20c6b8acc2",
+        "SHA256": "4383c9a796dc607ddaae1849d8e5d2e7ea211aad2c599fe1e251285ec87dd150"
+      },
+      "ValidFrom": "2013-06-17 21:43:38",
+      "ValidTo": "2014-09-17 21:43:38",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/865cadf5-d63e-438b-a8e9-44591fb69d2a.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/87813fcd-6a01-4452-b54c-0dc24402bbfe.md b/lolrmm.com/content/bootloaders/87813fcd-6a01-4452-b54c-0dc24402bbfe.md
new file mode 100644
index 00000000..b11313ba
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/87813fcd-6a01-4452-b54c-0dc24402bbfe.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "87813fcd-6a01-4452-b54c-0dc24402bbfe"
+weight = 10
+displayTitle = "87813fcd-6a01-4452-b54c-0dc24402bbfe"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 87813fcd-6a01-4452-b54c-0dc24402bbfe ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by EgoSecure and revoked Jul-20
+- **UUID**: 87813fcd-6a01-4452-b54c-0dc24402bbfe
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [23EBFBC7BC286CEFC68B4920784B926EC28D7965815238325FBD17892177D6F3](https://www.virustotal.com/gui/file/23EBFBC7BC286CEFC68B4920784B926EC28D7965815238325FBD17892177D6F3) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [340DA32B58331C8E2B561BAF300CA9DFD6B91CD2270EE0E2A34958B1C6259E85](https://www.virustotal.com/gui/search/authentihash%253A340DA32B58331C8E2B561BAF300CA9DFD6B91CD2270EE0E2A34958B1C6259E85) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/87813fcd-6a01-4452-b54c-0dc24402bbfe.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/887e3ac7-c597-4327-86cc-29936e2f8cdb.md b/lolrmm.com/content/bootloaders/887e3ac7-c597-4327-86cc-29936e2f8cdb.md
new file mode 100644
index 00000000..5f7583b7
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/887e3ac7-c597-4327-86cc-29936e2f8cdb.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "887e3ac7-c597-4327-86cc-29936e2f8cdb"
+weight = 10
+displayTitle = "887e3ac7-c597-4327-86cc-29936e2f8cdb"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 887e3ac7-c597-4327-86cc-29936e2f8cdb ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Fedora Project and revoked Jul-20
+- **UUID**: 887e3ac7-c597-4327-86cc-29936e2f8cdb
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [2F1DAE62EA074FD06DBBF620009CB3E65988D15431A061EAAB4D7ED1A97A3689](https://www.virustotal.com/gui/file/2F1DAE62EA074FD06DBBF620009CB3E65988D15431A061EAAB4D7ED1A97A3689) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [D14EE5616DC8EC74D695AF08DACC78BBEFAFA7A97A5CFEAB9B961E86CE9EDD37](https://www.virustotal.com/gui/search/authentihash%253AD14EE5616DC8EC74D695AF08DACC78BBEFAFA7A97A5CFEAB9B961E86CE9EDD37) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/887e3ac7-c597-4327-86cc-29936e2f8cdb.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/88e2e7f2-0a89-4a66-9f99-1a73ca3a061c.md b/lolrmm.com/content/bootloaders/88e2e7f2-0a89-4a66-9f99-1a73ca3a061c.md
new file mode 100644
index 00000000..0fbdfee6
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/88e2e7f2-0a89-4a66-9f99-1a73ca3a061c.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "88e2e7f2-0a89-4a66-9f99-1a73ca3a061c"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 88e2e7f2-0a89-4a66-9f99-1a73ca3a061c
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [DD32DCC6A6E054F4FB518B3F26EE9F41D338AB5EAFFF83F3682E34728EAAECEA](https://www.virustotal.com/gui/file/DD32DCC6A6E054F4FB518B3F26EE9F41D338AB5EAFFF83F3682E34728EAAECEA) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [21258FA3877177AC480CB571134BEE7BA1531DDD1274217DFF71BCD618F6C3D5](https://www.virustotal.com/gui/search/authentihash%253A21258FA3877177AC480CB571134BEE7BA1531DDD1274217DFF71BCD618F6C3D5) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/88e2e7f2-0a89-4a66-9f99-1a73ca3a061c.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/89393561-f676-4029-a1ca-88a4c4fa03b9.md b/lolrmm.com/content/bootloaders/89393561-f676-4029-a1ca-88a4c4fa03b9.md
new file mode 100644
index 00000000..2078560f
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/89393561-f676-4029-a1ca-88a4c4fa03b9.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "89393561-f676-4029-a1ca-88a4c4fa03b9"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 89393561-f676-4029-a1ca-88a4c4fa03b9
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [8536BA8D9039C5F91752BDC45A7AD2F91FDA2334363850DCEB38FD87DB7632E4](https://www.virustotal.com/gui/file/8536BA8D9039C5F91752BDC45A7AD2F91FDA2334363850DCEB38FD87DB7632E4) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [958C0DB651F4E4CCD062446263618C877910E08257EC6D9BCDD8BF1E33134FFB](https://www.virustotal.com/gui/search/authentihash%253A958C0DB651F4E4CCD062446263618C877910E08257EC6D9BCDD8BF1E33134FFB) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/89393561-f676-4029-a1ca-88a4c4fa03b9.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/897f5834-55db-41fc-a4ca-9d880ca00ec7.md b/lolrmm.com/content/bootloaders/897f5834-55db-41fc-a4ca-9d880ca00ec7.md
new file mode 100644
index 00000000..2b79f356
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/897f5834-55db-41fc-a4ca-9d880ca00ec7.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "897f5834-55db-41fc-a4ca-9d880ca00ec7"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 897f5834-55db-41fc-a4ca-9d880ca00ec7
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [FB2F396A01911260D4035CCABF36DB99081DA3F8D98BB40549D7D5E93CE4EAA2](https://www.virustotal.com/gui/file/FB2F396A01911260D4035CCABF36DB99081DA3F8D98BB40549D7D5E93CE4EAA2) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [ABEE522892FA10B22208B4D1540184617BC9875C9E03E5353B4FF476577D918B](https://www.virustotal.com/gui/search/authentihash%253AABEE522892FA10B22208B4D1540184617BC9875C9E03E5353B4FF476577D918B) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/897f5834-55db-41fc-a4ca-9d880ca00ec7.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/8a6aa8d7-205b-4747-aa92-8b526be3b7d2.md b/lolrmm.com/content/bootloaders/8a6aa8d7-205b-4747-aa92-8b526be3b7d2.md
new file mode 100644
index 00000000..00d30c35
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/8a6aa8d7-205b-4747-aa92-8b526be3b7d2.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "8a6aa8d7-205b-4747-aa92-8b526be3b7d2"
+weight = 10
+displayTitle = "8a6aa8d7-205b-4747-aa92-8b526be3b7d2"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 8a6aa8d7-205b-4747-aa92-8b526be3b7d2 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Intel Corporation and revoked Jul-20
+- **UUID**: 8a6aa8d7-205b-4747-aa92-8b526be3b7d2
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [29DA5912698EE1928C239D394EF95A4BEEF0DC59262B6BFFEC24FA205C4B8A10](https://www.virustotal.com/gui/file/29DA5912698EE1928C239D394EF95A4BEEF0DC59262B6BFFEC24FA205C4B8A10) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [45876B4DD861D45B3A94800774027A5DB45A48B2A729410908B6412F8A87E95D](https://www.virustotal.com/gui/search/authentihash%253A45876B4DD861D45B3A94800774027A5DB45A48B2A729410908B6412F8A87E95D) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/8a6aa8d7-205b-4747-aa92-8b526be3b7d2.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/8afa8fb8-bd3a-4033-9f71-3d1e574708ce.md b/lolrmm.com/content/bootloaders/8afa8fb8-bd3a-4033-9f71-3d1e574708ce.md
new file mode 100644
index 00000000..0b213cac
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/8afa8fb8-bd3a-4033-9f71-3d1e574708ce.md
@@ -0,0 +1,241 @@
++++
+
+description = ""
+title = "8afa8fb8-bd3a-4033-9f71-3d1e574708ce"
+weight = 10
+displayTitle = "BOOTX64.EFI"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# BOOTX64.EFI ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Red Hat Inc. and revoked Jul-20
+- **UUID**: 8afa8fb8-bd3a-4033-9f71-3d1e574708ce
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/e297beb49756fef9d2bcad4b860426b3.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\BOOTX64.EFI } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | BOOTX64.EFI |
+| MD5                | [e297beb49756fef9d2bcad4b860426b3](https://www.virustotal.com/gui/file/e297beb49756fef9d2bcad4b860426b3) |
+| SHA1               | [1c1007b55a1e5c1ca49b0b6673fd83b0ae9a9dc3](https://www.virustotal.com/gui/file/1c1007b55a1e5c1ca49b0b6673fd83b0ae9a9dc3) |
+| SHA256             | [62c6affbee1ba9a0435562db6e092a5018effeed0bd0f1d0494f34ce6cd403e9](https://www.virustotal.com/gui/file/62c6affbee1ba9a0435562db6e092a5018effeed0bd0f1d0494f34ce6cd403e9) |
+| Authentihash MD5   | [ac8a7a2580ddb3d88ca49856664d6824](https://www.virustotal.com/gui/search/authentihash%253Aac8a7a2580ddb3d88ca49856664d6824) |
+| Authentihash SHA1  | [9c07457b464050230ec5376b0601e06c8cf3faaa](https://www.virustotal.com/gui/search/authentihash%253A9c07457b464050230ec5376b0601e06c8cf3faaa) |
+| Authentihash SHA256| [89f3d1f6e485c334cd059d0995e3cdfdc00571b1849854847a44dc5548e2dcfb](https://www.virustotal.com/gui/search/authentihash%253A89f3d1f6e485c334cd059d0995e3cdfdc00571b1849854847a44dc5548e2dcfb) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000002b4b79b3694d12118700010000002b
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 8d8a1f204c9c80213bd427fa58b387e2  |
+| ToBeSigned (TBS) SHA1             | 8d78e1742b948f0c8298e560dd71fe1594020386 |
+| ToBeSigned (TBS) SHA256           | 1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher |
+| ValidFrom                         | 2018-07-03 20:53:01 |
+| ValidTo                           | 2019-07-26 20:53:01 |
+| Signature                         | 54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000002b4b79b3694d12118700010000002b |
+| Version                           | 3 |
+###### Certificate 6108d3c4000000000004
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 1f23e75a000f0b6db92650dc26ac98e1  |
+| ToBeSigned (TBS) SHA1             | bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d |
+| ToBeSigned (TBS) SHA256           | 9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011 |
+| ValidFrom                         | 2011-06-27 21:22:45 |
+| ValidTo                           | 2026-06-27 21:32:45 |
+| Signature                         | 350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 6108d3c4000000000004 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+      "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+      "TBS": {
+        "MD5": "8d8a1f204c9c80213bd427fa58b387e2",
+        "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386",
+        "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0"
+      },
+      "ValidFrom": "2018-07-03 20:53:01",
+      "ValidTo": "2019-07-26 20:53:01",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "6108d3c4000000000004",
+      "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "TBS": {
+        "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+        "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+        "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+      },
+      "ValidFrom": "2011-06-27 21:22:45",
+      "ValidTo": "2026-06-27 21:32:45",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/8afa8fb8-bd3a-4033-9f71-3d1e574708ce.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/8b88b928-4717-4a30-832e-dcb3bb15b7a3.md b/lolrmm.com/content/bootloaders/8b88b928-4717-4a30-832e-dcb3bb15b7a3.md
new file mode 100644
index 00000000..acda9f00
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/8b88b928-4717-4a30-832e-dcb3bb15b7a3.md
@@ -0,0 +1,241 @@
++++
+
+description = ""
+title = "8b88b928-4717-4a30-832e-dcb3bb15b7a3"
+weight = 10
+displayTitle = "bootia32.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootia32.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Isoo Software Dev Co Ltd and revoked Jul-20
+- **UUID**: 8b88b928-4717-4a30-832e-dcb3bb15b7a3
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/b1aea18419d0643fb2e4d8f6da2ae461.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootia32.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootia32.efi |
+| MD5                | [b1aea18419d0643fb2e4d8f6da2ae461](https://www.virustotal.com/gui/file/b1aea18419d0643fb2e4d8f6da2ae461) |
+| SHA1               | [3085f38227977dce8dac3b29c92b0103e5b5eae8](https://www.virustotal.com/gui/file/3085f38227977dce8dac3b29c92b0103e5b5eae8) |
+| SHA256             | [56f9e50da4817b1de9d9291eb5f2bc63703ca3e6f4a8571bde28cf756e2c80ba](https://www.virustotal.com/gui/file/56f9e50da4817b1de9d9291eb5f2bc63703ca3e6f4a8571bde28cf756e2c80ba) |
+| Authentihash MD5   | [40b8a117af84ea3225963daf421eccb3](https://www.virustotal.com/gui/search/authentihash%253A40b8a117af84ea3225963daf421eccb3) |
+| Authentihash SHA1  | [99823dd47cfe71774cb0fcc687fa1da921b6240b](https://www.virustotal.com/gui/search/authentihash%253A99823dd47cfe71774cb0fcc687fa1da921b6240b) |
+| Authentihash SHA256| [bd882355bf6813cf88ec0b83b6133691100f480381ac06531c3d5909cf1fb626](https://www.virustotal.com/gui/search/authentihash%253Abd882355bf6813cf88ec0b83b6133691100f480381ac06531c3d5909cf1fb626) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000002530b3d3726ee3f72f000100000025
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | a5052527524f4998a7bd87f396196fe8  |
+| ToBeSigned (TBS) SHA1             | 2374a3e4f0499d106f0e4d71a22f7b0e709847c0 |
+| ToBeSigned (TBS) SHA256           | f5b4992e0bd1b102ae9d5aeec4bd213f5dd042bd27b9a345ad336d2dda10a138 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher |
+| ValidFrom                         | 2017-08-11 20:20:00 |
+| ValidTo                           | 2018-08-11 20:20:00 |
+| Signature                         | 6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000002530b3d3726ee3f72f000100000025 |
+| Version                           | 3 |
+###### Certificate 6108d3c4000000000004
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 1f23e75a000f0b6db92650dc26ac98e1  |
+| ToBeSigned (TBS) SHA1             | bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d |
+| ToBeSigned (TBS) SHA256           | 9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011 |
+| ValidFrom                         | 2011-06-27 21:22:45 |
+| ValidTo                           | 2026-06-27 21:32:45 |
+| Signature                         | 350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 6108d3c4000000000004 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+      "Signature": "6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+      "TBS": {
+        "MD5": "a5052527524f4998a7bd87f396196fe8",
+        "SHA1": "2374a3e4f0499d106f0e4d71a22f7b0e709847c0",
+        "SHA256": "f5b4992e0bd1b102ae9d5aeec4bd213f5dd042bd27b9a345ad336d2dda10a138"
+      },
+      "ValidFrom": "2017-08-11 20:20:00",
+      "ValidTo": "2018-08-11 20:20:00",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "6108d3c4000000000004",
+      "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "TBS": {
+        "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+        "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+        "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+      },
+      "ValidFrom": "2011-06-27 21:22:45",
+      "ValidTo": "2026-06-27 21:32:45",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/8b88b928-4717-4a30-832e-dcb3bb15b7a3.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/8c855009-8e77-4446-acf1-17ce8b445b01.md b/lolrmm.com/content/bootloaders/8c855009-8e77-4446-acf1-17ce8b445b01.md
new file mode 100644
index 00000000..c9ad6a51
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/8c855009-8e77-4446-acf1-17ce8b445b01.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "8c855009-8e77-4446-acf1-17ce8b445b01"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 8c855009-8e77-4446-acf1-17ce8b445b01
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/37d03ef09bf90e11e07eed536a7fed7e.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [37d03ef09bf90e11e07eed536a7fed7e](https://www.virustotal.com/gui/file/37d03ef09bf90e11e07eed536a7fed7e) |
+| SHA1               | [97e4998bff2642bafef802b3d909e89f69b1046e](https://www.virustotal.com/gui/file/97e4998bff2642bafef802b3d909e89f69b1046e) |
+| SHA256             | [b7313be4901f1a80f84e4e8a6636f090e7125b97fc845d4454d5e4bef3d40ca7](https://www.virustotal.com/gui/file/b7313be4901f1a80f84e4e8a6636f090e7125b97fc845d4454d5e4bef3d40ca7) |
+| Authentihash MD5   | [f1fe210387316d9b4c40f31214cea418](https://www.virustotal.com/gui/search/authentihash%253Af1fe210387316d9b4c40f31214cea418) |
+| Authentihash SHA1  | [51d44ad13402af95119844f7da407090702e764e](https://www.virustotal.com/gui/search/authentihash%253A51d44ad13402af95119844f7da407090702e764e) |
+| Authentihash SHA256| [5a47b0b11d2fd9cd39c627d1e6bf4afed9601aa15d6a5d84fb10f39755d2d323](https://www.virustotal.com/gui/search/authentihash%253A5a47b0b11d2fd9cd39c627d1e6bf4afed9601aa15d6a5d84fb10f39755d2d323) |
+| RichPEHeaderHash MD5   | [c3a45277e34522772d2ffb9c618850dd](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Ac3a45277e34522772d2ffb9c618850dd) |
+| RichPEHeaderHash SHA1  | [ccaa1ad0944140bed3cf64cdaf8c9d2004c29074](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Accaa1ad0944140bed3cf64cdaf8c9d2004c29074) |
+| RichPEHeaderHash SHA256| [474fc92022c5254d909bd3560e682dc6a340333b34b82d63e8b9a575cf09b292](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A474fc92022c5254d909bd3560e682dc6a340333b34b82d63e8b9a575cf09b292) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000033c89c66a7b45bb1fbd00000000033c
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 46f57c3b860b08484cb79066ac1014ad  |
+| ToBeSigned (TBS) SHA1             | c1fe3ab97b834a98460e4ae92fe2468d16f61a92 |
+| ToBeSigned (TBS) SHA256           | d78e6b22fec42de5200f6c56731dd6742c79fa2bf7c01c8dc04d3d5738474c9b |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2021-09-02 18:23:41 |
+| ValidTo                           | 2022-09-01 18:23:41 |
+| Signature                         | 699045742c403812de1bdf9ea2be22132e82a7c006ab278e0c9f460bd435386348031a6b5cbdf450ae5a243331dcb2cc7eace8371cf71ec35a6f663147bd211ea357614e6a611eeacca6486a778d4cd788106ade12d6625574e7a89ecab4eb0bb99295c498dd5f565680a2d26bf2545e727c4204023c48d8021b608fd901c6fefd16ce0c3a669fb0ce758dc671f2cdd7434c163f9de9453e5523d94a78205c828a4615e50330d9f52a8a77f7683d2b61ff1324382d40d31001c518b56b286fbb8c754f6940590c2071385ed0a9387b529c06bf71fff89c74634550fc331b389d558696ace05787144e5af53d20a75a84981bf8380ddac3743f407d8ff27c089e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000033c89c66a7b45bb1fbd00000000033c |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c",
+      "Signature": "699045742c403812de1bdf9ea2be22132e82a7c006ab278e0c9f460bd435386348031a6b5cbdf450ae5a243331dcb2cc7eace8371cf71ec35a6f663147bd211ea357614e6a611eeacca6486a778d4cd788106ade12d6625574e7a89ecab4eb0bb99295c498dd5f565680a2d26bf2545e727c4204023c48d8021b608fd901c6fefd16ce0c3a669fb0ce758dc671f2cdd7434c163f9de9453e5523d94a78205c828a4615e50330d9f52a8a77f7683d2b61ff1324382d40d31001c518b56b286fbb8c754f6940590c2071385ed0a9387b529c06bf71fff89c74634550fc331b389d558696ace05787144e5af53d20a75a84981bf8380ddac3743f407d8ff27c089e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "46f57c3b860b08484cb79066ac1014ad",
+        "SHA1": "c1fe3ab97b834a98460e4ae92fe2468d16f61a92",
+        "SHA256": "d78e6b22fec42de5200f6c56731dd6742c79fa2bf7c01c8dc04d3d5738474c9b"
+      },
+      "ValidFrom": "2021-09-02 18:23:41",
+      "ValidTo": "2022-09-01 18:23:41",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/8c855009-8e77-4446-acf1-17ce8b445b01.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/8cb4f77a-a709-4aa9-9563-a21d26fc900f.md b/lolrmm.com/content/bootloaders/8cb4f77a-a709-4aa9-9563-a21d26fc900f.md
new file mode 100644
index 00000000..a9cf0ad2
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/8cb4f77a-a709-4aa9-9563-a21d26fc900f.md
@@ -0,0 +1,241 @@
++++
+
+description = ""
+title = "8cb4f77a-a709-4aa9-9563-a21d26fc900f"
+weight = 10
+displayTitle = "BOOTIA32.EFI"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# BOOTIA32.EFI ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Red Hat Inc. and revoked Jul-20
+- **UUID**: 8cb4f77a-a709-4aa9-9563-a21d26fc900f
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/ee4b2aa959df5211204c6165df138ecd.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\BOOTIA32.EFI } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | BOOTIA32.EFI |
+| MD5                | [ee4b2aa959df5211204c6165df138ecd](https://www.virustotal.com/gui/file/ee4b2aa959df5211204c6165df138ecd) |
+| SHA1               | [ef1dd5153ae097116a870b6b3571aa1f2f99bfe7](https://www.virustotal.com/gui/file/ef1dd5153ae097116a870b6b3571aa1f2f99bfe7) |
+| SHA256             | [67fe6b4b726451375e2dc3f87a0954cd01083fb4d8f4fb074bf699536450af04](https://www.virustotal.com/gui/file/67fe6b4b726451375e2dc3f87a0954cd01083fb4d8f4fb074bf699536450af04) |
+| Authentihash MD5   | [14a8d4ab1ac048531dc075cda647773e](https://www.virustotal.com/gui/search/authentihash%253A14a8d4ab1ac048531dc075cda647773e) |
+| Authentihash SHA1  | [32aff74e8078b1833eba455d0c01471bfef3164c](https://www.virustotal.com/gui/search/authentihash%253A32aff74e8078b1833eba455d0c01471bfef3164c) |
+| Authentihash SHA256| [b7d3e3c4a930fffcdb184619534ef7c3d45435ef97f7988611714f5523b207e5](https://www.virustotal.com/gui/search/authentihash%253Ab7d3e3c4a930fffcdb184619534ef7c3d45435ef97f7988611714f5523b207e5) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000002b4b79b3694d12118700010000002b
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 8d8a1f204c9c80213bd427fa58b387e2  |
+| ToBeSigned (TBS) SHA1             | 8d78e1742b948f0c8298e560dd71fe1594020386 |
+| ToBeSigned (TBS) SHA256           | 1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher |
+| ValidFrom                         | 2018-07-03 20:53:01 |
+| ValidTo                           | 2019-07-26 20:53:01 |
+| Signature                         | 54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000002b4b79b3694d12118700010000002b |
+| Version                           | 3 |
+###### Certificate 6108d3c4000000000004
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 1f23e75a000f0b6db92650dc26ac98e1  |
+| ToBeSigned (TBS) SHA1             | bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d |
+| ToBeSigned (TBS) SHA256           | 9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011 |
+| ValidFrom                         | 2011-06-27 21:22:45 |
+| ValidTo                           | 2026-06-27 21:32:45 |
+| Signature                         | 350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 6108d3c4000000000004 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+      "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+      "TBS": {
+        "MD5": "8d8a1f204c9c80213bd427fa58b387e2",
+        "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386",
+        "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0"
+      },
+      "ValidFrom": "2018-07-03 20:53:01",
+      "ValidTo": "2019-07-26 20:53:01",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "6108d3c4000000000004",
+      "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "TBS": {
+        "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+        "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+        "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+      },
+      "ValidFrom": "2011-06-27 21:22:45",
+      "ValidTo": "2026-06-27 21:32:45",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/8cb4f77a-a709-4aa9-9563-a21d26fc900f.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/8ceef305-f81d-4d24-bb34-2adf41c5b779.md b/lolrmm.com/content/bootloaders/8ceef305-f81d-4d24-bb34-2adf41c5b779.md
new file mode 100644
index 00000000..f8da3c4a
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/8ceef305-f81d-4d24-bb34-2adf41c5b779.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "8ceef305-f81d-4d24-bb34-2adf41c5b779"
+weight = 10
+displayTitle = "bootia32.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootia32.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 8ceef305-f81d-4d24-bb34-2adf41c5b779
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootia32.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootia32.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [6A412612692B81C56395EDBC4E4CB189478D15BD7474A01829ECF867C71ED871](https://www.virustotal.com/gui/file/6A412612692B81C56395EDBC4E4CB189478D15BD7474A01829ECF867C71ED871) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [BF550C6F826C96461552E665F53A4F275A14838FD64CCF773D194B78CE33E907](https://www.virustotal.com/gui/search/authentihash%253ABF550C6F826C96461552E665F53A4F275A14838FD64CCF773D194B78CE33E907) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/8ceef305-f81d-4d24-bb34-2adf41c5b779.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/8d43face-8444-4bf2-ac71-c0213d06ef91.md b/lolrmm.com/content/bootloaders/8d43face-8444-4bf2-ac71-c0213d06ef91.md
new file mode 100644
index 00000000..ded6f58f
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/8d43face-8444-4bf2-ac71-c0213d06ef91.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "8d43face-8444-4bf2-ac71-c0213d06ef91"
+weight = 10
+displayTitle = "8d43face-8444-4bf2-ac71-c0213d06ef91"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 8d43face-8444-4bf2-ac71-c0213d06ef91 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Unknown and revoked Jul-20
+- **UUID**: 8d43face-8444-4bf2-ac71-c0213d06ef91
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [DA31FE4698AD3D0E30408927BE36C938BF52FA9CB8D46B12F84F5D5EC22DD1C6](https://www.virustotal.com/gui/file/DA31FE4698AD3D0E30408927BE36C938BF52FA9CB8D46B12F84F5D5EC22DD1C6) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [495300790E6C9BF2510DABA59DB3D57E9D2B85D7D7640434EC75BAA3851C74E5](https://www.virustotal.com/gui/search/authentihash%253A495300790E6C9BF2510DABA59DB3D57E9D2B85D7D7640434EC75BAA3851C74E5) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/8d43face-8444-4bf2-ac71-c0213d06ef91.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/8e051211-3998-46bf-abf0-cfba6699c4f1.md b/lolrmm.com/content/bootloaders/8e051211-3998-46bf-abf0-cfba6699c4f1.md
new file mode 100644
index 00000000..74ee8381
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/8e051211-3998-46bf-abf0-cfba6699c4f1.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "8e051211-3998-46bf-abf0-cfba6699c4f1"
+weight = 10
+displayTitle = "8e051211-3998-46bf-abf0-cfba6699c4f1"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 8e051211-3998-46bf-abf0-cfba6699c4f1 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Intel Corporation and revoked Jul-20
+- **UUID**: 8e051211-3998-46bf-abf0-cfba6699c4f1
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [07058C9BBCCB99D58FC93EBE2C007CFE28E1BF74E51954584AA3D3CA06689FBA](https://www.virustotal.com/gui/file/07058C9BBCCB99D58FC93EBE2C007CFE28E1BF74E51954584AA3D3CA06689FBA) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [CF13A243C1CD2E3C8CEB7E70100387CECBFB830525BBF9D0B70C79ADF3E84128](https://www.virustotal.com/gui/search/authentihash%253ACF13A243C1CD2E3C8CEB7E70100387CECBFB830525BBF9D0B70C79ADF3E84128) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/8e051211-3998-46bf-abf0-cfba6699c4f1.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/8e87c22a-ea23-4f89-bee2-c301e31b4045.md b/lolrmm.com/content/bootloaders/8e87c22a-ea23-4f89-bee2-c301e31b4045.md
new file mode 100644
index 00000000..33feab72
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/8e87c22a-ea23-4f89-bee2-c301e31b4045.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "8e87c22a-ea23-4f89-bee2-c301e31b4045"
+weight = 10
+displayTitle = "8e87c22a-ea23-4f89-bee2-c301e31b4045"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 8e87c22a-ea23-4f89-bee2-c301e31b4045 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Red Hat Inc. and revoked Jul-20
+- **UUID**: 8e87c22a-ea23-4f89-bee2-c301e31b4045
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [24AF7036C63F09FEBAB1B84372ECD6151BE32CDC94E80E57F52F7D2C3665FBC4](https://www.virustotal.com/gui/file/24AF7036C63F09FEBAB1B84372ECD6151BE32CDC94E80E57F52F7D2C3665FBC4) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [F8DD2281C67C59A08FDDC9859E9D5FF73802CAD88975242BD11486F13C6DDA6B](https://www.virustotal.com/gui/search/authentihash%253AF8DD2281C67C59A08FDDC9859E9D5FF73802CAD88975242BD11486F13C6DDA6B) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/8e87c22a-ea23-4f89-bee2-c301e31b4045.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/8e8db009-ddf8-4196-ac2a-99c9a0e6d9fb.md b/lolrmm.com/content/bootloaders/8e8db009-ddf8-4196-ac2a-99c9a0e6d9fb.md
new file mode 100644
index 00000000..088af5f8
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/8e8db009-ddf8-4196-ac2a-99c9a0e6d9fb.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "8e8db009-ddf8-4196-ac2a-99c9a0e6d9fb"
+weight = 10
+displayTitle = "bootx64.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootx64.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 8e8db009-ddf8-4196-ac2a-99c9a0e6d9fb
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/9ea079774ed23df340ecc523ddf68045.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootx64.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootx64.efi |
+| MD5                | [9ea079774ed23df340ecc523ddf68045](https://www.virustotal.com/gui/file/9ea079774ed23df340ecc523ddf68045) |
+| SHA1               | [34e4cbad02d8dd38e88bc3ab0b2dc47e91b9c02f](https://www.virustotal.com/gui/file/34e4cbad02d8dd38e88bc3ab0b2dc47e91b9c02f) |
+| SHA256             | [71083eb4f247ac78f52aa09f81054396a0dac1064e1191b5b56a43a6976c5c74](https://www.virustotal.com/gui/file/71083eb4f247ac78f52aa09f81054396a0dac1064e1191b5b56a43a6976c5c74) |
+| Authentihash MD5   | [6159052617b8251fa73b9137546992ca](https://www.virustotal.com/gui/search/authentihash%253A6159052617b8251fa73b9137546992ca) |
+| Authentihash SHA1  | [d9196a975de3cb5f3fbed654aef1a7d87801fffc](https://www.virustotal.com/gui/search/authentihash%253Ad9196a975de3cb5f3fbed654aef1a7d87801fffc) |
+| Authentihash SHA256| [cc202e8f2753ec75c9eeaac65c9d39eea6faed570664e930e3815976cd332d91](https://www.virustotal.com/gui/search/authentihash%253Acc202e8f2753ec75c9eeaac65c9d39eea6faed570664e930e3815976cd332d91) |
+| RichPEHeaderHash MD5   | [2777dfee3c799f841a25c53df5d11e39](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2777dfee3c799f841a25c53df5d11e39) |
+| RichPEHeaderHash SHA1  | [6a4457a8f18e185baf0a0352666728176d377faf](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A6a4457a8f18e185baf0a0352666728176d377faf) |
+| RichPEHeaderHash SHA256| [1ae942cee9560dc7ed300190c7efbe6312d44ec378914f3c09554d816a51b45e](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A1ae942cee9560dc7ed300190c7efbe6312d44ec378914f3c09554d816a51b45e) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000004ea1d80770a9bbe94400000000004e
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 9da610547a25cbe89af7ecdb99229623  |
+| ToBeSigned (TBS) SHA1             | 6841cbcbd019586d045c2e9d6d0bc3a98fee3bf7 |
+| ToBeSigned (TBS) SHA256           | 1cfead8146399a4dfe6759e9303c30c521cff3830e7177e87e64021dc3da4931 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2014-07-01 20:32:01 |
+| ValidTo                           | 2015-10-01 20:32:01 |
+| Signature                         | 8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000004ea1d80770a9bbe94400000000004e |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+      "Signature": "8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "9da610547a25cbe89af7ecdb99229623",
+        "SHA1": "6841cbcbd019586d045c2e9d6d0bc3a98fee3bf7",
+        "SHA256": "1cfead8146399a4dfe6759e9303c30c521cff3830e7177e87e64021dc3da4931"
+      },
+      "ValidFrom": "2014-07-01 20:32:01",
+      "ValidTo": "2015-10-01 20:32:01",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/8e8db009-ddf8-4196-ac2a-99c9a0e6d9fb.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/9091dbdc-0263-43e1-a886-3c18c6532dd3.md b/lolrmm.com/content/bootloaders/9091dbdc-0263-43e1-a886-3c18c6532dd3.md
new file mode 100644
index 00000000..323f9204
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/9091dbdc-0263-43e1-a886-3c18c6532dd3.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "9091dbdc-0263-43e1-a886-3c18c6532dd3"
+weight = 10
+displayTitle = "cent-7.9-20200730-shim64-bit.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# cent-7.9-20200730-shim64-bit.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Red Hat, Inc. and revoked Apr-21
+- **UUID**: 9091dbdc-0263-43e1-a886-3c18c6532dd3
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\cent-7.9-20200730-shim64-bit.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372">CVE-2020-14372</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632">CVE-2020-25632</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647">CVE-2020-25647</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749">CVE-2020-27749</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779">CVE-2020-27779</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3418">CVE-2021-3418</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225">CVE-2021-20225</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233">CVE-2021-20233</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | cent-7.9-20200730-shim64-bit.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [5DB10187E0E8BB8D2FF649810E03F80FB6873370F3AB1F013811B8E9670F3863](https://www.virustotal.com/gui/file/5DB10187E0E8BB8D2FF649810E03F80FB6873370F3AB1F013811B8E9670F3863) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [DDA0121DCF167DB1E2622D10F454701837AC6AF304A03EC06B3027904988C56B](https://www.virustotal.com/gui/search/authentihash%253ADDA0121DCF167DB1E2622D10F454701837AC6AF304A03EC06B3027904988C56B) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/9091dbdc-0263-43e1-a886-3c18c6532dd3.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/90d2feb1-4600-4854-9a4e-fbf54b14c72a.md b/lolrmm.com/content/bootloaders/90d2feb1-4600-4854-9a4e-fbf54b14c72a.md
new file mode 100644
index 00000000..f8da8c28
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/90d2feb1-4600-4854-9a4e-fbf54b14c72a.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "90d2feb1-4600-4854-9a4e-fbf54b14c72a"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 90d2feb1-4600-4854-9a4e-fbf54b14c72a
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [1E75347868FC5FDDD501E1E2B56C7D511030513B0E9F45DC074DC562F11590E7](https://www.virustotal.com/gui/file/1E75347868FC5FDDD501E1E2B56C7D511030513B0E9F45DC074DC562F11590E7) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [C9F9C03434997FBD0FBB698DAC556264EBE967F948A97978A0C32EF85F94B188](https://www.virustotal.com/gui/search/authentihash%253AC9F9C03434997FBD0FBB698DAC556264EBE967F948A97978A0C32EF85F94B188) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/90d2feb1-4600-4854-9a4e-fbf54b14c72a.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/90e05866-5975-498c-bab9-1a71dd286011.md b/lolrmm.com/content/bootloaders/90e05866-5975-498c-bab9-1a71dd286011.md
new file mode 100644
index 00000000..324edcbc
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/90e05866-5975-498c-bab9-1a71dd286011.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "90e05866-5975-498c-bab9-1a71dd286011"
+weight = 10
+displayTitle = "90e05866-5975-498c-bab9-1a71dd286011"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 90e05866-5975-498c-bab9-1a71dd286011 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Intel Corporation and revoked Jul-20
+- **UUID**: 90e05866-5975-498c-bab9-1a71dd286011
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [6AE5984A47CCE9129498E534DB84F0FD33FE9AEE2860462414416282EB0CF34A](https://www.virustotal.com/gui/file/6AE5984A47CCE9129498E534DB84F0FD33FE9AEE2860462414416282EB0CF34A) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [DF02AAB48387A9E1D4C65228089CB6ABE196C8F4B396C7E4BBC395DE136977F6](https://www.virustotal.com/gui/search/authentihash%253ADF02AAB48387A9E1D4C65228089CB6ABE196C8F4B396C7E4BBC395DE136977F6) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/90e05866-5975-498c-bab9-1a71dd286011.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/9164d869-3953-40eb-91e4-26a837e3aacc.md b/lolrmm.com/content/bootloaders/9164d869-3953-40eb-91e4-26a837e3aacc.md
new file mode 100644
index 00000000..f298062d
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/9164d869-3953-40eb-91e4-26a837e3aacc.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "9164d869-3953-40eb-91e4-26a837e3aacc"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 9164d869-3953-40eb-91e4-26a837e3aacc
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/c6697cdbcf51cc54053438e644243327.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [c6697cdbcf51cc54053438e644243327](https://www.virustotal.com/gui/file/c6697cdbcf51cc54053438e644243327) |
+| SHA1               | [056c3b1ab4f9b248ffc5285f299a2653839357f2](https://www.virustotal.com/gui/file/056c3b1ab4f9b248ffc5285f299a2653839357f2) |
+| SHA256             | [1eadf7bf5fde916884a4beb82dd68ba50be05413f00aae8571190a2eaa462640](https://www.virustotal.com/gui/file/1eadf7bf5fde916884a4beb82dd68ba50be05413f00aae8571190a2eaa462640) |
+| Authentihash MD5   | [e518520c0709c922714f016a9ec3d893](https://www.virustotal.com/gui/search/authentihash%253Ae518520c0709c922714f016a9ec3d893) |
+| Authentihash SHA1  | [3ef1fcd520f386618b77de8759b40d169b042708](https://www.virustotal.com/gui/search/authentihash%253A3ef1fcd520f386618b77de8759b40d169b042708) |
+| Authentihash SHA256| [05729029ef940c5e6ee96b3b1253c08783c01329bce2e9951bc22a09223fc15c](https://www.virustotal.com/gui/search/authentihash%253A05729029ef940c5e6ee96b3b1253c08783c01329bce2e9951bc22a09223fc15c) |
+| RichPEHeaderHash MD5   | [c3a45277e34522772d2ffb9c618850dd](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Ac3a45277e34522772d2ffb9c618850dd) |
+| RichPEHeaderHash SHA1  | [ccaa1ad0944140bed3cf64cdaf8c9d2004c29074](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Accaa1ad0944140bed3cf64cdaf8c9d2004c29074) |
+| RichPEHeaderHash SHA256| [474fc92022c5254d909bd3560e682dc6a340333b34b82d63e8b9a575cf09b292](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A474fc92022c5254d909bd3560e682dc6a340333b34b82d63e8b9a575cf09b292) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000033c89c66a7b45bb1fbd00000000033c
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 46f57c3b860b08484cb79066ac1014ad  |
+| ToBeSigned (TBS) SHA1             | c1fe3ab97b834a98460e4ae92fe2468d16f61a92 |
+| ToBeSigned (TBS) SHA256           | d78e6b22fec42de5200f6c56731dd6742c79fa2bf7c01c8dc04d3d5738474c9b |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2021-09-02 18:23:41 |
+| ValidTo                           | 2022-09-01 18:23:41 |
+| Signature                         | 699045742c403812de1bdf9ea2be22132e82a7c006ab278e0c9f460bd435386348031a6b5cbdf450ae5a243331dcb2cc7eace8371cf71ec35a6f663147bd211ea357614e6a611eeacca6486a778d4cd788106ade12d6625574e7a89ecab4eb0bb99295c498dd5f565680a2d26bf2545e727c4204023c48d8021b608fd901c6fefd16ce0c3a669fb0ce758dc671f2cdd7434c163f9de9453e5523d94a78205c828a4615e50330d9f52a8a77f7683d2b61ff1324382d40d31001c518b56b286fbb8c754f6940590c2071385ed0a9387b529c06bf71fff89c74634550fc331b389d558696ace05787144e5af53d20a75a84981bf8380ddac3743f407d8ff27c089e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000033c89c66a7b45bb1fbd00000000033c |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c",
+      "Signature": "699045742c403812de1bdf9ea2be22132e82a7c006ab278e0c9f460bd435386348031a6b5cbdf450ae5a243331dcb2cc7eace8371cf71ec35a6f663147bd211ea357614e6a611eeacca6486a778d4cd788106ade12d6625574e7a89ecab4eb0bb99295c498dd5f565680a2d26bf2545e727c4204023c48d8021b608fd901c6fefd16ce0c3a669fb0ce758dc671f2cdd7434c163f9de9453e5523d94a78205c828a4615e50330d9f52a8a77f7683d2b61ff1324382d40d31001c518b56b286fbb8c754f6940590c2071385ed0a9387b529c06bf71fff89c74634550fc331b389d558696ace05787144e5af53d20a75a84981bf8380ddac3743f407d8ff27c089e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "46f57c3b860b08484cb79066ac1014ad",
+        "SHA1": "c1fe3ab97b834a98460e4ae92fe2468d16f61a92",
+        "SHA256": "d78e6b22fec42de5200f6c56731dd6742c79fa2bf7c01c8dc04d3d5738474c9b"
+      },
+      "ValidFrom": "2021-09-02 18:23:41",
+      "ValidTo": "2022-09-01 18:23:41",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/9164d869-3953-40eb-91e4-26a837e3aacc.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/9308b260-6695-43ee-bddb-a90f20e035f1.md b/lolrmm.com/content/bootloaders/9308b260-6695-43ee-bddb-a90f20e035f1.md
new file mode 100644
index 00000000..3edd90f2
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/9308b260-6695-43ee-bddb-a90f20e035f1.md
@@ -0,0 +1,241 @@
++++
+
+description = ""
+title = "9308b260-6695-43ee-bddb-a90f20e035f1"
+weight = 10
+displayTitle = "BOOTIA32.EFI"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# BOOTIA32.EFI ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Red Hat Inc. and revoked Jul-20
+- **UUID**: 9308b260-6695-43ee-bddb-a90f20e035f1
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/77fefa9f6ac9273ee5edb4d19e87d348.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\BOOTIA32.EFI } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | BOOTIA32.EFI |
+| MD5                | [77fefa9f6ac9273ee5edb4d19e87d348](https://www.virustotal.com/gui/file/77fefa9f6ac9273ee5edb4d19e87d348) |
+| SHA1               | [e609f8ddc446dc27a2aec3577e2b7869126662c0](https://www.virustotal.com/gui/file/e609f8ddc446dc27a2aec3577e2b7869126662c0) |
+| SHA256             | [03c8c9956938147bcc81a19e580ca8b5214e82829ec0494c22b0f59013ca22b2](https://www.virustotal.com/gui/file/03c8c9956938147bcc81a19e580ca8b5214e82829ec0494c22b0f59013ca22b2) |
+| Authentihash MD5   | [c62cb9b4d87523ac468bd048647eabec](https://www.virustotal.com/gui/search/authentihash%253Ac62cb9b4d87523ac468bd048647eabec) |
+| Authentihash SHA1  | [57916473f391f8b25aa2497acf5c58d2eb304e2b](https://www.virustotal.com/gui/search/authentihash%253A57916473f391f8b25aa2497acf5c58d2eb304e2b) |
+| Authentihash SHA256| [38909daf2fe29bbfe22303939d3904f38dca48b7f2a41f28f34de564a0242781](https://www.virustotal.com/gui/search/authentihash%253A38909daf2fe29bbfe22303939d3904f38dca48b7f2a41f28f34de564a0242781) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000002530b3d3726ee3f72f000100000025
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | a5052527524f4998a7bd87f396196fe8  |
+| ToBeSigned (TBS) SHA1             | 2374a3e4f0499d106f0e4d71a22f7b0e709847c0 |
+| ToBeSigned (TBS) SHA256           | f5b4992e0bd1b102ae9d5aeec4bd213f5dd042bd27b9a345ad336d2dda10a138 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher |
+| ValidFrom                         | 2017-08-11 20:20:00 |
+| ValidTo                           | 2018-08-11 20:20:00 |
+| Signature                         | 6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000002530b3d3726ee3f72f000100000025 |
+| Version                           | 3 |
+###### Certificate 6108d3c4000000000004
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 1f23e75a000f0b6db92650dc26ac98e1  |
+| ToBeSigned (TBS) SHA1             | bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d |
+| ToBeSigned (TBS) SHA256           | 9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011 |
+| ValidFrom                         | 2011-06-27 21:22:45 |
+| ValidTo                           | 2026-06-27 21:32:45 |
+| Signature                         | 350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 6108d3c4000000000004 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+      "Signature": "6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+      "TBS": {
+        "MD5": "a5052527524f4998a7bd87f396196fe8",
+        "SHA1": "2374a3e4f0499d106f0e4d71a22f7b0e709847c0",
+        "SHA256": "f5b4992e0bd1b102ae9d5aeec4bd213f5dd042bd27b9a345ad336d2dda10a138"
+      },
+      "ValidFrom": "2017-08-11 20:20:00",
+      "ValidTo": "2018-08-11 20:20:00",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "6108d3c4000000000004",
+      "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "TBS": {
+        "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+        "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+        "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+      },
+      "ValidFrom": "2011-06-27 21:22:45",
+      "ValidTo": "2026-06-27 21:32:45",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/9308b260-6695-43ee-bddb-a90f20e035f1.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/934f9364-3471-415f-a502-036969a78958.md b/lolrmm.com/content/bootloaders/934f9364-3471-415f-a502-036969a78958.md
new file mode 100644
index 00000000..6c4a0d9b
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/934f9364-3471-415f-a502-036969a78958.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "934f9364-3471-415f-a502-036969a78958"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 934f9364-3471-415f-a502-036969a78958
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [F51C64E1690E8FADAE2C55EDE85377D6680C337DABCFC01FF6CF37D8D87892BA](https://www.virustotal.com/gui/file/F51C64E1690E8FADAE2C55EDE85377D6680C337DABCFC01FF6CF37D8D87892BA) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [0E44212BADF40D6B8DE3311E632045370588E0B23B7A480EB5DC10DB65D1B4B3](https://www.virustotal.com/gui/search/authentihash%253A0E44212BADF40D6B8DE3311E632045370588E0B23B7A480EB5DC10DB65D1B4B3) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/934f9364-3471-415f-a502-036969a78958.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/9470ea71-b7e9-4e8e-ae73-a4b5fe32bc04.md b/lolrmm.com/content/bootloaders/9470ea71-b7e9-4e8e-ae73-a4b5fe32bc04.md
new file mode 100644
index 00000000..6bc35d0d
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/9470ea71-b7e9-4e8e-ae73-a4b5fe32bc04.md
@@ -0,0 +1,241 @@
++++
+
+description = ""
+title = "9470ea71-b7e9-4e8e-ae73-a4b5fe32bc04"
+weight = 10
+displayTitle = "9470ea71-b7e9-4e8e-ae73-a4b5fe32bc04"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 9470ea71-b7e9-4e8e-ae73-a4b5fe32bc04 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Oracle Corporation and revoked Jul-20
+- **UUID**: 9470ea71-b7e9-4e8e-ae73-a4b5fe32bc04
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/bc5372019b75e9e8257a83a86bd0b33d.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [bc5372019b75e9e8257a83a86bd0b33d](https://www.virustotal.com/gui/file/bc5372019b75e9e8257a83a86bd0b33d) |
+| SHA1               | [99cd0326b914b5f6ea53cb2280d9a455bb68d70b](https://www.virustotal.com/gui/file/99cd0326b914b5f6ea53cb2280d9a455bb68d70b) |
+| SHA256             | [8310f47ba34eb1aca146a5bdb8b59138173e659fbeb57a4c89355d8c54930b6b](https://www.virustotal.com/gui/file/8310f47ba34eb1aca146a5bdb8b59138173e659fbeb57a4c89355d8c54930b6b) |
+| Authentihash MD5   | [45e4a006c19fa21bbbec494e6d51c63c](https://www.virustotal.com/gui/search/authentihash%253A45e4a006c19fa21bbbec494e6d51c63c) |
+| Authentihash SHA1  | [ceca75b14c16bc19a9aafc883fcb081554f563e4](https://www.virustotal.com/gui/search/authentihash%253Aceca75b14c16bc19a9aafc883fcb081554f563e4) |
+| Authentihash SHA256| [56b3da7259eb1bec44199a7ebf74c6fe912c8fe9bf4a20a7610c5e9bc0b601cd](https://www.virustotal.com/gui/search/authentihash%253A56b3da7259eb1bec44199a7ebf74c6fe912c8fe9bf4a20a7610c5e9bc0b601cd) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 3300000034a76221f066806d9d000100000034
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 981b2766a6b1467da361c3f6158b5efb  |
+| ToBeSigned (TBS) SHA1             | 2de358273a7fab18d9e8359579e78544e4f90e45 |
+| ToBeSigned (TBS) SHA256           | c9b4b474a8cf82bb390bee17e0eb009360599aafc792dca2c161926e2b9c7f7f |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher |
+| ValidFrom                         | 2019-05-02 21:31:23 |
+| ValidTo                           | 2020-05-02 21:31:23 |
+| Signature                         | 977d904632387b183cd2f5257baa329d7f537c6f4fc8debcd79358d1e293dc413472d9570abf3aa27047041d96b6c77b855466e096ddc99417584c171ff4c239619a185d80f52131622bbd527228a0229f00a878bf53b3b79dd2e65b0ce48d17c209e27a0e77f1eddc0fd85a8fcb0e66cddefd40bf8afc73830971be672e3245869e219a3902283f00f4a5c1bf6357400fe3d38e2c3e74433e158deff1733e5249b246ab66481e983dbe60a4274286b00d96fe28e794a5823e658cd0c83603769d96a4c4f766e3f5f0a173889eab9da0cfd9517f42d7e9d12b089214c09f21ee561dde677f28cd7ea82b5846fff64be02f195ee75ff499f67821369241536406 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 3300000034a76221f066806d9d000100000034 |
+| Version                           | 3 |
+###### Certificate 6108d3c4000000000004
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 1f23e75a000f0b6db92650dc26ac98e1  |
+| ToBeSigned (TBS) SHA1             | bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d |
+| ToBeSigned (TBS) SHA256           | 9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011 |
+| ValidFrom                         | 2011-06-27 21:22:45 |
+| ValidTo                           | 2026-06-27 21:32:45 |
+| Signature                         | 350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 6108d3c4000000000004 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "3300000034a76221f066806d9d000100000034",
+      "Signature": "977d904632387b183cd2f5257baa329d7f537c6f4fc8debcd79358d1e293dc413472d9570abf3aa27047041d96b6c77b855466e096ddc99417584c171ff4c239619a185d80f52131622bbd527228a0229f00a878bf53b3b79dd2e65b0ce48d17c209e27a0e77f1eddc0fd85a8fcb0e66cddefd40bf8afc73830971be672e3245869e219a3902283f00f4a5c1bf6357400fe3d38e2c3e74433e158deff1733e5249b246ab66481e983dbe60a4274286b00d96fe28e794a5823e658cd0c83603769d96a4c4f766e3f5f0a173889eab9da0cfd9517f42d7e9d12b089214c09f21ee561dde677f28cd7ea82b5846fff64be02f195ee75ff499f67821369241536406",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+      "TBS": {
+        "MD5": "981b2766a6b1467da361c3f6158b5efb",
+        "SHA1": "2de358273a7fab18d9e8359579e78544e4f90e45",
+        "SHA256": "c9b4b474a8cf82bb390bee17e0eb009360599aafc792dca2c161926e2b9c7f7f"
+      },
+      "ValidFrom": "2019-05-02 21:31:23",
+      "ValidTo": "2020-05-02 21:31:23",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "6108d3c4000000000004",
+      "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "TBS": {
+        "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+        "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+        "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+      },
+      "ValidFrom": "2011-06-27 21:22:45",
+      "ValidTo": "2026-06-27 21:32:45",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "SerialNumber": "3300000034a76221f066806d9d000100000034",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/9470ea71-b7e9-4e8e-ae73-a4b5fe32bc04.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/94ba0558-c5b6-4f9f-b1fc-598e7448bf13.md b/lolrmm.com/content/bootloaders/94ba0558-c5b6-4f9f-b1fc-598e7448bf13.md
new file mode 100644
index 00000000..e0c6dec9
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/94ba0558-c5b6-4f9f-b1fc-598e7448bf13.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "94ba0558-c5b6-4f9f-b1fc-598e7448bf13"
+weight = 10
+displayTitle = "bootx64.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootx64.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 94ba0558-c5b6-4f9f-b1fc-598e7448bf13
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootx64.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8">Black Lotus Microsoft Windows 8</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootx64.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [196243A87389B47FC9033AF3884F3FF0A5C891D80E22C82D2ECD5B9A3434186E](https://www.virustotal.com/gui/file/196243A87389B47FC9033AF3884F3FF0A5C891D80E22C82D2ECD5B9A3434186E) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [CF7F9E7D091023A1A1C3F5CBF7DDACF7B18F03A4D07961F71506FE9DF4388EEE](https://www.virustotal.com/gui/search/authentihash%253ACF7F9E7D091023A1A1C3F5CBF7DDACF7B18F03A4D07961F71506FE9DF4388EEE) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/94ba0558-c5b6-4f9f-b1fc-598e7448bf13.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/94c6901b-e217-41cf-a4c7-b62763759d3e.md b/lolrmm.com/content/bootloaders/94c6901b-e217-41cf-a4c7-b62763759d3e.md
new file mode 100644
index 00000000..ae5dbf0c
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/94c6901b-e217-41cf-a4c7-b62763759d3e.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "94c6901b-e217-41cf-a4c7-b62763759d3e"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 94c6901b-e217-41cf-a4c7-b62763759d3e
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [A8FAD7CD0CC1DC152AE0880C21D91F6270FDB410D60E1129963AFCD3DF5841F1](https://www.virustotal.com/gui/file/A8FAD7CD0CC1DC152AE0880C21D91F6270FDB410D60E1129963AFCD3DF5841F1) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [839894ED391B7C88E995F845CA152F65BF881850D768E3EF3880838B52846A74](https://www.virustotal.com/gui/search/authentihash%253A839894ED391B7C88E995F845CA152F65BF881850D768E3EF3880838B52846A74) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/94c6901b-e217-41cf-a4c7-b62763759d3e.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/94e35789-58de-436e-b04a-8a7b7ded8347.md b/lolrmm.com/content/bootloaders/94e35789-58de-436e-b04a-8a7b7ded8347.md
new file mode 100644
index 00000000..30798156
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/94e35789-58de-436e-b04a-8a7b7ded8347.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "94e35789-58de-436e-b04a-8a7b7ded8347"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 94e35789-58de-436e-b04a-8a7b7ded8347
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [12A9833615CAABCF4F732C8BB088C83EC18C286EEF2332CB11F18529B676BD38](https://www.virustotal.com/gui/file/12A9833615CAABCF4F732C8BB088C83EC18C286EEF2332CB11F18529B676BD38) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [2B1B9ECCF585B11C5122651D7B94534BB131AA7C874E2262038B85DB3EE83E4D](https://www.virustotal.com/gui/search/authentihash%253A2B1B9ECCF585B11C5122651D7B94534BB131AA7C874E2262038B85DB3EE83E4D) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/94e35789-58de-436e-b04a-8a7b7ded8347.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/9517d1f7-d485-4c7e-95b9-bdf297b342e1.md b/lolrmm.com/content/bootloaders/9517d1f7-d485-4c7e-95b9-bdf297b342e1.md
new file mode 100644
index 00000000..76ecb670
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/9517d1f7-d485-4c7e-95b9-bdf297b342e1.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "9517d1f7-d485-4c7e-95b9-bdf297b342e1"
+weight = 10
+displayTitle = "9517d1f7-d485-4c7e-95b9-bdf297b342e1"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 9517d1f7-d485-4c7e-95b9-bdf297b342e1 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Oracle Corporation and revoked Jul-20
+- **UUID**: 9517d1f7-d485-4c7e-95b9-bdf297b342e1
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [BA44BD2BB872DD6C6A8687F65CC138585A963473203D6F3F64770E5365812630](https://www.virustotal.com/gui/file/BA44BD2BB872DD6C6A8687F65CC138585A963473203D6F3F64770E5365812630) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [47FF1B63B140B6FC04ED79131331E651DA5B2E2F170F5DAEF4153DC2FBC532B1](https://www.virustotal.com/gui/search/authentihash%253A47FF1B63B140B6FC04ED79131331E651DA5B2E2F170F5DAEF4153DC2FBC532B1) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/9517d1f7-d485-4c7e-95b9-bdf297b342e1.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/96d26340-d5ec-43a8-b1e7-068f46a2aeaa.md b/lolrmm.com/content/bootloaders/96d26340-d5ec-43a8-b1e7-068f46a2aeaa.md
new file mode 100644
index 00000000..aae78773
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/96d26340-d5ec-43a8-b1e7-068f46a2aeaa.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "96d26340-d5ec-43a8-b1e7-068f46a2aeaa"
+weight = 10
+displayTitle = "96d26340-d5ec-43a8-b1e7-068f46a2aeaa"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 96d26340-d5ec-43a8-b1e7-068f46a2aeaa ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by SUSE Linux and revoked Jul-20
+- **UUID**: 96d26340-d5ec-43a8-b1e7-068f46a2aeaa
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [A739C0624B7608F40645D417E79CE0B22FA568D885ACEBE51949F268565098B4](https://www.virustotal.com/gui/file/A739C0624B7608F40645D417E79CE0B22FA568D885ACEBE51949F268565098B4) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [65B2E7CC18D903C331DF1152DF73CA0DC932D29F17997481C56F3087B2DD3147](https://www.virustotal.com/gui/search/authentihash%253A65B2E7CC18D903C331DF1152DF73CA0DC932D29F17997481C56F3087B2DD3147) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/96d26340-d5ec-43a8-b1e7-068f46a2aeaa.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/97efcb29-1524-4142-923b-4395a39fe3ee.md b/lolrmm.com/content/bootloaders/97efcb29-1524-4142-923b-4395a39fe3ee.md
new file mode 100644
index 00000000..12e631e1
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/97efcb29-1524-4142-923b-4395a39fe3ee.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "97efcb29-1524-4142-923b-4395a39fe3ee"
+weight = 10
+displayTitle = "97efcb29-1524-4142-923b-4395a39fe3ee"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 97efcb29-1524-4142-923b-4395a39fe3ee ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Intel Corporation and revoked Jul-20
+- **UUID**: 97efcb29-1524-4142-923b-4395a39fe3ee
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [C31524CF5814D19C11611A5E5C27B2071DCB76B7EC6DC2DEC93FF9DE5CE656DE](https://www.virustotal.com/gui/file/C31524CF5814D19C11611A5E5C27B2071DCB76B7EC6DC2DEC93FF9DE5CE656DE) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [4185821F6DAB5BA8347B78A22B5F9A0A7570CA5C93A74D478A793D83BAC49805](https://www.virustotal.com/gui/search/authentihash%253A4185821F6DAB5BA8347B78A22B5F9A0A7570CA5C93A74D478A793D83BAC49805) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/97efcb29-1524-4142-923b-4395a39fe3ee.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/989b4dda-91c9-4903-9027-6ff3e74738b2.md b/lolrmm.com/content/bootloaders/989b4dda-91c9-4903-9027-6ff3e74738b2.md
new file mode 100644
index 00000000..93c8889c
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/989b4dda-91c9-4903-9027-6ff3e74738b2.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "989b4dda-91c9-4903-9027-6ff3e74738b2"
+weight = 10
+displayTitle = "bootarm.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootarm.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 989b4dda-91c9-4903-9027-6ff3e74738b2
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootarm.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootarm.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [87150D354E809EE266FC005B1DECA64F70A72B9505AD79062D337EEF012CA896](https://www.virustotal.com/gui/file/87150D354E809EE266FC005B1DECA64F70A72B9505AD79062D337EEF012CA896) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [DAF87006F2653909E39A52B7ECB234484E7AC84AC21EB59354C1BAFCDDF08D9C](https://www.virustotal.com/gui/search/authentihash%253ADAF87006F2653909E39A52B7ECB234484E7AC84AC21EB59354C1BAFCDDF08D9C) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/989b4dda-91c9-4903-9027-6ff3e74738b2.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/98b2c48c-eaa0-48d4-bcbd-4090cffd2fed.md b/lolrmm.com/content/bootloaders/98b2c48c-eaa0-48d4-bcbd-4090cffd2fed.md
new file mode 100644
index 00000000..6fa9da9f
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/98b2c48c-eaa0-48d4-bcbd-4090cffd2fed.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "98b2c48c-eaa0-48d4-bcbd-4090cffd2fed"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 98b2c48c-eaa0-48d4-bcbd-4090cffd2fed
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8">Black Lotus Microsoft Windows 8</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [575D4DF1AFBDD514A6D293234F4493736200E657D0EB9C618CBE18B3AE8EBB3E](https://www.virustotal.com/gui/file/575D4DF1AFBDD514A6D293234F4493736200E657D0EB9C618CBE18B3AE8EBB3E) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [F558E04EF99B39A1012E8BC2685728D983C682CF5E6F7E4D335A660283D7C666](https://www.virustotal.com/gui/search/authentihash%253AF558E04EF99B39A1012E8BC2685728D983C682CF5E6F7E4D335A660283D7C666) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/98b2c48c-eaa0-48d4-bcbd-4090cffd2fed.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/990b3c53-97bc-4fd8-a212-e60c6fda898c.md b/lolrmm.com/content/bootloaders/990b3c53-97bc-4fd8-a212-e60c6fda898c.md
new file mode 100644
index 00000000..8313d4c8
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/990b3c53-97bc-4fd8-a212-e60c6fda898c.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "990b3c53-97bc-4fd8-a212-e60c6fda898c"
+weight = 10
+displayTitle = "bootia32.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootia32.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Trend Micro and revoked Mar-23
+- **UUID**: 990b3c53-97bc-4fd8-a212-e60c6fda898c
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootia32.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28005">CVE-2023-28005</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootia32.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [B97D5B2A7A9E582652CB9A9BDE1BB68EB631C2329168A996BD19CDD1499408BA](https://www.virustotal.com/gui/file/B97D5B2A7A9E582652CB9A9BDE1BB68EB631C2329168A996BD19CDD1499408BA) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [1F8A0E13AADE0885A06B5D822BB21D8111664C37691F0D256EBA840277511BCA](https://www.virustotal.com/gui/search/authentihash%253A1F8A0E13AADE0885A06B5D822BB21D8111664C37691F0D256EBA840277511BCA) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/990b3c53-97bc-4fd8-a212-e60c6fda898c.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/997fb55c-0910-48f0-adf7-33f2e50473c6.md b/lolrmm.com/content/bootloaders/997fb55c-0910-48f0-adf7-33f2e50473c6.md
new file mode 100644
index 00000000..09878536
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/997fb55c-0910-48f0-adf7-33f2e50473c6.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "997fb55c-0910-48f0-adf7-33f2e50473c6"
+weight = 10
+displayTitle = "bootarm.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootarm.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 997fb55c-0910-48f0-adf7-33f2e50473c6
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootarm.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootarm.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [9A7FA44AE658F9CDED2AA0CC440EAA8134FC1FAFED290ABBC8C45EC670884605](https://www.virustotal.com/gui/file/9A7FA44AE658F9CDED2AA0CC440EAA8134FC1FAFED290ABBC8C45EC670884605) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [F4D7D6F0D820F749A442DAB0A34D53A71CE47DF51DE07E6723AB848108AD1945](https://www.virustotal.com/gui/search/authentihash%253AF4D7D6F0D820F749A442DAB0A34D53A71CE47DF51DE07E6723AB848108AD1945) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/997fb55c-0910-48f0-adf7-33f2e50473c6.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/99b952f7-5438-417b-9dab-c318bdcd75e6.md b/lolrmm.com/content/bootloaders/99b952f7-5438-417b-9dab-c318bdcd75e6.md
new file mode 100644
index 00000000..208e255c
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/99b952f7-5438-417b-9dab-c318bdcd75e6.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "99b952f7-5438-417b-9dab-c318bdcd75e6"
+weight = 10
+displayTitle = "99b952f7-5438-417b-9dab-c318bdcd75e6"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 99b952f7-5438-417b-9dab-c318bdcd75e6 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Unknown and revoked Jul-20
+- **UUID**: 99b952f7-5438-417b-9dab-c318bdcd75e6
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [B6C36B2B18A3E73EA007173F8669D9A9A861FDDF27C3E3C0C3F1315E2AE5B43F](https://www.virustotal.com/gui/file/B6C36B2B18A3E73EA007173F8669D9A9A861FDDF27C3E3C0C3F1315E2AE5B43F) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [61CEC4A377BF5902C0FEAEE37034BF97D5BC6E0615E23A1CDFBAE6E3F5FB3CFD](https://www.virustotal.com/gui/search/authentihash%253A61CEC4A377BF5902C0FEAEE37034BF97D5BC6E0615E23A1CDFBAE6E3F5FB3CFD) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/99b952f7-5438-417b-9dab-c318bdcd75e6.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/9a34a20c-afea-4d1e-9109-fb7354066e06.md b/lolrmm.com/content/bootloaders/9a34a20c-afea-4d1e-9109-fb7354066e06.md
new file mode 100644
index 00000000..f46df422
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/9a34a20c-afea-4d1e-9109-fb7354066e06.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "9a34a20c-afea-4d1e-9109-fb7354066e06"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 9a34a20c-afea-4d1e-9109-fb7354066e06
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [79193EAE46F687D00B90B3EBA361B35802BD42E2891A8A8C286B4C00119F9F94](https://www.virustotal.com/gui/file/79193EAE46F687D00B90B3EBA361B35802BD42E2891A8A8C286B4C00119F9F94) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [F33727B54A9908CEC7ED8DB582A1482420FA257B61B559C47343110872ADF7D8](https://www.virustotal.com/gui/search/authentihash%253AF33727B54A9908CEC7ED8DB582A1482420FA257B61B559C47343110872ADF7D8) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/9a34a20c-afea-4d1e-9109-fb7354066e06.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/9a4cfe78-97aa-4d04-a049-9f0c2d3869c1.md b/lolrmm.com/content/bootloaders/9a4cfe78-97aa-4d04-a049-9f0c2d3869c1.md
new file mode 100644
index 00000000..0ce7179b
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/9a4cfe78-97aa-4d04-a049-9f0c2d3869c1.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "9a4cfe78-97aa-4d04-a049-9f0c2d3869c1"
+weight = 10
+displayTitle = "9a4cfe78-97aa-4d04-a049-9f0c2d3869c1"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 9a4cfe78-97aa-4d04-a049-9f0c2d3869c1 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by SUSE Linux and revoked Jul-20
+- **UUID**: 9a4cfe78-97aa-4d04-a049-9f0c2d3869c1
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [D8C26A5324CA74212B59B59BEF1BC33FB5B6946DCDDE84414C60A2E315EDE741](https://www.virustotal.com/gui/file/D8C26A5324CA74212B59B59BEF1BC33FB5B6946DCDDE84414C60A2E315EDE741) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [3AE76C45CA70E9180C1559981F42622DD251BCA1FBE6B901C52EC11673B03514](https://www.virustotal.com/gui/search/authentihash%253A3AE76C45CA70E9180C1559981F42622DD251BCA1FBE6B901C52EC11673B03514) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/9a4cfe78-97aa-4d04-a049-9f0c2d3869c1.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/9a8ab464-2a24-4329-ba2f-e9eaeb2edb90.md b/lolrmm.com/content/bootloaders/9a8ab464-2a24-4329-ba2f-e9eaeb2edb90.md
new file mode 100644
index 00000000..48a738a6
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/9a8ab464-2a24-4329-ba2f-e9eaeb2edb90.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "9a8ab464-2a24-4329-ba2f-e9eaeb2edb90"
+weight = 10
+displayTitle = "shim-0.9+1474479173.6c180c6-0ubuntu1/shim"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# shim-0.9+1474479173.6c180c6-0ubuntu1/shim ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Canonical Ltd and revoked Apr-21
+- **UUID**: 9a8ab464-2a24-4329-ba2f-e9eaeb2edb90
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\shim-0.9+1474479173.6c180c6-0ubuntu1/shim } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372">CVE-2020-14372</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632">CVE-2020-25632</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647">CVE-2020-25647</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749">CVE-2020-27749</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779">CVE-2020-27779</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3418">CVE-2021-3418</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225">CVE-2021-20225</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233">CVE-2021-20233</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | shim-0.9+1474479173.6c180c6-0ubuntu1/shim |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [98799E6AD44F2AFF3D3D7B66E482B2F4DE4438F5752D932D12C97FF56FA1942B](https://www.virustotal.com/gui/file/98799E6AD44F2AFF3D3D7B66E482B2F4DE4438F5752D932D12C97FF56FA1942B) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [E37FF3FC0EFF20BFC1C060A4BF56885E1EFD55A8E9CE3C5F4869444CACFFAD0B](https://www.virustotal.com/gui/search/authentihash%253AE37FF3FC0EFF20BFC1C060A4BF56885E1EFD55A8E9CE3C5F4869444CACFFAD0B) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/9a8ab464-2a24-4329-ba2f-e9eaeb2edb90.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/9ad7a737-68be-4ce9-9595-30623e887396.md b/lolrmm.com/content/bootloaders/9ad7a737-68be-4ce9-9595-30623e887396.md
new file mode 100644
index 00000000..d8686a0d
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/9ad7a737-68be-4ce9-9595-30623e887396.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "9ad7a737-68be-4ce9-9595-30623e887396"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 9ad7a737-68be-4ce9-9595-30623e887396
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/6c1910730f135cbd5a78e3a48520e647.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [6c1910730f135cbd5a78e3a48520e647](https://www.virustotal.com/gui/file/6c1910730f135cbd5a78e3a48520e647) |
+| SHA1               | [1d5beb0bd494d324fa663da050cc61e8f7f2ce92](https://www.virustotal.com/gui/file/1d5beb0bd494d324fa663da050cc61e8f7f2ce92) |
+| SHA256             | [77e2945b3a2b0d14e9943f90ddd7bb87dde9cc5d8be09f9693e9f4166769363d](https://www.virustotal.com/gui/file/77e2945b3a2b0d14e9943f90ddd7bb87dde9cc5d8be09f9693e9f4166769363d) |
+| Authentihash MD5   | [c44756dff66637b44b1180df93fecc70](https://www.virustotal.com/gui/search/authentihash%253Ac44756dff66637b44b1180df93fecc70) |
+| Authentihash SHA1  | [502c5761b07eef8e5b1b90cd8465a36a115e339b](https://www.virustotal.com/gui/search/authentihash%253A502c5761b07eef8e5b1b90cd8465a36a115e339b) |
+| Authentihash SHA256| [6582dccb8b305efe0bbbafdcc7d295a6a8bf1df0397e1a8ac736e9098a2a64c0](https://www.virustotal.com/gui/search/authentihash%253A6582dccb8b305efe0bbbafdcc7d295a6a8bf1df0397e1a8ac736e9098a2a64c0) |
+| RichPEHeaderHash MD5   | [aaf18af925d829095e017c505f1a0039](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Aaaf18af925d829095e017c505f1a0039) |
+| RichPEHeaderHash SHA1  | [c3d13f7d96127a3b16c7a8c0a3dd98fd9f22c3cf](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Ac3d13f7d96127a3b16c7a8c0a3dd98fd9f22c3cf) |
+| RichPEHeaderHash SHA256| [05367ecae4cf78cc575048fb931468b1d210df8c38ff8ca05481124b1a1a6917](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A05367ecae4cf78cc575048fb931468b1d210df8c38ff8ca05481124b1a1a6917) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000033c89c66a7b45bb1fbd00000000033c
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 46f57c3b860b08484cb79066ac1014ad  |
+| ToBeSigned (TBS) SHA1             | c1fe3ab97b834a98460e4ae92fe2468d16f61a92 |
+| ToBeSigned (TBS) SHA256           | d78e6b22fec42de5200f6c56731dd6742c79fa2bf7c01c8dc04d3d5738474c9b |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2021-09-02 18:23:41 |
+| ValidTo                           | 2022-09-01 18:23:41 |
+| Signature                         | 699045742c403812de1bdf9ea2be22132e82a7c006ab278e0c9f460bd435386348031a6b5cbdf450ae5a243331dcb2cc7eace8371cf71ec35a6f663147bd211ea357614e6a611eeacca6486a778d4cd788106ade12d6625574e7a89ecab4eb0bb99295c498dd5f565680a2d26bf2545e727c4204023c48d8021b608fd901c6fefd16ce0c3a669fb0ce758dc671f2cdd7434c163f9de9453e5523d94a78205c828a4615e50330d9f52a8a77f7683d2b61ff1324382d40d31001c518b56b286fbb8c754f6940590c2071385ed0a9387b529c06bf71fff89c74634550fc331b389d558696ace05787144e5af53d20a75a84981bf8380ddac3743f407d8ff27c089e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000033c89c66a7b45bb1fbd00000000033c |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c",
+      "Signature": "699045742c403812de1bdf9ea2be22132e82a7c006ab278e0c9f460bd435386348031a6b5cbdf450ae5a243331dcb2cc7eace8371cf71ec35a6f663147bd211ea357614e6a611eeacca6486a778d4cd788106ade12d6625574e7a89ecab4eb0bb99295c498dd5f565680a2d26bf2545e727c4204023c48d8021b608fd901c6fefd16ce0c3a669fb0ce758dc671f2cdd7434c163f9de9453e5523d94a78205c828a4615e50330d9f52a8a77f7683d2b61ff1324382d40d31001c518b56b286fbb8c754f6940590c2071385ed0a9387b529c06bf71fff89c74634550fc331b389d558696ace05787144e5af53d20a75a84981bf8380ddac3743f407d8ff27c089e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "46f57c3b860b08484cb79066ac1014ad",
+        "SHA1": "c1fe3ab97b834a98460e4ae92fe2468d16f61a92",
+        "SHA256": "d78e6b22fec42de5200f6c56731dd6742c79fa2bf7c01c8dc04d3d5738474c9b"
+      },
+      "ValidFrom": "2021-09-02 18:23:41",
+      "ValidTo": "2022-09-01 18:23:41",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/9ad7a737-68be-4ce9-9595-30623e887396.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/9ae39650-46fc-402d-a4dc-569ce8411039.md b/lolrmm.com/content/bootloaders/9ae39650-46fc-402d-a4dc-569ce8411039.md
new file mode 100644
index 00000000..33b6d56e
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/9ae39650-46fc-402d-a4dc-569ce8411039.md
@@ -0,0 +1,241 @@
++++
+
+description = ""
+title = "9ae39650-46fc-402d-a4dc-569ce8411039"
+weight = 10
+displayTitle = "bootx64.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootx64.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by NTI Corporation and revoked Jul-20
+- **UUID**: 9ae39650-46fc-402d-a4dc-569ce8411039
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/e2be3deb5a33615e127a7b2930bb544a.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootx64.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootx64.efi |
+| MD5                | [e2be3deb5a33615e127a7b2930bb544a](https://www.virustotal.com/gui/file/e2be3deb5a33615e127a7b2930bb544a) |
+| SHA1               | [608df8090d9d8b9aa3ef02b395415edb65d9be6d](https://www.virustotal.com/gui/file/608df8090d9d8b9aa3ef02b395415edb65d9be6d) |
+| SHA256             | [7b5dfe4f9e4ee68e3cdd9c91bcae26db334d49ae4c1f9525cecd834de48df110](https://www.virustotal.com/gui/file/7b5dfe4f9e4ee68e3cdd9c91bcae26db334d49ae4c1f9525cecd834de48df110) |
+| Authentihash MD5   | [fcc5a83e211d451fcb6f8082cc598ea0](https://www.virustotal.com/gui/search/authentihash%253Afcc5a83e211d451fcb6f8082cc598ea0) |
+| Authentihash SHA1  | [20ad14d6ff96fc1dde5df105e0b71cebc77f5b48](https://www.virustotal.com/gui/search/authentihash%253A20ad14d6ff96fc1dde5df105e0b71cebc77f5b48) |
+| Authentihash SHA256| [e051b788ecbaeda53046c70e6af6058f95222c046157b8c4c1b9c2cfc65f46e5](https://www.virustotal.com/gui/search/authentihash%253Ae051b788ecbaeda53046c70e6af6058f95222c046157b8c4c1b9c2cfc65f46e5) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 3300000010a4912943d94ce62e000100000010
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 61509fd4e01160eb7d8007dc182bee5b  |
+| ToBeSigned (TBS) SHA1             | febd34ec96d90e498d9b6fa54d7fab80ce1464d3 |
+| ToBeSigned (TBS) SHA256           | 7d79e52d96bc7c571299d90c3bc4bff9d08e36eb74b7e8b0cd69114980737953 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher |
+| ValidFrom                         | 2014-10-01 18:02:10 |
+| ValidTo                           | 2016-01-01 18:02:10 |
+| Signature                         | 2b1b08b20674b8acbad524875a42f0b4d4ba6df424b9adb1e83c9309e657fe499f386cdf93a4f71393ab57da5eee4e346ebccdf9a7e990b44a76433af4071e90ee0e0fc8744003f9afe6bdda1cbd132fef8235d39c932bb9960f52bbea2062ed773a52beef26b333f603d8e9a0a9652c222a013cb1bd44bb5dc96c1a4135284c91784f0d66a2d7d97c59e26fd19d645e730b656d56e7a8166f228a751a745c4491f1865c8d5a4b1bf61fd4a564811e32699deff03a3328829cd888ae53fccb0819957ee499a2ad79d1c1d73ef7324562bee86575193983b41f66c12c95eb5d171df5c4beda799c4fb314e8e27bc47b195e1c8a2cd2d3bfbb29c8264ebddf95da |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 3300000010a4912943d94ce62e000100000010 |
+| Version                           | 3 |
+###### Certificate 6108d3c4000000000004
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 1f23e75a000f0b6db92650dc26ac98e1  |
+| ToBeSigned (TBS) SHA1             | bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d |
+| ToBeSigned (TBS) SHA256           | 9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011 |
+| ValidFrom                         | 2011-06-27 21:22:45 |
+| ValidTo                           | 2026-06-27 21:32:45 |
+| Signature                         | 350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 6108d3c4000000000004 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "3300000010a4912943d94ce62e000100000010",
+      "Signature": "2b1b08b20674b8acbad524875a42f0b4d4ba6df424b9adb1e83c9309e657fe499f386cdf93a4f71393ab57da5eee4e346ebccdf9a7e990b44a76433af4071e90ee0e0fc8744003f9afe6bdda1cbd132fef8235d39c932bb9960f52bbea2062ed773a52beef26b333f603d8e9a0a9652c222a013cb1bd44bb5dc96c1a4135284c91784f0d66a2d7d97c59e26fd19d645e730b656d56e7a8166f228a751a745c4491f1865c8d5a4b1bf61fd4a564811e32699deff03a3328829cd888ae53fccb0819957ee499a2ad79d1c1d73ef7324562bee86575193983b41f66c12c95eb5d171df5c4beda799c4fb314e8e27bc47b195e1c8a2cd2d3bfbb29c8264ebddf95da",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+      "TBS": {
+        "MD5": "61509fd4e01160eb7d8007dc182bee5b",
+        "SHA1": "febd34ec96d90e498d9b6fa54d7fab80ce1464d3",
+        "SHA256": "7d79e52d96bc7c571299d90c3bc4bff9d08e36eb74b7e8b0cd69114980737953"
+      },
+      "ValidFrom": "2014-10-01 18:02:10",
+      "ValidTo": "2016-01-01 18:02:10",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "6108d3c4000000000004",
+      "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "TBS": {
+        "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+        "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+        "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+      },
+      "ValidFrom": "2011-06-27 21:22:45",
+      "ValidTo": "2026-06-27 21:32:45",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "SerialNumber": "3300000010a4912943d94ce62e000100000010",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/9ae39650-46fc-402d-a4dc-569ce8411039.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/9b6deeaf-b8bb-4f8e-a8b6-d174312fcb7f.md b/lolrmm.com/content/bootloaders/9b6deeaf-b8bb-4f8e-a8b6-d174312fcb7f.md
new file mode 100644
index 00000000..c6764112
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/9b6deeaf-b8bb-4f8e-a8b6-d174312fcb7f.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "9b6deeaf-b8bb-4f8e-a8b6-d174312fcb7f"
+weight = 10
+displayTitle = "rhel-7.9-20200730-shimia32.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# rhel-7.9-20200730-shimia32.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Red Hat, Inc. and revoked Apr-21
+- **UUID**: 9b6deeaf-b8bb-4f8e-a8b6-d174312fcb7f
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\rhel-7.9-20200730-shimia32.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372">CVE-2020-14372</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632">CVE-2020-25632</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647">CVE-2020-25647</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749">CVE-2020-27749</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779">CVE-2020-27779</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3418">CVE-2021-3418</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225">CVE-2021-20225</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233">CVE-2021-20233</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | rhel-7.9-20200730-shimia32.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [2CAD0B454397089723959FAAFC2DB5388C50DFD5C02319703BABA6F03654561C](https://www.virustotal.com/gui/file/2CAD0B454397089723959FAAFC2DB5388C50DFD5C02319703BABA6F03654561C) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [172FA584B4EEA5A5D4104FB0AC30EDE032CCD31CD2675D7003D79A2CD0C243E6](https://www.virustotal.com/gui/search/authentihash%253A172FA584B4EEA5A5D4104FB0AC30EDE032CCD31CD2675D7003D79A2CD0C243E6) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/9b6deeaf-b8bb-4f8e-a8b6-d174312fcb7f.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/9b9f7199-24ed-4372-8247-e420ab0b7937.md b/lolrmm.com/content/bootloaders/9b9f7199-24ed-4372-8247-e420ab0b7937.md
new file mode 100644
index 00000000..809ccd48
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/9b9f7199-24ed-4372-8247-e420ab0b7937.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "9b9f7199-24ed-4372-8247-e420ab0b7937"
+weight = 10
+displayTitle = "bootia32.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootia32.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 9b9f7199-24ed-4372-8247-e420ab0b7937
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootia32.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootia32.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [4E00B1C1CC2BFCB1FF2FDB4184D13CEA5A2617BACC3623C3DF52C50158065E73](https://www.virustotal.com/gui/file/4E00B1C1CC2BFCB1FF2FDB4184D13CEA5A2617BACC3623C3DF52C50158065E73) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [49465D4AD701642C7BCB5EF30A0807A3CD438AB42BF8D62D68038C3FCBBE8605](https://www.virustotal.com/gui/search/authentihash%253A49465D4AD701642C7BCB5EF30A0807A3CD438AB42BF8D62D68038C3FCBBE8605) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/9b9f7199-24ed-4372-8247-e420ab0b7937.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/9be3b201-fec5-4264-b56b-81d4535b4c9a.md b/lolrmm.com/content/bootloaders/9be3b201-fec5-4264-b56b-81d4535b4c9a.md
new file mode 100644
index 00000000..859aeea2
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/9be3b201-fec5-4264-b56b-81d4535b4c9a.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "9be3b201-fec5-4264-b56b-81d4535b4c9a"
+weight = 10
+displayTitle = "9be3b201-fec5-4264-b56b-81d4535b4c9a"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# 9be3b201-fec5-4264-b56b-81d4535b4c9a ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Intel Corporation and revoked Jul-20
+- **UUID**: 9be3b201-fec5-4264-b56b-81d4535b4c9a
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [CD0F9839C6CCBEC5CE38B882E1AB23C8AB44A8993E6B8A02026D8314EAC4EA4C](https://www.virustotal.com/gui/file/CD0F9839C6CCBEC5CE38B882E1AB23C8AB44A8993E6B8A02026D8314EAC4EA4C) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [29CCA4544EA330D61591C784695C149C6B040022AC7B5B89CBD72800D10840EA](https://www.virustotal.com/gui/search/authentihash%253A29CCA4544EA330D61591C784695C149C6B040022AC7B5B89CBD72800D10840EA) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/9be3b201-fec5-4264-b56b-81d4535b4c9a.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/9d219a02-b011-4466-8b2c-6fd725593454.md b/lolrmm.com/content/bootloaders/9d219a02-b011-4466-8b2c-6fd725593454.md
new file mode 100644
index 00000000..0fbb033b
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/9d219a02-b011-4466-8b2c-6fd725593454.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "9d219a02-b011-4466-8b2c-6fd725593454"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 9d219a02-b011-4466-8b2c-6fd725593454
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [4155DCEAAF889DE79ADB9B2130F1CF23AADD24080C2B2C1EC5F4C359C52A8D7D](https://www.virustotal.com/gui/file/4155DCEAAF889DE79ADB9B2130F1CF23AADD24080C2B2C1EC5F4C359C52A8D7D) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [7C7372A60D71E04879B8930C164944D96D3753E0A2924A31231D1D5FB97882F2](https://www.virustotal.com/gui/search/authentihash%253A7C7372A60D71E04879B8930C164944D96D3753E0A2924A31231D1D5FB97882F2) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/9d219a02-b011-4466-8b2c-6fd725593454.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/9d795efb-5f1e-4db5-920d-97de9ba77753.md b/lolrmm.com/content/bootloaders/9d795efb-5f1e-4db5-920d-97de9ba77753.md
new file mode 100644
index 00000000..d11e7238
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/9d795efb-5f1e-4db5-920d-97de9ba77753.md
@@ -0,0 +1,241 @@
++++
+
+description = ""
+title = "9d795efb-5f1e-4db5-920d-97de9ba77753"
+weight = 10
+displayTitle = "sbs.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# sbs.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Unknown and revoked Jul-20
+- **UUID**: 9d795efb-5f1e-4db5-920d-97de9ba77753
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/c73ed000259378b96a9c57c588fc6ef0.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\sbs.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | sbs.efi |
+| MD5                | [c73ed000259378b96a9c57c588fc6ef0](https://www.virustotal.com/gui/file/c73ed000259378b96a9c57c588fc6ef0) |
+| SHA1               | [66fe7992ab4da8a44c7b06a0b958faa9a293014b](https://www.virustotal.com/gui/file/66fe7992ab4da8a44c7b06a0b958faa9a293014b) |
+| SHA256             | [a1111555bfde8807746c8af73deceb4bdadc52dee87004e2ad7239c038687985](https://www.virustotal.com/gui/file/a1111555bfde8807746c8af73deceb4bdadc52dee87004e2ad7239c038687985) |
+| Authentihash MD5   | [2edaa19d0ac13a692d90ab976522966f](https://www.virustotal.com/gui/search/authentihash%253A2edaa19d0ac13a692d90ab976522966f) |
+| Authentihash SHA1  | [8aeae94deaffa792e788dbd6bdd27629f17e3f9d](https://www.virustotal.com/gui/search/authentihash%253A8aeae94deaffa792e788dbd6bdd27629f17e3f9d) |
+| Authentihash SHA256| [992d359aa7a5f789d268b94c11b9485a6b1ce64362b0edb4441ccc187c39647b](https://www.virustotal.com/gui/search/authentihash%253A992d359aa7a5f789d268b94c11b9485a6b1ce64362b0edb4441ccc187c39647b) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000002530b3d3726ee3f72f000100000025
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | a5052527524f4998a7bd87f396196fe8  |
+| ToBeSigned (TBS) SHA1             | 2374a3e4f0499d106f0e4d71a22f7b0e709847c0 |
+| ToBeSigned (TBS) SHA256           | f5b4992e0bd1b102ae9d5aeec4bd213f5dd042bd27b9a345ad336d2dda10a138 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher |
+| ValidFrom                         | 2017-08-11 20:20:00 |
+| ValidTo                           | 2018-08-11 20:20:00 |
+| Signature                         | 6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000002530b3d3726ee3f72f000100000025 |
+| Version                           | 3 |
+###### Certificate 6108d3c4000000000004
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 1f23e75a000f0b6db92650dc26ac98e1  |
+| ToBeSigned (TBS) SHA1             | bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d |
+| ToBeSigned (TBS) SHA256           | 9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011 |
+| ValidFrom                         | 2011-06-27 21:22:45 |
+| ValidTo                           | 2026-06-27 21:32:45 |
+| Signature                         | 350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 6108d3c4000000000004 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+      "Signature": "6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+      "TBS": {
+        "MD5": "a5052527524f4998a7bd87f396196fe8",
+        "SHA1": "2374a3e4f0499d106f0e4d71a22f7b0e709847c0",
+        "SHA256": "f5b4992e0bd1b102ae9d5aeec4bd213f5dd042bd27b9a345ad336d2dda10a138"
+      },
+      "ValidFrom": "2017-08-11 20:20:00",
+      "ValidTo": "2018-08-11 20:20:00",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "6108d3c4000000000004",
+      "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "TBS": {
+        "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+        "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+        "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+      },
+      "ValidFrom": "2011-06-27 21:22:45",
+      "ValidTo": "2026-06-27 21:32:45",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/9d795efb-5f1e-4db5-920d-97de9ba77753.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/9e382fdf-568a-4b81-b4ce-58c25f3b2d80.md b/lolrmm.com/content/bootloaders/9e382fdf-568a-4b81-b4ce-58c25f3b2d80.md
new file mode 100644
index 00000000..4996746b
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/9e382fdf-568a-4b81-b4ce-58c25f3b2d80.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "9e382fdf-568a-4b81-b4ce-58c25f3b2d80"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 9e382fdf-568a-4b81-b4ce-58c25f3b2d80
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8">Black Lotus Microsoft Windows 8</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [CB5C370B7BDC87A2153425852F477916BA3B13E4C62EA419AD93DBDD34780BEC](https://www.virustotal.com/gui/file/CB5C370B7BDC87A2153425852F477916BA3B13E4C62EA419AD93DBDD34780BEC) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [9A22818E84CA5CDEC6F7FDF0A10B9FF230A53A5C18F4E9179C90A3FD268CD622](https://www.virustotal.com/gui/search/authentihash%253A9A22818E84CA5CDEC6F7FDF0A10B9FF230A53A5C18F4E9179C90A3FD268CD622) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/9e382fdf-568a-4b81-b4ce-58c25f3b2d80.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/9f95756f-dfcf-48ae-9c0c-8d99f4894e28.md b/lolrmm.com/content/bootloaders/9f95756f-dfcf-48ae-9c0c-8d99f4894e28.md
new file mode 100644
index 00000000..620ad194
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/9f95756f-dfcf-48ae-9c0c-8d99f4894e28.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "9f95756f-dfcf-48ae-9c0c-8d99f4894e28"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: 9f95756f-dfcf-48ae-9c0c-8d99f4894e28
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/8000831e91c318757fa911d4c879dc02.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [8000831e91c318757fa911d4c879dc02](https://www.virustotal.com/gui/file/8000831e91c318757fa911d4c879dc02) |
+| SHA1               | [d88ac2154cd473d25c41be40bcca918158badf94](https://www.virustotal.com/gui/file/d88ac2154cd473d25c41be40bcca918158badf94) |
+| SHA256             | [59e4fa86b1c3bb7df3cdb79a17ec36af9ad12e153172f6d8e662fcfb9dbb37d5](https://www.virustotal.com/gui/file/59e4fa86b1c3bb7df3cdb79a17ec36af9ad12e153172f6d8e662fcfb9dbb37d5) |
+| Authentihash MD5   | [2298078eaeda24a91219936dfb897e5b](https://www.virustotal.com/gui/search/authentihash%253A2298078eaeda24a91219936dfb897e5b) |
+| Authentihash SHA1  | [23760cf7521a929e9bfcaa5591ad186a18f91f87](https://www.virustotal.com/gui/search/authentihash%253A23760cf7521a929e9bfcaa5591ad186a18f91f87) |
+| Authentihash SHA256| [ce65c29521cd8498fad962e5f70d55c5044366ec09c761a60cc7c4a2001776a4](https://www.virustotal.com/gui/search/authentihash%253Ace65c29521cd8498fad962e5f70d55c5044366ec09c761a60cc7c4a2001776a4) |
+| RichPEHeaderHash MD5   | [420a1a5671848b2653305add8102a14f](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A420a1a5671848b2653305add8102a14f) |
+| RichPEHeaderHash SHA1  | [114d1b38b6213056c957863df20adfa4d8e5d3a1](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A114d1b38b6213056c957863df20adfa4d8e5d3a1) |
+| RichPEHeaderHash SHA256| [20a649595bb060b7fabbd48e91fff890b90f378cbbdcf05d770a881393fa42fa](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A20a649595bb060b7fabbd48e91fff890b90f378cbbdcf05d770a881393fa42fa) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000004ea1d80770a9bbe94400000000004e
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 9da610547a25cbe89af7ecdb99229623  |
+| ToBeSigned (TBS) SHA1             | 6841cbcbd019586d045c2e9d6d0bc3a98fee3bf7 |
+| ToBeSigned (TBS) SHA256           | 1cfead8146399a4dfe6759e9303c30c521cff3830e7177e87e64021dc3da4931 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2014-07-01 20:32:01 |
+| ValidTo                           | 2015-10-01 20:32:01 |
+| Signature                         | 8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000004ea1d80770a9bbe94400000000004e |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+      "Signature": "8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "9da610547a25cbe89af7ecdb99229623",
+        "SHA1": "6841cbcbd019586d045c2e9d6d0bc3a98fee3bf7",
+        "SHA256": "1cfead8146399a4dfe6759e9303c30c521cff3830e7177e87e64021dc3da4931"
+      },
+      "ValidFrom": "2014-07-01 20:32:01",
+      "ValidTo": "2015-10-01 20:32:01",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/9f95756f-dfcf-48ae-9c0c-8d99f4894e28.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/a1062c3c-45c5-4c75-bbd2-d744c8e3fcb8.md b/lolrmm.com/content/bootloaders/a1062c3c-45c5-4c75-bbd2-d744c8e3fcb8.md
new file mode 100644
index 00000000..f1767ab9
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/a1062c3c-45c5-4c75-bbd2-d744c8e3fcb8.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "a1062c3c-45c5-4c75-bbd2-d744c8e3fcb8"
+weight = 10
+displayTitle = "rhel-8.3-20200730-shimia32.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# rhel-8.3-20200730-shimia32.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Red Hat, Inc. and revoked Apr-21
+- **UUID**: a1062c3c-45c5-4c75-bbd2-d744c8e3fcb8
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\rhel-8.3-20200730-shimia32.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372">CVE-2020-14372</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632">CVE-2020-25632</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647">CVE-2020-25647</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749">CVE-2020-27749</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779">CVE-2020-27779</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3418">CVE-2021-3418</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225">CVE-2021-20225</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233">CVE-2021-20233</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | rhel-8.3-20200730-shimia32.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [A1DD22421CC934E050572520A026985AE8C5FC5AD73816510713F1E1D4DFF575](https://www.virustotal.com/gui/file/A1DD22421CC934E050572520A026985AE8C5FC5AD73816510713F1E1D4DFF575) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [01E2DA8EC5A6929DDBBBEB2E9807586FACDDCA6A7EF62BFEBB581BDC2D7274D6](https://www.virustotal.com/gui/search/authentihash%253A01E2DA8EC5A6929DDBBBEB2E9807586FACDDCA6A7EF62BFEBB581BDC2D7274D6) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/a1062c3c-45c5-4c75-bbd2-d744c8e3fcb8.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/a1a3ef63-ac2d-4613-8918-5bcfd1fc3e40.md b/lolrmm.com/content/bootloaders/a1a3ef63-ac2d-4613-8918-5bcfd1fc3e40.md
new file mode 100644
index 00000000..fa8ffbee
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/a1a3ef63-ac2d-4613-8918-5bcfd1fc3e40.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "a1a3ef63-ac2d-4613-8918-5bcfd1fc3e40"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: a1a3ef63-ac2d-4613-8918-5bcfd1fc3e40
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8">Black Lotus Microsoft Windows 8</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [9A395E7EAB9E7976B1C30EC651B05658D780897BEBAB8A664C6091742E592E7B](https://www.virustotal.com/gui/file/9A395E7EAB9E7976B1C30EC651B05658D780897BEBAB8A664C6091742E592E7B) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [250AE0BA860D6D46894491D630D58B1CA008F695C92CE2084A295486F71F985B](https://www.virustotal.com/gui/search/authentihash%253A250AE0BA860D6D46894491D630D58B1CA008F695C92CE2084A295486F71F985B) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/a1a3ef63-ac2d-4613-8918-5bcfd1fc3e40.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/a205120a-b99d-4e65-a96d-b8092539c1d7.md b/lolrmm.com/content/bootloaders/a205120a-b99d-4e65-a96d-b8092539c1d7.md
new file mode 100644
index 00000000..124528ea
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/a205120a-b99d-4e65-a96d-b8092539c1d7.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "a205120a-b99d-4e65-a96d-b8092539c1d7"
+weight = 10
+displayTitle = "BOOTX64.EFI"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# BOOTX64.EFI ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Red Hat Inc. and revoked Jul-20
+- **UUID**: a205120a-b99d-4e65-a96d-b8092539c1d7
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\BOOTX64.EFI } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | BOOTX64.EFI |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [0CE7F3FEC8BBB04E182027DD6800B7993E9F14EB579504DDECDD2F06294D7739](https://www.virustotal.com/gui/file/0CE7F3FEC8BBB04E182027DD6800B7993E9F14EB579504DDECDD2F06294D7739) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [0C51D7906FC4931149765DA88682426B2CFE9E6AA4F27253EAB400111432E3A7](https://www.virustotal.com/gui/search/authentihash%253A0C51D7906FC4931149765DA88682426B2CFE9E6AA4F27253EAB400111432E3A7) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/a205120a-b99d-4e65-a96d-b8092539c1d7.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/a24fcdef-7393-4141-ae9a-f97fce196c35.md b/lolrmm.com/content/bootloaders/a24fcdef-7393-4141-ae9a-f97fce196c35.md
new file mode 100644
index 00000000..ae35171d
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/a24fcdef-7393-4141-ae9a-f97fce196c35.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "a24fcdef-7393-4141-ae9a-f97fce196c35"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: a24fcdef-7393-4141-ae9a-f97fce196c35
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [98A4F01BD9D8A039C669C2AF9082A0EEFBCEABEA4C739E05A1D0C59C5D851AD1](https://www.virustotal.com/gui/file/98A4F01BD9D8A039C669C2AF9082A0EEFBCEABEA4C739E05A1D0C59C5D851AD1) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [71B601EE3746DA7177726DB84F5B417C9721583D2D88AD857BF368A54FF76BFA](https://www.virustotal.com/gui/search/authentihash%253A71B601EE3746DA7177726DB84F5B417C9721583D2D88AD857BF368A54FF76BFA) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/a24fcdef-7393-4141-ae9a-f97fce196c35.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/a252e6fc-a0e5-46b7-ae78-c11ac44dfecc.md b/lolrmm.com/content/bootloaders/a252e6fc-a0e5-46b7-ae78-c11ac44dfecc.md
new file mode 100644
index 00000000..df8d74a7
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/a252e6fc-a0e5-46b7-ae78-c11ac44dfecc.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "a252e6fc-a0e5-46b7-ae78-c11ac44dfecc"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: a252e6fc-a0e5-46b7-ae78-c11ac44dfecc
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/3827b6fa1f4022001328be9d79e33b18.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [3827b6fa1f4022001328be9d79e33b18](https://www.virustotal.com/gui/file/3827b6fa1f4022001328be9d79e33b18) |
+| SHA1               | [3b0ef33281ba05d9d9259b1fd44bf5d43e5187a4](https://www.virustotal.com/gui/file/3b0ef33281ba05d9d9259b1fd44bf5d43e5187a4) |
+| SHA256             | [3927727eb2435b28d2cf0ce1757e72ce3e92a86362b87120040c744c1c08bce9](https://www.virustotal.com/gui/file/3927727eb2435b28d2cf0ce1757e72ce3e92a86362b87120040c744c1c08bce9) |
+| Authentihash MD5   | [d9a85920d99763cc28d796c77094f958](https://www.virustotal.com/gui/search/authentihash%253Ad9a85920d99763cc28d796c77094f958) |
+| Authentihash SHA1  | [932efcc1a062376a53c14b3fad8f6bf34b96524f](https://www.virustotal.com/gui/search/authentihash%253A932efcc1a062376a53c14b3fad8f6bf34b96524f) |
+| Authentihash SHA256| [50871141459a21faba3dbbf63da5aac8863fa3d8a9891f182ed72e3a74b64fdc](https://www.virustotal.com/gui/search/authentihash%253A50871141459a21faba3dbbf63da5aac8863fa3d8a9891f182ed72e3a74b64fdc) |
+| RichPEHeaderHash MD5   | [aaf18af925d829095e017c505f1a0039](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Aaaf18af925d829095e017c505f1a0039) |
+| RichPEHeaderHash SHA1  | [c3d13f7d96127a3b16c7a8c0a3dd98fd9f22c3cf](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Ac3d13f7d96127a3b16c7a8c0a3dd98fd9f22c3cf) |
+| RichPEHeaderHash SHA256| [05367ecae4cf78cc575048fb931468b1d210df8c38ff8ca05481124b1a1a6917](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A05367ecae4cf78cc575048fb931468b1d210df8c38ff8ca05481124b1a1a6917) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000038db0bfe1b0ca33b3d400000000038d
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 74a1035aa6d38ec0a7a35a6d143cc612  |
+| ToBeSigned (TBS) SHA1             | 62c5627f7d38759edce84eace5ae41fc7a54d6f8 |
+| ToBeSigned (TBS) SHA256           | b6319137740477c564fb2beb1d50929a333f092aa362ce5129085a2c9d4bf489 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2022-05-05 19:23:15 |
+| ValidTo                           | 2023-05-04 19:23:15 |
+| Signature                         | 7aa4402e28e909a6f7ff198a87c8f546fd868da5adf65529e8ced9b8ff16f56d03704671b64454a21437cdc6b47d83ea130e55b30ed223fda526676f6034a0d649e924cdf96d3c26386378d2ab91da329e3ddecbfe21c7f32764df6409a7f82f67c90ab5d9d7c167376487b3579fc1d99201098d2124f91f6558fb03285a49159fcc6d6ff6f8bbbc51f5209689963bebbc504c08089fa7c13e3bbae4f3c77a3a083548f8c95a1504b66fd5cfa658f9353ca231fd085e94f9bdb9bf68e302cae1bb6d483f97b5d4a2d26486fcab72ebe5fd0b555066edd3d894531f836130e309ccf4e98d1b44950efb0812a2190d4b0df3c5bf7ee8123a1d57410cd797dc0ccf |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000038db0bfe1b0ca33b3d400000000038d |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000038db0bfe1b0ca33b3d400000000038d",
+      "Signature": "7aa4402e28e909a6f7ff198a87c8f546fd868da5adf65529e8ced9b8ff16f56d03704671b64454a21437cdc6b47d83ea130e55b30ed223fda526676f6034a0d649e924cdf96d3c26386378d2ab91da329e3ddecbfe21c7f32764df6409a7f82f67c90ab5d9d7c167376487b3579fc1d99201098d2124f91f6558fb03285a49159fcc6d6ff6f8bbbc51f5209689963bebbc504c08089fa7c13e3bbae4f3c77a3a083548f8c95a1504b66fd5cfa658f9353ca231fd085e94f9bdb9bf68e302cae1bb6d483f97b5d4a2d26486fcab72ebe5fd0b555066edd3d894531f836130e309ccf4e98d1b44950efb0812a2190d4b0df3c5bf7ee8123a1d57410cd797dc0ccf",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "74a1035aa6d38ec0a7a35a6d143cc612",
+        "SHA1": "62c5627f7d38759edce84eace5ae41fc7a54d6f8",
+        "SHA256": "b6319137740477c564fb2beb1d50929a333f092aa362ce5129085a2c9d4bf489"
+      },
+      "ValidFrom": "2022-05-05 19:23:15",
+      "ValidTo": "2023-05-04 19:23:15",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "330000038db0bfe1b0ca33b3d400000000038d",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/a252e6fc-a0e5-46b7-ae78-c11ac44dfecc.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/a280d6df-a426-4031-8dc8-31473975f92b.md b/lolrmm.com/content/bootloaders/a280d6df-a426-4031-8dc8-31473975f92b.md
new file mode 100644
index 00000000..a9ae88fd
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/a280d6df-a426-4031-8dc8-31473975f92b.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "a280d6df-a426-4031-8dc8-31473975f92b"
+weight = 10
+displayTitle = "a280d6df-a426-4031-8dc8-31473975f92b"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# a280d6df-a426-4031-8dc8-31473975f92b ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Unknown and revoked Jul-20
+- **UUID**: a280d6df-a426-4031-8dc8-31473975f92b
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [EC16CFB5AE2297154394D9AB6B5B749DCE676404486D72A44064CD9A716EC1F9](https://www.virustotal.com/gui/file/EC16CFB5AE2297154394D9AB6B5B749DCE676404486D72A44064CD9A716EC1F9) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [BB01DA0333BB639C7E1C806DB0561DC98A5316F22FEF1090FB8D0BE46DAE499A](https://www.virustotal.com/gui/search/authentihash%253ABB01DA0333BB639C7E1C806DB0561DC98A5316F22FEF1090FB8D0BE46DAE499A) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/a280d6df-a426-4031-8dc8-31473975f92b.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/a2a7bdd7-c7bd-4195-97d5-a7b127691dfe.md b/lolrmm.com/content/bootloaders/a2a7bdd7-c7bd-4195-97d5-a7b127691dfe.md
new file mode 100644
index 00000000..8a0bdd89
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/a2a7bdd7-c7bd-4195-97d5-a7b127691dfe.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "a2a7bdd7-c7bd-4195-97d5-a7b127691dfe"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: a2a7bdd7-c7bd-4195-97d5-a7b127691dfe
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [DE1CB8E571EEF26A3C4BABCEC97BA41894AE9DE7528A35BFF5FDDFF5C025CEED](https://www.virustotal.com/gui/file/DE1CB8E571EEF26A3C4BABCEC97BA41894AE9DE7528A35BFF5FDDFF5C025CEED) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [5348075329A1087EBB689FCFC775304B09C6786A523F83E7BB90E26DE0E61FF7](https://www.virustotal.com/gui/search/authentihash%253A5348075329A1087EBB689FCFC775304B09C6786A523F83E7BB90E26DE0E61FF7) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/a2a7bdd7-c7bd-4195-97d5-a7b127691dfe.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/a2e0c2d5-a9f3-43f2-83f0-41235cae223d.md b/lolrmm.com/content/bootloaders/a2e0c2d5-a9f3-43f2-83f0-41235cae223d.md
new file mode 100644
index 00000000..5608c602
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/a2e0c2d5-a9f3-43f2-83f0-41235cae223d.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "a2e0c2d5-a9f3-43f2-83f0-41235cae223d"
+weight = 10
+displayTitle = "rhel-7.9-shim-20200726-shimia32.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# rhel-7.9-shim-20200726-shimia32.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Red Hat, Inc. and revoked Apr-21
+- **UUID**: a2e0c2d5-a9f3-43f2-83f0-41235cae223d
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\rhel-7.9-shim-20200726-shimia32.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372">CVE-2020-14372</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632">CVE-2020-25632</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647">CVE-2020-25647</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749">CVE-2020-27749</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779">CVE-2020-27779</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3418">CVE-2021-3418</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225">CVE-2021-20225</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233">CVE-2021-20233</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | rhel-7.9-shim-20200726-shimia32.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [DEF0CE090F4C6B203C317558D43D015427311475231E8CE9B2E00AC0C18D3922](https://www.virustotal.com/gui/file/DEF0CE090F4C6B203C317558D43D015427311475231E8CE9B2E00AC0C18D3922) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [2629AE14B467DA5DF8E9EB6F1ADC1A9F50A78DBC3C246271C8530D0D35997A4C](https://www.virustotal.com/gui/search/authentihash%253A2629AE14B467DA5DF8E9EB6F1ADC1A9F50A78DBC3C246271C8530D0D35997A4C) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/a2e0c2d5-a9f3-43f2-83f0-41235cae223d.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/a34d1cd4-ad9d-4dda-8e4e-ac86e42a6d92.md b/lolrmm.com/content/bootloaders/a34d1cd4-ad9d-4dda-8e4e-ac86e42a6d92.md
new file mode 100644
index 00000000..b2d5a187
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/a34d1cd4-ad9d-4dda-8e4e-ac86e42a6d92.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "a34d1cd4-ad9d-4dda-8e4e-ac86e42a6d92"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: a34d1cd4-ad9d-4dda-8e4e-ac86e42a6d92
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [331A6D1D07B7A19AB36312AB8303C9FA5B5D2628B6EF5C593846B6F4B824059F](https://www.virustotal.com/gui/file/331A6D1D07B7A19AB36312AB8303C9FA5B5D2628B6EF5C593846B6F4B824059F) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [DF6EC4F50BE2A4B7657F0397BED483BE143A18883615800A65A64B7E84D9B858](https://www.virustotal.com/gui/search/authentihash%253ADF6EC4F50BE2A4B7657F0397BED483BE143A18883615800A65A64B7E84D9B858) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/a34d1cd4-ad9d-4dda-8e4e-ac86e42a6d92.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/a3bbd629-976b-4804-b5ea-2e62ee592092.md b/lolrmm.com/content/bootloaders/a3bbd629-976b-4804-b5ea-2e62ee592092.md
new file mode 100644
index 00000000..b0c929fd
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/a3bbd629-976b-4804-b5ea-2e62ee592092.md
@@ -0,0 +1,241 @@
++++
+
+description = ""
+title = "a3bbd629-976b-4804-b5ea-2e62ee592092"
+weight = 10
+displayTitle = "bootx64.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootx64.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by SEAGATE Technology and revoked Jul-20
+- **UUID**: a3bbd629-976b-4804-b5ea-2e62ee592092
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/ca747f0a7e1bcbc51cf4f9cd2a17f9a5.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootx64.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootx64.efi |
+| MD5                | [ca747f0a7e1bcbc51cf4f9cd2a17f9a5](https://www.virustotal.com/gui/file/ca747f0a7e1bcbc51cf4f9cd2a17f9a5) |
+| SHA1               | [41686992e3e8fc975674d5134909975b66b54a38](https://www.virustotal.com/gui/file/41686992e3e8fc975674d5134909975b66b54a38) |
+| SHA256             | [777adc7e8a3e1422b3fc9c10ce31e996c057fe801a5292f0902bd5c5365e7287](https://www.virustotal.com/gui/file/777adc7e8a3e1422b3fc9c10ce31e996c057fe801a5292f0902bd5c5365e7287) |
+| Authentihash MD5   | [370b63db6afc64b05feadcbffb223da4](https://www.virustotal.com/gui/search/authentihash%253A370b63db6afc64b05feadcbffb223da4) |
+| Authentihash SHA1  | [e9449d88a4154e0d1bfda7986c089f743b00e9ed](https://www.virustotal.com/gui/search/authentihash%253Ae9449d88a4154e0d1bfda7986c089f743b00e9ed) |
+| Authentihash SHA256| [95049f0e4137c790b0d2767195e56f73807d123adcf8f6e7bf2d4d991d305f89](https://www.virustotal.com/gui/search/authentihash%253A95049f0e4137c790b0d2767195e56f73807d123adcf8f6e7bf2d4d991d305f89) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 33000000081eb17e9c15fc837a000100000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | c5e24205d04c09c94d81b6935af7ec09  |
+| ToBeSigned (TBS) SHA1             | 12622dccb5b07edfd65cae6fc018e24b80ff2c82 |
+| ToBeSigned (TBS) SHA256           | d6afbff1c283d7777501bd3b2adb4aadb8ce32649ee401dfbb06f884362f7507 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher |
+| ValidFrom                         | 2012-07-02 22:25:14 |
+| ValidTo                           | 2013-10-02 22:25:14 |
+| Signature                         | 840831439e4e63e88d00e1b0c0678d70bb89f466e9027ab28177926d5def8175b3240e729f943f1e6bd94a0f27c92e696a5001c0747f6bf7574c09e8485a5eb6d7024244ddd73236c28e9dfad58ec5098b74516234232552d9230c1d0ddae73108b0a0144bd9e9265dac56ebdcce7512cf3627a6858d41876ede19d35e0e27957a6896aae9ea150098327450fe7c72385aac6feff0616b3d066cd0be7e5a537bb18488c67db9f0731c30ac7918fe977b4250ffbfbeea81e1ba3b8a0305b9374f0d22453781cc5823b5faad5e50e84306381f83382fe0ed8b176a9c9ff1868cc6543e7f12b1f112adc62430fd1ba530d877a290f0d2e09eacce07ed37ec439c25 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 33000000081eb17e9c15fc837a000100000008 |
+| Version                           | 3 |
+###### Certificate 6108d3c4000000000004
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 1f23e75a000f0b6db92650dc26ac98e1  |
+| ToBeSigned (TBS) SHA1             | bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d |
+| ToBeSigned (TBS) SHA256           | 9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011 |
+| ValidFrom                         | 2011-06-27 21:22:45 |
+| ValidTo                           | 2026-06-27 21:32:45 |
+| Signature                         | 350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 6108d3c4000000000004 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "33000000081eb17e9c15fc837a000100000008",
+      "Signature": "840831439e4e63e88d00e1b0c0678d70bb89f466e9027ab28177926d5def8175b3240e729f943f1e6bd94a0f27c92e696a5001c0747f6bf7574c09e8485a5eb6d7024244ddd73236c28e9dfad58ec5098b74516234232552d9230c1d0ddae73108b0a0144bd9e9265dac56ebdcce7512cf3627a6858d41876ede19d35e0e27957a6896aae9ea150098327450fe7c72385aac6feff0616b3d066cd0be7e5a537bb18488c67db9f0731c30ac7918fe977b4250ffbfbeea81e1ba3b8a0305b9374f0d22453781cc5823b5faad5e50e84306381f83382fe0ed8b176a9c9ff1868cc6543e7f12b1f112adc62430fd1ba530d877a290f0d2e09eacce07ed37ec439c25",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+      "TBS": {
+        "MD5": "c5e24205d04c09c94d81b6935af7ec09",
+        "SHA1": "12622dccb5b07edfd65cae6fc018e24b80ff2c82",
+        "SHA256": "d6afbff1c283d7777501bd3b2adb4aadb8ce32649ee401dfbb06f884362f7507"
+      },
+      "ValidFrom": "2012-07-02 22:25:14",
+      "ValidTo": "2013-10-02 22:25:14",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "6108d3c4000000000004",
+      "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "TBS": {
+        "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+        "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+        "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+      },
+      "ValidFrom": "2011-06-27 21:22:45",
+      "ValidTo": "2026-06-27 21:32:45",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "SerialNumber": "33000000081eb17e9c15fc837a000100000008",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/a3bbd629-976b-4804-b5ea-2e62ee592092.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/a434e53e-5631-4181-bd2e-47c546370f7b.md b/lolrmm.com/content/bootloaders/a434e53e-5631-4181-bd2e-47c546370f7b.md
new file mode 100644
index 00000000..be5e51d3
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/a434e53e-5631-4181-bd2e-47c546370f7b.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "a434e53e-5631-4181-bd2e-47c546370f7b"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: a434e53e-5631-4181-bd2e-47c546370f7b
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/7c2bf377d0edb86f010d202d48024145.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8">Black Lotus Microsoft Windows 8</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [7c2bf377d0edb86f010d202d48024145](https://www.virustotal.com/gui/file/7c2bf377d0edb86f010d202d48024145) |
+| SHA1               | [5dd4309442a74a780e3e099f0625b1eed2e54c25](https://www.virustotal.com/gui/file/5dd4309442a74a780e3e099f0625b1eed2e54c25) |
+| SHA256             | [ec89ddd37880430cd5242f5f15d13f4cf699f50dbe04643e5b70093631608204](https://www.virustotal.com/gui/file/ec89ddd37880430cd5242f5f15d13f4cf699f50dbe04643e5b70093631608204) |
+| Authentihash MD5   | [6d00124e9f1f50bf046eb6e5151c9e97](https://www.virustotal.com/gui/search/authentihash%253A6d00124e9f1f50bf046eb6e5151c9e97) |
+| Authentihash SHA1  | [2121406a967bcc56cfb20b53b60f255d950862d5](https://www.virustotal.com/gui/search/authentihash%253A2121406a967bcc56cfb20b53b60f255d950862d5) |
+| Authentihash SHA256| [f51bc0b8fce1bae71b76cb3ade28b712669d4e938fd37c9f5872493acc25fae1](https://www.virustotal.com/gui/search/authentihash%253Af51bc0b8fce1bae71b76cb3ade28b712669d4e938fd37c9f5872493acc25fae1) |
+| RichPEHeaderHash MD5   | [a387b0075e977009a7bb74d24fc388de](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Aa387b0075e977009a7bb74d24fc388de) |
+| RichPEHeaderHash SHA1  | [345e019b25904c911be9e3b6a9e2b0bb18652b04](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A345e019b25904c911be9e3b6a9e2b0bb18652b04) |
+| RichPEHeaderHash SHA256| [e04ed5674c66abbab401efb6e21e2481d4cbc485e5c8a6d34419bd7c8cc9fdad](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Ae04ed5674c66abbab401efb6e21e2481d4cbc485e5c8a6d34419bd7c8cc9fdad) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 610bbbd8000000000005
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 158438012e4dcd69b27b762c9358cfa2  |
+| ToBeSigned (TBS) SHA1             | 684ac167849404a4101f166b759f291a43d5f749 |
+| ToBeSigned (TBS) SHA256           | 95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2012-04-09 20:55:50 |
+| ValidTo                           | 2013-07-09 20:55:50 |
+| Signature                         | c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 610bbbd8000000000005 |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "610bbbd8000000000005",
+      "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "158438012e4dcd69b27b762c9358cfa2",
+        "SHA1": "684ac167849404a4101f166b759f291a43d5f749",
+        "SHA256": "95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c"
+      },
+      "ValidFrom": "2012-04-09 20:55:50",
+      "ValidTo": "2013-07-09 20:55:50",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "610bbbd8000000000005",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/a434e53e-5631-4181-bd2e-47c546370f7b.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/a4e079d3-3919-4c47-84ba-9a7d7d1acbe0.md b/lolrmm.com/content/bootloaders/a4e079d3-3919-4c47-84ba-9a7d7d1acbe0.md
new file mode 100644
index 00000000..e0bb8d9b
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/a4e079d3-3919-4c47-84ba-9a7d7d1acbe0.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "a4e079d3-3919-4c47-84ba-9a7d7d1acbe0"
+weight = 10
+displayTitle = "a4e079d3-3919-4c47-84ba-9a7d7d1acbe0"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# a4e079d3-3919-4c47-84ba-9a7d7d1acbe0 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Intel Corporation and revoked Jul-20
+- **UUID**: a4e079d3-3919-4c47-84ba-9a7d7d1acbe0
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [D8E8197BB6CB93157BAE6B4E63EFFA60BB49628DEBB6F771F154C229F4205DB3](https://www.virustotal.com/gui/file/D8E8197BB6CB93157BAE6B4E63EFFA60BB49628DEBB6F771F154C229F4205DB3) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [D372C0D0F4FDC9F52E9E1F23FC56EE72414A17F350D0CEA6C26A35A6C3217A13](https://www.virustotal.com/gui/search/authentihash%253AD372C0D0F4FDC9F52E9E1F23FC56EE72414A17F350D0CEA6C26A35A6C3217A13) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/a4e079d3-3919-4c47-84ba-9a7d7d1acbe0.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/a4e64b6f-16b8-43db-af2f-c77daf3f0ca9.md b/lolrmm.com/content/bootloaders/a4e64b6f-16b8-43db-af2f-c77daf3f0ca9.md
new file mode 100644
index 00000000..59856f1c
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/a4e64b6f-16b8-43db-af2f-c77daf3f0ca9.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "a4e64b6f-16b8-43db-af2f-c77daf3f0ca9"
+weight = 10
+displayTitle = "a4e64b6f-16b8-43db-af2f-c77daf3f0ca9"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# a4e64b6f-16b8-43db-af2f-c77daf3f0ca9 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by SUSE Linux and revoked Jul-20
+- **UUID**: a4e64b6f-16b8-43db-af2f-c77daf3f0ca9
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [D84AE3F1BB7B2F2C41B986E473AD424CF6F1D136B4E91AA5F73824737169D820](https://www.virustotal.com/gui/file/D84AE3F1BB7B2F2C41B986E473AD424CF6F1D136B4E91AA5F73824737169D820) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [E39891F48BBCC593B8ED86CE82CE666FC1145B9FCBFD2B07BAD0A89BF4C7BFBF](https://www.virustotal.com/gui/search/authentihash%253AE39891F48BBCC593B8ED86CE82CE666FC1145B9FCBFD2B07BAD0A89BF4C7BFBF) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/a4e64b6f-16b8-43db-af2f-c77daf3f0ca9.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/a544e544-0e7e-4fcc-9195-e10564ba5674.md b/lolrmm.com/content/bootloaders/a544e544-0e7e-4fcc-9195-e10564ba5674.md
new file mode 100644
index 00000000..d1123d1b
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/a544e544-0e7e-4fcc-9195-e10564ba5674.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "a544e544-0e7e-4fcc-9195-e10564ba5674"
+weight = 10
+displayTitle = "a544e544-0e7e-4fcc-9195-e10564ba5674"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# a544e544-0e7e-4fcc-9195-e10564ba5674 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by SUSE Linux and revoked Jul-20
+- **UUID**: a544e544-0e7e-4fcc-9195-e10564ba5674
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [3D3434BC5A18F072D4CF59D5651F9CE05B61B6FC3C21EBBCF371777AA1E1E1D5](https://www.virustotal.com/gui/file/3D3434BC5A18F072D4CF59D5651F9CE05B61B6FC3C21EBBCF371777AA1E1E1D5) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [7F49CCB309323B1C7AB11C93C955B8C744F0A2B75C311F495E18906070500027](https://www.virustotal.com/gui/search/authentihash%253A7F49CCB309323B1C7AB11C93C955B8C744F0A2B75C311F495E18906070500027) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/a544e544-0e7e-4fcc-9195-e10564ba5674.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/a6597859-17b0-44f9-b8d8-493a0ff20ed9.md b/lolrmm.com/content/bootloaders/a6597859-17b0-44f9-b8d8-493a0ff20ed9.md
new file mode 100644
index 00000000..55167e43
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/a6597859-17b0-44f9-b8d8-493a0ff20ed9.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "a6597859-17b0-44f9-b8d8-493a0ff20ed9"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: a6597859-17b0-44f9-b8d8-493a0ff20ed9
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [E23336EB1176965193B9733A01F8B7329DFF26D191EF427DC06ED89DD439C615](https://www.virustotal.com/gui/file/E23336EB1176965193B9733A01F8B7329DFF26D191EF427DC06ED89DD439C615) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [9E08464CEF9931473C384DB77278997AE92D50368C8D2B9D6AEA6E3323A2BBE7](https://www.virustotal.com/gui/search/authentihash%253A9E08464CEF9931473C384DB77278997AE92D50368C8D2B9D6AEA6E3323A2BBE7) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/a6597859-17b0-44f9-b8d8-493a0ff20ed9.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/a74084e3-94b3-4674-99c8-e314f7f6241f.md b/lolrmm.com/content/bootloaders/a74084e3-94b3-4674-99c8-e314f7f6241f.md
new file mode 100644
index 00000000..65d86392
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/a74084e3-94b3-4674-99c8-e314f7f6241f.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "a74084e3-94b3-4674-99c8-e314f7f6241f"
+weight = 10
+displayTitle = "a74084e3-94b3-4674-99c8-e314f7f6241f"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# a74084e3-94b3-4674-99c8-e314f7f6241f ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by SUSE Linux and revoked Jul-20
+- **UUID**: a74084e3-94b3-4674-99c8-e314f7f6241f
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [957D8826BEE05DFEA66994C237E61BD70CC0115CC176E1D931F1D892C6C16814](https://www.virustotal.com/gui/file/957D8826BEE05DFEA66994C237E61BD70CC0115CC176E1D931F1D892C6C16814) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [367A31E5838831AD2C074647886A6CDFF217E6B1BA910BFF85DC7A87AE9B5E98](https://www.virustotal.com/gui/search/authentihash%253A367A31E5838831AD2C074647886A6CDFF217E6B1BA910BFF85DC7A87AE9B5E98) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/a74084e3-94b3-4674-99c8-e314f7f6241f.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/a77872f7-4890-473d-887f-bfd93f46641d.md b/lolrmm.com/content/bootloaders/a77872f7-4890-473d-887f-bfd93f46641d.md
new file mode 100644
index 00000000..f2111d14
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/a77872f7-4890-473d-887f-bfd93f46641d.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "a77872f7-4890-473d-887f-bfd93f46641d"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: a77872f7-4890-473d-887f-bfd93f46641d
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/6514d19c16df6d0d9cf75bba91350dcc.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [6514d19c16df6d0d9cf75bba91350dcc](https://www.virustotal.com/gui/file/6514d19c16df6d0d9cf75bba91350dcc) |
+| SHA1               | [c3f69560b62f619f851df687c0adb2fa35cc0160](https://www.virustotal.com/gui/file/c3f69560b62f619f851df687c0adb2fa35cc0160) |
+| SHA256             | [3bc9ed257486b68fac5899eaa19732a1340d06c8baf4b0ff53c7f5c052e6470f](https://www.virustotal.com/gui/file/3bc9ed257486b68fac5899eaa19732a1340d06c8baf4b0ff53c7f5c052e6470f) |
+| Authentihash MD5   | [f5eca8462be6c481c75ec3955b47c4f8](https://www.virustotal.com/gui/search/authentihash%253Af5eca8462be6c481c75ec3955b47c4f8) |
+| Authentihash SHA1  | [45e97d3cfb90ad162fa8f5a14ad8e5b4710a748a](https://www.virustotal.com/gui/search/authentihash%253A45e97d3cfb90ad162fa8f5a14ad8e5b4710a748a) |
+| Authentihash SHA256| [f74947590a87a005023e9ef89cdf0c38d8d582ca4173f8201cebc443ef796790](https://www.virustotal.com/gui/search/authentihash%253Af74947590a87a005023e9ef89cdf0c38d8d582ca4173f8201cebc443ef796790) |
+| RichPEHeaderHash MD5   | [f946cf9d5023059fc9f2140cd5b159d7](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Af946cf9d5023059fc9f2140cd5b159d7) |
+| RichPEHeaderHash SHA1  | [13ecec12054fd579ab92638fb336a8a17c1264db](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A13ecec12054fd579ab92638fb336a8a17c1264db) |
+| RichPEHeaderHash SHA256| [f699df0555e9fe0fb7019c00aa9f4c2da8abeacc45ef7f11dd65541052afb896](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Af699df0555e9fe0fb7019c00aa9f4c2da8abeacc45ef7f11dd65541052afb896) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000002418fc0b689e7399d0000000000024
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 28b23b39f3bbd936a26a5b86451be0ac  |
+| ToBeSigned (TBS) SHA1             | 3b16f29295d5a7c323beb479c71d3d20c6b8acc2 |
+| ToBeSigned (TBS) SHA256           | 4383c9a796dc607ddaae1849d8e5d2e7ea211aad2c599fe1e251285ec87dd150 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2013-06-17 21:43:38 |
+| ValidTo                           | 2014-09-17 21:43:38 |
+| Signature                         | 78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000002418fc0b689e7399d0000000000024 |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+      "Signature": "78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "28b23b39f3bbd936a26a5b86451be0ac",
+        "SHA1": "3b16f29295d5a7c323beb479c71d3d20c6b8acc2",
+        "SHA256": "4383c9a796dc607ddaae1849d8e5d2e7ea211aad2c599fe1e251285ec87dd150"
+      },
+      "ValidFrom": "2013-06-17 21:43:38",
+      "ValidTo": "2014-09-17 21:43:38",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/a77872f7-4890-473d-887f-bfd93f46641d.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/a7bf3e37-f600-48ff-82d4-4f1e82c199d2.md b/lolrmm.com/content/bootloaders/a7bf3e37-f600-48ff-82d4-4f1e82c199d2.md
new file mode 100644
index 00000000..cbcd121a
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/a7bf3e37-f600-48ff-82d4-4f1e82c199d2.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "a7bf3e37-f600-48ff-82d4-4f1e82c199d2"
+weight = 10
+displayTitle = "cent-7.9-20200730-shimia32.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# cent-7.9-20200730-shimia32.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Red Hat, Inc. and revoked Apr-21
+- **UUID**: a7bf3e37-f600-48ff-82d4-4f1e82c199d2
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\cent-7.9-20200730-shimia32.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372">CVE-2020-14372</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632">CVE-2020-25632</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647">CVE-2020-25647</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749">CVE-2020-27749</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779">CVE-2020-27779</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3418">CVE-2021-3418</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225">CVE-2021-20225</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233">CVE-2021-20233</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | cent-7.9-20200730-shimia32.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [2D07ABD75C154055A858D4461A1B1B76D763E9ED294E2E10244C20601E072A29](https://www.virustotal.com/gui/file/2D07ABD75C154055A858D4461A1B1B76D763E9ED294E2E10244C20601E072A29) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [DDF3E4261419944F7C2F8B92F6D14C35060B4F94818CC4183F0C072706DEF726](https://www.virustotal.com/gui/search/authentihash%253ADDF3E4261419944F7C2F8B92F6D14C35060B4F94818CC4183F0C072706DEF726) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/a7bf3e37-f600-48ff-82d4-4f1e82c199d2.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/a7cc38fb-91b2-4e2c-a0a9-2a6051c31cb5.md b/lolrmm.com/content/bootloaders/a7cc38fb-91b2-4e2c-a0a9-2a6051c31cb5.md
new file mode 100644
index 00000000..32b3bf83
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/a7cc38fb-91b2-4e2c-a0a9-2a6051c31cb5.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "a7cc38fb-91b2-4e2c-a0a9-2a6051c31cb5"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: a7cc38fb-91b2-4e2c-a0a9-2a6051c31cb5
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [E785D139C9F008F9135EDFAD44492D11D09B83373ABE74AD45B7CADD25EBB464](https://www.virustotal.com/gui/file/E785D139C9F008F9135EDFAD44492D11D09B83373ABE74AD45B7CADD25EBB464) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [8A03960BDEA6A4953AC50A2BBF9317BE228C2EBBC299E1E90CC7C6EB18F43B94](https://www.virustotal.com/gui/search/authentihash%253A8A03960BDEA6A4953AC50A2BBF9317BE228C2EBBC299E1E90CC7C6EB18F43B94) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/a7cc38fb-91b2-4e2c-a0a9-2a6051c31cb5.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/a8267643-bd8f-42e9-851a-86b986973758.md b/lolrmm.com/content/bootloaders/a8267643-bd8f-42e9-851a-86b986973758.md
new file mode 100644
index 00000000..0702e748
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/a8267643-bd8f-42e9-851a-86b986973758.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "a8267643-bd8f-42e9-851a-86b986973758"
+weight = 10
+displayTitle = "a8267643-bd8f-42e9-851a-86b986973758"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# a8267643-bd8f-42e9-851a-86b986973758 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Oracle Corporation and revoked Jul-20
+- **UUID**: a8267643-bd8f-42e9-851a-86b986973758
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [AD1A9C1667E89214EE947D6B40D61BFFB7EA942ABCCE85319520CC3DE301FA1B](https://www.virustotal.com/gui/file/AD1A9C1667E89214EE947D6B40D61BFFB7EA942ABCCE85319520CC3DE301FA1B) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [8EC2540CEDDD592E616AF4386DA9EAF76855EF0A792E26FC149B32E951D76C85](https://www.virustotal.com/gui/search/authentihash%253A8EC2540CEDDD592E616AF4386DA9EAF76855EF0A792E26FC149B32E951D76C85) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/a8267643-bd8f-42e9-851a-86b986973758.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/a93c81ef-3f87-43cd-8d09-67e57167689c.md b/lolrmm.com/content/bootloaders/a93c81ef-3f87-43cd-8d09-67e57167689c.md
new file mode 100644
index 00000000..c75d1a03
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/a93c81ef-3f87-43cd-8d09-67e57167689c.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "a93c81ef-3f87-43cd-8d09-67e57167689c"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: a93c81ef-3f87-43cd-8d09-67e57167689c
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [C1D93E3D7F580616051BC1456083F6DCC80DB4642E7AA2909041E86F8209583C](https://www.virustotal.com/gui/file/C1D93E3D7F580616051BC1456083F6DCC80DB4642E7AA2909041E86F8209583C) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [825ACCE0634B91818F57CE96B8314ECEE7373BD20DA77FB08B9B96D66EB65145](https://www.virustotal.com/gui/search/authentihash%253A825ACCE0634B91818F57CE96B8314ECEE7373BD20DA77FB08B9B96D66EB65145) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/a93c81ef-3f87-43cd-8d09-67e57167689c.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/a950cc79-4054-4d02-bd8d-3de2165a3721.md b/lolrmm.com/content/bootloaders/a950cc79-4054-4d02-bd8d-3de2165a3721.md
new file mode 100644
index 00000000..6d1cf2c2
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/a950cc79-4054-4d02-bd8d-3de2165a3721.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "a950cc79-4054-4d02-bd8d-3de2165a3721"
+weight = 10
+displayTitle = "a950cc79-4054-4d02-bd8d-3de2165a3721"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# a950cc79-4054-4d02-bd8d-3de2165a3721 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by SUSE Linux and revoked Jul-20
+- **UUID**: a950cc79-4054-4d02-bd8d-3de2165a3721
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [169D0AC3DA1DDA382812F7F221B8C9CD55961A05D876E3D812641313297848BA](https://www.virustotal.com/gui/file/169D0AC3DA1DDA382812F7F221B8C9CD55961A05D876E3D812641313297848BA) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [992820E6EC8C41DAAE4BD8AB48F58268E943A670D35CA5E2BDCD3E7C4C94A072](https://www.virustotal.com/gui/search/authentihash%253A992820E6EC8C41DAAE4BD8AB48F58268E943A670D35CA5E2BDCD3E7C4C94A072) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/a950cc79-4054-4d02-bd8d-3de2165a3721.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/a9874948-be3c-49ba-b6ca-9ff18f01aa9e.md b/lolrmm.com/content/bootloaders/a9874948-be3c-49ba-b6ca-9ff18f01aa9e.md
new file mode 100644
index 00000000..0728572c
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/a9874948-be3c-49ba-b6ca-9ff18f01aa9e.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "a9874948-be3c-49ba-b6ca-9ff18f01aa9e"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: a9874948-be3c-49ba-b6ca-9ff18f01aa9e
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8">Black Lotus Microsoft Windows 8</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [9E1E22CBF19E9A483E6D57345959A3F8862C3C98E2A825EB995819F0CF210F48](https://www.virustotal.com/gui/file/9E1E22CBF19E9A483E6D57345959A3F8862C3C98E2A825EB995819F0CF210F48) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [1364B7B94AB2A93E79D297EBF6CE0A30F7997E5929E408EF0D3B5D54C64E7B90](https://www.virustotal.com/gui/search/authentihash%253A1364B7B94AB2A93E79D297EBF6CE0A30F7997E5929E408EF0D3B5D54C64E7B90) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/a9874948-be3c-49ba-b6ca-9ff18f01aa9e.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/aa0019cf-ba6c-4a6b-8ea9-3e4494562744.md b/lolrmm.com/content/bootloaders/aa0019cf-ba6c-4a6b-8ea9-3e4494562744.md
new file mode 100644
index 00000000..b3f85912
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/aa0019cf-ba6c-4a6b-8ea9-3e4494562744.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "aa0019cf-ba6c-4a6b-8ea9-3e4494562744"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: aa0019cf-ba6c-4a6b-8ea9-3e4494562744
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/f3c14ba5c3670afacd47f0574922b98f.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [f3c14ba5c3670afacd47f0574922b98f](https://www.virustotal.com/gui/file/f3c14ba5c3670afacd47f0574922b98f) |
+| SHA1               | [a4ede25f03e0ce65fa4a840c454c73019275d8de](https://www.virustotal.com/gui/file/a4ede25f03e0ce65fa4a840c454c73019275d8de) |
+| SHA256             | [5052ce3b96db73a909bf0e54355e357f8ab7284fa48f9b21c85efedbb886c100](https://www.virustotal.com/gui/file/5052ce3b96db73a909bf0e54355e357f8ab7284fa48f9b21c85efedbb886c100) |
+| Authentihash MD5   | [aa60f3f1fa0e30a28c2b0bd0ee4fc806](https://www.virustotal.com/gui/search/authentihash%253Aaa60f3f1fa0e30a28c2b0bd0ee4fc806) |
+| Authentihash SHA1  | [55c991c8563ae11352ae9d0c24644853fceac18a](https://www.virustotal.com/gui/search/authentihash%253A55c991c8563ae11352ae9d0c24644853fceac18a) |
+| Authentihash SHA256| [54c7d9c28672a1306e43ed7feed38b295f8eec279251f996fa293f68fc6cfb12](https://www.virustotal.com/gui/search/authentihash%253A54c7d9c28672a1306e43ed7feed38b295f8eec279251f996fa293f68fc6cfb12) |
+| RichPEHeaderHash MD5   | [aaf18af925d829095e017c505f1a0039](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Aaaf18af925d829095e017c505f1a0039) |
+| RichPEHeaderHash SHA1  | [c3d13f7d96127a3b16c7a8c0a3dd98fd9f22c3cf](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Ac3d13f7d96127a3b16c7a8c0a3dd98fd9f22c3cf) |
+| RichPEHeaderHash SHA256| [05367ecae4cf78cc575048fb931468b1d210df8c38ff8ca05481124b1a1a6917](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A05367ecae4cf78cc575048fb931468b1d210df8c38ff8ca05481124b1a1a6917) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000033c89c66a7b45bb1fbd00000000033c
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 46f57c3b860b08484cb79066ac1014ad  |
+| ToBeSigned (TBS) SHA1             | c1fe3ab97b834a98460e4ae92fe2468d16f61a92 |
+| ToBeSigned (TBS) SHA256           | d78e6b22fec42de5200f6c56731dd6742c79fa2bf7c01c8dc04d3d5738474c9b |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2021-09-02 18:23:41 |
+| ValidTo                           | 2022-09-01 18:23:41 |
+| Signature                         | 699045742c403812de1bdf9ea2be22132e82a7c006ab278e0c9f460bd435386348031a6b5cbdf450ae5a243331dcb2cc7eace8371cf71ec35a6f663147bd211ea357614e6a611eeacca6486a778d4cd788106ade12d6625574e7a89ecab4eb0bb99295c498dd5f565680a2d26bf2545e727c4204023c48d8021b608fd901c6fefd16ce0c3a669fb0ce758dc671f2cdd7434c163f9de9453e5523d94a78205c828a4615e50330d9f52a8a77f7683d2b61ff1324382d40d31001c518b56b286fbb8c754f6940590c2071385ed0a9387b529c06bf71fff89c74634550fc331b389d558696ace05787144e5af53d20a75a84981bf8380ddac3743f407d8ff27c089e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000033c89c66a7b45bb1fbd00000000033c |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c",
+      "Signature": "699045742c403812de1bdf9ea2be22132e82a7c006ab278e0c9f460bd435386348031a6b5cbdf450ae5a243331dcb2cc7eace8371cf71ec35a6f663147bd211ea357614e6a611eeacca6486a778d4cd788106ade12d6625574e7a89ecab4eb0bb99295c498dd5f565680a2d26bf2545e727c4204023c48d8021b608fd901c6fefd16ce0c3a669fb0ce758dc671f2cdd7434c163f9de9453e5523d94a78205c828a4615e50330d9f52a8a77f7683d2b61ff1324382d40d31001c518b56b286fbb8c754f6940590c2071385ed0a9387b529c06bf71fff89c74634550fc331b389d558696ace05787144e5af53d20a75a84981bf8380ddac3743f407d8ff27c089e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "46f57c3b860b08484cb79066ac1014ad",
+        "SHA1": "c1fe3ab97b834a98460e4ae92fe2468d16f61a92",
+        "SHA256": "d78e6b22fec42de5200f6c56731dd6742c79fa2bf7c01c8dc04d3d5738474c9b"
+      },
+      "ValidFrom": "2021-09-02 18:23:41",
+      "ValidTo": "2022-09-01 18:23:41",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/aa0019cf-ba6c-4a6b-8ea9-3e4494562744.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/aa02b41c-fdba-4a15-8cd0-721c8ce19b68.md b/lolrmm.com/content/bootloaders/aa02b41c-fdba-4a15-8cd0-721c8ce19b68.md
new file mode 100644
index 00000000..3d8b59fb
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/aa02b41c-fdba-4a15-8cd0-721c8ce19b68.md
@@ -0,0 +1,234 @@
++++
+
+description = ""
+title = "aa02b41c-fdba-4a15-8cd0-721c8ce19b68"
+weight = 10
+displayTitle = "esdiags.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# esdiags.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Eurosoft and revoked Aug-22
+- **UUID**: aa02b41c-fdba-4a15-8cd0-721c8ce19b68
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/77164588c1c1207395ca4a64dca19f85.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\esdiags.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34301">CVE-2022-34301</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | esdiags.efi |
+| MD5                | [77164588c1c1207395ca4a64dca19f85](https://www.virustotal.com/gui/file/77164588c1c1207395ca4a64dca19f85) |
+| SHA1               | [b1d0f26d6c2ada8828889a9208529ce96b6312e4](https://www.virustotal.com/gui/file/b1d0f26d6c2ada8828889a9208529ce96b6312e4) |
+| SHA256             | [1e918f170a796b4b0b1400bb9bdae75be1cf86705c2d0fc8fb9dd0c5016b933b](https://www.virustotal.com/gui/file/1e918f170a796b4b0b1400bb9bdae75be1cf86705c2d0fc8fb9dd0c5016b933b) |
+| Authentihash MD5   | [cf53d0ab33dfb190f34ec0b12fcd54d6](https://www.virustotal.com/gui/search/authentihash%253Acf53d0ab33dfb190f34ec0b12fcd54d6) |
+| Authentihash SHA1  | [fb0b0ee77baf7de4e8072a79bd48406c63a0bc7c](https://www.virustotal.com/gui/search/authentihash%253Afb0b0ee77baf7de4e8072a79bd48406c63a0bc7c) |
+| Authentihash SHA256| [e9d873cbcede3634e0a4b3644b51e1c8a0a048272992c738513ebc96cd3e3360](https://www.virustotal.com/gui/search/authentihash%253Ae9d873cbcede3634e0a4b3644b51e1c8a0a048272992c738513ebc96cd3e3360) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 09d2ecf1e18290f1ea3bf27dd1cbeb62
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 0300d0ac1873acaa7bbbfa8bb78865f8  |
+| ToBeSigned (TBS) SHA1             | 8cf42d660984334a7f73556260861949c9c2769d |
+| ToBeSigned (TBS) SHA256           | a3ec97b75a7cff80f285bdc5808873f9d4e44994661a925afdef65d8365b71f9 |
+| Subject                           | ??=GB, ??=Private Organization, serialNumber=01488751, C=GB, L=Bournemouth, O=Eurosoft (UK) Ltd, CN=Eurosoft (UK) Ltd |
+| ValidFrom                         | 2019-04-05 00:00:00 |
+| ValidTo                           | 2022-04-13 12:00:00 |
+| Signature                         | 4ad23e049278de3e46ea9bacb4869b3b787d3fb0306e9cb33621ad3ec283bca093d68b08bea449dfee9bdf1819f0bd95ce2724761856a5e2225eb38bb958c363fc54a6c47b3097894cc42d8cea7e553062f1ed7ccd15cedc0eb3a3316597ca1ac7954546f73325a8ccd9cfbf02dde71cef4684c23b22307ef3839ca5f8f7cbdbc2c6038e2ba37e8b0281de8653718a28163567d1c3617c40b1ba453b6177f31c73b515838a22871c59e8d15f9235dff874ad7a73ef0b8b10e3a123cfb7f3ac7b74fa306f21589ec29ad06f297549d387ddc369aa59e48fad5ea5ed7ec9051fa0ec96247ecb48b31a534e2ae9ad020ed0cdf25ae65cee5affec49f5ec44b5fcb7 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 09d2ecf1e18290f1ea3bf27dd1cbeb62 |
+| Version                           | 3 |
+###### Certificate 03f1b4e15f3a82f1149678b3d7d8475c
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 83f5de89f641d0fbf60248e10a7b9534  |
+| ToBeSigned (TBS) SHA1             | 382a73a059a08698d6eb98c87e1b36fc750933a4 |
+| ToBeSigned (TBS) SHA256           | eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf |
+| Subject                           | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA (SHA2) |
+| ValidFrom                         | 2012-04-18 12:00:00 |
+| ValidTo                           | 2027-04-18 12:00:00 |
+| Signature                         | 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 03f1b4e15f3a82f1149678b3d7d8475c |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "09d2ecf1e18290f1ea3bf27dd1cbeb62",
+      "Signature": "4ad23e049278de3e46ea9bacb4869b3b787d3fb0306e9cb33621ad3ec283bca093d68b08bea449dfee9bdf1819f0bd95ce2724761856a5e2225eb38bb958c363fc54a6c47b3097894cc42d8cea7e553062f1ed7ccd15cedc0eb3a3316597ca1ac7954546f73325a8ccd9cfbf02dde71cef4684c23b22307ef3839ca5f8f7cbdbc2c6038e2ba37e8b0281de8653718a28163567d1c3617c40b1ba453b6177f31c73b515838a22871c59e8d15f9235dff874ad7a73ef0b8b10e3a123cfb7f3ac7b74fa306f21589ec29ad06f297549d387ddc369aa59e48fad5ea5ed7ec9051fa0ec96247ecb48b31a534e2ae9ad020ed0cdf25ae65cee5affec49f5ec44b5fcb7",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "??=GB, ??=Private Organization, serialNumber=01488751, C=GB, L=Bournemouth, O=Eurosoft (UK) Ltd, CN=Eurosoft (UK) Ltd",
+      "TBS": {
+        "MD5": "0300d0ac1873acaa7bbbfa8bb78865f8",
+        "SHA1": "8cf42d660984334a7f73556260861949c9c2769d",
+        "SHA256": "a3ec97b75a7cff80f285bdc5808873f9d4e44994661a925afdef65d8365b71f9"
+      },
+      "ValidFrom": "2019-04-05 00:00:00",
+      "ValidTo": "2022-04-13 12:00:00",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "03f1b4e15f3a82f1149678b3d7d8475c",
+      "Signature": "19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA (SHA2)",
+      "TBS": {
+        "MD5": "83f5de89f641d0fbf60248e10a7b9534",
+        "SHA1": "382a73a059a08698d6eb98c87e1b36fc750933a4",
+        "SHA256": "eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf"
+      },
+      "ValidFrom": "2012-04-18 12:00:00",
+      "ValidTo": "2027-04-18 12:00:00",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA (SHA2)",
+      "SerialNumber": "09d2ecf1e18290f1ea3bf27dd1cbeb62",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/aa02b41c-fdba-4a15-8cd0-721c8ce19b68.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/aa7f07a3-cedd-4752-b1fd-0e8043dd54e6.md b/lolrmm.com/content/bootloaders/aa7f07a3-cedd-4752-b1fd-0e8043dd54e6.md
new file mode 100644
index 00000000..783f8357
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/aa7f07a3-cedd-4752-b1fd-0e8043dd54e6.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "aa7f07a3-cedd-4752-b1fd-0e8043dd54e6"
+weight = 10
+displayTitle = "aa7f07a3-cedd-4752-b1fd-0e8043dd54e6"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# aa7f07a3-cedd-4752-b1fd-0e8043dd54e6 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by SUSE Linux and revoked Jul-20
+- **UUID**: aa7f07a3-cedd-4752-b1fd-0e8043dd54e6
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [7C783057C245A34DFF5A9497C3CD4181FC80D06439884E12AD5D67A4F5266CD6](https://www.virustotal.com/gui/file/7C783057C245A34DFF5A9497C3CD4181FC80D06439884E12AD5D67A4F5266CD6) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [97A8C5BA11D61FEFBB5D6A05DA4E15BA472DC4C6CD4972FC1A035DE321342FE4](https://www.virustotal.com/gui/search/authentihash%253A97A8C5BA11D61FEFBB5D6A05DA4E15BA472DC4C6CD4972FC1A035DE321342FE4) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/aa7f07a3-cedd-4752-b1fd-0e8043dd54e6.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/aa9b6b05-0b51-423e-b4f7-39cb30cbc987.md b/lolrmm.com/content/bootloaders/aa9b6b05-0b51-423e-b4f7-39cb30cbc987.md
new file mode 100644
index 00000000..5ceb989d
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/aa9b6b05-0b51-423e-b4f7-39cb30cbc987.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "aa9b6b05-0b51-423e-b4f7-39cb30cbc987"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: aa9b6b05-0b51-423e-b4f7-39cb30cbc987
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/007e746f6aeff8bcb4479e6e49236260.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [007e746f6aeff8bcb4479e6e49236260](https://www.virustotal.com/gui/file/007e746f6aeff8bcb4479e6e49236260) |
+| SHA1               | [3971fa916c03c91a66e72c58ad766724b6a5c219](https://www.virustotal.com/gui/file/3971fa916c03c91a66e72c58ad766724b6a5c219) |
+| SHA256             | [62288f1f5f2f8529292eb45c2ae2a33d1057a3dec12164958e76ded36fbe712b](https://www.virustotal.com/gui/file/62288f1f5f2f8529292eb45c2ae2a33d1057a3dec12164958e76ded36fbe712b) |
+| Authentihash MD5   | [9875bf0884ed2f18a32cefd749c60406](https://www.virustotal.com/gui/search/authentihash%253A9875bf0884ed2f18a32cefd749c60406) |
+| Authentihash SHA1  | [ecdde500ab2b06dd0c870c1f64d783f2cbd095dd](https://www.virustotal.com/gui/search/authentihash%253Aecdde500ab2b06dd0c870c1f64d783f2cbd095dd) |
+| Authentihash SHA256| [cef75d1da8e991ac96d36f8a14562849207f9dd50fc63028ba83277d5c27d00b](https://www.virustotal.com/gui/search/authentihash%253Acef75d1da8e991ac96d36f8a14562849207f9dd50fc63028ba83277d5c27d00b) |
+| RichPEHeaderHash MD5   | [aaf18af925d829095e017c505f1a0039](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Aaaf18af925d829095e017c505f1a0039) |
+| RichPEHeaderHash SHA1  | [c3d13f7d96127a3b16c7a8c0a3dd98fd9f22c3cf](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Ac3d13f7d96127a3b16c7a8c0a3dd98fd9f22c3cf) |
+| RichPEHeaderHash SHA256| [05367ecae4cf78cc575048fb931468b1d210df8c38ff8ca05481124b1a1a6917](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A05367ecae4cf78cc575048fb931468b1d210df8c38ff8ca05481124b1a1a6917) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000033c89c66a7b45bb1fbd00000000033c
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 46f57c3b860b08484cb79066ac1014ad  |
+| ToBeSigned (TBS) SHA1             | c1fe3ab97b834a98460e4ae92fe2468d16f61a92 |
+| ToBeSigned (TBS) SHA256           | d78e6b22fec42de5200f6c56731dd6742c79fa2bf7c01c8dc04d3d5738474c9b |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2021-09-02 18:23:41 |
+| ValidTo                           | 2022-09-01 18:23:41 |
+| Signature                         | 699045742c403812de1bdf9ea2be22132e82a7c006ab278e0c9f460bd435386348031a6b5cbdf450ae5a243331dcb2cc7eace8371cf71ec35a6f663147bd211ea357614e6a611eeacca6486a778d4cd788106ade12d6625574e7a89ecab4eb0bb99295c498dd5f565680a2d26bf2545e727c4204023c48d8021b608fd901c6fefd16ce0c3a669fb0ce758dc671f2cdd7434c163f9de9453e5523d94a78205c828a4615e50330d9f52a8a77f7683d2b61ff1324382d40d31001c518b56b286fbb8c754f6940590c2071385ed0a9387b529c06bf71fff89c74634550fc331b389d558696ace05787144e5af53d20a75a84981bf8380ddac3743f407d8ff27c089e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000033c89c66a7b45bb1fbd00000000033c |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c",
+      "Signature": "699045742c403812de1bdf9ea2be22132e82a7c006ab278e0c9f460bd435386348031a6b5cbdf450ae5a243331dcb2cc7eace8371cf71ec35a6f663147bd211ea357614e6a611eeacca6486a778d4cd788106ade12d6625574e7a89ecab4eb0bb99295c498dd5f565680a2d26bf2545e727c4204023c48d8021b608fd901c6fefd16ce0c3a669fb0ce758dc671f2cdd7434c163f9de9453e5523d94a78205c828a4615e50330d9f52a8a77f7683d2b61ff1324382d40d31001c518b56b286fbb8c754f6940590c2071385ed0a9387b529c06bf71fff89c74634550fc331b389d558696ace05787144e5af53d20a75a84981bf8380ddac3743f407d8ff27c089e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "46f57c3b860b08484cb79066ac1014ad",
+        "SHA1": "c1fe3ab97b834a98460e4ae92fe2468d16f61a92",
+        "SHA256": "d78e6b22fec42de5200f6c56731dd6742c79fa2bf7c01c8dc04d3d5738474c9b"
+      },
+      "ValidFrom": "2021-09-02 18:23:41",
+      "ValidTo": "2022-09-01 18:23:41",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/aa9b6b05-0b51-423e-b4f7-39cb30cbc987.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/ac6f3137-42fd-46e6-8cfb-a22a6785d529.md b/lolrmm.com/content/bootloaders/ac6f3137-42fd-46e6-8cfb-a22a6785d529.md
new file mode 100644
index 00000000..54cf920b
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/ac6f3137-42fd-46e6-8cfb-a22a6785d529.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "ac6f3137-42fd-46e6-8cfb-a22a6785d529"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: ac6f3137-42fd-46e6-8cfb-a22a6785d529
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/1ee7ccaae6df60e3e850ae6c4a3b7478.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [1ee7ccaae6df60e3e850ae6c4a3b7478](https://www.virustotal.com/gui/file/1ee7ccaae6df60e3e850ae6c4a3b7478) |
+| SHA1               | [810d7ecef2570772d2b70facfec1a6028e4bd611](https://www.virustotal.com/gui/file/810d7ecef2570772d2b70facfec1a6028e4bd611) |
+| SHA256             | [566ae5fb2f355b2c03ecbbab4770e92856b0d1c3d659fe0c11263f1a5f8d7086](https://www.virustotal.com/gui/file/566ae5fb2f355b2c03ecbbab4770e92856b0d1c3d659fe0c11263f1a5f8d7086) |
+| Authentihash MD5   | [de6894cde22aaa436aca77368eda64f9](https://www.virustotal.com/gui/search/authentihash%253Ade6894cde22aaa436aca77368eda64f9) |
+| Authentihash SHA1  | [da4574fc375ca85005e13c0210a0ed8397b51121](https://www.virustotal.com/gui/search/authentihash%253Ada4574fc375ca85005e13c0210a0ed8397b51121) |
+| Authentihash SHA256| [6ce1f2986f0c46683ba07d296d0a84448ecf76c69db183fe29c36eed8f8e8f2f](https://www.virustotal.com/gui/search/authentihash%253A6ce1f2986f0c46683ba07d296d0a84448ecf76c69db183fe29c36eed8f8e8f2f) |
+| RichPEHeaderHash MD5   | [95c181375ef93e118f930024df1bff96](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A95c181375ef93e118f930024df1bff96) |
+| RichPEHeaderHash SHA1  | [e3a24ad3c9b07df2a4fb39a1432ba3597faa48f7](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Ae3a24ad3c9b07df2a4fb39a1432ba3597faa48f7) |
+| RichPEHeaderHash SHA256| [0708c72d17d4892e2deab31b567c830ee261f5e5730997a47366c0e1e58dec0e](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A0708c72d17d4892e2deab31b567c830ee261f5e5730997a47366c0e1e58dec0e) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 33000000bce120fdd27cc8ee930000000000bc
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | f31f8c784e5d3986ccacb9c88c6d7044  |
+| ToBeSigned (TBS) SHA1             | 833498af9a41da339c83e0d384b521f72d053331 |
+| ToBeSigned (TBS) SHA256           | 1f47e616b2810165968d76ef4f6587611c276f4b52901bd6aa5822f9c6e52976 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2015-08-18 17:15:28 |
+| ValidTo                           | 2016-11-18 17:15:28 |
+| Signature                         | 60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 33000000bce120fdd27cc8ee930000000000bc |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+      "Signature": "60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "f31f8c784e5d3986ccacb9c88c6d7044",
+        "SHA1": "833498af9a41da339c83e0d384b521f72d053331",
+        "SHA256": "1f47e616b2810165968d76ef4f6587611c276f4b52901bd6aa5822f9c6e52976"
+      },
+      "ValidFrom": "2015-08-18 17:15:28",
+      "ValidTo": "2016-11-18 17:15:28",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/ac6f3137-42fd-46e6-8cfb-a22a6785d529.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/ac900b72-efdd-4779-9a1f-401949c3446f.md b/lolrmm.com/content/bootloaders/ac900b72-efdd-4779-9a1f-401949c3446f.md
new file mode 100644
index 00000000..22890e6c
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/ac900b72-efdd-4779-9a1f-401949c3446f.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "ac900b72-efdd-4779-9a1f-401949c3446f"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: ac900b72-efdd-4779-9a1f-401949c3446f
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [F4F5C82CD7BFA5294F973385F7F2FBCAF3AFD3748952B06692C085792BE146F7](https://www.virustotal.com/gui/file/F4F5C82CD7BFA5294F973385F7F2FBCAF3AFD3748952B06692C085792BE146F7) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [AD16DE1E2BA27196395124683B80EFC186EE7E51D434F8FF67D973F46E8E602F](https://www.virustotal.com/gui/search/authentihash%253AAD16DE1E2BA27196395124683B80EFC186EE7E51D434F8FF67D973F46E8E602F) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/ac900b72-efdd-4779-9a1f-401949c3446f.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/ac90e9e0-2035-46a5-b3fc-f0670e6d0ddd.md b/lolrmm.com/content/bootloaders/ac90e9e0-2035-46a5-b3fc-f0670e6d0ddd.md
new file mode 100644
index 00000000..4108a949
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/ac90e9e0-2035-46a5-b3fc-f0670e6d0ddd.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "ac90e9e0-2035-46a5-b3fc-f0670e6d0ddd"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: ac90e9e0-2035-46a5-b3fc-f0670e6d0ddd
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [2B2025F4C880166D94222A95A88FF0A525C361D7B2C8A886B4E4CE6FBDD6520D](https://www.virustotal.com/gui/file/2B2025F4C880166D94222A95A88FF0A525C361D7B2C8A886B4E4CE6FBDD6520D) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [A0107A564E93989C57044FD18AA85BEB1258101AC3D9F6E10BF12C1C6573BC2B](https://www.virustotal.com/gui/search/authentihash%253AA0107A564E93989C57044FD18AA85BEB1258101AC3D9F6E10BF12C1C6573BC2B) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/ac90e9e0-2035-46a5-b3fc-f0670e6d0ddd.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/ad4ed491-2e8d-4c16-9bad-4352f1ce2f67.md b/lolrmm.com/content/bootloaders/ad4ed491-2e8d-4c16-9bad-4352f1ce2f67.md
new file mode 100644
index 00000000..272376c0
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/ad4ed491-2e8d-4c16-9bad-4352f1ce2f67.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "ad4ed491-2e8d-4c16-9bad-4352f1ce2f67"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: ad4ed491-2e8d-4c16-9bad-4352f1ce2f67
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8">Black Lotus Microsoft Windows 8</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [339E7E433DA8002B9FFB9EEB3C768742A93953509FC02BCAF95254228914067F](https://www.virustotal.com/gui/file/339E7E433DA8002B9FFB9EEB3C768742A93953509FC02BCAF95254228914067F) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [C875AE8A8DB5441A577172869A4EC6E71DACE7A875F42A2FBBA4B52F293499DE](https://www.virustotal.com/gui/search/authentihash%253AC875AE8A8DB5441A577172869A4EC6E71DACE7A875F42A2FBBA4B52F293499DE) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/ad4ed491-2e8d-4c16-9bad-4352f1ce2f67.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/ad6add2d-fe39-4ffb-b31d-7dffaf3ef28c.md b/lolrmm.com/content/bootloaders/ad6add2d-fe39-4ffb-b31d-7dffaf3ef28c.md
new file mode 100644
index 00000000..1c7624cd
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/ad6add2d-fe39-4ffb-b31d-7dffaf3ef28c.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "ad6add2d-fe39-4ffb-b31d-7dffaf3ef28c"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: ad6add2d-fe39-4ffb-b31d-7dffaf3ef28c
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [CF61636CEFDF20CF4B35382124800E047F5886952888BD41D1B8426BF34D2D29](https://www.virustotal.com/gui/file/CF61636CEFDF20CF4B35382124800E047F5886952888BD41D1B8426BF34D2D29) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [BB44FD8CD04ABC3B54E5CCEA97EF81E70FD3933C34288D8B86F6ECB4F3ED1FDE](https://www.virustotal.com/gui/search/authentihash%253ABB44FD8CD04ABC3B54E5CCEA97EF81E70FD3933C34288D8B86F6ECB4F3ED1FDE) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/ad6add2d-fe39-4ffb-b31d-7dffaf3ef28c.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/add3eacb-c3b2-4adc-ba76-49ddb1af2ae3.md b/lolrmm.com/content/bootloaders/add3eacb-c3b2-4adc-ba76-49ddb1af2ae3.md
new file mode 100644
index 00000000..0a25ff83
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/add3eacb-c3b2-4adc-ba76-49ddb1af2ae3.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "add3eacb-c3b2-4adc-ba76-49ddb1af2ae3"
+weight = 10
+displayTitle = "add3eacb-c3b2-4adc-ba76-49ddb1af2ae3"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# add3eacb-c3b2-4adc-ba76-49ddb1af2ae3 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by SUSE Linux and revoked Jul-20
+- **UUID**: add3eacb-c3b2-4adc-ba76-49ddb1af2ae3
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [FCCC2A01967926437DC0F5F49C6ACEED4DC67EBD7E99169023B5F89A7264CB98](https://www.virustotal.com/gui/file/FCCC2A01967926437DC0F5F49C6ACEED4DC67EBD7E99169023B5F89A7264CB98) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [EE83A566496109A74F6AC6E410DF00BB29A290E0021516AE3B8A23288E7E2E72](https://www.virustotal.com/gui/search/authentihash%253AEE83A566496109A74F6AC6E410DF00BB29A290E0021516AE3B8A23288E7E2E72) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/add3eacb-c3b2-4adc-ba76-49ddb1af2ae3.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/ae22fd08-2ecd-43b7-a5c7-3b857e0e3b71.md b/lolrmm.com/content/bootloaders/ae22fd08-2ecd-43b7-a5c7-3b857e0e3b71.md
new file mode 100644
index 00000000..1d72af90
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/ae22fd08-2ecd-43b7-a5c7-3b857e0e3b71.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "ae22fd08-2ecd-43b7-a5c7-3b857e0e3b71"
+weight = 10
+displayTitle = "ae22fd08-2ecd-43b7-a5c7-3b857e0e3b71"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# ae22fd08-2ecd-43b7-a5c7-3b857e0e3b71 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Unknown and revoked Jul-20
+- **UUID**: ae22fd08-2ecd-43b7-a5c7-3b857e0e3b71
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [20E870697471F16EAC55A9658212F83A7E443CDB3844C7D1901B4D4271828F7D](https://www.virustotal.com/gui/file/20E870697471F16EAC55A9658212F83A7E443CDB3844C7D1901B4D4271828F7D) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [1F179186EFDF5EF2DE018245BA0EAE8134868601BA0D35FF3D9865C1537CED93](https://www.virustotal.com/gui/search/authentihash%253A1F179186EFDF5EF2DE018245BA0EAE8134868601BA0D35FF3D9865C1537CED93) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/ae22fd08-2ecd-43b7-a5c7-3b857e0e3b71.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/ae5b655b-a592-4d17-bce2-99ef497e846c.md b/lolrmm.com/content/bootloaders/ae5b655b-a592-4d17-bce2-99ef497e846c.md
new file mode 100644
index 00000000..bbd68f44
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/ae5b655b-a592-4d17-bce2-99ef497e846c.md
@@ -0,0 +1,241 @@
++++
+
+description = ""
+title = "ae5b655b-a592-4d17-bce2-99ef497e846c"
+weight = 10
+displayTitle = "ae5b655b-a592-4d17-bce2-99ef497e846c"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# ae5b655b-a592-4d17-bce2-99ef497e846c ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Oracle Corporation and revoked Jul-20
+- **UUID**: ae5b655b-a592-4d17-bce2-99ef497e846c
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/5917ac93685b816492c5476071db3871.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [5917ac93685b816492c5476071db3871](https://www.virustotal.com/gui/file/5917ac93685b816492c5476071db3871) |
+| SHA1               | [f039244623179184ac63f73797aee7f926f2132e](https://www.virustotal.com/gui/file/f039244623179184ac63f73797aee7f926f2132e) |
+| SHA256             | [6e79e3d0580d244c2fc2179a4f08cb80f945ad33d8c4c325de4e35e0d41584c5](https://www.virustotal.com/gui/file/6e79e3d0580d244c2fc2179a4f08cb80f945ad33d8c4c325de4e35e0d41584c5) |
+| Authentihash MD5   | [b6736f2d357c4f0b8d557c3c0c39fb54](https://www.virustotal.com/gui/search/authentihash%253Ab6736f2d357c4f0b8d557c3c0c39fb54) |
+| Authentihash SHA1  | [4917df76db99a277efdb57da560e145ca3d32d35](https://www.virustotal.com/gui/search/authentihash%253A4917df76db99a277efdb57da560e145ca3d32d35) |
+| Authentihash SHA256| [e7c20b3ab481ec885501eca5293781d84b5a1ac24f88266b5270e7ecb4aa2538](https://www.virustotal.com/gui/search/authentihash%253Ae7c20b3ab481ec885501eca5293781d84b5a1ac24f88266b5270e7ecb4aa2538) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 3300000018e730837f472a7b5b000100000018
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | d442a6ab238e766c07d33f02d299a9a5  |
+| ToBeSigned (TBS) SHA1             | 3fb2a93548919ed386a441800a5d941ee358e38f |
+| ToBeSigned (TBS) SHA256           | 8806fc9fc29ec30556728d016e0667364f4f3359b8747cbd45d5f783ffe93abb |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher |
+| ValidFrom                         | 2015-10-28 20:43:37 |
+| ValidTo                           | 2017-01-28 20:43:37 |
+| Signature                         | 71bbbe63866fd705b424a7ba51f23ca48a84197382972d3a8f43597f67928ed7263aa0a22681b89d851ddb655f9ccf932a92da0dc6c7f43eded65716ee65ed2739ef140bb95d987dcdc1b7ee9134abd02370e12c3eba71662f10e88370610acb6c98fff27c38b3b829333d75428e804aded09b3486717d41188f048902c169787bcf10996c7b66de4dfa5b8217bdb02314393db288a8dffb5b5b63a14d781ebf0efa5ac640585fdf6370bcb52870f92d67282231111211726c82c09a1a1a81043bba955b40bbc91c033272d987521e37d8aa1dd0fa54513c12acc0a1480801d2dfa5e438a71a0a30a684a39233224b9e71463db6b99a67073724a200425b42c6 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 3300000018e730837f472a7b5b000100000018 |
+| Version                           | 3 |
+###### Certificate 6108d3c4000000000004
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 1f23e75a000f0b6db92650dc26ac98e1  |
+| ToBeSigned (TBS) SHA1             | bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d |
+| ToBeSigned (TBS) SHA256           | 9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011 |
+| ValidFrom                         | 2011-06-27 21:22:45 |
+| ValidTo                           | 2026-06-27 21:32:45 |
+| Signature                         | 350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 6108d3c4000000000004 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "3300000018e730837f472a7b5b000100000018",
+      "Signature": "71bbbe63866fd705b424a7ba51f23ca48a84197382972d3a8f43597f67928ed7263aa0a22681b89d851ddb655f9ccf932a92da0dc6c7f43eded65716ee65ed2739ef140bb95d987dcdc1b7ee9134abd02370e12c3eba71662f10e88370610acb6c98fff27c38b3b829333d75428e804aded09b3486717d41188f048902c169787bcf10996c7b66de4dfa5b8217bdb02314393db288a8dffb5b5b63a14d781ebf0efa5ac640585fdf6370bcb52870f92d67282231111211726c82c09a1a1a81043bba955b40bbc91c033272d987521e37d8aa1dd0fa54513c12acc0a1480801d2dfa5e438a71a0a30a684a39233224b9e71463db6b99a67073724a200425b42c6",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+      "TBS": {
+        "MD5": "d442a6ab238e766c07d33f02d299a9a5",
+        "SHA1": "3fb2a93548919ed386a441800a5d941ee358e38f",
+        "SHA256": "8806fc9fc29ec30556728d016e0667364f4f3359b8747cbd45d5f783ffe93abb"
+      },
+      "ValidFrom": "2015-10-28 20:43:37",
+      "ValidTo": "2017-01-28 20:43:37",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "6108d3c4000000000004",
+      "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "TBS": {
+        "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+        "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+        "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+      },
+      "ValidFrom": "2011-06-27 21:22:45",
+      "ValidTo": "2026-06-27 21:32:45",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "SerialNumber": "3300000018e730837f472a7b5b000100000018",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/ae5b655b-a592-4d17-bce2-99ef497e846c.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/ae979b6b-32b7-42cd-b835-09215a457c01.md b/lolrmm.com/content/bootloaders/ae979b6b-32b7-42cd-b835-09215a457c01.md
new file mode 100644
index 00000000..1b743070
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/ae979b6b-32b7-42cd-b835-09215a457c01.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "ae979b6b-32b7-42cd-b835-09215a457c01"
+weight = 10
+displayTitle = "ae979b6b-32b7-42cd-b835-09215a457c01"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# ae979b6b-32b7-42cd-b835-09215a457c01 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Unknown and revoked Jul-20
+- **UUID**: ae979b6b-32b7-42cd-b835-09215a457c01
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [561694642D87969C00583ED6C4BB6C41527DFF7164A079035E8C8B905A5E4B62](https://www.virustotal.com/gui/file/561694642D87969C00583ED6C4BB6C41527DFF7164A079035E8C8B905A5E4B62) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [C42D11C70CCF5E8CF3FB91FDF21D884021AD836CA68ADF2CBB7995C10BF588D4](https://www.virustotal.com/gui/search/authentihash%253AC42D11C70CCF5E8CF3FB91FDF21D884021AD836CA68ADF2CBB7995C10BF588D4) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/ae979b6b-32b7-42cd-b835-09215a457c01.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/aeb357f2-c2cb-42f1-a37c-3f0a2a355346.md b/lolrmm.com/content/bootloaders/aeb357f2-c2cb-42f1-a37c-3f0a2a355346.md
new file mode 100644
index 00000000..bbaa19e1
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/aeb357f2-c2cb-42f1-a37c-3f0a2a355346.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "aeb357f2-c2cb-42f1-a37c-3f0a2a355346"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: aeb357f2-c2cb-42f1-a37c-3f0a2a355346
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/7f0de7a661590f1c33de0b80676e8827.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8">Black Lotus Microsoft Windows 8</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [7f0de7a661590f1c33de0b80676e8827](https://www.virustotal.com/gui/file/7f0de7a661590f1c33de0b80676e8827) |
+| SHA1               | [003454b835a5ee7ee200f9cb4e68b071e2b8e69b](https://www.virustotal.com/gui/file/003454b835a5ee7ee200f9cb4e68b071e2b8e69b) |
+| SHA256             | [d1af02fca7522c8d27e053544b3b653ff2daffcae9c420e460235dacab53f7cd](https://www.virustotal.com/gui/file/d1af02fca7522c8d27e053544b3b653ff2daffcae9c420e460235dacab53f7cd) |
+| Authentihash MD5   | [caa781731a9d13ac418d97ec2cccb8f1](https://www.virustotal.com/gui/search/authentihash%253Acaa781731a9d13ac418d97ec2cccb8f1) |
+| Authentihash SHA1  | [7ac2da2861fe7b90862a27b63629d8a9ee58d97d](https://www.virustotal.com/gui/search/authentihash%253A7ac2da2861fe7b90862a27b63629d8a9ee58d97d) |
+| Authentihash SHA256| [7fddfe06c44dc4302da54577353c18fdbe11b41cb3e6064ec1c116ee102fe080](https://www.virustotal.com/gui/search/authentihash%253A7fddfe06c44dc4302da54577353c18fdbe11b41cb3e6064ec1c116ee102fe080) |
+| RichPEHeaderHash MD5   | [a387b0075e977009a7bb74d24fc388de](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Aa387b0075e977009a7bb74d24fc388de) |
+| RichPEHeaderHash SHA1  | [345e019b25904c911be9e3b6a9e2b0bb18652b04](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A345e019b25904c911be9e3b6a9e2b0bb18652b04) |
+| RichPEHeaderHash SHA256| [e04ed5674c66abbab401efb6e21e2481d4cbc485e5c8a6d34419bd7c8cc9fdad](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Ae04ed5674c66abbab401efb6e21e2481d4cbc485e5c8a6d34419bd7c8cc9fdad) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 33000000bce120fdd27cc8ee930000000000bc
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | f31f8c784e5d3986ccacb9c88c6d7044  |
+| ToBeSigned (TBS) SHA1             | 833498af9a41da339c83e0d384b521f72d053331 |
+| ToBeSigned (TBS) SHA256           | 1f47e616b2810165968d76ef4f6587611c276f4b52901bd6aa5822f9c6e52976 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2015-08-18 17:15:28 |
+| ValidTo                           | 2016-11-18 17:15:28 |
+| Signature                         | 60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 33000000bce120fdd27cc8ee930000000000bc |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+      "Signature": "60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "f31f8c784e5d3986ccacb9c88c6d7044",
+        "SHA1": "833498af9a41da339c83e0d384b521f72d053331",
+        "SHA256": "1f47e616b2810165968d76ef4f6587611c276f4b52901bd6aa5822f9c6e52976"
+      },
+      "ValidFrom": "2015-08-18 17:15:28",
+      "ValidTo": "2016-11-18 17:15:28",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/aeb357f2-c2cb-42f1-a37c-3f0a2a355346.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/af2bf5be-c938-4852-a9b2-14ecff96c414.md b/lolrmm.com/content/bootloaders/af2bf5be-c938-4852-a9b2-14ecff96c414.md
new file mode 100644
index 00000000..37cd1a26
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/af2bf5be-c938-4852-a9b2-14ecff96c414.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "af2bf5be-c938-4852-a9b2-14ecff96c414"
+weight = 10
+displayTitle = "bootx64.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootx64.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: af2bf5be-c938-4852-a9b2-14ecff96c414
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootx64.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootx64.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [D19F5CAC6AA761C1F66C71B9B7A2D44DFF216B97BE10F66180F5E4EF084C9811](https://www.virustotal.com/gui/file/D19F5CAC6AA761C1F66C71B9B7A2D44DFF216B97BE10F66180F5E4EF084C9811) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [13A1F37BEDFB5417B6B737E2A3816C8FD587D74D836914B2B2EDC9FD6CA30E58](https://www.virustotal.com/gui/search/authentihash%253A13A1F37BEDFB5417B6B737E2A3816C8FD587D74D836914B2B2EDC9FD6CA30E58) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/af2bf5be-c938-4852-a9b2-14ecff96c414.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/af34038a-8535-46ac-8f63-bdf18bb89563.md b/lolrmm.com/content/bootloaders/af34038a-8535-46ac-8f63-bdf18bb89563.md
new file mode 100644
index 00000000..cd92c84d
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/af34038a-8535-46ac-8f63-bdf18bb89563.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "af34038a-8535-46ac-8f63-bdf18bb89563"
+weight = 10
+displayTitle = "af34038a-8535-46ac-8f63-bdf18bb89563"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# af34038a-8535-46ac-8f63-bdf18bb89563 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Oracle Corporation and revoked Jul-20
+- **UUID**: af34038a-8535-46ac-8f63-bdf18bb89563
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [04A779863E698705914958CFCF521450B8D2C9AE321DFE36A2DFDA00AE75ADC1](https://www.virustotal.com/gui/file/04A779863E698705914958CFCF521450B8D2C9AE321DFE36A2DFDA00AE75ADC1) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [1D5C15CED73845B7E968BF3ACE52C5C660AA2DA6DDEFF2CE6445A04B885A0F12](https://www.virustotal.com/gui/search/authentihash%253A1D5C15CED73845B7E968BF3ACE52C5C660AA2DA6DDEFF2CE6445A04B885A0F12) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/af34038a-8535-46ac-8f63-bdf18bb89563.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/afc98e92-1064-426a-87de-35479bc19474.md b/lolrmm.com/content/bootloaders/afc98e92-1064-426a-87de-35479bc19474.md
new file mode 100644
index 00000000..af032d27
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/afc98e92-1064-426a-87de-35479bc19474.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "afc98e92-1064-426a-87de-35479bc19474"
+weight = 10
+displayTitle = "shimia32.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# shimia32.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Oracle America, Inc. and revoked Apr-21
+- **UUID**: afc98e92-1064-426a-87de-35479bc19474
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\shimia32.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372">CVE-2020-14372</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632">CVE-2020-25632</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647">CVE-2020-25647</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749">CVE-2020-27749</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779">CVE-2020-27779</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3418">CVE-2021-3418</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225">CVE-2021-20225</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233">CVE-2021-20233</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | shimia32.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [1BBE108A0DA8A6A15221BA576E985B4240AD603D7D967F710428A9CB53B97B0B](https://www.virustotal.com/gui/file/1BBE108A0DA8A6A15221BA576E985B4240AD603D7D967F710428A9CB53B97B0B) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [F7E4C7FB10755AC534BCDF61AA7FA18539E42E061C247891E9BA42E17290C742](https://www.virustotal.com/gui/search/authentihash%253AF7E4C7FB10755AC534BCDF61AA7FA18539E42E061C247891E9BA42E17290C742) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/afc98e92-1064-426a-87de-35479bc19474.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/b03177a4-54ec-4449-b30d-f197e75b8b3e.md b/lolrmm.com/content/bootloaders/b03177a4-54ec-4449-b30d-f197e75b8b3e.md
new file mode 100644
index 00000000..b43312dc
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/b03177a4-54ec-4449-b30d-f197e75b8b3e.md
@@ -0,0 +1,241 @@
++++
+
+description = ""
+title = "b03177a4-54ec-4449-b30d-f197e75b8b3e"
+weight = 10
+displayTitle = "bootia32.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootia32.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Neverware and revoked Jul-20
+- **UUID**: b03177a4-54ec-4449-b30d-f197e75b8b3e
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/eaaa74b1ac8f59f8610a8e898de54cf6.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootia32.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootia32.efi |
+| MD5                | [eaaa74b1ac8f59f8610a8e898de54cf6](https://www.virustotal.com/gui/file/eaaa74b1ac8f59f8610a8e898de54cf6) |
+| SHA1               | [82d315d856cf1a43ff8d22192638c8f416be591f](https://www.virustotal.com/gui/file/82d315d856cf1a43ff8d22192638c8f416be591f) |
+| SHA256             | [aa6f27b8b2ca5826f497362042c003b5e1d7ca22383d82730fbc5c45e048d839](https://www.virustotal.com/gui/file/aa6f27b8b2ca5826f497362042c003b5e1d7ca22383d82730fbc5c45e048d839) |
+| Authentihash MD5   | [1adb4d9d5d5c38a654581d03699efb51](https://www.virustotal.com/gui/search/authentihash%253A1adb4d9d5d5c38a654581d03699efb51) |
+| Authentihash SHA1  | [120f24f0e7bfbbe0e0419060b1489921d9fd3fe5](https://www.virustotal.com/gui/search/authentihash%253A120f24f0e7bfbbe0e0419060b1489921d9fd3fe5) |
+| Authentihash SHA256| [56fb79aab26ee9d0e0ca372fb86a8bb459acbc505d0ab35e6a632a3d5f88dcb3](https://www.virustotal.com/gui/search/authentihash%253A56fb79aab26ee9d0e0ca372fb86a8bb459acbc505d0ab35e6a632a3d5f88dcb3) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000002b4b79b3694d12118700010000002b
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 8d8a1f204c9c80213bd427fa58b387e2  |
+| ToBeSigned (TBS) SHA1             | 8d78e1742b948f0c8298e560dd71fe1594020386 |
+| ToBeSigned (TBS) SHA256           | 1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher |
+| ValidFrom                         | 2018-07-03 20:53:01 |
+| ValidTo                           | 2019-07-26 20:53:01 |
+| Signature                         | 54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000002b4b79b3694d12118700010000002b |
+| Version                           | 3 |
+###### Certificate 6108d3c4000000000004
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 1f23e75a000f0b6db92650dc26ac98e1  |
+| ToBeSigned (TBS) SHA1             | bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d |
+| ToBeSigned (TBS) SHA256           | 9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011 |
+| ValidFrom                         | 2011-06-27 21:22:45 |
+| ValidTo                           | 2026-06-27 21:32:45 |
+| Signature                         | 350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 6108d3c4000000000004 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+      "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+      "TBS": {
+        "MD5": "8d8a1f204c9c80213bd427fa58b387e2",
+        "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386",
+        "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0"
+      },
+      "ValidFrom": "2018-07-03 20:53:01",
+      "ValidTo": "2019-07-26 20:53:01",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "6108d3c4000000000004",
+      "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "TBS": {
+        "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+        "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+        "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+      },
+      "ValidFrom": "2011-06-27 21:22:45",
+      "ValidTo": "2026-06-27 21:32:45",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/b03177a4-54ec-4449-b30d-f197e75b8b3e.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/b089a9fd-d664-400b-b66c-158cd1848428.md b/lolrmm.com/content/bootloaders/b089a9fd-d664-400b-b66c-158cd1848428.md
new file mode 100644
index 00000000..66689b0a
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/b089a9fd-d664-400b-b66c-158cd1848428.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "b089a9fd-d664-400b-b66c-158cd1848428"
+weight = 10
+displayTitle = "b089a9fd-d664-400b-b66c-158cd1848428"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# b089a9fd-d664-400b-b66c-158cd1848428 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Intel Corporation and revoked Jul-20
+- **UUID**: b089a9fd-d664-400b-b66c-158cd1848428
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [D4D97AEAB61079D3EB0E55794504991DD1BEB0F200315718FFE44BAE89F8F330](https://www.virustotal.com/gui/file/D4D97AEAB61079D3EB0E55794504991DD1BEB0F200315718FFE44BAE89F8F330) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [81A8B2C9751AEB1FABA7DBDE5EE9691DC0EAEE2A31C38B1491A8146756A6B770](https://www.virustotal.com/gui/search/authentihash%253A81A8B2C9751AEB1FABA7DBDE5EE9691DC0EAEE2A31C38B1491A8146756A6B770) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/b089a9fd-d664-400b-b66c-158cd1848428.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/b0db7258-fe95-4712-ae0f-fe258342295b.md b/lolrmm.com/content/bootloaders/b0db7258-fe95-4712-ae0f-fe258342295b.md
new file mode 100644
index 00000000..0436a11a
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/b0db7258-fe95-4712-ae0f-fe258342295b.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "b0db7258-fe95-4712-ae0f-fe258342295b"
+weight = 10
+displayTitle = "b0db7258-fe95-4712-ae0f-fe258342295b"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# b0db7258-fe95-4712-ae0f-fe258342295b ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by SUSE Linux and revoked Jul-20
+- **UUID**: b0db7258-fe95-4712-ae0f-fe258342295b
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [862EF2D92E8E0DF128007AEF6F9E4D6A6D0DE3C656A4D72D1A19A18068C23508](https://www.virustotal.com/gui/file/862EF2D92E8E0DF128007AEF6F9E4D6A6D0DE3C656A4D72D1A19A18068C23508) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [F31FD461C5E99510403FC97C1DA2D8A9CBE270597D32BADF8FD66B77495F8D94](https://www.virustotal.com/gui/search/authentihash%253AF31FD461C5E99510403FC97C1DA2D8A9CBE270597D32BADF8FD66B77495F8D94) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/b0db7258-fe95-4712-ae0f-fe258342295b.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/b1d65631-7072-4168-b25a-5e18d41b3410.md b/lolrmm.com/content/bootloaders/b1d65631-7072-4168-b25a-5e18d41b3410.md
new file mode 100644
index 00000000..92bf8198
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/b1d65631-7072-4168-b25a-5e18d41b3410.md
@@ -0,0 +1,164 @@
++++
+
+description = ""
+title = "b1d65631-7072-4168-b25a-5e18d41b3410"
+weight = 10
+displayTitle = "shim-13-0ubuntu2/shim64-bit.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# shim-13-0ubuntu2/shim64-bit.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Canonical Ltd and revoked Apr-21
+- **UUID**: b1d65631-7072-4168-b25a-5e18d41b3410
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/a27c33dada320aff0672ce32f953ffbc.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\shim-13-0ubuntu2/shim64-bit.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372">CVE-2020-14372</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632">CVE-2020-25632</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647">CVE-2020-25647</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749">CVE-2020-27749</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779">CVE-2020-27779</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3418">CVE-2021-3418</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225">CVE-2021-20225</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233">CVE-2021-20233</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | shim-13-0ubuntu2/shim64-bit.efi |
+| MD5                | [a27c33dada320aff0672ce32f953ffbc](https://www.virustotal.com/gui/file/a27c33dada320aff0672ce32f953ffbc) |
+| SHA1               | [412391ed50bdc33f24da222c7d79c00dcafbaddb](https://www.virustotal.com/gui/file/412391ed50bdc33f24da222c7d79c00dcafbaddb) |
+| SHA256             | [9be93e365a8240a03b05db26684b708b46d7585be325a3e22170cd5b324e0cb0](https://www.virustotal.com/gui/file/9be93e365a8240a03b05db26684b708b46d7585be325a3e22170cd5b324e0cb0) |
+| Authentihash MD5   | [1d9a09ad4a977af7eb8359638d016fbf](https://www.virustotal.com/gui/search/authentihash%253A1d9a09ad4a977af7eb8359638d016fbf) |
+| Authentihash SHA1  | [70673742c167b615118ed8692cc0a100427c3f46](https://www.virustotal.com/gui/search/authentihash%253A70673742c167b615118ed8692cc0a100427c3f46) |
+| Authentihash SHA256| [a8ddf4d0f6a7056f55b464cc79a986cce24541961263c216bedc19a7c4ca2296](https://www.virustotal.com/gui/search/authentihash%253Aa8ddf4d0f6a7056f55b464cc79a986cce24541961263c216bedc19a7c4ca2296) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/b1d65631-7072-4168-b25a-5e18d41b3410.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/b1ed132f-d99d-4616-9fa6-56b6e8e814f6.md b/lolrmm.com/content/bootloaders/b1ed132f-d99d-4616-9fa6-56b6e8e814f6.md
new file mode 100644
index 00000000..c3b63048
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/b1ed132f-d99d-4616-9fa6-56b6e8e814f6.md
@@ -0,0 +1,234 @@
++++
+
+description = ""
+title = "b1ed132f-d99d-4616-9fa6-56b6e8e814f6"
+weight = 10
+displayTitle = "Bootx64.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# Bootx64.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Eurosoft and revoked Aug-22
+- **UUID**: b1ed132f-d99d-4616-9fa6-56b6e8e814f6
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/7e05f116825f8e60072443b813e6192e.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\Bootx64.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34301">CVE-2022-34301</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | Bootx64.efi |
+| MD5                | [7e05f116825f8e60072443b813e6192e](https://www.virustotal.com/gui/file/7e05f116825f8e60072443b813e6192e) |
+| SHA1               | [c9bda70cc887ceb1c4552319df909c8bca331b58](https://www.virustotal.com/gui/file/c9bda70cc887ceb1c4552319df909c8bca331b58) |
+| SHA256             | [09f2e41661cbbd714d22986fbb36a2b5764a5544c85f9875d227f6a26e1c8c8b](https://www.virustotal.com/gui/file/09f2e41661cbbd714d22986fbb36a2b5764a5544c85f9875d227f6a26e1c8c8b) |
+| Authentihash MD5   | [1e31b54463f12e9af1098295a74b4866](https://www.virustotal.com/gui/search/authentihash%253A1e31b54463f12e9af1098295a74b4866) |
+| Authentihash SHA1  | [7bc2c8f3a922fda1f6b16dd09425006a4715f7ee](https://www.virustotal.com/gui/search/authentihash%253A7bc2c8f3a922fda1f6b16dd09425006a4715f7ee) |
+| Authentihash SHA256| [66d0803e2550d9e790829ae1b5f81547cc9bfbe69b51817068ecb5dabb7a89fc](https://www.virustotal.com/gui/search/authentihash%253A66d0803e2550d9e790829ae1b5f81547cc9bfbe69b51817068ecb5dabb7a89fc) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000002b4b79b3694d12118700010000002b
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 8d8a1f204c9c80213bd427fa58b387e2  |
+| ToBeSigned (TBS) SHA1             | 8d78e1742b948f0c8298e560dd71fe1594020386 |
+| ToBeSigned (TBS) SHA256           | 1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher |
+| ValidFrom                         | 2018-07-03 20:53:01 |
+| ValidTo                           | 2019-07-26 20:53:01 |
+| Signature                         | 54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000002b4b79b3694d12118700010000002b |
+| Version                           | 3 |
+###### Certificate 6108d3c4000000000004
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 1f23e75a000f0b6db92650dc26ac98e1  |
+| ToBeSigned (TBS) SHA1             | bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d |
+| ToBeSigned (TBS) SHA256           | 9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011 |
+| ValidFrom                         | 2011-06-27 21:22:45 |
+| ValidTo                           | 2026-06-27 21:32:45 |
+| Signature                         | 350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 6108d3c4000000000004 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+      "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+      "TBS": {
+        "MD5": "8d8a1f204c9c80213bd427fa58b387e2",
+        "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386",
+        "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0"
+      },
+      "ValidFrom": "2018-07-03 20:53:01",
+      "ValidTo": "2019-07-26 20:53:01",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "6108d3c4000000000004",
+      "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "TBS": {
+        "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+        "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+        "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+      },
+      "ValidFrom": "2011-06-27 21:22:45",
+      "ValidTo": "2026-06-27 21:32:45",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/b1ed132f-d99d-4616-9fa6-56b6e8e814f6.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/b262ea41-bb3c-4682-9a8d-a4e52e495c6c.md b/lolrmm.com/content/bootloaders/b262ea41-bb3c-4682-9a8d-a4e52e495c6c.md
new file mode 100644
index 00000000..36d757ab
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/b262ea41-bb3c-4682-9a8d-a4e52e495c6c.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "b262ea41-bb3c-4682-9a8d-a4e52e495c6c"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: b262ea41-bb3c-4682-9a8d-a4e52e495c6c
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/7f5843d48a960315b047e5231470e1b6.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8">Black Lotus Microsoft Windows 8</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [7f5843d48a960315b047e5231470e1b6](https://www.virustotal.com/gui/file/7f5843d48a960315b047e5231470e1b6) |
+| SHA1               | [a9f1a7c49b57694d6f44de42e7675ccf07e0a57e](https://www.virustotal.com/gui/file/a9f1a7c49b57694d6f44de42e7675ccf07e0a57e) |
+| SHA256             | [81199ecb7a384d04f4e0f5541af731ca6ab0a04f1e2d692b4c386e0f02f15009](https://www.virustotal.com/gui/file/81199ecb7a384d04f4e0f5541af731ca6ab0a04f1e2d692b4c386e0f02f15009) |
+| Authentihash MD5   | [9ac88694e8ed9aee8005b00700994fd1](https://www.virustotal.com/gui/search/authentihash%253A9ac88694e8ed9aee8005b00700994fd1) |
+| Authentihash SHA1  | [f1fcc53669caf87c89c1acec550dc9b989d5f4a8](https://www.virustotal.com/gui/search/authentihash%253Af1fcc53669caf87c89c1acec550dc9b989d5f4a8) |
+| Authentihash SHA256| [7a0294ba07a2aee3648afc0daf2efd526a5b76349ec906f819c03bc217257638](https://www.virustotal.com/gui/search/authentihash%253A7a0294ba07a2aee3648afc0daf2efd526a5b76349ec906f819c03bc217257638) |
+| RichPEHeaderHash MD5   | [fa6462badb7aa537a9d3ecf604e9fbd7](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Afa6462badb7aa537a9d3ecf604e9fbd7) |
+| RichPEHeaderHash SHA1  | [caefdafc6f3620830b306d429c83bb077f6bdaa4](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Acaefdafc6f3620830b306d429c83bb077f6bdaa4) |
+| RichPEHeaderHash SHA256| [4689fe3d6e35db99759219db2adef6cefa62105e8b636c0c5bd2a6bec395e471](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A4689fe3d6e35db99759219db2adef6cefa62105e8b636c0c5bd2a6bec395e471) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 610bbbd8000000000005
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 158438012e4dcd69b27b762c9358cfa2  |
+| ToBeSigned (TBS) SHA1             | 684ac167849404a4101f166b759f291a43d5f749 |
+| ToBeSigned (TBS) SHA256           | 95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2012-04-09 20:55:50 |
+| ValidTo                           | 2013-07-09 20:55:50 |
+| Signature                         | c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 610bbbd8000000000005 |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "610bbbd8000000000005",
+      "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "158438012e4dcd69b27b762c9358cfa2",
+        "SHA1": "684ac167849404a4101f166b759f291a43d5f749",
+        "SHA256": "95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c"
+      },
+      "ValidFrom": "2012-04-09 20:55:50",
+      "ValidTo": "2013-07-09 20:55:50",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "610bbbd8000000000005",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/b262ea41-bb3c-4682-9a8d-a4e52e495c6c.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/b2be4369-0672-4a82-96df-ee4d208d3352.md b/lolrmm.com/content/bootloaders/b2be4369-0672-4a82-96df-ee4d208d3352.md
new file mode 100644
index 00000000..53bcc127
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/b2be4369-0672-4a82-96df-ee4d208d3352.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "b2be4369-0672-4a82-96df-ee4d208d3352"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: b2be4369-0672-4a82-96df-ee4d208d3352
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [79631821A585BFC9A9A5D2D92D37714EFD84A3D856284A0897654461EC1C137D](https://www.virustotal.com/gui/file/79631821A585BFC9A9A5D2D92D37714EFD84A3D856284A0897654461EC1C137D) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [54061FF50D91296F2F44D8B338AEEDFBBE86DF49DB5DE8A45191AAA931F5BCF6](https://www.virustotal.com/gui/search/authentihash%253A54061FF50D91296F2F44D8B338AEEDFBBE86DF49DB5DE8A45191AAA931F5BCF6) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/b2be4369-0672-4a82-96df-ee4d208d3352.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/b3a8852a-b702-419a-9d1c-4b371a130474.md b/lolrmm.com/content/bootloaders/b3a8852a-b702-419a-9d1c-4b371a130474.md
new file mode 100644
index 00000000..f6024680
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/b3a8852a-b702-419a-9d1c-4b371a130474.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "b3a8852a-b702-419a-9d1c-4b371a130474"
+weight = 10
+displayTitle = "b3a8852a-b702-419a-9d1c-4b371a130474"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# b3a8852a-b702-419a-9d1c-4b371a130474 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by SUSE Linux and revoked Jul-20
+- **UUID**: b3a8852a-b702-419a-9d1c-4b371a130474
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [5613DD1553044BEF74610BC012D676375588421FF0000B69DCF62D1081451ECE](https://www.virustotal.com/gui/file/5613DD1553044BEF74610BC012D676375588421FF0000B69DCF62D1081451ECE) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [0928F0408BF725E61D67D87138A8EEBC52962D2847F16E3587163B160E41B6AD](https://www.virustotal.com/gui/search/authentihash%253A0928F0408BF725E61D67D87138A8EEBC52962D2847F16E3587163B160E41B6AD) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/b3a8852a-b702-419a-9d1c-4b371a130474.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/b3b0f086-0c9c-4e10-b65c-47509c6f0dfb.md b/lolrmm.com/content/bootloaders/b3b0f086-0c9c-4e10-b65c-47509c6f0dfb.md
new file mode 100644
index 00000000..90234d10
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/b3b0f086-0c9c-4e10-b65c-47509c6f0dfb.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "b3b0f086-0c9c-4e10-b65c-47509c6f0dfb"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: b3b0f086-0c9c-4e10-b65c-47509c6f0dfb
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/fe08109ce34ae68fed49348549b9ead1.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [fe08109ce34ae68fed49348549b9ead1](https://www.virustotal.com/gui/file/fe08109ce34ae68fed49348549b9ead1) |
+| SHA1               | [7fb211ce3088f2e657c72dcc80574310becde3e7](https://www.virustotal.com/gui/file/7fb211ce3088f2e657c72dcc80574310becde3e7) |
+| SHA256             | [d8732eb8bd7240f17d90656424aabc0669c3d13e3117efc4805bb59dd21ceb1d](https://www.virustotal.com/gui/file/d8732eb8bd7240f17d90656424aabc0669c3d13e3117efc4805bb59dd21ceb1d) |
+| Authentihash MD5   | [724bc2c9091c4dd631e113c32702d9f4](https://www.virustotal.com/gui/search/authentihash%253A724bc2c9091c4dd631e113c32702d9f4) |
+| Authentihash SHA1  | [f8799b5f344ad92948a1468937cd9255e6873dac](https://www.virustotal.com/gui/search/authentihash%253Af8799b5f344ad92948a1468937cd9255e6873dac) |
+| Authentihash SHA256| [f197a171a09ab640aa8ac4ff7ddfc88377a89fdbb3fee014abb9097d92575b67](https://www.virustotal.com/gui/search/authentihash%253Af197a171a09ab640aa8ac4ff7ddfc88377a89fdbb3fee014abb9097d92575b67) |
+| RichPEHeaderHash MD5   | [95c181375ef93e118f930024df1bff96](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A95c181375ef93e118f930024df1bff96) |
+| RichPEHeaderHash SHA1  | [e3a24ad3c9b07df2a4fb39a1432ba3597faa48f7](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Ae3a24ad3c9b07df2a4fb39a1432ba3597faa48f7) |
+| RichPEHeaderHash SHA256| [0708c72d17d4892e2deab31b567c830ee261f5e5730997a47366c0e1e58dec0e](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A0708c72d17d4892e2deab31b567c830ee261f5e5730997a47366c0e1e58dec0e) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 33000000bce120fdd27cc8ee930000000000bc
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | f31f8c784e5d3986ccacb9c88c6d7044  |
+| ToBeSigned (TBS) SHA1             | 833498af9a41da339c83e0d384b521f72d053331 |
+| ToBeSigned (TBS) SHA256           | 1f47e616b2810165968d76ef4f6587611c276f4b52901bd6aa5822f9c6e52976 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2015-08-18 17:15:28 |
+| ValidTo                           | 2016-11-18 17:15:28 |
+| Signature                         | 60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 33000000bce120fdd27cc8ee930000000000bc |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+      "Signature": "60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "f31f8c784e5d3986ccacb9c88c6d7044",
+        "SHA1": "833498af9a41da339c83e0d384b521f72d053331",
+        "SHA256": "1f47e616b2810165968d76ef4f6587611c276f4b52901bd6aa5822f9c6e52976"
+      },
+      "ValidFrom": "2015-08-18 17:15:28",
+      "ValidTo": "2016-11-18 17:15:28",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/b3b0f086-0c9c-4e10-b65c-47509c6f0dfb.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/b3ceecb6-6bb6-43fa-9ab3-8ba2d6647443.md b/lolrmm.com/content/bootloaders/b3ceecb6-6bb6-43fa-9ab3-8ba2d6647443.md
new file mode 100644
index 00000000..258fcb2c
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/b3ceecb6-6bb6-43fa-9ab3-8ba2d6647443.md
@@ -0,0 +1,241 @@
++++
+
+description = ""
+title = "b3ceecb6-6bb6-43fa-9ab3-8ba2d6647443"
+weight = 10
+displayTitle = "shim.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# shim.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Micron Technology and revoked Jul-20
+- **UUID**: b3ceecb6-6bb6-43fa-9ab3-8ba2d6647443
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/d407a4d3a9887218394aa73e94ffbde5.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\shim.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | shim.efi |
+| MD5                | [d407a4d3a9887218394aa73e94ffbde5](https://www.virustotal.com/gui/file/d407a4d3a9887218394aa73e94ffbde5) |
+| SHA1               | [d483cd3de769ee4a2bd69c498501e7764656fb75](https://www.virustotal.com/gui/file/d483cd3de769ee4a2bd69c498501e7764656fb75) |
+| SHA256             | [9d61099de8327efeff7e4aea81d9f3396a2218e6b22e15d05032a765897c0eba](https://www.virustotal.com/gui/file/9d61099de8327efeff7e4aea81d9f3396a2218e6b22e15d05032a765897c0eba) |
+| Authentihash MD5   | [2ccccbe8e79cfaa23784d56e0edf946f](https://www.virustotal.com/gui/search/authentihash%253A2ccccbe8e79cfaa23784d56e0edf946f) |
+| Authentihash SHA1  | [4dc601eb63e1e8d30e7ed4eede0a757630e66dc5](https://www.virustotal.com/gui/search/authentihash%253A4dc601eb63e1e8d30e7ed4eede0a757630e66dc5) |
+| Authentihash SHA256| [b3e506340fbf6b5786973393079f24b66ba46507e35e911db0362a2acde97049](https://www.virustotal.com/gui/search/authentihash%253Ab3e506340fbf6b5786973393079f24b66ba46507e35e911db0362a2acde97049) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000000a6642f3f49fb7379600010000000a
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | c52110f552e27ebb1e3fae114abafb3f  |
+| ToBeSigned (TBS) SHA1             | 4954e087123653ce38da4cdd31141b6a1bb999e4 |
+| ToBeSigned (TBS) SHA256           | 1cf7d28cfb21714522a9c91dda9d899ceadb0769f14b25e770799d88365aa54c |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher |
+| ValidFrom                         | 2013-09-24 17:54:03 |
+| ValidTo                           | 2014-12-24 17:54:03 |
+| Signature                         | 2a27d6bd2f34c68a9989ec856449fe4934ad5c0615ec5819664399053737a86be46c914b9478ce393534b759eec5eb6f015b706b853f1d2be51fe9807b178eaa9e0f9558d6a5d913c58c7492cbad106abb7395426801a42f363842e60bf72d046668865db5d8ce2c901c9673044d05abb74c171ac198c0f9376bb9185ec7523bb53e6d2c114642ffbfbe20efc6c2571c2006159cb70ff2c428e997f6ce83bf57ad9a47c47decce9830cf861a156471c62600a0260b44e29ea8e6e33c407c046f37be4a46dcaf38c018b24f969beb716d8e76cebc3d1d19134ed6f216cc2e357848b4998196ebd7326bca3e3ade1ba88e98612a569a46a1f45856f4e2dfa02a5d |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000000a6642f3f49fb7379600010000000a |
+| Version                           | 3 |
+###### Certificate 6108d3c4000000000004
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 1f23e75a000f0b6db92650dc26ac98e1  |
+| ToBeSigned (TBS) SHA1             | bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d |
+| ToBeSigned (TBS) SHA256           | 9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011 |
+| ValidFrom                         | 2011-06-27 21:22:45 |
+| ValidTo                           | 2026-06-27 21:32:45 |
+| Signature                         | 350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 6108d3c4000000000004 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000000a6642f3f49fb7379600010000000a",
+      "Signature": "2a27d6bd2f34c68a9989ec856449fe4934ad5c0615ec5819664399053737a86be46c914b9478ce393534b759eec5eb6f015b706b853f1d2be51fe9807b178eaa9e0f9558d6a5d913c58c7492cbad106abb7395426801a42f363842e60bf72d046668865db5d8ce2c901c9673044d05abb74c171ac198c0f9376bb9185ec7523bb53e6d2c114642ffbfbe20efc6c2571c2006159cb70ff2c428e997f6ce83bf57ad9a47c47decce9830cf861a156471c62600a0260b44e29ea8e6e33c407c046f37be4a46dcaf38c018b24f969beb716d8e76cebc3d1d19134ed6f216cc2e357848b4998196ebd7326bca3e3ade1ba88e98612a569a46a1f45856f4e2dfa02a5d",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+      "TBS": {
+        "MD5": "c52110f552e27ebb1e3fae114abafb3f",
+        "SHA1": "4954e087123653ce38da4cdd31141b6a1bb999e4",
+        "SHA256": "1cf7d28cfb21714522a9c91dda9d899ceadb0769f14b25e770799d88365aa54c"
+      },
+      "ValidFrom": "2013-09-24 17:54:03",
+      "ValidTo": "2014-12-24 17:54:03",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "6108d3c4000000000004",
+      "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "TBS": {
+        "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+        "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+        "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+      },
+      "ValidFrom": "2011-06-27 21:22:45",
+      "ValidTo": "2026-06-27 21:32:45",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "SerialNumber": "330000000a6642f3f49fb7379600010000000a",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/b3ceecb6-6bb6-43fa-9ab3-8ba2d6647443.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/b3f78afd-8a4f-444e-8561-b32a5d6015f1.md b/lolrmm.com/content/bootloaders/b3f78afd-8a4f-444e-8561-b32a5d6015f1.md
new file mode 100644
index 00000000..e11694aa
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/b3f78afd-8a4f-444e-8561-b32a5d6015f1.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "b3f78afd-8a4f-444e-8561-b32a5d6015f1"
+weight = 10
+displayTitle = "bootx64.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootx64.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: b3f78afd-8a4f-444e-8561-b32a5d6015f1
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootx64.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootx64.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [C8AA71C72318CA43CBA4302FBAD12B474E7E4ED1B0EDA8A48CD71343A32FF155](https://www.virustotal.com/gui/file/C8AA71C72318CA43CBA4302FBAD12B474E7E4ED1B0EDA8A48CD71343A32FF155) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [CB95A4D2E0E02A5B56D059C9F223C2326753EA8C44D2E3FA6C4486629BE387A9](https://www.virustotal.com/gui/search/authentihash%253ACB95A4D2E0E02A5B56D059C9F223C2326753EA8C44D2E3FA6C4486629BE387A9) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/b3f78afd-8a4f-444e-8561-b32a5d6015f1.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/b429b35f-a9c3-4de9-a7be-da2b2c688a02.md b/lolrmm.com/content/bootloaders/b429b35f-a9c3-4de9-a7be-da2b2c688a02.md
new file mode 100644
index 00000000..81d4dcbd
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/b429b35f-a9c3-4de9-a7be-da2b2c688a02.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "b429b35f-a9c3-4de9-a7be-da2b2c688a02"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: b429b35f-a9c3-4de9-a7be-da2b2c688a02
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8">Black Lotus Microsoft Windows 8</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [02FF707BE8808663B2CC33286630839DD7B14AC8E2340F4661870B18A9621D9D](https://www.virustotal.com/gui/file/02FF707BE8808663B2CC33286630839DD7B14AC8E2340F4661870B18A9621D9D) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [B420509D0D69B294633FD7AE2C36B2B549D45A6A863EF16843A1116A11127F56](https://www.virustotal.com/gui/search/authentihash%253AB420509D0D69B294633FD7AE2C36B2B549D45A6A863EF16843A1116A11127F56) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/b429b35f-a9c3-4de9-a7be-da2b2c688a02.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/b42db55a-4520-493a-81ec-42002887ea96.md b/lolrmm.com/content/bootloaders/b42db55a-4520-493a-81ec-42002887ea96.md
new file mode 100644
index 00000000..cd6e59b4
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/b42db55a-4520-493a-81ec-42002887ea96.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "b42db55a-4520-493a-81ec-42002887ea96"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: b42db55a-4520-493a-81ec-42002887ea96
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/7f0de7a661590f1c33de0b80676e8827.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [7f0de7a661590f1c33de0b80676e8827](https://www.virustotal.com/gui/file/7f0de7a661590f1c33de0b80676e8827) |
+| SHA1               | [003454b835a5ee7ee200f9cb4e68b071e2b8e69b](https://www.virustotal.com/gui/file/003454b835a5ee7ee200f9cb4e68b071e2b8e69b) |
+| SHA256             | [d1af02fca7522c8d27e053544b3b653ff2daffcae9c420e460235dacab53f7cd](https://www.virustotal.com/gui/file/d1af02fca7522c8d27e053544b3b653ff2daffcae9c420e460235dacab53f7cd) |
+| Authentihash MD5   | [caa781731a9d13ac418d97ec2cccb8f1](https://www.virustotal.com/gui/search/authentihash%253Acaa781731a9d13ac418d97ec2cccb8f1) |
+| Authentihash SHA1  | [7ac2da2861fe7b90862a27b63629d8a9ee58d97d](https://www.virustotal.com/gui/search/authentihash%253A7ac2da2861fe7b90862a27b63629d8a9ee58d97d) |
+| Authentihash SHA256| [7fddfe06c44dc4302da54577353c18fdbe11b41cb3e6064ec1c116ee102fe080](https://www.virustotal.com/gui/search/authentihash%253A7fddfe06c44dc4302da54577353c18fdbe11b41cb3e6064ec1c116ee102fe080) |
+| RichPEHeaderHash MD5   | [a387b0075e977009a7bb74d24fc388de](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Aa387b0075e977009a7bb74d24fc388de) |
+| RichPEHeaderHash SHA1  | [345e019b25904c911be9e3b6a9e2b0bb18652b04](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A345e019b25904c911be9e3b6a9e2b0bb18652b04) |
+| RichPEHeaderHash SHA256| [e04ed5674c66abbab401efb6e21e2481d4cbc485e5c8a6d34419bd7c8cc9fdad](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Ae04ed5674c66abbab401efb6e21e2481d4cbc485e5c8a6d34419bd7c8cc9fdad) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 33000000bce120fdd27cc8ee930000000000bc
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | f31f8c784e5d3986ccacb9c88c6d7044  |
+| ToBeSigned (TBS) SHA1             | 833498af9a41da339c83e0d384b521f72d053331 |
+| ToBeSigned (TBS) SHA256           | 1f47e616b2810165968d76ef4f6587611c276f4b52901bd6aa5822f9c6e52976 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2015-08-18 17:15:28 |
+| ValidTo                           | 2016-11-18 17:15:28 |
+| Signature                         | 60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 33000000bce120fdd27cc8ee930000000000bc |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+      "Signature": "60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "f31f8c784e5d3986ccacb9c88c6d7044",
+        "SHA1": "833498af9a41da339c83e0d384b521f72d053331",
+        "SHA256": "1f47e616b2810165968d76ef4f6587611c276f4b52901bd6aa5822f9c6e52976"
+      },
+      "ValidFrom": "2015-08-18 17:15:28",
+      "ValidTo": "2016-11-18 17:15:28",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/b42db55a-4520-493a-81ec-42002887ea96.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/b59f1e98-72fb-4ccf-a651-bf9318f14150.md b/lolrmm.com/content/bootloaders/b59f1e98-72fb-4ccf-a651-bf9318f14150.md
new file mode 100644
index 00000000..5d669d73
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/b59f1e98-72fb-4ccf-a651-bf9318f14150.md
@@ -0,0 +1,241 @@
++++
+
+description = ""
+title = "b59f1e98-72fb-4ccf-a651-bf9318f14150"
+weight = 10
+displayTitle = "bootx64.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootx64.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Endless OS and revoked Jul-20
+- **UUID**: b59f1e98-72fb-4ccf-a651-bf9318f14150
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/7661abbf92a68466a3562ec887365e6a.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootx64.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootx64.efi |
+| MD5                | [7661abbf92a68466a3562ec887365e6a](https://www.virustotal.com/gui/file/7661abbf92a68466a3562ec887365e6a) |
+| SHA1               | [ccdc96497a3d4cb4a616939fbf102e5faa787a9f](https://www.virustotal.com/gui/file/ccdc96497a3d4cb4a616939fbf102e5faa787a9f) |
+| SHA256             | [4b2bd93b32de4be7235c95c97af98e12bed5f0602b7b428700f9a1348cb2f731](https://www.virustotal.com/gui/file/4b2bd93b32de4be7235c95c97af98e12bed5f0602b7b428700f9a1348cb2f731) |
+| Authentihash MD5   | [a130bc7f90388e8f9d885f55fc7a8b8e](https://www.virustotal.com/gui/search/authentihash%253Aa130bc7f90388e8f9d885f55fc7a8b8e) |
+| Authentihash SHA1  | [b7f9b5a096cd0d524da6296ace355e268cc01a9d](https://www.virustotal.com/gui/search/authentihash%253Ab7f9b5a096cd0d524da6296ace355e268cc01a9d) |
+| Authentihash SHA256| [0fa3a29ad05130d7fe5bf4d2596563cded1d874096aacc181069932a2e49519a](https://www.virustotal.com/gui/search/authentihash%253A0fa3a29ad05130d7fe5bf4d2596563cded1d874096aacc181069932a2e49519a) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 3300000018e730837f472a7b5b000100000018
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | d442a6ab238e766c07d33f02d299a9a5  |
+| ToBeSigned (TBS) SHA1             | 3fb2a93548919ed386a441800a5d941ee358e38f |
+| ToBeSigned (TBS) SHA256           | 8806fc9fc29ec30556728d016e0667364f4f3359b8747cbd45d5f783ffe93abb |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher |
+| ValidFrom                         | 2015-10-28 20:43:37 |
+| ValidTo                           | 2017-01-28 20:43:37 |
+| Signature                         | 71bbbe63866fd705b424a7ba51f23ca48a84197382972d3a8f43597f67928ed7263aa0a22681b89d851ddb655f9ccf932a92da0dc6c7f43eded65716ee65ed2739ef140bb95d987dcdc1b7ee9134abd02370e12c3eba71662f10e88370610acb6c98fff27c38b3b829333d75428e804aded09b3486717d41188f048902c169787bcf10996c7b66de4dfa5b8217bdb02314393db288a8dffb5b5b63a14d781ebf0efa5ac640585fdf6370bcb52870f92d67282231111211726c82c09a1a1a81043bba955b40bbc91c033272d987521e37d8aa1dd0fa54513c12acc0a1480801d2dfa5e438a71a0a30a684a39233224b9e71463db6b99a67073724a200425b42c6 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 3300000018e730837f472a7b5b000100000018 |
+| Version                           | 3 |
+###### Certificate 6108d3c4000000000004
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 1f23e75a000f0b6db92650dc26ac98e1  |
+| ToBeSigned (TBS) SHA1             | bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d |
+| ToBeSigned (TBS) SHA256           | 9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011 |
+| ValidFrom                         | 2011-06-27 21:22:45 |
+| ValidTo                           | 2026-06-27 21:32:45 |
+| Signature                         | 350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 6108d3c4000000000004 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "3300000018e730837f472a7b5b000100000018",
+      "Signature": "71bbbe63866fd705b424a7ba51f23ca48a84197382972d3a8f43597f67928ed7263aa0a22681b89d851ddb655f9ccf932a92da0dc6c7f43eded65716ee65ed2739ef140bb95d987dcdc1b7ee9134abd02370e12c3eba71662f10e88370610acb6c98fff27c38b3b829333d75428e804aded09b3486717d41188f048902c169787bcf10996c7b66de4dfa5b8217bdb02314393db288a8dffb5b5b63a14d781ebf0efa5ac640585fdf6370bcb52870f92d67282231111211726c82c09a1a1a81043bba955b40bbc91c033272d987521e37d8aa1dd0fa54513c12acc0a1480801d2dfa5e438a71a0a30a684a39233224b9e71463db6b99a67073724a200425b42c6",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+      "TBS": {
+        "MD5": "d442a6ab238e766c07d33f02d299a9a5",
+        "SHA1": "3fb2a93548919ed386a441800a5d941ee358e38f",
+        "SHA256": "8806fc9fc29ec30556728d016e0667364f4f3359b8747cbd45d5f783ffe93abb"
+      },
+      "ValidFrom": "2015-10-28 20:43:37",
+      "ValidTo": "2017-01-28 20:43:37",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "6108d3c4000000000004",
+      "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "TBS": {
+        "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+        "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+        "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+      },
+      "ValidFrom": "2011-06-27 21:22:45",
+      "ValidTo": "2026-06-27 21:32:45",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "SerialNumber": "3300000018e730837f472a7b5b000100000018",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/b59f1e98-72fb-4ccf-a651-bf9318f14150.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/b6967d5b-ea2b-4a4b-b24c-63a8eb8dedcd.md b/lolrmm.com/content/bootloaders/b6967d5b-ea2b-4a4b-b24c-63a8eb8dedcd.md
new file mode 100644
index 00000000..646218a7
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/b6967d5b-ea2b-4a4b-b24c-63a8eb8dedcd.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "b6967d5b-ea2b-4a4b-b24c-63a8eb8dedcd"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: b6967d5b-ea2b-4a4b-b24c-63a8eb8dedcd
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [8E5609A57BD66CC153EC2AC60CC10C2E641334C26EA5068C1FD8373A503EF1D7](https://www.virustotal.com/gui/file/8E5609A57BD66CC153EC2AC60CC10C2E641334C26EA5068C1FD8373A503EF1D7) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [CC7396D1C306ADFCE49E70D7DAF32D093A8F2FEBE2AC0576BA853770E11B3EF2](https://www.virustotal.com/gui/search/authentihash%253ACC7396D1C306ADFCE49E70D7DAF32D093A8F2FEBE2AC0576BA853770E11B3EF2) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/b6967d5b-ea2b-4a4b-b24c-63a8eb8dedcd.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/b7909152-9a87-4045-9aca-ae18890b2b71.md b/lolrmm.com/content/bootloaders/b7909152-9a87-4045-9aca-ae18890b2b71.md
new file mode 100644
index 00000000..12a0f517
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/b7909152-9a87-4045-9aca-ae18890b2b71.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "b7909152-9a87-4045-9aca-ae18890b2b71"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: b7909152-9a87-4045-9aca-ae18890b2b71
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [41607556B9A25F6F3AB73331589519553F83D2CB3629FB3E729303898D173023](https://www.virustotal.com/gui/file/41607556B9A25F6F3AB73331589519553F83D2CB3629FB3E729303898D173023) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [3B7696DF627ADE30BB15BDC5CE3F3C27240C973353E8551E7B036C90D01280C9](https://www.virustotal.com/gui/search/authentihash%253A3B7696DF627ADE30BB15BDC5CE3F3C27240C973353E8551E7B036C90D01280C9) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/b7909152-9a87-4045-9aca-ae18890b2b71.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/b7f9ffcf-525f-427e-b3fd-72289f61ffd3.md b/lolrmm.com/content/bootloaders/b7f9ffcf-525f-427e-b3fd-72289f61ffd3.md
new file mode 100644
index 00000000..6251d19e
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/b7f9ffcf-525f-427e-b3fd-72289f61ffd3.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "b7f9ffcf-525f-427e-b3fd-72289f61ffd3"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: b7f9ffcf-525f-427e-b3fd-72289f61ffd3
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [462F49B4FC9E4CE706D668042EB76F711B4292BAE2BE8DD5897182B316EF217D](https://www.virustotal.com/gui/file/462F49B4FC9E4CE706D668042EB76F711B4292BAE2BE8DD5897182B316EF217D) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [C470161A06E6B452253A623536924979CDD11838E08D8E4DC86F763732E64B0B](https://www.virustotal.com/gui/search/authentihash%253AC470161A06E6B452253A623536924979CDD11838E08D8E4DC86F763732E64B0B) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/b7f9ffcf-525f-427e-b3fd-72289f61ffd3.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/b842b745-24ab-4f75-a302-5d4c4bf0101b.md b/lolrmm.com/content/bootloaders/b842b745-24ab-4f75-a302-5d4c4bf0101b.md
new file mode 100644
index 00000000..47f87385
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/b842b745-24ab-4f75-a302-5d4c4bf0101b.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "b842b745-24ab-4f75-a302-5d4c4bf0101b"
+weight = 10
+displayTitle = "b842b745-24ab-4f75-a302-5d4c4bf0101b"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# b842b745-24ab-4f75-a302-5d4c4bf0101b ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Unknown and revoked Jul-20
+- **UUID**: b842b745-24ab-4f75-a302-5d4c4bf0101b
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [C33397B499368E23DDA3FD5B9CC989647442F279EE6F80B53C620721C958346D](https://www.virustotal.com/gui/file/C33397B499368E23DDA3FD5B9CC989647442F279EE6F80B53C620721C958346D) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [C2469759C1947E14F4B65F72A9F5B3AF8B6F6E727B68BB0D91385CBF42176A8A](https://www.virustotal.com/gui/search/authentihash%253AC2469759C1947E14F4B65F72A9F5B3AF8B6F6E727B68BB0D91385CBF42176A8A) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/b842b745-24ab-4f75-a302-5d4c4bf0101b.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/b8cfe531-3969-4203-a575-fec35e4880fd.md b/lolrmm.com/content/bootloaders/b8cfe531-3969-4203-a575-fec35e4880fd.md
new file mode 100644
index 00000000..b29a6187
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/b8cfe531-3969-4203-a575-fec35e4880fd.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "b8cfe531-3969-4203-a575-fec35e4880fd"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: b8cfe531-3969-4203-a575-fec35e4880fd
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8">Black Lotus Microsoft Windows 8</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [D2BF5E584EA2F3844B27CEF320636D1A2CD6BFB023ED65110FF6D0EF09292114](https://www.virustotal.com/gui/file/D2BF5E584EA2F3844B27CEF320636D1A2CD6BFB023ED65110FF6D0EF09292114) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [F2A74464235248EA2A41EA0D0256E9CDD24BB6B3E2A6F2FC7E0AADC86EC56CA1](https://www.virustotal.com/gui/search/authentihash%253AF2A74464235248EA2A41EA0D0256E9CDD24BB6B3E2A6F2FC7E0AADC86EC56CA1) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/b8cfe531-3969-4203-a575-fec35e4880fd.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/bab3bdab-1013-4418-bb3c-2ec673c8b6f5.md b/lolrmm.com/content/bootloaders/bab3bdab-1013-4418-bb3c-2ec673c8b6f5.md
new file mode 100644
index 00000000..08e28fbc
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/bab3bdab-1013-4418-bb3c-2ec673c8b6f5.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "bab3bdab-1013-4418-bb3c-2ec673c8b6f5"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: bab3bdab-1013-4418-bb3c-2ec673c8b6f5
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8">Black Lotus Microsoft Windows 8</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [9F91A5AAC09BA6E514DC37A013A68589DD22C1F5A7A539F4138CBC8ABC0A45F4](https://www.virustotal.com/gui/file/9F91A5AAC09BA6E514DC37A013A68589DD22C1F5A7A539F4138CBC8ABC0A45F4) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [57692FC2B80D809A3BE409B44475DDED7225C76FDD5FF09E4ED7D330A58733A5](https://www.virustotal.com/gui/search/authentihash%253A57692FC2B80D809A3BE409B44475DDED7225C76FDD5FF09E4ED7D330A58733A5) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/bab3bdab-1013-4418-bb3c-2ec673c8b6f5.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/bbc2661b-25de-4c4b-ac84-367115d44e8c.md b/lolrmm.com/content/bootloaders/bbc2661b-25de-4c4b-ac84-367115d44e8c.md
new file mode 100644
index 00000000..6e69d8e7
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/bbc2661b-25de-4c4b-ac84-367115d44e8c.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "bbc2661b-25de-4c4b-ac84-367115d44e8c"
+weight = 10
+displayTitle = "bootarm.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootarm.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: bbc2661b-25de-4c4b-ac84-367115d44e8c
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootarm.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootarm.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [5E189C9D2633F0AC10ECB763A150568925884E29ED684050194D87B883B68B34](https://www.virustotal.com/gui/file/5E189C9D2633F0AC10ECB763A150568925884E29ED684050194D87B883B68B34) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [7803F12E7E1B7063502EB8E223A9013E2B61125A888B74D61465B51DE53276BA](https://www.virustotal.com/gui/search/authentihash%253A7803F12E7E1B7063502EB8E223A9013E2B61125A888B74D61465B51DE53276BA) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/bbc2661b-25de-4c4b-ac84-367115d44e8c.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/bbd79406-168c-449a-8206-9927288fefd4.md b/lolrmm.com/content/bootloaders/bbd79406-168c-449a-8206-9927288fefd4.md
new file mode 100644
index 00000000..61c0d26b
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/bbd79406-168c-449a-8206-9927288fefd4.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "bbd79406-168c-449a-8206-9927288fefd4"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: bbd79406-168c-449a-8206-9927288fefd4
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [F64F70D1D3AD35BEC25526472C51765BEB40AAF72CA8EC1242E046F62C18C11E](https://www.virustotal.com/gui/file/F64F70D1D3AD35BEC25526472C51765BEB40AAF72CA8EC1242E046F62C18C11E) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [B3EAFDEB6E2809BD72730E4FC7896B9D94543CA360E9629B63C039FF91274BEB](https://www.virustotal.com/gui/search/authentihash%253AB3EAFDEB6E2809BD72730E4FC7896B9D94543CA360E9629B63C039FF91274BEB) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/bbd79406-168c-449a-8206-9927288fefd4.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/bc584a7b-f352-4e0a-b86e-7954c4b63d2e.md b/lolrmm.com/content/bootloaders/bc584a7b-f352-4e0a-b86e-7954c4b63d2e.md
new file mode 100644
index 00000000..24bf4bf5
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/bc584a7b-f352-4e0a-b86e-7954c4b63d2e.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "bc584a7b-f352-4e0a-b86e-7954c4b63d2e"
+weight = 10
+displayTitle = "shim-0.4-0ubuntu3/shim64-bit.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# shim-0.4-0ubuntu3/shim64-bit.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Canonical Ltd and revoked Apr-21
+- **UUID**: bc584a7b-f352-4e0a-b86e-7954c4b63d2e
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\shim-0.4-0ubuntu3/shim64-bit.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372">CVE-2020-14372</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632">CVE-2020-25632</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647">CVE-2020-25647</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749">CVE-2020-27749</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779">CVE-2020-27779</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3418">CVE-2021-3418</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225">CVE-2021-20225</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233">CVE-2021-20233</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | shim-0.4-0ubuntu3/shim64-bit.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [FA07B984FB6FDD32DB497C55225E614759BFEB7093BE1F02AB2E30BE1869B2E7](https://www.virustotal.com/gui/file/FA07B984FB6FDD32DB497C55225E614759BFEB7093BE1F02AB2E30BE1869B2E7) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [91721AA76266B5BB2F8009F1188510A36E54AFD56E967387EA7D0B114D782089](https://www.virustotal.com/gui/search/authentihash%253A91721AA76266B5BB2F8009F1188510A36E54AFD56E967387EA7D0B114D782089) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/bc584a7b-f352-4e0a-b86e-7954c4b63d2e.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/bca306da-15be-48c3-8a55-3165085410b9.md b/lolrmm.com/content/bootloaders/bca306da-15be-48c3-8a55-3165085410b9.md
new file mode 100644
index 00000000..37cdb33a
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/bca306da-15be-48c3-8a55-3165085410b9.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "bca306da-15be-48c3-8a55-3165085410b9"
+weight = 10
+displayTitle = "bootarm.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootarm.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: bca306da-15be-48c3-8a55-3165085410b9
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootarm.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootarm.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [AC390194D59EC41A1A01BD96417CFE79E833CD6BBCA820B5FCB35CC3FE99653B](https://www.virustotal.com/gui/file/AC390194D59EC41A1A01BD96417CFE79E833CD6BBCA820B5FCB35CC3FE99653B) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [731A31CC36C5A7D7445F9644CE4E850E99CC7962EF6E2DE98721447A1438D805](https://www.virustotal.com/gui/search/authentihash%253A731A31CC36C5A7D7445F9644CE4E850E99CC7962EF6E2DE98721447A1438D805) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/bca306da-15be-48c3-8a55-3165085410b9.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/bcd750be-01b1-4b34-b7a5-065af773d063.md b/lolrmm.com/content/bootloaders/bcd750be-01b1-4b34-b7a5-065af773d063.md
new file mode 100644
index 00000000..51f47048
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/bcd750be-01b1-4b34-b7a5-065af773d063.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "bcd750be-01b1-4b34-b7a5-065af773d063"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: bcd750be-01b1-4b34-b7a5-065af773d063
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [65FFA344151D7347ABD0DEB599086063A503FB6419BE9E4358851F6B6AE96749](https://www.virustotal.com/gui/file/65FFA344151D7347ABD0DEB599086063A503FB6419BE9E4358851F6B6AE96749) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [A7B788A7849607348C0DE9041989F7D67EC302F0CE8D7FDE5E434801F012B5B1](https://www.virustotal.com/gui/search/authentihash%253AA7B788A7849607348C0DE9041989F7D67EC302F0CE8D7FDE5E434801F012B5B1) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/bcd750be-01b1-4b34-b7a5-065af773d063.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/bcda745b-c931-494a-bf26-4dfd7c824ee9.md b/lolrmm.com/content/bootloaders/bcda745b-c931-494a-bf26-4dfd7c824ee9.md
new file mode 100644
index 00000000..18419c56
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/bcda745b-c931-494a-bf26-4dfd7c824ee9.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "bcda745b-c931-494a-bf26-4dfd7c824ee9"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: bcda745b-c931-494a-bf26-4dfd7c824ee9
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [A09DBE91C9743163A3DC26BB7E51398C751DF7140D5DA4DD6D43B1915FA906EC](https://www.virustotal.com/gui/file/A09DBE91C9743163A3DC26BB7E51398C751DF7140D5DA4DD6D43B1915FA906EC) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [324CBE75EF34E09A98C71B186F535F9091A1FF257BEA93DFEAF199EB352CA0F6](https://www.virustotal.com/gui/search/authentihash%253A324CBE75EF34E09A98C71B186F535F9091A1FF257BEA93DFEAF199EB352CA0F6) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/bcda745b-c931-494a-bf26-4dfd7c824ee9.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/bf069911-444a-4972-8961-140fd7897324.md b/lolrmm.com/content/bootloaders/bf069911-444a-4972-8961-140fd7897324.md
new file mode 100644
index 00000000..e8f9276d
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/bf069911-444a-4972-8961-140fd7897324.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "bf069911-444a-4972-8961-140fd7897324"
+weight = 10
+displayTitle = "bf069911-444a-4972-8961-140fd7897324"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bf069911-444a-4972-8961-140fd7897324 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Oracle Corporation and revoked Jul-20
+- **UUID**: bf069911-444a-4972-8961-140fd7897324
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [5D6A0CBDAAF188974E98ACA06E664B4AE98D458327717A20B1FF6C80518EEA3D](https://www.virustotal.com/gui/file/5D6A0CBDAAF188974E98ACA06E664B4AE98D458327717A20B1FF6C80518EEA3D) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [A7DFCC3A8D6AB30F93F31748DBC8EA38415CF52BB9AD8085672CD9AB8938D5DE](https://www.virustotal.com/gui/search/authentihash%253AA7DFCC3A8D6AB30F93F31748DBC8EA38415CF52BB9AD8085672CD9AB8938D5DE) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/bf069911-444a-4972-8961-140fd7897324.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/bf3c5a6b-8fac-470b-a458-c84e7fed7dc7.md b/lolrmm.com/content/bootloaders/bf3c5a6b-8fac-470b-a458-c84e7fed7dc7.md
new file mode 100644
index 00000000..8b1d6a17
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/bf3c5a6b-8fac-470b-a458-c84e7fed7dc7.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "bf3c5a6b-8fac-470b-a458-c84e7fed7dc7"
+weight = 10
+displayTitle = "bf3c5a6b-8fac-470b-a458-c84e7fed7dc7"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bf3c5a6b-8fac-470b-a458-c84e7fed7dc7 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Intel Corporation and revoked Jul-20
+- **UUID**: bf3c5a6b-8fac-470b-a458-c84e7fed7dc7
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [BAE97EFC507382C0BDF7B1E74DBC38C0E31BF65186B7989CD9C7AF29DA27F656](https://www.virustotal.com/gui/file/BAE97EFC507382C0BDF7B1E74DBC38C0E31BF65186B7989CD9C7AF29DA27F656) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [3A4F74BEAFAE2B9383AD8215D233A6CF3D057FB3C7E213E897BEEF4255FAEE9D](https://www.virustotal.com/gui/search/authentihash%253A3A4F74BEAFAE2B9383AD8215D233A6CF3D057FB3C7E213E897BEEF4255FAEE9D) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/bf3c5a6b-8fac-470b-a458-c84e7fed7dc7.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/bf8069da-0ffc-463d-b17c-3e0ee49d0585.md b/lolrmm.com/content/bootloaders/bf8069da-0ffc-463d-b17c-3e0ee49d0585.md
new file mode 100644
index 00000000..0258b0d4
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/bf8069da-0ffc-463d-b17c-3e0ee49d0585.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "bf8069da-0ffc-463d-b17c-3e0ee49d0585"
+weight = 10
+displayTitle = "bf8069da-0ffc-463d-b17c-3e0ee49d0585"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bf8069da-0ffc-463d-b17c-3e0ee49d0585 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Alt Linux LTD and revoked Jul-20
+- **UUID**: bf8069da-0ffc-463d-b17c-3e0ee49d0585
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [5C39F0E5E0E7FA3BE05090813B13D161ACAF48494FDE6233B452C416D29CDDBE](https://www.virustotal.com/gui/file/5C39F0E5E0E7FA3BE05090813B13D161ACAF48494FDE6233B452C416D29CDDBE) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [C452AB846073DF5ACE25CCA64D6B7A09D906308A1A65EB5240E3C4EBCAA9CC0C](https://www.virustotal.com/gui/search/authentihash%253AC452AB846073DF5ACE25CCA64D6B7A09D906308A1A65EB5240E3C4EBCAA9CC0C) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/bf8069da-0ffc-463d-b17c-3e0ee49d0585.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/bfdc85a7-3cc9-4d18-b798-0fd82f9c5e85.md b/lolrmm.com/content/bootloaders/bfdc85a7-3cc9-4d18-b798-0fd82f9c5e85.md
new file mode 100644
index 00000000..66e134ad
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/bfdc85a7-3cc9-4d18-b798-0fd82f9c5e85.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "bfdc85a7-3cc9-4d18-b798-0fd82f9c5e85"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: bfdc85a7-3cc9-4d18-b798-0fd82f9c5e85
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [78D6FDE56994BCF26964ED51DF446165DAD66BCB0BC6792B9EDD2850F19DEA4F](https://www.virustotal.com/gui/file/78D6FDE56994BCF26964ED51DF446165DAD66BCB0BC6792B9EDD2850F19DEA4F) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [64CCC886EB99C30AA808E5CA9BD371577BAF9D3FA0E450118464F514B47A028A](https://www.virustotal.com/gui/search/authentihash%253A64CCC886EB99C30AA808E5CA9BD371577BAF9D3FA0E450118464F514B47A028A) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/bfdc85a7-3cc9-4d18-b798-0fd82f9c5e85.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/c045cb03-9cfb-4ef9-b058-6734090e1dda.md b/lolrmm.com/content/bootloaders/c045cb03-9cfb-4ef9-b058-6734090e1dda.md
new file mode 100644
index 00000000..c1902cc1
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/c045cb03-9cfb-4ef9-b058-6734090e1dda.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "c045cb03-9cfb-4ef9-b058-6734090e1dda"
+weight = 10
+displayTitle = "c045cb03-9cfb-4ef9-b058-6734090e1dda"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# c045cb03-9cfb-4ef9-b058-6734090e1dda ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by SUSE Linux and revoked Jul-20
+- **UUID**: c045cb03-9cfb-4ef9-b058-6734090e1dda
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [34440CB45EB6EC2532EF89D6FCD7D3D9BC2A021677BEBC9D65C47A725A6845D4](https://www.virustotal.com/gui/file/34440CB45EB6EC2532EF89D6FCD7D3D9BC2A021677BEBC9D65C47A725A6845D4) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [8D93D60C691959651476E5DC464BE12A85FA5280B6F524D4A1C3FCC9D048CFAD](https://www.virustotal.com/gui/search/authentihash%253A8D93D60C691959651476E5DC464BE12A85FA5280B6F524D4A1C3FCC9D048CFAD) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/c045cb03-9cfb-4ef9-b058-6734090e1dda.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/c10b8a2d-9bdd-46c5-bbdb-177f88c7794f.md b/lolrmm.com/content/bootloaders/c10b8a2d-9bdd-46c5-bbdb-177f88c7794f.md
new file mode 100644
index 00000000..24c6e477
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/c10b8a2d-9bdd-46c5-bbdb-177f88c7794f.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "c10b8a2d-9bdd-46c5-bbdb-177f88c7794f"
+weight = 10
+displayTitle = "mboot-official_arm64.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# mboot-official_arm64.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by vmware and revoked Aug-22
+- **UUID**: c10b8a2d-9bdd-46c5-bbdb-177f88c7794f
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\mboot-official_arm64.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=N/A">N/A</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | mboot-official_arm64.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [8CC2B48C79FBF5654B28B7BEEC51A3266E4CBB4FBE3A84F843EA0957683A1E93](https://www.virustotal.com/gui/file/8CC2B48C79FBF5654B28B7BEEC51A3266E4CBB4FBE3A84F843EA0957683A1E93) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [F4DC5A40D2A9DBDAB210BAE0C508E053AE986C4DA42D68760A1655D6FBAEC051](https://www.virustotal.com/gui/search/authentihash%253AF4DC5A40D2A9DBDAB210BAE0C508E053AE986C4DA42D68760A1655D6FBAEC051) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/c10b8a2d-9bdd-46c5-bbdb-177f88c7794f.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/c1e70cfa-8b21-4b51-8b94-9a06bb4b5550.md b/lolrmm.com/content/bootloaders/c1e70cfa-8b21-4b51-8b94-9a06bb4b5550.md
new file mode 100644
index 00000000..6841155f
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/c1e70cfa-8b21-4b51-8b94-9a06bb4b5550.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "c1e70cfa-8b21-4b51-8b94-9a06bb4b5550"
+weight = 10
+displayTitle = "c1e70cfa-8b21-4b51-8b94-9a06bb4b5550"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# c1e70cfa-8b21-4b51-8b94-9a06bb4b5550 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by SUSE Linux and revoked Jul-20
+- **UUID**: c1e70cfa-8b21-4b51-8b94-9a06bb4b5550
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [608854C2B7A26B00A3970757C2FA176B361F74FE094F7CFA482C439071279548](https://www.virustotal.com/gui/file/608854C2B7A26B00A3970757C2FA176B361F74FE094F7CFA482C439071279548) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [06EB5BADD26E4FAE65F9A42358DEEF7C18E52CC05FBB7FC76776E69D1B982A14](https://www.virustotal.com/gui/search/authentihash%253A06EB5BADD26E4FAE65F9A42358DEEF7C18E52CC05FBB7FC76776E69D1B982A14) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/c1e70cfa-8b21-4b51-8b94-9a06bb4b5550.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/c2ba98da-826c-45bb-bb56-09db34e78fe0.md b/lolrmm.com/content/bootloaders/c2ba98da-826c-45bb-bb56-09db34e78fe0.md
new file mode 100644
index 00000000..cd5ee8f0
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/c2ba98da-826c-45bb-bb56-09db34e78fe0.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "c2ba98da-826c-45bb-bb56-09db34e78fe0"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: c2ba98da-826c-45bb-bb56-09db34e78fe0
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/cefe4b51ab58c74a20f0302fca66bd03.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [cefe4b51ab58c74a20f0302fca66bd03](https://www.virustotal.com/gui/file/cefe4b51ab58c74a20f0302fca66bd03) |
+| SHA1               | [e230f2632b21bdb523d214032f979104df1ee867](https://www.virustotal.com/gui/file/e230f2632b21bdb523d214032f979104df1ee867) |
+| SHA256             | [88c2eac45b9480cc7e423558ba1b90097e8f12dbf98f4628c7a574c6371c6030](https://www.virustotal.com/gui/file/88c2eac45b9480cc7e423558ba1b90097e8f12dbf98f4628c7a574c6371c6030) |
+| Authentihash MD5   | [47f4be47cd0365cc9f8a6c802f5a3192](https://www.virustotal.com/gui/search/authentihash%253A47f4be47cd0365cc9f8a6c802f5a3192) |
+| Authentihash SHA1  | [01cf7cf98149854f741a31f3a6d8071ad80ea347](https://www.virustotal.com/gui/search/authentihash%253A01cf7cf98149854f741a31f3a6d8071ad80ea347) |
+| Authentihash SHA256| [a22471b1d04c11ca895e8c078c221718c96c40309d64cf84144759ca7dfbd0d0](https://www.virustotal.com/gui/search/authentihash%253Aa22471b1d04c11ca895e8c078c221718c96c40309d64cf84144759ca7dfbd0d0) |
+| RichPEHeaderHash MD5   | [958a6622f7bc1063a804ffe24cc2dfbc](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A958a6622f7bc1063a804ffe24cc2dfbc) |
+| RichPEHeaderHash SHA1  | [2149d5b311e880738eb501393113a37d1bd511b1](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2149d5b311e880738eb501393113a37d1bd511b1) |
+| RichPEHeaderHash SHA256| [ed29968ce0c75d2e0327cfa0c2ecb6492b2c8f590877e9cb6e6d3360e0e8992d](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Aed29968ce0c75d2e0327cfa0c2ecb6492b2c8f590877e9cb6e6d3360e0e8992d) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000001b40b3e1eae3b8c84600000000001b
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 2e3f888fadd3d8d498f3237752c18df9  |
+| ToBeSigned (TBS) SHA1             | 4f3c14facbfca2505dddb77d8b8bfe71abb1d2ed |
+| ToBeSigned (TBS) SHA256           | 574085e964e5d1fc9d71150ef08a0e08779e1919f28d75a19dad15f69571c8f6 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2013-04-10 20:41:53 |
+| ValidTo                           | 2014-07-10 20:41:53 |
+| Signature                         | cbc341b6aa9c66039f4068be8e0a48a0e38ad5c22d4a6f33e6c39817378261c73b0ac8e800662cde2333f4a79c3b75b726b7aaefc55cb467374a3804a65dd3bcf318da3699a4951225e092422aa4bb08880db7d021c4b7883ccd2452884d6e00d6ec06e6055f30218dfc376e893fdf2b0174ba323e15e0d9e480862c7132f49666ab01c246edcb9e403752b15284de32fa501cbed5bba0e45c60635520155a623bbd1b14d47e4cb8c9b2114d41de618eb6fbb022303df44f93d5d6ba60a5edc24f31c0530da52ea1392985d95b01833392c7686abf5c318308b442b5055011dfd475058a740a741ef63482b84edf9758ccfa5f3472df9c7043ca60912102c15b |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000001b40b3e1eae3b8c84600000000001b |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000001b40b3e1eae3b8c84600000000001b",
+      "Signature": "cbc341b6aa9c66039f4068be8e0a48a0e38ad5c22d4a6f33e6c39817378261c73b0ac8e800662cde2333f4a79c3b75b726b7aaefc55cb467374a3804a65dd3bcf318da3699a4951225e092422aa4bb08880db7d021c4b7883ccd2452884d6e00d6ec06e6055f30218dfc376e893fdf2b0174ba323e15e0d9e480862c7132f49666ab01c246edcb9e403752b15284de32fa501cbed5bba0e45c60635520155a623bbd1b14d47e4cb8c9b2114d41de618eb6fbb022303df44f93d5d6ba60a5edc24f31c0530da52ea1392985d95b01833392c7686abf5c318308b442b5055011dfd475058a740a741ef63482b84edf9758ccfa5f3472df9c7043ca60912102c15b",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "2e3f888fadd3d8d498f3237752c18df9",
+        "SHA1": "4f3c14facbfca2505dddb77d8b8bfe71abb1d2ed",
+        "SHA256": "574085e964e5d1fc9d71150ef08a0e08779e1919f28d75a19dad15f69571c8f6"
+      },
+      "ValidFrom": "2013-04-10 20:41:53",
+      "ValidTo": "2014-07-10 20:41:53",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "330000001b40b3e1eae3b8c84600000000001b",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/c2ba98da-826c-45bb-bb56-09db34e78fe0.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/c2c1c3d4-441d-4ce1-92c9-094411b3bf09.md b/lolrmm.com/content/bootloaders/c2c1c3d4-441d-4ce1-92c9-094411b3bf09.md
new file mode 100644
index 00000000..a8739aab
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/c2c1c3d4-441d-4ce1-92c9-094411b3bf09.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "c2c1c3d4-441d-4ce1-92c9-094411b3bf09"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: c2c1c3d4-441d-4ce1-92c9-094411b3bf09
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8">Black Lotus Microsoft Windows 8</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [E299D3CA4A5A6579E863DD54488B6E804E47B20B75B7E71DC64B47F6403386B5](https://www.virustotal.com/gui/file/E299D3CA4A5A6579E863DD54488B6E804E47B20B75B7E71DC64B47F6403386B5) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [BFCAA41445F20B54AEA650D03D7C39B77CD82A7A14824DC55AA587C4C0F742A3](https://www.virustotal.com/gui/search/authentihash%253ABFCAA41445F20B54AEA650D03D7C39B77CD82A7A14824DC55AA587C4C0F742A3) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/c2c1c3d4-441d-4ce1-92c9-094411b3bf09.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/c2d12b91-7e1e-403c-8d76-9664229a68c0.md b/lolrmm.com/content/bootloaders/c2d12b91-7e1e-403c-8d76-9664229a68c0.md
new file mode 100644
index 00000000..72f71987
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/c2d12b91-7e1e-403c-8d76-9664229a68c0.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "c2d12b91-7e1e-403c-8d76-9664229a68c0"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: c2d12b91-7e1e-403c-8d76-9664229a68c0
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8">Black Lotus Microsoft Windows 8</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [101EC6206BC939A389713775B3BDB405E91252FAD75509C54FA1DBBE822F4596](https://www.virustotal.com/gui/file/101EC6206BC939A389713775B3BDB405E91252FAD75509C54FA1DBBE822F4596) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [93F5233E9970A7DB1E4C9AA2DE2404636728E7C66C03F2BBE74B18B20A93BA96](https://www.virustotal.com/gui/search/authentihash%253A93F5233E9970A7DB1E4C9AA2DE2404636728E7C66C03F2BBE74B18B20A93BA96) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/c2d12b91-7e1e-403c-8d76-9664229a68c0.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/c348343b-faea-4c60-a0bd-c140a51ca9f0.md b/lolrmm.com/content/bootloaders/c348343b-faea-4c60-a0bd-c140a51ca9f0.md
new file mode 100644
index 00000000..628fe8f6
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/c348343b-faea-4c60-a0bd-c140a51ca9f0.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "c348343b-faea-4c60-a0bd-c140a51ca9f0"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: c348343b-faea-4c60-a0bd-c140a51ca9f0
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8">Black Lotus Microsoft Windows 8</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [4A62256316FBC805231420BAA4668B26023AE08B1BC7203A71C28905D19C817A](https://www.virustotal.com/gui/file/4A62256316FBC805231420BAA4668B26023AE08B1BC7203A71C28905D19C817A) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [9DEBCA159F7892D56C94614C469CF37C8DA035683B1251FC4E6EC0EF2EEE720E](https://www.virustotal.com/gui/search/authentihash%253A9DEBCA159F7892D56C94614C469CF37C8DA035683B1251FC4E6EC0EF2EEE720E) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/c348343b-faea-4c60-a0bd-c140a51ca9f0.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/c368c62d-85dc-4bc7-8302-09be91700a9f.md b/lolrmm.com/content/bootloaders/c368c62d-85dc-4bc7-8302-09be91700a9f.md
new file mode 100644
index 00000000..d411f13a
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/c368c62d-85dc-4bc7-8302-09be91700a9f.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "c368c62d-85dc-4bc7-8302-09be91700a9f"
+weight = 10
+displayTitle = "c368c62d-85dc-4bc7-8302-09be91700a9f"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# c368c62d-85dc-4bc7-8302-09be91700a9f ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by VMware Inc. and revoked Jul-20
+- **UUID**: c368c62d-85dc-4bc7-8302-09be91700a9f
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [7CEE7E91292E5591BA4597D312BCFE9C0EEB906B18B327B8983BA497F9921BF7](https://www.virustotal.com/gui/file/7CEE7E91292E5591BA4597D312BCFE9C0EEB906B18B327B8983BA497F9921BF7) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [66AA13A0EDC219384D9C425D3927E6ED4A5D1940C5E7CD4DAC88F5770103F2F1](https://www.virustotal.com/gui/search/authentihash%253A66AA13A0EDC219384D9C425D3927E6ED4A5D1940C5E7CD4DAC88F5770103F2F1) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/c368c62d-85dc-4bc7-8302-09be91700a9f.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/c4189bae-54f2-4fe5-8978-dc3e1ddc20ee.md b/lolrmm.com/content/bootloaders/c4189bae-54f2-4fe5-8978-dc3e1ddc20ee.md
new file mode 100644
index 00000000..ced33a5d
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/c4189bae-54f2-4fe5-8978-dc3e1ddc20ee.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "c4189bae-54f2-4fe5-8978-dc3e1ddc20ee"
+weight = 10
+displayTitle = "c4189bae-54f2-4fe5-8978-dc3e1ddc20ee"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# c4189bae-54f2-4fe5-8978-dc3e1ddc20ee ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Fedora Project and revoked Jul-20
+- **UUID**: c4189bae-54f2-4fe5-8978-dc3e1ddc20ee
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [9E5773C34073B8473BD1EBC9D4D50780A7CDF9EB767750107D4B0F45BC8EABE8](https://www.virustotal.com/gui/file/9E5773C34073B8473BD1EBC9D4D50780A7CDF9EB767750107D4B0F45BC8EABE8) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [78B4EDCAABC8D9093E20E217802CAEB4F09E23A3394C4ACC6E87E8F35395310F](https://www.virustotal.com/gui/search/authentihash%253A78B4EDCAABC8D9093E20E217802CAEB4F09E23A3394C4ACC6E87E8F35395310F) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/c4189bae-54f2-4fe5-8978-dc3e1ddc20ee.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/c54ad511-bb85-42f4-ae87-e476854748b9.md b/lolrmm.com/content/bootloaders/c54ad511-bb85-42f4-ae87-e476854748b9.md
new file mode 100644
index 00000000..f89aa0dc
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/c54ad511-bb85-42f4-ae87-e476854748b9.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "c54ad511-bb85-42f4-ae87-e476854748b9"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: c54ad511-bb85-42f4-ae87-e476854748b9
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [4B0C9083430D91770BBB629380DB3A2A89DC73BB8DF677725668F727A2C2147C](https://www.virustotal.com/gui/file/4B0C9083430D91770BBB629380DB3A2A89DC73BB8DF677725668F727A2C2147C) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [450EFFC827CA535A79D5C4FF3E1A3F614CA9126B3792F997D38791CA7399320C](https://www.virustotal.com/gui/search/authentihash%253A450EFFC827CA535A79D5C4FF3E1A3F614CA9126B3792F997D38791CA7399320C) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/c54ad511-bb85-42f4-ae87-e476854748b9.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/c5c530c2-b0e2-440b-98c4-3ae3a9581479.md b/lolrmm.com/content/bootloaders/c5c530c2-b0e2-440b-98c4-3ae3a9581479.md
new file mode 100644
index 00000000..bfba0acb
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/c5c530c2-b0e2-440b-98c4-3ae3a9581479.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "c5c530c2-b0e2-440b-98c4-3ae3a9581479"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: c5c530c2-b0e2-440b-98c4-3ae3a9581479
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8">Black Lotus Microsoft Windows 8</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [24119E64BBECB849FDB3CC3EF0BEE550248B13BD5ED5AE540A9389C7D5D7C8BD](https://www.virustotal.com/gui/file/24119E64BBECB849FDB3CC3EF0BEE550248B13BD5ED5AE540A9389C7D5D7C8BD) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [FD3062358E0E1DC4C3A60380EF1BDFD4C51F4473B8600937D921DF472FBF9B65](https://www.virustotal.com/gui/search/authentihash%253AFD3062358E0E1DC4C3A60380EF1BDFD4C51F4473B8600937D921DF472FBF9B65) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/c5c530c2-b0e2-440b-98c4-3ae3a9581479.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/c632b521-0428-4bcd-b37c-3cbd25eccc0e.md b/lolrmm.com/content/bootloaders/c632b521-0428-4bcd-b37c-3cbd25eccc0e.md
new file mode 100644
index 00000000..a0d28431
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/c632b521-0428-4bcd-b37c-3cbd25eccc0e.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "c632b521-0428-4bcd-b37c-3cbd25eccc0e"
+weight = 10
+displayTitle = "c632b521-0428-4bcd-b37c-3cbd25eccc0e"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# c632b521-0428-4bcd-b37c-3cbd25eccc0e ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by SUSE Linux and revoked Jul-20
+- **UUID**: c632b521-0428-4bcd-b37c-3cbd25eccc0e
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [E33E9D1B1D5ADE1934AC7BD39F0BA4CEAC9459A7E2AABB8D204354D4C8652E6E](https://www.virustotal.com/gui/file/E33E9D1B1D5ADE1934AC7BD39F0BA4CEAC9459A7E2AABB8D204354D4C8652E6E) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [F48E6DD8718E953B60A24F2CBEA60A9521DEAE67DB25425B7D3ACE3C517DD9B7](https://www.virustotal.com/gui/search/authentihash%253AF48E6DD8718E953B60A24F2CBEA60A9521DEAE67DB25425B7D3ACE3C517DD9B7) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/c632b521-0428-4bcd-b37c-3cbd25eccc0e.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/c67be7e5-8f3c-460a-b4ff-174ba2a0fb6d.md b/lolrmm.com/content/bootloaders/c67be7e5-8f3c-460a-b4ff-174ba2a0fb6d.md
new file mode 100644
index 00000000..3e7019ae
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/c67be7e5-8f3c-460a-b4ff-174ba2a0fb6d.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "c67be7e5-8f3c-460a-b4ff-174ba2a0fb6d"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: c67be7e5-8f3c-460a-b4ff-174ba2a0fb6d
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8">Black Lotus Microsoft Windows 8</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [997CCF341DBCE2EB9E119803723130DA90E8F1DD167A7B75400E73CBBADA54FD](https://www.virustotal.com/gui/file/997CCF341DBCE2EB9E119803723130DA90E8F1DD167A7B75400E73CBBADA54FD) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [06E3F646CEB102372E3E086D46234B06A9AF13EEF65AAD180EA2880BF8BC12A8](https://www.virustotal.com/gui/search/authentihash%253A06E3F646CEB102372E3E086D46234B06A9AF13EEF65AAD180EA2880BF8BC12A8) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/c67be7e5-8f3c-460a-b4ff-174ba2a0fb6d.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/c748db0c-0a54-4567-a733-2f803c84a914.md b/lolrmm.com/content/bootloaders/c748db0c-0a54-4567-a733-2f803c84a914.md
new file mode 100644
index 00000000..5c7fc430
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/c748db0c-0a54-4567-a733-2f803c84a914.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "c748db0c-0a54-4567-a733-2f803c84a914"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: c748db0c-0a54-4567-a733-2f803c84a914
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [6A7CD85A11D733D1D03A01AAD914A3F22C33AD9590AB27792D2B177E0E51D896](https://www.virustotal.com/gui/file/6A7CD85A11D733D1D03A01AAD914A3F22C33AD9590AB27792D2B177E0E51D896) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [6D174DC1673F7CFB6F1EA75D71739AFDE2B784E214E41AE6F5AA30F622A400C4](https://www.virustotal.com/gui/search/authentihash%253A6D174DC1673F7CFB6F1EA75D71739AFDE2B784E214E41AE6F5AA30F622A400C4) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/c748db0c-0a54-4567-a733-2f803c84a914.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/c7e48901-5dda-4d9a-b064-9ec8e51efc06.md b/lolrmm.com/content/bootloaders/c7e48901-5dda-4d9a-b064-9ec8e51efc06.md
new file mode 100644
index 00000000..7bba0c27
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/c7e48901-5dda-4d9a-b064-9ec8e51efc06.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "c7e48901-5dda-4d9a-b064-9ec8e51efc06"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: c7e48901-5dda-4d9a-b064-9ec8e51efc06
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [0876FD237955DB876744D5AEFBBF0DB3771AA2603233E123B39F4E772FC3B457](https://www.virustotal.com/gui/file/0876FD237955DB876744D5AEFBBF0DB3771AA2603233E123B39F4E772FC3B457) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [6CFDDB6203F254D38A5BCDD4173D51647A487CA70AB21326ACA0A03BB3D2BAC0](https://www.virustotal.com/gui/search/authentihash%253A6CFDDB6203F254D38A5BCDD4173D51647A487CA70AB21326ACA0A03BB3D2BAC0) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/c7e48901-5dda-4d9a-b064-9ec8e51efc06.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/c7f3ce1c-9b48-4d6e-b769-4a2869e09bb4.md b/lolrmm.com/content/bootloaders/c7f3ce1c-9b48-4d6e-b769-4a2869e09bb4.md
new file mode 100644
index 00000000..69ce7b6e
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/c7f3ce1c-9b48-4d6e-b769-4a2869e09bb4.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "c7f3ce1c-9b48-4d6e-b769-4a2869e09bb4"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: c7f3ce1c-9b48-4d6e-b769-4a2869e09bb4
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [642296E7342D651FE2FE547C1F08329777CCD44DC4F11C75FEC1F037A9B4B9B4](https://www.virustotal.com/gui/file/642296E7342D651FE2FE547C1F08329777CCD44DC4F11C75FEC1F037A9B4B9B4) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [F02174BB75BC774DF2D7A63A0B0F7A040C9907399F97F642743DA97DF30104C7](https://www.virustotal.com/gui/search/authentihash%253AF02174BB75BC774DF2D7A63A0B0F7A040C9907399F97F642743DA97DF30104C7) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/c7f3ce1c-9b48-4d6e-b769-4a2869e09bb4.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/c8069469-51c7-44c5-8032-1d2fde34f8d3.md b/lolrmm.com/content/bootloaders/c8069469-51c7-44c5-8032-1d2fde34f8d3.md
new file mode 100644
index 00000000..21955bef
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/c8069469-51c7-44c5-8032-1d2fde34f8d3.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "c8069469-51c7-44c5-8032-1d2fde34f8d3"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: c8069469-51c7-44c5-8032-1d2fde34f8d3
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [D76281DD69E992EFB55604A1B4E6171E552F3B7E1411D75368F98EF91ED69E21](https://www.virustotal.com/gui/file/D76281DD69E992EFB55604A1B4E6171E552F3B7E1411D75368F98EF91ED69E21) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [48CDB31A16D891124BE77490FBC2AD13CB355A18CB0007258CA4BCEA44F288EF](https://www.virustotal.com/gui/search/authentihash%253A48CDB31A16D891124BE77490FBC2AD13CB355A18CB0007258CA4BCEA44F288EF) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/c8069469-51c7-44c5-8032-1d2fde34f8d3.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/c818cbe0-bc64-4557-a266-570214ebaaa8.md b/lolrmm.com/content/bootloaders/c818cbe0-bc64-4557-a266-570214ebaaa8.md
new file mode 100644
index 00000000..99238be0
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/c818cbe0-bc64-4557-a266-570214ebaaa8.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "c818cbe0-bc64-4557-a266-570214ebaaa8"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: c818cbe0-bc64-4557-a266-570214ebaaa8
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [57B017C3A6AC4676B1852E407297158D1D471373DC299CF557832D9E3F13577A](https://www.virustotal.com/gui/file/57B017C3A6AC4676B1852E407297158D1D471373DC299CF557832D9E3F13577A) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [8055EDEEB18561927DD5956BE9070C4503FEC783AA96F166F5F93FDBC3C2AB43](https://www.virustotal.com/gui/search/authentihash%253A8055EDEEB18561927DD5956BE9070C4503FEC783AA96F166F5F93FDBC3C2AB43) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/c818cbe0-bc64-4557-a266-570214ebaaa8.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/c8440951-fa74-42e2-bee5-4a70db2dec53.md b/lolrmm.com/content/bootloaders/c8440951-fa74-42e2-bee5-4a70db2dec53.md
new file mode 100644
index 00000000..a9a27592
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/c8440951-fa74-42e2-bee5-4a70db2dec53.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "c8440951-fa74-42e2-bee5-4a70db2dec53"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: c8440951-fa74-42e2-bee5-4a70db2dec53
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/958ceee3668f4eff01fb29d03518b49e.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [958ceee3668f4eff01fb29d03518b49e](https://www.virustotal.com/gui/file/958ceee3668f4eff01fb29d03518b49e) |
+| SHA1               | [0213406b236ee5c1f1e4fbf0101d24cc10ab7e24](https://www.virustotal.com/gui/file/0213406b236ee5c1f1e4fbf0101d24cc10ab7e24) |
+| SHA256             | [fe26e6c2bc5ac4357e6657624180ca1e946d6dabe79cdb098d7b8b4e440851aa](https://www.virustotal.com/gui/file/fe26e6c2bc5ac4357e6657624180ca1e946d6dabe79cdb098d7b8b4e440851aa) |
+| Authentihash MD5   | [450c5929a254f83c3fcfa056b9ecb5f9](https://www.virustotal.com/gui/search/authentihash%253A450c5929a254f83c3fcfa056b9ecb5f9) |
+| Authentihash SHA1  | [3f62302d8c036c7d2d4ae6a47fc8439028871808](https://www.virustotal.com/gui/search/authentihash%253A3f62302d8c036c7d2d4ae6a47fc8439028871808) |
+| Authentihash SHA256| [84d75f7a8913d66db946eaf1480eaddec3063d27a6f625f040b406718abcac44](https://www.virustotal.com/gui/search/authentihash%253A84d75f7a8913d66db946eaf1480eaddec3063d27a6f625f040b406718abcac44) |
+| RichPEHeaderHash MD5   | [85fa20421a65e83905361d389b335669](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A85fa20421a65e83905361d389b335669) |
+| RichPEHeaderHash SHA1  | [fad704c4353c271f61f7ffcecc3bc5aceb3a15b7](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Afad704c4353c271f61f7ffcecc3bc5aceb3a15b7) |
+| RichPEHeaderHash SHA256| [60bb1a6f5f679831418c16a7c2000159d31507690560194ca357bfd0b4018f9c](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A60bb1a6f5f679831418c16a7c2000159d31507690560194ca357bfd0b4018f9c) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 33000001066ec325c431c9180e000000000106
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | dde4566ad877cdd7257537c5a15caff8  |
+| ToBeSigned (TBS) SHA1             | 61ccf092df4eb7534ffc8df983b362e10eb895c2 |
+| ToBeSigned (TBS) SHA256           | 0ae3a29cfb54cd16c853b2246cc428219bb87f7e4ea299b0374b2ac43f2a61d8 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2016-10-11 20:39:31 |
+| ValidTo                           | 2018-01-11 20:39:31 |
+| Signature                         | bd80b589ac202a8c57028b505da374963d49e555f4d7fba7ec9c9b645e2c3cc1b869ca054fce40a3953a4cae404cf07bc8f52e9408afa7cf74f03c131aa37e26eea21fe524bc06fe6bf59c1d510cc505cae5e385344eb27a4500ac119b30d5a54c5ae9c249665539cbf51fb8680a5311ee884d3d4a2c38a8e6e170f7c9f94aa821f889f4ef7733ca24c6ecc56105ec5b39f8609dc897a2e7deca1c32d696208e8b92a92419b386e3714c104f01a54b619de5afb79db9618e7f90852b33228d4ae67d6e74b3c55ad9f6f41b86952aed4d73efe4e09f36d2ce97679ce82ca30d073a1dc401342b1b255abaa86b506d8344fa287e2a1214e2d3b98dfdb9c6d85fda |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 33000001066ec325c431c9180e000000000106 |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "33000001066ec325c431c9180e000000000106",
+      "Signature": "bd80b589ac202a8c57028b505da374963d49e555f4d7fba7ec9c9b645e2c3cc1b869ca054fce40a3953a4cae404cf07bc8f52e9408afa7cf74f03c131aa37e26eea21fe524bc06fe6bf59c1d510cc505cae5e385344eb27a4500ac119b30d5a54c5ae9c249665539cbf51fb8680a5311ee884d3d4a2c38a8e6e170f7c9f94aa821f889f4ef7733ca24c6ecc56105ec5b39f8609dc897a2e7deca1c32d696208e8b92a92419b386e3714c104f01a54b619de5afb79db9618e7f90852b33228d4ae67d6e74b3c55ad9f6f41b86952aed4d73efe4e09f36d2ce97679ce82ca30d073a1dc401342b1b255abaa86b506d8344fa287e2a1214e2d3b98dfdb9c6d85fda",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "dde4566ad877cdd7257537c5a15caff8",
+        "SHA1": "61ccf092df4eb7534ffc8df983b362e10eb895c2",
+        "SHA256": "0ae3a29cfb54cd16c853b2246cc428219bb87f7e4ea299b0374b2ac43f2a61d8"
+      },
+      "ValidFrom": "2016-10-11 20:39:31",
+      "ValidTo": "2018-01-11 20:39:31",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "33000001066ec325c431c9180e000000000106",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/c8440951-fa74-42e2-bee5-4a70db2dec53.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/c8bbda28-7392-4588-a899-755c58de432b.md b/lolrmm.com/content/bootloaders/c8bbda28-7392-4588-a899-755c58de432b.md
new file mode 100644
index 00000000..e85b7936
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/c8bbda28-7392-4588-a899-755c58de432b.md
@@ -0,0 +1,164 @@
++++
+
+description = ""
+title = "c8bbda28-7392-4588-a899-755c58de432b"
+weight = 10
+displayTitle = "shim-0.4-0ubuntu4/shim64-bit.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# shim-0.4-0ubuntu4/shim64-bit.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Canonical Ltd and revoked Apr-21
+- **UUID**: c8bbda28-7392-4588-a899-755c58de432b
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/8712d45e1ae024cb45067ad5918e12da.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\shim-0.4-0ubuntu4/shim64-bit.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372">CVE-2020-14372</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632">CVE-2020-25632</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647">CVE-2020-25647</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749">CVE-2020-27749</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779">CVE-2020-27779</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3418">CVE-2021-3418</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225">CVE-2021-20225</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233">CVE-2021-20233</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | shim-0.4-0ubuntu4/shim64-bit.efi |
+| MD5                | [8712d45e1ae024cb45067ad5918e12da](https://www.virustotal.com/gui/file/8712d45e1ae024cb45067ad5918e12da) |
+| SHA1               | [a6aa33d40dacfcc964b01a5c18d26829d362fbce](https://www.virustotal.com/gui/file/a6aa33d40dacfcc964b01a5c18d26829d362fbce) |
+| SHA256             | [702a10fa1541869f455143ed00425e4e9b2d533c3b639259bde6aac97eca15ed](https://www.virustotal.com/gui/file/702a10fa1541869f455143ed00425e4e9b2d533c3b639259bde6aac97eca15ed) |
+| Authentihash MD5   | [15d38ac115b29438f9f82509f78c340a](https://www.virustotal.com/gui/search/authentihash%253A15d38ac115b29438f9f82509f78c340a) |
+| Authentihash SHA1  | [c017bdf23c9fae3f7c66a28aaefa4ce95d174a71](https://www.virustotal.com/gui/search/authentihash%253Ac017bdf23c9fae3f7c66a28aaefa4ce95d174a71) |
+| Authentihash SHA256| [1db183cf5655b2dd0ce9508273b339146c3b7dcdec0d0ac3c180c953083faf18](https://www.virustotal.com/gui/search/authentihash%253A1db183cf5655b2dd0ce9508273b339146c3b7dcdec0d0ac3c180c953083faf18) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/c8bbda28-7392-4588-a899-755c58de432b.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/c8d926b0-b5a4-4960-b951-1f4cfffd940e.md b/lolrmm.com/content/bootloaders/c8d926b0-b5a4-4960-b951-1f4cfffd940e.md
new file mode 100644
index 00000000..7ae16f3e
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/c8d926b0-b5a4-4960-b951-1f4cfffd940e.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "c8d926b0-b5a4-4960-b951-1f4cfffd940e"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: c8d926b0-b5a4-4960-b951-1f4cfffd940e
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/09287aecf07aa294ed7f76f2234270a9.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [09287aecf07aa294ed7f76f2234270a9](https://www.virustotal.com/gui/file/09287aecf07aa294ed7f76f2234270a9) |
+| SHA1               | [f4de49ab09ad1d3e18ba4eeef481d91cd67a4860](https://www.virustotal.com/gui/file/f4de49ab09ad1d3e18ba4eeef481d91cd67a4860) |
+| SHA256             | [860c16809e3941bebedff0bde99c32aa77379c0be1f6b174d20038a02162d3d5](https://www.virustotal.com/gui/file/860c16809e3941bebedff0bde99c32aa77379c0be1f6b174d20038a02162d3d5) |
+| Authentihash MD5   | [2493adfef4cb684c76b9697cf414c95b](https://www.virustotal.com/gui/search/authentihash%253A2493adfef4cb684c76b9697cf414c95b) |
+| Authentihash SHA1  | [d05a293ae6ba3f9d4f03da5027807f2182be4c22](https://www.virustotal.com/gui/search/authentihash%253Ad05a293ae6ba3f9d4f03da5027807f2182be4c22) |
+| Authentihash SHA256| [ee0a54e2dd9848d7a209d2c945449a0bac9a46c45e5e033c6982d2924839ac74](https://www.virustotal.com/gui/search/authentihash%253Aee0a54e2dd9848d7a209d2c945449a0bac9a46c45e5e033c6982d2924839ac74) |
+| RichPEHeaderHash MD5   | [9a33833e2407d8d25146f07e9c5c8444](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A9a33833e2407d8d25146f07e9c5c8444) |
+| RichPEHeaderHash SHA1  | [04243895d74611d8d91937ec718a82b8dd7fe0f9](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A04243895d74611d8d91937ec718a82b8dd7fe0f9) |
+| RichPEHeaderHash SHA256| [2efb0d9096d6fc172537ba8c386ba82f72b5a9bed5047e7830290bb6aafb0ff4](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2efb0d9096d6fc172537ba8c386ba82f72b5a9bed5047e7830290bb6aafb0ff4) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 33000000a6206efff45e063a190000000000a6
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 57c30a2d7e6573994b137079cbff34b8  |
+| ToBeSigned (TBS) SHA1             | 08980baa201ccbfc096accff568fb2b073da66f4 |
+| ToBeSigned (TBS) SHA256           | 19241716f05046843df5ff3c02395bf6e2ed68ad52d441a71a2edcd24ac93056 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2015-07-15 17:04:59 |
+| ValidTo                           | 2016-10-15 17:04:59 |
+| Signature                         | 1af26ac0cce3928cceeb0ebeb5186b1b289be1caa47cba55a0f5e23afa820ee56142a1f158d8d32c2230c6010fa04ae06caf71b10094107e15e2a73e7d6ab6ee827ab9a2dd386dfe2693fcf0e1a88ac736f48f2944a8214bda510dfc68ccbf0fc6c4f0f39036edd3f08e1449b129d7f611b7e5d6b60a97f63530ed8381a11fc8b95beb7fbc45258d4eb767a911095a27d17f613665f70600b30b88091015722e8a64fb43d975f92890d80b545e38317279e44a7071a104715796dd91d0b913c2ec106073f696a236d71979da345d469eac38e7492ac88f7ecdff68180d2dd57051d79a46b2f6ed2c810d6bd51521c3fda183dd8599f282561255ef8bde0f8ed8 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 33000000a6206efff45e063a190000000000a6 |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "33000000a6206efff45e063a190000000000a6",
+      "Signature": "1af26ac0cce3928cceeb0ebeb5186b1b289be1caa47cba55a0f5e23afa820ee56142a1f158d8d32c2230c6010fa04ae06caf71b10094107e15e2a73e7d6ab6ee827ab9a2dd386dfe2693fcf0e1a88ac736f48f2944a8214bda510dfc68ccbf0fc6c4f0f39036edd3f08e1449b129d7f611b7e5d6b60a97f63530ed8381a11fc8b95beb7fbc45258d4eb767a911095a27d17f613665f70600b30b88091015722e8a64fb43d975f92890d80b545e38317279e44a7071a104715796dd91d0b913c2ec106073f696a236d71979da345d469eac38e7492ac88f7ecdff68180d2dd57051d79a46b2f6ed2c810d6bd51521c3fda183dd8599f282561255ef8bde0f8ed8",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "57c30a2d7e6573994b137079cbff34b8",
+        "SHA1": "08980baa201ccbfc096accff568fb2b073da66f4",
+        "SHA256": "19241716f05046843df5ff3c02395bf6e2ed68ad52d441a71a2edcd24ac93056"
+      },
+      "ValidFrom": "2015-07-15 17:04:59",
+      "ValidTo": "2016-10-15 17:04:59",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "33000000a6206efff45e063a190000000000a6",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/c8d926b0-b5a4-4960-b951-1f4cfffd940e.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/c900de9c-b4b1-40b1-b106-db0845396462.md b/lolrmm.com/content/bootloaders/c900de9c-b4b1-40b1-b106-db0845396462.md
new file mode 100644
index 00000000..19de76ed
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/c900de9c-b4b1-40b1-b106-db0845396462.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "c900de9c-b4b1-40b1-b106-db0845396462"
+weight = 10
+displayTitle = "rhel-7.9-20200909-shim64-bit.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# rhel-7.9-20200909-shim64-bit.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Red Hat, Inc. and revoked Apr-21
+- **UUID**: c900de9c-b4b1-40b1-b106-db0845396462
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\rhel-7.9-20200909-shim64-bit.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372">CVE-2020-14372</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632">CVE-2020-25632</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647">CVE-2020-25647</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749">CVE-2020-27749</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779">CVE-2020-27779</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3418">CVE-2021-3418</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225">CVE-2021-20225</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233">CVE-2021-20233</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | rhel-7.9-20200909-shim64-bit.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [C2405153F56A12F727853FD55BC9C99B81937B42A1A0BC585310DA45D35A3FAD](https://www.virustotal.com/gui/file/C2405153F56A12F727853FD55BC9C99B81937B42A1A0BC585310DA45D35A3FAD) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [A608A87F51BDF7532B4B80FA95EADFDF1BF8B0CBB58A7D3939C9F11C12E71C85](https://www.virustotal.com/gui/search/authentihash%253AA608A87F51BDF7532B4B80FA95EADFDF1BF8B0CBB58A7D3939C9F11C12E71C85) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/c900de9c-b4b1-40b1-b106-db0845396462.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/c947ca13-4a5b-42ca-81cd-b1d1d9a4d8dd.md b/lolrmm.com/content/bootloaders/c947ca13-4a5b-42ca-81cd-b1d1d9a4d8dd.md
new file mode 100644
index 00000000..57d0dd72
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/c947ca13-4a5b-42ca-81cd-b1d1d9a4d8dd.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "c947ca13-4a5b-42ca-81cd-b1d1d9a4d8dd"
+weight = 10
+displayTitle = "c947ca13-4a5b-42ca-81cd-b1d1d9a4d8dd"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# c947ca13-4a5b-42ca-81cd-b1d1d9a4d8dd ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by SUSE Linux and revoked Jul-20
+- **UUID**: c947ca13-4a5b-42ca-81cd-b1d1d9a4d8dd
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [83A5C9C78BC64206AAF7B7F9901867D19BB746201923D855AAE24A2B2330F113](https://www.virustotal.com/gui/file/83A5C9C78BC64206AAF7B7F9901867D19BB746201923D855AAE24A2B2330F113) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [BE435DF7CD28AA2A7C8DB4FC8173475B77E5ABF392F76B7C76FA3F698CB71A9A](https://www.virustotal.com/gui/search/authentihash%253ABE435DF7CD28AA2A7C8DB4FC8173475B77E5ABF392F76B7C76FA3F698CB71A9A) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/c947ca13-4a5b-42ca-81cd-b1d1d9a4d8dd.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/c9f24d64-ce8c-460c-a5b9-13c1082de5c5.md b/lolrmm.com/content/bootloaders/c9f24d64-ce8c-460c-a5b9-13c1082de5c5.md
new file mode 100644
index 00000000..cd8d0658
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/c9f24d64-ce8c-460c-a5b9-13c1082de5c5.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "c9f24d64-ce8c-460c-a5b9-13c1082de5c5"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: c9f24d64-ce8c-460c-a5b9-13c1082de5c5
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8">Black Lotus Microsoft Windows 8</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [3EF9FD0B7CEF661D5AF2971DAEF1ECC44D9210D33AF8C95E2DF9EDD694BB0FE2](https://www.virustotal.com/gui/file/3EF9FD0B7CEF661D5AF2971DAEF1ECC44D9210D33AF8C95E2DF9EDD694BB0FE2) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [3860B7C7FF6F4BCD5865843B2E86B2ECA5FF4FB071999F2129D4C7753B806F34](https://www.virustotal.com/gui/search/authentihash%253A3860B7C7FF6F4BCD5865843B2E86B2ECA5FF4FB071999F2129D4C7753B806F34) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/c9f24d64-ce8c-460c-a5b9-13c1082de5c5.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/ca53fb23-c94b-436c-9066-079bd6480ae7.md b/lolrmm.com/content/bootloaders/ca53fb23-c94b-436c-9066-079bd6480ae7.md
new file mode 100644
index 00000000..71e8459b
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/ca53fb23-c94b-436c-9066-079bd6480ae7.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "ca53fb23-c94b-436c-9066-079bd6480ae7"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: ca53fb23-c94b-436c-9066-079bd6480ae7
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [97C24B65A08878AEB0002FC577B717A950C0A20E60EBDFC569637EF57059A2BE](https://www.virustotal.com/gui/file/97C24B65A08878AEB0002FC577B717A950C0A20E60EBDFC569637EF57059A2BE) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [6730C911E6D91009420D202FB6F394568A06AA97E9F33F30C7E92AAA71332D68](https://www.virustotal.com/gui/search/authentihash%253A6730C911E6D91009420D202FB6F394568A06AA97E9F33F30C7E92AAA71332D68) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/ca53fb23-c94b-436c-9066-079bd6480ae7.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/ca7157a0-3de8-4642-95b6-0a42c53a97b3.md b/lolrmm.com/content/bootloaders/ca7157a0-3de8-4642-95b6-0a42c53a97b3.md
new file mode 100644
index 00000000..ac8c3480
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/ca7157a0-3de8-4642-95b6-0a42c53a97b3.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "ca7157a0-3de8-4642-95b6-0a42c53a97b3"
+weight = 10
+displayTitle = "shim64-bit.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# shim64-bit.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Oracle America, Inc. and revoked Apr-21
+- **UUID**: ca7157a0-3de8-4642-95b6-0a42c53a97b3
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\shim64-bit.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372">CVE-2020-14372</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632">CVE-2020-25632</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647">CVE-2020-25647</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749">CVE-2020-27749</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779">CVE-2020-27779</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3418">CVE-2021-3418</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225">CVE-2021-20225</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233">CVE-2021-20233</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | shim64-bit.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [7395EE455BB71B4A37DD973999C875F166037E7BF5B948F812A8B45ADFC03A55](https://www.virustotal.com/gui/file/7395EE455BB71B4A37DD973999C875F166037E7BF5B948F812A8B45ADFC03A55) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [E42572AFAC720F5D4A1C7AAAF802F094DACEB682F4E92783B2BB3FA00862AF7F](https://www.virustotal.com/gui/search/authentihash%253AE42572AFAC720F5D4A1C7AAAF802F094DACEB682F4E92783B2BB3FA00862AF7F) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/ca7157a0-3de8-4642-95b6-0a42c53a97b3.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/cab29561-a4b4-4cb1-b6c6-115700991af8.md b/lolrmm.com/content/bootloaders/cab29561-a4b4-4cb1-b6c6-115700991af8.md
new file mode 100644
index 00000000..fb4c6331
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/cab29561-a4b4-4cb1-b6c6-115700991af8.md
@@ -0,0 +1,241 @@
++++
+
+description = ""
+title = "cab29561-a4b4-4cb1-b6c6-115700991af8"
+weight = 10
+displayTitle = "BOOTx64.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# BOOTx64.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by whitecanyon and revoked Jul-20
+- **UUID**: cab29561-a4b4-4cb1-b6c6-115700991af8
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/16e6180b7edfa353678a459079afa5db.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\BOOTx64.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | BOOTx64.efi |
+| MD5                | [16e6180b7edfa353678a459079afa5db](https://www.virustotal.com/gui/file/16e6180b7edfa353678a459079afa5db) |
+| SHA1               | [a9874a4b39d64c5116a663883834c2e789b87f99](https://www.virustotal.com/gui/file/a9874a4b39d64c5116a663883834c2e789b87f99) |
+| SHA256             | [50484376441815f7f85aa294290a9b6072a6a9e8feae79447c5c4de855c5a3d3](https://www.virustotal.com/gui/file/50484376441815f7f85aa294290a9b6072a6a9e8feae79447c5c4de855c5a3d3) |
+| Authentihash MD5   | [df444af8d4fa4d4b0bf54cdd266ea4b6](https://www.virustotal.com/gui/search/authentihash%253Adf444af8d4fa4d4b0bf54cdd266ea4b6) |
+| Authentihash SHA1  | [358f886257db7011d5a38b1e1bc7908a302392d5](https://www.virustotal.com/gui/search/authentihash%253A358f886257db7011d5a38b1e1bc7908a302392d5) |
+| Authentihash SHA256| [ad3be589c0474e97de5bb2bf33534948b76bb80376dfdc58b1fed767b5a15bfc](https://www.virustotal.com/gui/search/authentihash%253Aad3be589c0474e97de5bb2bf33534948b76bb80376dfdc58b1fed767b5a15bfc) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000002530b3d3726ee3f72f000100000025
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | a5052527524f4998a7bd87f396196fe8  |
+| ToBeSigned (TBS) SHA1             | 2374a3e4f0499d106f0e4d71a22f7b0e709847c0 |
+| ToBeSigned (TBS) SHA256           | f5b4992e0bd1b102ae9d5aeec4bd213f5dd042bd27b9a345ad336d2dda10a138 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher |
+| ValidFrom                         | 2017-08-11 20:20:00 |
+| ValidTo                           | 2018-08-11 20:20:00 |
+| Signature                         | 6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000002530b3d3726ee3f72f000100000025 |
+| Version                           | 3 |
+###### Certificate 6108d3c4000000000004
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 1f23e75a000f0b6db92650dc26ac98e1  |
+| ToBeSigned (TBS) SHA1             | bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d |
+| ToBeSigned (TBS) SHA256           | 9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011 |
+| ValidFrom                         | 2011-06-27 21:22:45 |
+| ValidTo                           | 2026-06-27 21:32:45 |
+| Signature                         | 350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 6108d3c4000000000004 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+      "Signature": "6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+      "TBS": {
+        "MD5": "a5052527524f4998a7bd87f396196fe8",
+        "SHA1": "2374a3e4f0499d106f0e4d71a22f7b0e709847c0",
+        "SHA256": "f5b4992e0bd1b102ae9d5aeec4bd213f5dd042bd27b9a345ad336d2dda10a138"
+      },
+      "ValidFrom": "2017-08-11 20:20:00",
+      "ValidTo": "2018-08-11 20:20:00",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "6108d3c4000000000004",
+      "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "TBS": {
+        "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+        "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+        "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+      },
+      "ValidFrom": "2011-06-27 21:22:45",
+      "ValidTo": "2026-06-27 21:32:45",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/cab29561-a4b4-4cb1-b6c6-115700991af8.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/cb08669d-8b82-45b7-8fc7-ea815f96e336.md b/lolrmm.com/content/bootloaders/cb08669d-8b82-45b7-8fc7-ea815f96e336.md
new file mode 100644
index 00000000..a7d0069c
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/cb08669d-8b82-45b7-8fc7-ea815f96e336.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "cb08669d-8b82-45b7-8fc7-ea815f96e336"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: cb08669d-8b82-45b7-8fc7-ea815f96e336
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [BD6E8218BAF3A86090201D6A118858CFA5F63AA2732CC880DADF39A1609F12E3](https://www.virustotal.com/gui/file/BD6E8218BAF3A86090201D6A118858CFA5F63AA2732CC880DADF39A1609F12E3) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [1DA53F3A2C7C41C93099737266B5619FF616A433FB3B870234622D7AAFAB9A7A](https://www.virustotal.com/gui/search/authentihash%253A1DA53F3A2C7C41C93099737266B5619FF616A433FB3B870234622D7AAFAB9A7A) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/cb08669d-8b82-45b7-8fc7-ea815f96e336.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/cb2d5dcd-595c-40d2-a14f-9b80d0fefc7e.md b/lolrmm.com/content/bootloaders/cb2d5dcd-595c-40d2-a14f-9b80d0fefc7e.md
new file mode 100644
index 00000000..32f1050b
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/cb2d5dcd-595c-40d2-a14f-9b80d0fefc7e.md
@@ -0,0 +1,241 @@
++++
+
+description = ""
+title = "cb2d5dcd-595c-40d2-a14f-9b80d0fefc7e"
+weight = 10
+displayTitle = "BOOTX64.EFI"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# BOOTX64.EFI ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Red Hat Inc. and revoked Jul-20
+- **UUID**: cb2d5dcd-595c-40d2-a14f-9b80d0fefc7e
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/3f5b9c90792efc13debd32233440ad32.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\BOOTX64.EFI } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | BOOTX64.EFI |
+| MD5                | [3f5b9c90792efc13debd32233440ad32](https://www.virustotal.com/gui/file/3f5b9c90792efc13debd32233440ad32) |
+| SHA1               | [23b7889abdb236c8cd871733ba2ea7f91d543b99](https://www.virustotal.com/gui/file/23b7889abdb236c8cd871733ba2ea7f91d543b99) |
+| SHA256             | [537b428a0ad622765010c4405c1603ff464fcbb24ae4c2fbf559a10b8ea4593d](https://www.virustotal.com/gui/file/537b428a0ad622765010c4405c1603ff464fcbb24ae4c2fbf559a10b8ea4593d) |
+| Authentihash MD5   | [d06af20d9fe41bce9fdcc0e3ce175987](https://www.virustotal.com/gui/search/authentihash%253Ad06af20d9fe41bce9fdcc0e3ce175987) |
+| Authentihash SHA1  | [c242ab25b79c1910f451b87f5499802df249e301](https://www.virustotal.com/gui/search/authentihash%253Ac242ab25b79c1910f451b87f5499802df249e301) |
+| Authentihash SHA256| [0dc24c75eb1aef56b9f13ab9de60e2eca1c4510034e290bbb36cf60a549b234c](https://www.virustotal.com/gui/search/authentihash%253A0dc24c75eb1aef56b9f13ab9de60e2eca1c4510034e290bbb36cf60a549b234c) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000002b4b79b3694d12118700010000002b
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 8d8a1f204c9c80213bd427fa58b387e2  |
+| ToBeSigned (TBS) SHA1             | 8d78e1742b948f0c8298e560dd71fe1594020386 |
+| ToBeSigned (TBS) SHA256           | 1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher |
+| ValidFrom                         | 2018-07-03 20:53:01 |
+| ValidTo                           | 2019-07-26 20:53:01 |
+| Signature                         | 54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000002b4b79b3694d12118700010000002b |
+| Version                           | 3 |
+###### Certificate 6108d3c4000000000004
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 1f23e75a000f0b6db92650dc26ac98e1  |
+| ToBeSigned (TBS) SHA1             | bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d |
+| ToBeSigned (TBS) SHA256           | 9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011 |
+| ValidFrom                         | 2011-06-27 21:22:45 |
+| ValidTo                           | 2026-06-27 21:32:45 |
+| Signature                         | 350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 6108d3c4000000000004 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+      "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+      "TBS": {
+        "MD5": "8d8a1f204c9c80213bd427fa58b387e2",
+        "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386",
+        "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0"
+      },
+      "ValidFrom": "2018-07-03 20:53:01",
+      "ValidTo": "2019-07-26 20:53:01",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "6108d3c4000000000004",
+      "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "TBS": {
+        "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+        "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+        "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+      },
+      "ValidFrom": "2011-06-27 21:22:45",
+      "ValidTo": "2026-06-27 21:32:45",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/cb2d5dcd-595c-40d2-a14f-9b80d0fefc7e.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/cb5a22b9-4471-44a3-9783-c27df207f95a.md b/lolrmm.com/content/bootloaders/cb5a22b9-4471-44a3-9783-c27df207f95a.md
new file mode 100644
index 00000000..38f0c1b7
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/cb5a22b9-4471-44a3-9783-c27df207f95a.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "cb5a22b9-4471-44a3-9783-c27df207f95a"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: cb5a22b9-4471-44a3-9783-c27df207f95a
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [B1EC3A20DD620668852C057FD33023CB945D35122C079F13A59A73F8A4E4FC12](https://www.virustotal.com/gui/file/B1EC3A20DD620668852C057FD33023CB945D35122C079F13A59A73F8A4E4FC12) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [264CBC5765718A0BCCB0F79C0FDD133A898203FB6F4F2052CB0647FBF6000ED0](https://www.virustotal.com/gui/search/authentihash%253A264CBC5765718A0BCCB0F79C0FDD133A898203FB6F4F2052CB0647FBF6000ED0) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/cb5a22b9-4471-44a3-9783-c27df207f95a.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/cc19dcf6-f6e2-4820-8df0-73abc96a95d8.md b/lolrmm.com/content/bootloaders/cc19dcf6-f6e2-4820-8df0-73abc96a95d8.md
new file mode 100644
index 00000000..b4a5aec2
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/cc19dcf6-f6e2-4820-8df0-73abc96a95d8.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "cc19dcf6-f6e2-4820-8df0-73abc96a95d8"
+weight = 10
+displayTitle = "bootarm.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootarm.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: cc19dcf6-f6e2-4820-8df0-73abc96a95d8
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootarm.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootarm.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [4CADDFE7EB99A666652EBDA685A542612C851C732801AA5B15AB39E826D7C1D7](https://www.virustotal.com/gui/file/4CADDFE7EB99A666652EBDA685A542612C851C732801AA5B15AB39E826D7C1D7) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [706B8A820652212D3A5F57303C9CB2B80B9E79DCF2621F29318AF2346419EDFA](https://www.virustotal.com/gui/search/authentihash%253A706B8A820652212D3A5F57303C9CB2B80B9E79DCF2621F29318AF2346419EDFA) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/cc19dcf6-f6e2-4820-8df0-73abc96a95d8.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/cc522d44-5de1-43fd-8d62-29b630f45f98.md b/lolrmm.com/content/bootloaders/cc522d44-5de1-43fd-8d62-29b630f45f98.md
new file mode 100644
index 00000000..7abb3bb5
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/cc522d44-5de1-43fd-8d62-29b630f45f98.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "cc522d44-5de1-43fd-8d62-29b630f45f98"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: cc522d44-5de1-43fd-8d62-29b630f45f98
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/c9d595c35045f8b200f9d3142cb3d683.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8">Black Lotus Microsoft Windows 8</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [c9d595c35045f8b200f9d3142cb3d683](https://www.virustotal.com/gui/file/c9d595c35045f8b200f9d3142cb3d683) |
+| SHA1               | [eabc1fcab7ce92c8dc667046c46a82ad0b2d8907](https://www.virustotal.com/gui/file/eabc1fcab7ce92c8dc667046c46a82ad0b2d8907) |
+| SHA256             | [545c8c806d6a8b2ab307bf7ff5dff05dd86cfc431d3920692e15e7928ac98eed](https://www.virustotal.com/gui/file/545c8c806d6a8b2ab307bf7ff5dff05dd86cfc431d3920692e15e7928ac98eed) |
+| Authentihash MD5   | [f2a111697ab3f412ae7be6354d3c63fd](https://www.virustotal.com/gui/search/authentihash%253Af2a111697ab3f412ae7be6354d3c63fd) |
+| Authentihash SHA1  | [47e31958625236b685c3d33cbc22fa0d9f8e3414](https://www.virustotal.com/gui/search/authentihash%253A47e31958625236b685c3d33cbc22fa0d9f8e3414) |
+| Authentihash SHA256| [3b30c3e6a923cbb7cf65b539025f12b1c810d74480f25cbfcb9a7bfd633f06ed](https://www.virustotal.com/gui/search/authentihash%253A3b30c3e6a923cbb7cf65b539025f12b1c810d74480f25cbfcb9a7bfd633f06ed) |
+| RichPEHeaderHash MD5   | [a387b0075e977009a7bb74d24fc388de](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Aa387b0075e977009a7bb74d24fc388de) |
+| RichPEHeaderHash SHA1  | [345e019b25904c911be9e3b6a9e2b0bb18652b04](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A345e019b25904c911be9e3b6a9e2b0bb18652b04) |
+| RichPEHeaderHash SHA256| [e04ed5674c66abbab401efb6e21e2481d4cbc485e5c8a6d34419bd7c8cc9fdad](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Ae04ed5674c66abbab401efb6e21e2481d4cbc485e5c8a6d34419bd7c8cc9fdad) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 610bbbd8000000000005
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 158438012e4dcd69b27b762c9358cfa2  |
+| ToBeSigned (TBS) SHA1             | 684ac167849404a4101f166b759f291a43d5f749 |
+| ToBeSigned (TBS) SHA256           | 95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2012-04-09 20:55:50 |
+| ValidTo                           | 2013-07-09 20:55:50 |
+| Signature                         | c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 610bbbd8000000000005 |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "610bbbd8000000000005",
+      "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "158438012e4dcd69b27b762c9358cfa2",
+        "SHA1": "684ac167849404a4101f166b759f291a43d5f749",
+        "SHA256": "95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c"
+      },
+      "ValidFrom": "2012-04-09 20:55:50",
+      "ValidTo": "2013-07-09 20:55:50",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "610bbbd8000000000005",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/cc522d44-5de1-43fd-8d62-29b630f45f98.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/cc55f472-e9c9-493c-bf44-98d528441570.md b/lolrmm.com/content/bootloaders/cc55f472-e9c9-493c-bf44-98d528441570.md
new file mode 100644
index 00000000..522146da
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/cc55f472-e9c9-493c-bf44-98d528441570.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "cc55f472-e9c9-493c-bf44-98d528441570"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: cc55f472-e9c9-493c-bf44-98d528441570
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/9c77b23f662f4c5cf1da2ec62ba6fd2c.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8">Black Lotus Microsoft Windows 8</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [9c77b23f662f4c5cf1da2ec62ba6fd2c](https://www.virustotal.com/gui/file/9c77b23f662f4c5cf1da2ec62ba6fd2c) |
+| SHA1               | [0f6c22e7f48505d3c4cf28edf541e69a72f4cfed](https://www.virustotal.com/gui/file/0f6c22e7f48505d3c4cf28edf541e69a72f4cfed) |
+| SHA256             | [5f3952cba19c9f225aae8b57e57c7e20505ac617aeca845a8b5cde4994405c92](https://www.virustotal.com/gui/file/5f3952cba19c9f225aae8b57e57c7e20505ac617aeca845a8b5cde4994405c92) |
+| Authentihash MD5   | [eed20fa5bc02fa6f0c7e5082c633e31e](https://www.virustotal.com/gui/search/authentihash%253Aeed20fa5bc02fa6f0c7e5082c633e31e) |
+| Authentihash SHA1  | [01419f5ba84d07eaf079e2c69e8655471028081c](https://www.virustotal.com/gui/search/authentihash%253A01419f5ba84d07eaf079e2c69e8655471028081c) |
+| Authentihash SHA256| [9335c9dd7001a2ec4e322ab6a2d11e6c4cd4ef1644c00d6314b7ba5a26f9eb7d](https://www.virustotal.com/gui/search/authentihash%253A9335c9dd7001a2ec4e322ab6a2d11e6c4cd4ef1644c00d6314b7ba5a26f9eb7d) |
+| RichPEHeaderHash MD5   | [fa6462badb7aa537a9d3ecf604e9fbd7](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Afa6462badb7aa537a9d3ecf604e9fbd7) |
+| RichPEHeaderHash SHA1  | [caefdafc6f3620830b306d429c83bb077f6bdaa4](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Acaefdafc6f3620830b306d429c83bb077f6bdaa4) |
+| RichPEHeaderHash SHA256| [4689fe3d6e35db99759219db2adef6cefa62105e8b636c0c5bd2a6bec395e471](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A4689fe3d6e35db99759219db2adef6cefa62105e8b636c0c5bd2a6bec395e471) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 610bbbd8000000000005
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 158438012e4dcd69b27b762c9358cfa2  |
+| ToBeSigned (TBS) SHA1             | 684ac167849404a4101f166b759f291a43d5f749 |
+| ToBeSigned (TBS) SHA256           | 95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2012-04-09 20:55:50 |
+| ValidTo                           | 2013-07-09 20:55:50 |
+| Signature                         | c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 610bbbd8000000000005 |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "610bbbd8000000000005",
+      "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "158438012e4dcd69b27b762c9358cfa2",
+        "SHA1": "684ac167849404a4101f166b759f291a43d5f749",
+        "SHA256": "95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c"
+      },
+      "ValidFrom": "2012-04-09 20:55:50",
+      "ValidTo": "2013-07-09 20:55:50",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "610bbbd8000000000005",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/cc55f472-e9c9-493c-bf44-98d528441570.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/cc89429d-d9b6-412c-8083-4879ab57f589.md b/lolrmm.com/content/bootloaders/cc89429d-d9b6-412c-8083-4879ab57f589.md
new file mode 100644
index 00000000..56a4611d
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/cc89429d-d9b6-412c-8083-4879ab57f589.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "cc89429d-d9b6-412c-8083-4879ab57f589"
+weight = 10
+displayTitle = "rhel-8.3-shim-20200726-shim64-bit.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# rhel-8.3-shim-20200726-shim64-bit.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Red Hat, Inc. and revoked Apr-21
+- **UUID**: cc89429d-d9b6-412c-8083-4879ab57f589
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\rhel-8.3-shim-20200726-shim64-bit.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372">CVE-2020-14372</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632">CVE-2020-25632</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647">CVE-2020-25647</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749">CVE-2020-27749</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779">CVE-2020-27779</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3418">CVE-2021-3418</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225">CVE-2021-20225</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233">CVE-2021-20233</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | rhel-8.3-shim-20200726-shim64-bit.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [98721004CFF6B89B3E5A9267D29250710E6A6C8AFAE06EEF29F92745CD70E079](https://www.virustotal.com/gui/file/98721004CFF6B89B3E5A9267D29250710E6A6C8AFAE06EEF29F92745CD70E079) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [EF87BE89A413657DE8721498552CF9E0F3C1F71BC62DFA63B9F25BBC66E86494](https://www.virustotal.com/gui/search/authentihash%253AEF87BE89A413657DE8721498552CF9E0F3C1F71BC62DFA63B9F25BBC66E86494) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/cc89429d-d9b6-412c-8083-4879ab57f589.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/cc9c7842-484d-4427-9ed5-75073efdad17.md b/lolrmm.com/content/bootloaders/cc9c7842-484d-4427-9ed5-75073efdad17.md
new file mode 100644
index 00000000..dada2136
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/cc9c7842-484d-4427-9ed5-75073efdad17.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "cc9c7842-484d-4427-9ed5-75073efdad17"
+weight = 10
+displayTitle = "cc9c7842-484d-4427-9ed5-75073efdad17"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# cc9c7842-484d-4427-9ed5-75073efdad17 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Unknown and revoked Jul-20
+- **UUID**: cc9c7842-484d-4427-9ed5-75073efdad17
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [8A73B6E52B27695C72D4776C0BCFA54D30C1340D534D5EEFF8D890377CDFDFAA](https://www.virustotal.com/gui/file/8A73B6E52B27695C72D4776C0BCFA54D30C1340D534D5EEFF8D890377CDFDFAA) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [362ED31D20B1E00392281231A96F0A0ACFDE02618953E695C9EF2EB0BAC37550](https://www.virustotal.com/gui/search/authentihash%253A362ED31D20B1E00392281231A96F0A0ACFDE02618953E695C9EF2EB0BAC37550) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/cc9c7842-484d-4427-9ed5-75073efdad17.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/cce60051-3b8f-4752-9e76-a1098bc803b6.md b/lolrmm.com/content/bootloaders/cce60051-3b8f-4752-9e76-a1098bc803b6.md
new file mode 100644
index 00000000..c2b40feb
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/cce60051-3b8f-4752-9e76-a1098bc803b6.md
@@ -0,0 +1,241 @@
++++
+
+description = ""
+title = "cce60051-3b8f-4752-9e76-a1098bc803b6"
+weight = 10
+displayTitle = "bootx64.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootx64.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Alt Linux LTD and revoked Jul-20
+- **UUID**: cce60051-3b8f-4752-9e76-a1098bc803b6
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/f38a930c417139cd5ccfe3ff2277b4c7.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootx64.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootx64.efi |
+| MD5                | [f38a930c417139cd5ccfe3ff2277b4c7](https://www.virustotal.com/gui/file/f38a930c417139cd5ccfe3ff2277b4c7) |
+| SHA1               | [b304b38b615184a936502bfb705bf254ab41ee32](https://www.virustotal.com/gui/file/b304b38b615184a936502bfb705bf254ab41ee32) |
+| SHA256             | [c4b5797189521611b809720ed9c4734f1dec8a2ee2597781ffe438f652a58ce5](https://www.virustotal.com/gui/file/c4b5797189521611b809720ed9c4734f1dec8a2ee2597781ffe438f652a58ce5) |
+| Authentihash MD5   | [cf8d4c0a11aef346e68e0187814ac953](https://www.virustotal.com/gui/search/authentihash%253Acf8d4c0a11aef346e68e0187814ac953) |
+| Authentihash SHA1  | [51e223e52d59a6e2e4df6614cfa47525722f127d](https://www.virustotal.com/gui/search/authentihash%253A51e223e52d59a6e2e4df6614cfa47525722f127d) |
+| Authentihash SHA256| [8c0349d708571ae5aa21c11363482332073297d868f29058916529efc520ef70](https://www.virustotal.com/gui/search/authentihash%253A8c0349d708571ae5aa21c11363482332073297d868f29058916529efc520ef70) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000002b4b79b3694d12118700010000002b
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 8d8a1f204c9c80213bd427fa58b387e2  |
+| ToBeSigned (TBS) SHA1             | 8d78e1742b948f0c8298e560dd71fe1594020386 |
+| ToBeSigned (TBS) SHA256           | 1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher |
+| ValidFrom                         | 2018-07-03 20:53:01 |
+| ValidTo                           | 2019-07-26 20:53:01 |
+| Signature                         | 54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000002b4b79b3694d12118700010000002b |
+| Version                           | 3 |
+###### Certificate 6108d3c4000000000004
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 1f23e75a000f0b6db92650dc26ac98e1  |
+| ToBeSigned (TBS) SHA1             | bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d |
+| ToBeSigned (TBS) SHA256           | 9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011 |
+| ValidFrom                         | 2011-06-27 21:22:45 |
+| ValidTo                           | 2026-06-27 21:32:45 |
+| Signature                         | 350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 6108d3c4000000000004 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+      "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+      "TBS": {
+        "MD5": "8d8a1f204c9c80213bd427fa58b387e2",
+        "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386",
+        "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0"
+      },
+      "ValidFrom": "2018-07-03 20:53:01",
+      "ValidTo": "2019-07-26 20:53:01",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "6108d3c4000000000004",
+      "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "TBS": {
+        "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+        "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+        "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+      },
+      "ValidFrom": "2011-06-27 21:22:45",
+      "ValidTo": "2026-06-27 21:32:45",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/cce60051-3b8f-4752-9e76-a1098bc803b6.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/ccef0d61-ad41-4f54-8ce1-9197ccf0e44d.md b/lolrmm.com/content/bootloaders/ccef0d61-ad41-4f54-8ce1-9197ccf0e44d.md
new file mode 100644
index 00000000..42087f15
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/ccef0d61-ad41-4f54-8ce1-9197ccf0e44d.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "ccef0d61-ad41-4f54-8ce1-9197ccf0e44d"
+weight = 10
+displayTitle = "ccef0d61-ad41-4f54-8ce1-9197ccf0e44d"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# ccef0d61-ad41-4f54-8ce1-9197ccf0e44d ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Unknown and revoked Jul-20
+- **UUID**: ccef0d61-ad41-4f54-8ce1-9197ccf0e44d
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [3AE3DA82C39C6BEEFD251265370D57D5BFC67181662736C62F2E6F687409C81B](https://www.virustotal.com/gui/file/3AE3DA82C39C6BEEFD251265370D57D5BFC67181662736C62F2E6F687409C81B) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [72C26F827CEB92989798961BC6AE748D141E05D3EBCFB65D9041B266C920BE82](https://www.virustotal.com/gui/search/authentihash%253A72C26F827CEB92989798961BC6AE748D141E05D3EBCFB65D9041B266C920BE82) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/ccef0d61-ad41-4f54-8ce1-9197ccf0e44d.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/cd328e2d-3b59-4c94-a0e0-60b7f793db09.md b/lolrmm.com/content/bootloaders/cd328e2d-3b59-4c94-a0e0-60b7f793db09.md
new file mode 100644
index 00000000..78507da5
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/cd328e2d-3b59-4c94-a0e0-60b7f793db09.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "cd328e2d-3b59-4c94-a0e0-60b7f793db09"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: cd328e2d-3b59-4c94-a0e0-60b7f793db09
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [D6D10836B79E28ACE9E2BEC7EF9B67DC736ED6C1C8EA24D395DDAAF05B76CEBD](https://www.virustotal.com/gui/file/D6D10836B79E28ACE9E2BEC7EF9B67DC736ED6C1C8EA24D395DDAAF05B76CEBD) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [13DBA28447FDBE3C8A24FEE3EB88638CE1D8F97CD4925056C0AD0E91CA51237D](https://www.virustotal.com/gui/search/authentihash%253A13DBA28447FDBE3C8A24FEE3EB88638CE1D8F97CD4925056C0AD0E91CA51237D) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/cd328e2d-3b59-4c94-a0e0-60b7f793db09.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/cd9dcfdd-25a1-42d5-bd95-3778087060b5.md b/lolrmm.com/content/bootloaders/cd9dcfdd-25a1-42d5-bd95-3778087060b5.md
new file mode 100644
index 00000000..20f5e915
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/cd9dcfdd-25a1-42d5-bd95-3778087060b5.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "cd9dcfdd-25a1-42d5-bd95-3778087060b5"
+weight = 10
+displayTitle = "bootia32.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootia32.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: cd9dcfdd-25a1-42d5-bd95-3778087060b5
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootia32.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootia32.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [4B6C8947CAA89BE6077E2964C4F97425C663AEFEBCDFC373CAFD982367FB5CFF](https://www.virustotal.com/gui/file/4B6C8947CAA89BE6077E2964C4F97425C663AEFEBCDFC373CAFD982367FB5CFF) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [73BAEB8EB0B64056A7BC309642FDC589BF219928A906666D107E65E8B0DBF496](https://www.virustotal.com/gui/search/authentihash%253A73BAEB8EB0B64056A7BC309642FDC589BF219928A906666D107E65E8B0DBF496) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/cd9dcfdd-25a1-42d5-bd95-3778087060b5.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/ce34babf-0f03-4d6d-969d-e063648d5dfe.md b/lolrmm.com/content/bootloaders/ce34babf-0f03-4d6d-969d-e063648d5dfe.md
new file mode 100644
index 00000000..e2fdd71c
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/ce34babf-0f03-4d6d-969d-e063648d5dfe.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "ce34babf-0f03-4d6d-969d-e063648d5dfe"
+weight = 10
+displayTitle = "shim-opensuse.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# shim-opensuse.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by SUSE Linux Products GmbH and revoked Apr-21
+- **UUID**: ce34babf-0f03-4d6d-969d-e063648d5dfe
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\shim-opensuse.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372">CVE-2020-14372</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632">CVE-2020-25632</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647">CVE-2020-25647</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749">CVE-2020-27749</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779">CVE-2020-27779</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3418">CVE-2021-3418</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225">CVE-2021-20225</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233">CVE-2021-20233</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | shim-opensuse.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [7B40290ADE5BA3316AFC08748CFAB5AE79FB30BB8B5972766D670C3887E3D294](https://www.virustotal.com/gui/file/7B40290ADE5BA3316AFC08748CFAB5AE79FB30BB8B5972766D670C3887E3D294) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [F5E892DD6EC4C2DEFA4A495C09219B621379B64DA3D1B2E34ADF4B5F1102BD39](https://www.virustotal.com/gui/search/authentihash%253AF5E892DD6EC4C2DEFA4A495C09219B621379B64DA3D1B2E34ADF4B5F1102BD39) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/ce34babf-0f03-4d6d-969d-e063648d5dfe.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/ce52a206-8cc9-43e4-9f5d-28b646502ac3.md b/lolrmm.com/content/bootloaders/ce52a206-8cc9-43e4-9f5d-28b646502ac3.md
new file mode 100644
index 00000000..7f85e69b
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/ce52a206-8cc9-43e4-9f5d-28b646502ac3.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "ce52a206-8cc9-43e4-9f5d-28b646502ac3"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: ce52a206-8cc9-43e4-9f5d-28b646502ac3
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/de3db6ac5d9d0d31d8668a74bc3332df.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8">Black Lotus Microsoft Windows 8</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [de3db6ac5d9d0d31d8668a74bc3332df](https://www.virustotal.com/gui/file/de3db6ac5d9d0d31d8668a74bc3332df) |
+| SHA1               | [b2851fbbc75273998a8dd1aabed09efa961c050f](https://www.virustotal.com/gui/file/b2851fbbc75273998a8dd1aabed09efa961c050f) |
+| SHA256             | [1604f70608f964d1a835c3f3a421e58e449774f0291ff134ac298364e8e3f776](https://www.virustotal.com/gui/file/1604f70608f964d1a835c3f3a421e58e449774f0291ff134ac298364e8e3f776) |
+| Authentihash MD5   | [664f6508818e109fb75fbe07061638e8](https://www.virustotal.com/gui/search/authentihash%253A664f6508818e109fb75fbe07061638e8) |
+| Authentihash SHA1  | [aecda4260dceeda535e4c967ed2fa9ae3c4d580a](https://www.virustotal.com/gui/search/authentihash%253Aaecda4260dceeda535e4c967ed2fa9ae3c4d580a) |
+| Authentihash SHA256| [52a3ca4db923c0648ac04be86ce02dbc6a3aaac8312366b106205dec6e2ca2d9](https://www.virustotal.com/gui/search/authentihash%253A52a3ca4db923c0648ac04be86ce02dbc6a3aaac8312366b106205dec6e2ca2d9) |
+| RichPEHeaderHash MD5   | [fa6462badb7aa537a9d3ecf604e9fbd7](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Afa6462badb7aa537a9d3ecf604e9fbd7) |
+| RichPEHeaderHash SHA1  | [caefdafc6f3620830b306d429c83bb077f6bdaa4](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Acaefdafc6f3620830b306d429c83bb077f6bdaa4) |
+| RichPEHeaderHash SHA256| [4689fe3d6e35db99759219db2adef6cefa62105e8b636c0c5bd2a6bec395e471](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A4689fe3d6e35db99759219db2adef6cefa62105e8b636c0c5bd2a6bec395e471) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 610bbbd8000000000005
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 158438012e4dcd69b27b762c9358cfa2  |
+| ToBeSigned (TBS) SHA1             | 684ac167849404a4101f166b759f291a43d5f749 |
+| ToBeSigned (TBS) SHA256           | 95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2012-04-09 20:55:50 |
+| ValidTo                           | 2013-07-09 20:55:50 |
+| Signature                         | c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 610bbbd8000000000005 |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "610bbbd8000000000005",
+      "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "158438012e4dcd69b27b762c9358cfa2",
+        "SHA1": "684ac167849404a4101f166b759f291a43d5f749",
+        "SHA256": "95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c"
+      },
+      "ValidFrom": "2012-04-09 20:55:50",
+      "ValidTo": "2013-07-09 20:55:50",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "610bbbd8000000000005",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/ce52a206-8cc9-43e4-9f5d-28b646502ac3.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/ce737ee6-e949-44cb-badf-3f1d775d4832.md b/lolrmm.com/content/bootloaders/ce737ee6-e949-44cb-badf-3f1d775d4832.md
new file mode 100644
index 00000000..0a3ed206
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/ce737ee6-e949-44cb-badf-3f1d775d4832.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "ce737ee6-e949-44cb-badf-3f1d775d4832"
+weight = 10
+displayTitle = "ce737ee6-e949-44cb-badf-3f1d775d4832"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# ce737ee6-e949-44cb-badf-3f1d775d4832 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Intel Corporation and revoked Jul-20
+- **UUID**: ce737ee6-e949-44cb-badf-3f1d775d4832
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [10368826DC89AF42B4AD7E69A9E1F4DA9486DD645C088F445998E8DCA18EB0D4](https://www.virustotal.com/gui/file/10368826DC89AF42B4AD7E69A9E1F4DA9486DD645C088F445998E8DCA18EB0D4) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [6DEAD13257DFC3CCC6A4B37016BA91755FE9E0EC1F415030942E5ABC47F07C88](https://www.virustotal.com/gui/search/authentihash%253A6DEAD13257DFC3CCC6A4B37016BA91755FE9E0EC1F415030942E5ABC47F07C88) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/ce737ee6-e949-44cb-badf-3f1d775d4832.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/cede5464-786a-4472-9b83-cbf540f90d1e.md b/lolrmm.com/content/bootloaders/cede5464-786a-4472-9b83-cbf540f90d1e.md
new file mode 100644
index 00000000..3450f4ac
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/cede5464-786a-4472-9b83-cbf540f90d1e.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "cede5464-786a-4472-9b83-cbf540f90d1e"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: cede5464-786a-4472-9b83-cbf540f90d1e
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [E9F55F39797D7ADAA99F2FE4138D413A10539C9663976B055A705A76C6A916D4](https://www.virustotal.com/gui/file/E9F55F39797D7ADAA99F2FE4138D413A10539C9663976B055A705A76C6A916D4) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [D455A3C084DF64CF66DC1D2BAB352C74AAF66035058DF1143EFBDD4298AA4527](https://www.virustotal.com/gui/search/authentihash%253AD455A3C084DF64CF66DC1D2BAB352C74AAF66035058DF1143EFBDD4298AA4527) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/cede5464-786a-4472-9b83-cbf540f90d1e.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/cef00ef9-665c-48ed-9b4c-d383d2846e05.md b/lolrmm.com/content/bootloaders/cef00ef9-665c-48ed-9b4c-d383d2846e05.md
new file mode 100644
index 00000000..a153b35e
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/cef00ef9-665c-48ed-9b4c-d383d2846e05.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "cef00ef9-665c-48ed-9b4c-d383d2846e05"
+weight = 10
+displayTitle = "bootarm.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootarm.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: cef00ef9-665c-48ed-9b4c-d383d2846e05
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootarm.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootarm.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [494A55C84A5A244292DB7F678D4574C7CC6E58D522F0BE270D68B0F1A41E19D3](https://www.virustotal.com/gui/file/494A55C84A5A244292DB7F678D4574C7CC6E58D522F0BE270D68B0F1A41E19D3) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [7AB5FF84B7B80A432366E3BBCC198ED382C9FD592CD5DD210138D2F9297CC1F6](https://www.virustotal.com/gui/search/authentihash%253A7AB5FF84B7B80A432366E3BBCC198ED382C9FD592CD5DD210138D2F9297CC1F6) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/cef00ef9-665c-48ed-9b4c-d383d2846e05.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/cef9f132-2635-47a6-bed7-6011eb7f04ca.md b/lolrmm.com/content/bootloaders/cef9f132-2635-47a6-bed7-6011eb7f04ca.md
new file mode 100644
index 00000000..16f1a909
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/cef9f132-2635-47a6-bed7-6011eb7f04ca.md
@@ -0,0 +1,241 @@
++++
+
+description = ""
+title = "cef9f132-2635-47a6-bed7-6011eb7f04ca"
+weight = 10
+displayTitle = "bootx64.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootx64.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Neverware and revoked Jul-20
+- **UUID**: cef9f132-2635-47a6-bed7-6011eb7f04ca
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/0008d969a43a2b94edd849cdee6ae3c9.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootx64.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootx64.efi |
+| MD5                | [0008d969a43a2b94edd849cdee6ae3c9](https://www.virustotal.com/gui/file/0008d969a43a2b94edd849cdee6ae3c9) |
+| SHA1               | [d58b60ac3b5fdd3d52a9bc8da3e73c2a13ad36f6](https://www.virustotal.com/gui/file/d58b60ac3b5fdd3d52a9bc8da3e73c2a13ad36f6) |
+| SHA256             | [3f8f266488f3b888eb77b8df43582fa8124366b7d0670ed78926410f9c9f411f](https://www.virustotal.com/gui/file/3f8f266488f3b888eb77b8df43582fa8124366b7d0670ed78926410f9c9f411f) |
+| Authentihash MD5   | [d0a9c315f3180e44d8c7a202276041a7](https://www.virustotal.com/gui/search/authentihash%253Ad0a9c315f3180e44d8c7a202276041a7) |
+| Authentihash SHA1  | [6d3071da0d10845d4c297c11e0f71dc557981cd0](https://www.virustotal.com/gui/search/authentihash%253A6d3071da0d10845d4c297c11e0f71dc557981cd0) |
+| Authentihash SHA256| [d8d4e6ddf6e42d74a6a536ea62fd1217e4290b145c9e5c3695a31b42efb5f5a4](https://www.virustotal.com/gui/search/authentihash%253Ad8d4e6ddf6e42d74a6a536ea62fd1217e4290b145c9e5c3695a31b42efb5f5a4) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000002b4b79b3694d12118700010000002b
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 8d8a1f204c9c80213bd427fa58b387e2  |
+| ToBeSigned (TBS) SHA1             | 8d78e1742b948f0c8298e560dd71fe1594020386 |
+| ToBeSigned (TBS) SHA256           | 1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher |
+| ValidFrom                         | 2018-07-03 20:53:01 |
+| ValidTo                           | 2019-07-26 20:53:01 |
+| Signature                         | 54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000002b4b79b3694d12118700010000002b |
+| Version                           | 3 |
+###### Certificate 6108d3c4000000000004
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 1f23e75a000f0b6db92650dc26ac98e1  |
+| ToBeSigned (TBS) SHA1             | bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d |
+| ToBeSigned (TBS) SHA256           | 9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011 |
+| ValidFrom                         | 2011-06-27 21:22:45 |
+| ValidTo                           | 2026-06-27 21:32:45 |
+| Signature                         | 350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 6108d3c4000000000004 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+      "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+      "TBS": {
+        "MD5": "8d8a1f204c9c80213bd427fa58b387e2",
+        "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386",
+        "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0"
+      },
+      "ValidFrom": "2018-07-03 20:53:01",
+      "ValidTo": "2019-07-26 20:53:01",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "6108d3c4000000000004",
+      "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "TBS": {
+        "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+        "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+        "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+      },
+      "ValidFrom": "2011-06-27 21:22:45",
+      "ValidTo": "2026-06-27 21:32:45",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/cef9f132-2635-47a6-bed7-6011eb7f04ca.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/cf486d6a-cb41-4d0b-9258-81a14e76f719.md b/lolrmm.com/content/bootloaders/cf486d6a-cb41-4d0b-9258-81a14e76f719.md
new file mode 100644
index 00000000..0f6d6c95
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/cf486d6a-cb41-4d0b-9258-81a14e76f719.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "cf486d6a-cb41-4d0b-9258-81a14e76f719"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: cf486d6a-cb41-4d0b-9258-81a14e76f719
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [89C7492FAA5DFEFFE4F126764CD556A82B53520404636BD50C32405346959016](https://www.virustotal.com/gui/file/89C7492FAA5DFEFFE4F126764CD556A82B53520404636BD50C32405346959016) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [4B59C6D8E94428C4CBDB0F306FED75B099EA349431F001AA819C3BD0D1600812](https://www.virustotal.com/gui/search/authentihash%253A4B59C6D8E94428C4CBDB0F306FED75B099EA349431F001AA819C3BD0D1600812) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/cf486d6a-cb41-4d0b-9258-81a14e76f719.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/cf8adf07-931e-408c-a85f-d5e45b09a41e.md b/lolrmm.com/content/bootloaders/cf8adf07-931e-408c-a85f-d5e45b09a41e.md
new file mode 100644
index 00000000..c5d259f3
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/cf8adf07-931e-408c-a85f-d5e45b09a41e.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "cf8adf07-931e-408c-a85f-d5e45b09a41e"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: cf8adf07-931e-408c-a85f-d5e45b09a41e
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [A84FFCA344A000BE6FC526DA7D7F701B87EF5559A71D8E63F806276E4D3DFE27](https://www.virustotal.com/gui/file/A84FFCA344A000BE6FC526DA7D7F701B87EF5559A71D8E63F806276E4D3DFE27) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [D759308D047E9206006B51B5770FA25EF5C124B8ACC6B0139F5883765FE30DEA](https://www.virustotal.com/gui/search/authentihash%253AD759308D047E9206006B51B5770FA25EF5C124B8ACC6B0139F5883765FE30DEA) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/cf8adf07-931e-408c-a85f-d5e45b09a41e.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/cfec0cca-c6b7-4327-a2d8-7dca0515e161.md b/lolrmm.com/content/bootloaders/cfec0cca-c6b7-4327-a2d8-7dca0515e161.md
new file mode 100644
index 00000000..8f4dad2a
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/cfec0cca-c6b7-4327-a2d8-7dca0515e161.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "cfec0cca-c6b7-4327-a2d8-7dca0515e161"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: cfec0cca-c6b7-4327-a2d8-7dca0515e161
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [C1136125F38F6B76285AE4F1A0068F49819CBB5B57F6AB85960640F93FEC21BD](https://www.virustotal.com/gui/file/C1136125F38F6B76285AE4F1A0068F49819CBB5B57F6AB85960640F93FEC21BD) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [36B7CDB6564C58CB54895B6D2C73F88D2908BCBD693BFD253945BD31E3EE81BC](https://www.virustotal.com/gui/search/authentihash%253A36B7CDB6564C58CB54895B6D2C73F88D2908BCBD693BFD253945BD31E3EE81BC) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/cfec0cca-c6b7-4327-a2d8-7dca0515e161.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/d01601d7-2e46-4b78-801f-d260597e9b74.md b/lolrmm.com/content/bootloaders/d01601d7-2e46-4b78-801f-d260597e9b74.md
new file mode 100644
index 00000000..ca459f7c
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/d01601d7-2e46-4b78-801f-d260597e9b74.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "d01601d7-2e46-4b78-801f-d260597e9b74"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: d01601d7-2e46-4b78-801f-d260597e9b74
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/5692b49c53b4401e76a43c82d7d496de.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [5692b49c53b4401e76a43c82d7d496de](https://www.virustotal.com/gui/file/5692b49c53b4401e76a43c82d7d496de) |
+| SHA1               | [6308e47e8133dfe6cf9532213c65b964acebe111](https://www.virustotal.com/gui/file/6308e47e8133dfe6cf9532213c65b964acebe111) |
+| SHA256             | [53af0ddbd3c4d33bd003403d8c9b41877e07770d3e789c781e5897858585e299](https://www.virustotal.com/gui/file/53af0ddbd3c4d33bd003403d8c9b41877e07770d3e789c781e5897858585e299) |
+| Authentihash MD5   | [a1f22c60755e8b4f85769168e7799133](https://www.virustotal.com/gui/search/authentihash%253Aa1f22c60755e8b4f85769168e7799133) |
+| Authentihash SHA1  | [0cedc7fa4d3c732832d1961814a6107a9e7aad91](https://www.virustotal.com/gui/search/authentihash%253A0cedc7fa4d3c732832d1961814a6107a9e7aad91) |
+| Authentihash SHA256| [b97915da9f05277fa5687f8c41132df69152517f2ba252d466395b40d4f2d155](https://www.virustotal.com/gui/search/authentihash%253Ab97915da9f05277fa5687f8c41132df69152517f2ba252d466395b40d4f2d155) |
+| RichPEHeaderHash MD5   | [476ff7a2afe034c2194a948f1f780094](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A476ff7a2afe034c2194a948f1f780094) |
+| RichPEHeaderHash SHA1  | [1a999ada5820fb409ce7f2ec343e215caf2e07a4](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A1a999ada5820fb409ce7f2ec343e215caf2e07a4) |
+| RichPEHeaderHash SHA256| [802de9524cf6556e6464828cc411f87a8fb3693742c5515126eb511122e9086a](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A802de9524cf6556e6464828cc411f87a8fb3693742c5515126eb511122e9086a) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000002418fc0b689e7399d0000000000024
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 28b23b39f3bbd936a26a5b86451be0ac  |
+| ToBeSigned (TBS) SHA1             | 3b16f29295d5a7c323beb479c71d3d20c6b8acc2 |
+| ToBeSigned (TBS) SHA256           | 4383c9a796dc607ddaae1849d8e5d2e7ea211aad2c599fe1e251285ec87dd150 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2013-06-17 21:43:38 |
+| ValidTo                           | 2014-09-17 21:43:38 |
+| Signature                         | 78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000002418fc0b689e7399d0000000000024 |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+      "Signature": "78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "28b23b39f3bbd936a26a5b86451be0ac",
+        "SHA1": "3b16f29295d5a7c323beb479c71d3d20c6b8acc2",
+        "SHA256": "4383c9a796dc607ddaae1849d8e5d2e7ea211aad2c599fe1e251285ec87dd150"
+      },
+      "ValidFrom": "2013-06-17 21:43:38",
+      "ValidTo": "2014-09-17 21:43:38",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "330000002418fc0b689e7399d0000000000024",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/d01601d7-2e46-4b78-801f-d260597e9b74.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/d0acb6e2-2647-424d-b438-eff9f1b605fd.md b/lolrmm.com/content/bootloaders/d0acb6e2-2647-424d-b438-eff9f1b605fd.md
new file mode 100644
index 00000000..3a470b4a
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/d0acb6e2-2647-424d-b438-eff9f1b605fd.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "d0acb6e2-2647-424d-b438-eff9f1b605fd"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: d0acb6e2-2647-424d-b438-eff9f1b605fd
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [1B9A8D23FFC211EFF6F12D17037EB076EA46562DEC937F44CC49D4AF1C119BA0](https://www.virustotal.com/gui/file/1B9A8D23FFC211EFF6F12D17037EB076EA46562DEC937F44CC49D4AF1C119BA0) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [1B9A8D23FFC211EFF6F12D17037EB076EA46562DEC937F44CC49D4AF1C119BA0](https://www.virustotal.com/gui/search/authentihash%253A1B9A8D23FFC211EFF6F12D17037EB076EA46562DEC937F44CC49D4AF1C119BA0) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/d0acb6e2-2647-424d-b438-eff9f1b605fd.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/d0f8d27f-26e3-4500-bcb8-dab29c667c29.md b/lolrmm.com/content/bootloaders/d0f8d27f-26e3-4500-bcb8-dab29c667c29.md
new file mode 100644
index 00000000..b4c7f9e7
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/d0f8d27f-26e3-4500-bcb8-dab29c667c29.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "d0f8d27f-26e3-4500-bcb8-dab29c667c29"
+weight = 10
+displayTitle = "d0f8d27f-26e3-4500-bcb8-dab29c667c29"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# d0f8d27f-26e3-4500-bcb8-dab29c667c29 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by SUSE Linux and revoked Jul-20
+- **UUID**: d0f8d27f-26e3-4500-bcb8-dab29c667c29
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [0742A120E871BBB67D6947D05E9301CDACBCCB4AF650464F996B40352CA9699B](https://www.virustotal.com/gui/file/0742A120E871BBB67D6947D05E9301CDACBCCB4AF650464F996B40352CA9699B) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [400AC66D59B7B094A9E30B01A6BD013AFF1D30570F83E7592F421DBE5FF4BA8F](https://www.virustotal.com/gui/search/authentihash%253A400AC66D59B7B094A9E30B01A6BD013AFF1D30570F83E7592F421DBE5FF4BA8F) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/d0f8d27f-26e3-4500-bcb8-dab29c667c29.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/d159a67f-5512-4922-bc1e-5c675a73d0cb.md b/lolrmm.com/content/bootloaders/d159a67f-5512-4922-bc1e-5c675a73d0cb.md
new file mode 100644
index 00000000..aa4f47a0
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/d159a67f-5512-4922-bc1e-5c675a73d0cb.md
@@ -0,0 +1,241 @@
++++
+
+description = ""
+title = "d159a67f-5512-4922-bc1e-5c675a73d0cb"
+weight = 10
+displayTitle = "BOOTX64.EFI"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# BOOTX64.EFI ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Red Hat Inc. and revoked Jul-20
+- **UUID**: d159a67f-5512-4922-bc1e-5c675a73d0cb
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/d0be4e86a7eaa87c849e3e137c3471dd.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\BOOTX64.EFI } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | BOOTX64.EFI |
+| MD5                | [d0be4e86a7eaa87c849e3e137c3471dd](https://www.virustotal.com/gui/file/d0be4e86a7eaa87c849e3e137c3471dd) |
+| SHA1               | [1ed0450060202cea44d69a503da1b33004a963dc](https://www.virustotal.com/gui/file/1ed0450060202cea44d69a503da1b33004a963dc) |
+| SHA256             | [df4e1cf6eaf602f99849ddb6802bd91fb13cd5c3f9fb420250d8a3d750642efa](https://www.virustotal.com/gui/file/df4e1cf6eaf602f99849ddb6802bd91fb13cd5c3f9fb420250d8a3d750642efa) |
+| Authentihash MD5   | [69843fea4e1051a4614a17f5bc8daf97](https://www.virustotal.com/gui/search/authentihash%253A69843fea4e1051a4614a17f5bc8daf97) |
+| Authentihash SHA1  | [84958a487eb9b1c6d55883e3c32361132c1fe214](https://www.virustotal.com/gui/search/authentihash%253A84958a487eb9b1c6d55883e3c32361132c1fe214) |
+| Authentihash SHA256| [3ece27cbb3ec4438cce523b927c4f05fdc5c593a3766db984c5e437a3ff6a16b](https://www.virustotal.com/gui/search/authentihash%253A3ece27cbb3ec4438cce523b927c4f05fdc5c593a3766db984c5e437a3ff6a16b) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 3300000010a4912943d94ce62e000100000010
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 61509fd4e01160eb7d8007dc182bee5b  |
+| ToBeSigned (TBS) SHA1             | febd34ec96d90e498d9b6fa54d7fab80ce1464d3 |
+| ToBeSigned (TBS) SHA256           | 7d79e52d96bc7c571299d90c3bc4bff9d08e36eb74b7e8b0cd69114980737953 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher |
+| ValidFrom                         | 2014-10-01 18:02:10 |
+| ValidTo                           | 2016-01-01 18:02:10 |
+| Signature                         | 2b1b08b20674b8acbad524875a42f0b4d4ba6df424b9adb1e83c9309e657fe499f386cdf93a4f71393ab57da5eee4e346ebccdf9a7e990b44a76433af4071e90ee0e0fc8744003f9afe6bdda1cbd132fef8235d39c932bb9960f52bbea2062ed773a52beef26b333f603d8e9a0a9652c222a013cb1bd44bb5dc96c1a4135284c91784f0d66a2d7d97c59e26fd19d645e730b656d56e7a8166f228a751a745c4491f1865c8d5a4b1bf61fd4a564811e32699deff03a3328829cd888ae53fccb0819957ee499a2ad79d1c1d73ef7324562bee86575193983b41f66c12c95eb5d171df5c4beda799c4fb314e8e27bc47b195e1c8a2cd2d3bfbb29c8264ebddf95da |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 3300000010a4912943d94ce62e000100000010 |
+| Version                           | 3 |
+###### Certificate 6108d3c4000000000004
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 1f23e75a000f0b6db92650dc26ac98e1  |
+| ToBeSigned (TBS) SHA1             | bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d |
+| ToBeSigned (TBS) SHA256           | 9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011 |
+| ValidFrom                         | 2011-06-27 21:22:45 |
+| ValidTo                           | 2026-06-27 21:32:45 |
+| Signature                         | 350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 6108d3c4000000000004 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "3300000010a4912943d94ce62e000100000010",
+      "Signature": "2b1b08b20674b8acbad524875a42f0b4d4ba6df424b9adb1e83c9309e657fe499f386cdf93a4f71393ab57da5eee4e346ebccdf9a7e990b44a76433af4071e90ee0e0fc8744003f9afe6bdda1cbd132fef8235d39c932bb9960f52bbea2062ed773a52beef26b333f603d8e9a0a9652c222a013cb1bd44bb5dc96c1a4135284c91784f0d66a2d7d97c59e26fd19d645e730b656d56e7a8166f228a751a745c4491f1865c8d5a4b1bf61fd4a564811e32699deff03a3328829cd888ae53fccb0819957ee499a2ad79d1c1d73ef7324562bee86575193983b41f66c12c95eb5d171df5c4beda799c4fb314e8e27bc47b195e1c8a2cd2d3bfbb29c8264ebddf95da",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+      "TBS": {
+        "MD5": "61509fd4e01160eb7d8007dc182bee5b",
+        "SHA1": "febd34ec96d90e498d9b6fa54d7fab80ce1464d3",
+        "SHA256": "7d79e52d96bc7c571299d90c3bc4bff9d08e36eb74b7e8b0cd69114980737953"
+      },
+      "ValidFrom": "2014-10-01 18:02:10",
+      "ValidTo": "2016-01-01 18:02:10",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "6108d3c4000000000004",
+      "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "TBS": {
+        "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+        "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+        "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+      },
+      "ValidFrom": "2011-06-27 21:22:45",
+      "ValidTo": "2026-06-27 21:32:45",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "SerialNumber": "3300000010a4912943d94ce62e000100000010",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/d159a67f-5512-4922-bc1e-5c675a73d0cb.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/d17ff559-85d0-4cc7-9327-516585723ea0.md b/lolrmm.com/content/bootloaders/d17ff559-85d0-4cc7-9327-516585723ea0.md
new file mode 100644
index 00000000..46a71d54
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/d17ff559-85d0-4cc7-9327-516585723ea0.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "d17ff559-85d0-4cc7-9327-516585723ea0"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: d17ff559-85d0-4cc7-9327-516585723ea0
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8">Black Lotus Microsoft Windows 8</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [B81C6018141EFC89816DA4081BBC1414911125D5184108E47AB01260D84FB9B1](https://www.virustotal.com/gui/file/B81C6018141EFC89816DA4081BBC1414911125D5184108E47AB01260D84FB9B1) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [CBCBB8E81F1CFEE4D02D65481080ECDE62528344C5372B09FED4EE3CA1E14330](https://www.virustotal.com/gui/search/authentihash%253ACBCBB8E81F1CFEE4D02D65481080ECDE62528344C5372B09FED4EE3CA1E14330) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/d17ff559-85d0-4cc7-9327-516585723ea0.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/d1d2f3cc-064e-455c-af50-3bd0d46a06f2.md b/lolrmm.com/content/bootloaders/d1d2f3cc-064e-455c-af50-3bd0d46a06f2.md
new file mode 100644
index 00000000..cc3cf59b
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/d1d2f3cc-064e-455c-af50-3bd0d46a06f2.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "d1d2f3cc-064e-455c-af50-3bd0d46a06f2"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: d1d2f3cc-064e-455c-af50-3bd0d46a06f2
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/d6604f3caaa504ff3aedbade7d87fb97.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [d6604f3caaa504ff3aedbade7d87fb97](https://www.virustotal.com/gui/file/d6604f3caaa504ff3aedbade7d87fb97) |
+| SHA1               | [a8dc3e14fb4ad8d264fdaba4ccbc89d64ee4791d](https://www.virustotal.com/gui/file/a8dc3e14fb4ad8d264fdaba4ccbc89d64ee4791d) |
+| SHA256             | [f025a519dccf1df41951c22c6dc5cafa61e21b117e174b4983b45ccc22c6375f](https://www.virustotal.com/gui/file/f025a519dccf1df41951c22c6dc5cafa61e21b117e174b4983b45ccc22c6375f) |
+| Authentihash MD5   | [889829fb843f0a94ac85fd363af55729](https://www.virustotal.com/gui/search/authentihash%253A889829fb843f0a94ac85fd363af55729) |
+| Authentihash SHA1  | [7064b8e79beeb6e7443033f51a17d7973ea424a2](https://www.virustotal.com/gui/search/authentihash%253A7064b8e79beeb6e7443033f51a17d7973ea424a2) |
+| Authentihash SHA256| [7f292bce8dc97b601ef1ea72bdf7d96a12a87782bb1b1c547f85c55c7b3ff035](https://www.virustotal.com/gui/search/authentihash%253A7f292bce8dc97b601ef1ea72bdf7d96a12a87782bb1b1c547f85c55c7b3ff035) |
+| RichPEHeaderHash MD5   | [c3a45277e34522772d2ffb9c618850dd](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Ac3a45277e34522772d2ffb9c618850dd) |
+| RichPEHeaderHash SHA1  | [ccaa1ad0944140bed3cf64cdaf8c9d2004c29074](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Accaa1ad0944140bed3cf64cdaf8c9d2004c29074) |
+| RichPEHeaderHash SHA256| [474fc92022c5254d909bd3560e682dc6a340333b34b82d63e8b9a575cf09b292](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A474fc92022c5254d909bd3560e682dc6a340333b34b82d63e8b9a575cf09b292) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000033c89c66a7b45bb1fbd00000000033c
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 46f57c3b860b08484cb79066ac1014ad  |
+| ToBeSigned (TBS) SHA1             | c1fe3ab97b834a98460e4ae92fe2468d16f61a92 |
+| ToBeSigned (TBS) SHA256           | d78e6b22fec42de5200f6c56731dd6742c79fa2bf7c01c8dc04d3d5738474c9b |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2021-09-02 18:23:41 |
+| ValidTo                           | 2022-09-01 18:23:41 |
+| Signature                         | 699045742c403812de1bdf9ea2be22132e82a7c006ab278e0c9f460bd435386348031a6b5cbdf450ae5a243331dcb2cc7eace8371cf71ec35a6f663147bd211ea357614e6a611eeacca6486a778d4cd788106ade12d6625574e7a89ecab4eb0bb99295c498dd5f565680a2d26bf2545e727c4204023c48d8021b608fd901c6fefd16ce0c3a669fb0ce758dc671f2cdd7434c163f9de9453e5523d94a78205c828a4615e50330d9f52a8a77f7683d2b61ff1324382d40d31001c518b56b286fbb8c754f6940590c2071385ed0a9387b529c06bf71fff89c74634550fc331b389d558696ace05787144e5af53d20a75a84981bf8380ddac3743f407d8ff27c089e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000033c89c66a7b45bb1fbd00000000033c |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c",
+      "Signature": "699045742c403812de1bdf9ea2be22132e82a7c006ab278e0c9f460bd435386348031a6b5cbdf450ae5a243331dcb2cc7eace8371cf71ec35a6f663147bd211ea357614e6a611eeacca6486a778d4cd788106ade12d6625574e7a89ecab4eb0bb99295c498dd5f565680a2d26bf2545e727c4204023c48d8021b608fd901c6fefd16ce0c3a669fb0ce758dc671f2cdd7434c163f9de9453e5523d94a78205c828a4615e50330d9f52a8a77f7683d2b61ff1324382d40d31001c518b56b286fbb8c754f6940590c2071385ed0a9387b529c06bf71fff89c74634550fc331b389d558696ace05787144e5af53d20a75a84981bf8380ddac3743f407d8ff27c089e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "46f57c3b860b08484cb79066ac1014ad",
+        "SHA1": "c1fe3ab97b834a98460e4ae92fe2468d16f61a92",
+        "SHA256": "d78e6b22fec42de5200f6c56731dd6742c79fa2bf7c01c8dc04d3d5738474c9b"
+      },
+      "ValidFrom": "2021-09-02 18:23:41",
+      "ValidTo": "2022-09-01 18:23:41",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/d1d2f3cc-064e-455c-af50-3bd0d46a06f2.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/d1e51f20-1939-4b7c-8875-2458c9e418d9.md b/lolrmm.com/content/bootloaders/d1e51f20-1939-4b7c-8875-2458c9e418d9.md
new file mode 100644
index 00000000..1421eb89
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/d1e51f20-1939-4b7c-8875-2458c9e418d9.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "d1e51f20-1939-4b7c-8875-2458c9e418d9"
+weight = 10
+displayTitle = "d1e51f20-1939-4b7c-8875-2458c9e418d9"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# d1e51f20-1939-4b7c-8875-2458c9e418d9 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by SUSE Linux and revoked Jul-20
+- **UUID**: d1e51f20-1939-4b7c-8875-2458c9e418d9
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [FD1CD4D4A1AC691E7A0AF14C3DFB17DAF3F2E6A2B286C9E233070979EC36BB6F](https://www.virustotal.com/gui/file/FD1CD4D4A1AC691E7A0AF14C3DFB17DAF3F2E6A2B286C9E233070979EC36BB6F) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [270C84B29D86F16312B06AAAE4EBB8DFF8DE7D080D825B8839FF1766274EFF47](https://www.virustotal.com/gui/search/authentihash%253A270C84B29D86F16312B06AAAE4EBB8DFF8DE7D080D825B8839FF1766274EFF47) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/d1e51f20-1939-4b7c-8875-2458c9e418d9.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/d20a9d4f-d336-4400-b839-d2334be05e06.md b/lolrmm.com/content/bootloaders/d20a9d4f-d336-4400-b839-d2334be05e06.md
new file mode 100644
index 00000000..e281ac1b
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/d20a9d4f-d336-4400-b839-d2334be05e06.md
@@ -0,0 +1,241 @@
++++
+
+description = ""
+title = "d20a9d4f-d336-4400-b839-d2334be05e06"
+weight = 10
+displayTitle = "Signed_14173467011297444/shim64-bit.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# Signed_14173467011297444/shim64-bit.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Debian and revoked Apr-21
+- **UUID**: d20a9d4f-d336-4400-b839-d2334be05e06
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/8273287f52ffff4624121d2926ef9df4.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\Signed_14173467011297444/shim64-bit.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372">CVE-2020-14372</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632">CVE-2020-25632</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647">CVE-2020-25647</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749">CVE-2020-27749</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779">CVE-2020-27779</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3418">CVE-2021-3418</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225">CVE-2021-20225</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233">CVE-2021-20233</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | Signed_14173467011297444/shim64-bit.efi |
+| MD5                | [8273287f52ffff4624121d2926ef9df4](https://www.virustotal.com/gui/file/8273287f52ffff4624121d2926ef9df4) |
+| SHA1               | [69b368ef62566f9b06db68ab91c736f98d0749b9](https://www.virustotal.com/gui/file/69b368ef62566f9b06db68ab91c736f98d0749b9) |
+| SHA256             | [599a102b6445fa88392b8c85a31d80ece950624219d846affbfb7131d4bf550b](https://www.virustotal.com/gui/file/599a102b6445fa88392b8c85a31d80ece950624219d846affbfb7131d4bf550b) |
+| Authentihash MD5   | [9d017c87755ffc16175ff7fa5dcbb175](https://www.virustotal.com/gui/search/authentihash%253A9d017c87755ffc16175ff7fa5dcbb175) |
+| Authentihash SHA1  | [47263679db883d7ad9adbc93d6a1fbf8095f0133](https://www.virustotal.com/gui/search/authentihash%253A47263679db883d7ad9adbc93d6a1fbf8095f0133) |
+| Authentihash SHA256| [af79b14064601bc0987d4747af1e914a228c05d622ceda03b7a4f67014fee767](https://www.virustotal.com/gui/search/authentihash%253Aaf79b14064601bc0987d4747af1e914a228c05d622ceda03b7a4f67014fee767) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000002b4b79b3694d12118700010000002b
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 8d8a1f204c9c80213bd427fa58b387e2  |
+| ToBeSigned (TBS) SHA1             | 8d78e1742b948f0c8298e560dd71fe1594020386 |
+| ToBeSigned (TBS) SHA256           | 1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher |
+| ValidFrom                         | 2018-07-03 20:53:01 |
+| ValidTo                           | 2019-07-26 20:53:01 |
+| Signature                         | 54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000002b4b79b3694d12118700010000002b |
+| Version                           | 3 |
+###### Certificate 6108d3c4000000000004
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 1f23e75a000f0b6db92650dc26ac98e1  |
+| ToBeSigned (TBS) SHA1             | bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d |
+| ToBeSigned (TBS) SHA256           | 9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011 |
+| ValidFrom                         | 2011-06-27 21:22:45 |
+| ValidTo                           | 2026-06-27 21:32:45 |
+| Signature                         | 350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 6108d3c4000000000004 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+      "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+      "TBS": {
+        "MD5": "8d8a1f204c9c80213bd427fa58b387e2",
+        "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386",
+        "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0"
+      },
+      "ValidFrom": "2018-07-03 20:53:01",
+      "ValidTo": "2019-07-26 20:53:01",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "6108d3c4000000000004",
+      "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "TBS": {
+        "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+        "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+        "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+      },
+      "ValidFrom": "2011-06-27 21:22:45",
+      "ValidTo": "2026-06-27 21:32:45",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/d20a9d4f-d336-4400-b839-d2334be05e06.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/d22cf9cb-63e3-4445-8af3-abd3537282d0.md b/lolrmm.com/content/bootloaders/d22cf9cb-63e3-4445-8af3-abd3537282d0.md
new file mode 100644
index 00000000..771334b9
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/d22cf9cb-63e3-4445-8af3-abd3537282d0.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "d22cf9cb-63e3-4445-8af3-abd3537282d0"
+weight = 10
+displayTitle = "bootx64.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootx64.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Trend Micro and revoked Mar-23
+- **UUID**: d22cf9cb-63e3-4445-8af3-abd3537282d0
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootx64.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28005">CVE-2023-28005</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootx64.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [884A2EC5FFBB42E948401E425123DCF2557664E77B3B7474A728069FDECD46ED](https://www.virustotal.com/gui/file/884A2EC5FFBB42E948401E425123DCF2557664E77B3B7474A728069FDECD46ED) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [1788D84AA61EDE6F2E96CFC900AD1CAB1C5BE86537F27212E8C291D6ADE3B1E9](https://www.virustotal.com/gui/search/authentihash%253A1788D84AA61EDE6F2E96CFC900AD1CAB1C5BE86537F27212E8C291D6ADE3B1E9) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/d22cf9cb-63e3-4445-8af3-abd3537282d0.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/d2c1c960-2c20-4647-ba66-d3c5d3385cff.md b/lolrmm.com/content/bootloaders/d2c1c960-2c20-4647-ba66-d3c5d3385cff.md
new file mode 100644
index 00000000..baaa5e95
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/d2c1c960-2c20-4647-ba66-d3c5d3385cff.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "d2c1c960-2c20-4647-ba66-d3c5d3385cff"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: d2c1c960-2c20-4647-ba66-d3c5d3385cff
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/1854d98bc963a9a82e0d9abef6bc3873.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [1854d98bc963a9a82e0d9abef6bc3873](https://www.virustotal.com/gui/file/1854d98bc963a9a82e0d9abef6bc3873) |
+| SHA1               | [dfd1cc6207f892703292d88a29f587db858fc0eb](https://www.virustotal.com/gui/file/dfd1cc6207f892703292d88a29f587db858fc0eb) |
+| SHA256             | [dd3ca7c4bf6698e7d72f6c2fb0eb59997336c294d604062ef495ee8e1f49931c](https://www.virustotal.com/gui/file/dd3ca7c4bf6698e7d72f6c2fb0eb59997336c294d604062ef495ee8e1f49931c) |
+| Authentihash MD5   | [1730c4cbe167c78763e0a6e4211a55a5](https://www.virustotal.com/gui/search/authentihash%253A1730c4cbe167c78763e0a6e4211a55a5) |
+| Authentihash SHA1  | [62e70e5fd08037f8e32f298c8d9614535afbb331](https://www.virustotal.com/gui/search/authentihash%253A62e70e5fd08037f8e32f298c8d9614535afbb331) |
+| Authentihash SHA256| [da9943277174960b0d7d3f0d656176f3723ed2f03a90518beb3c6c202b88cc14](https://www.virustotal.com/gui/search/authentihash%253Ada9943277174960b0d7d3f0d656176f3723ed2f03a90518beb3c6c202b88cc14) |
+| RichPEHeaderHash MD5   | [85fa20421a65e83905361d389b335669](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A85fa20421a65e83905361d389b335669) |
+| RichPEHeaderHash SHA1  | [fad704c4353c271f61f7ffcecc3bc5aceb3a15b7](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Afad704c4353c271f61f7ffcecc3bc5aceb3a15b7) |
+| RichPEHeaderHash SHA256| [60bb1a6f5f679831418c16a7c2000159d31507690560194ca357bfd0b4018f9c](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A60bb1a6f5f679831418c16a7c2000159d31507690560194ca357bfd0b4018f9c) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 33000000bce120fdd27cc8ee930000000000bc
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | f31f8c784e5d3986ccacb9c88c6d7044  |
+| ToBeSigned (TBS) SHA1             | 833498af9a41da339c83e0d384b521f72d053331 |
+| ToBeSigned (TBS) SHA256           | 1f47e616b2810165968d76ef4f6587611c276f4b52901bd6aa5822f9c6e52976 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2015-08-18 17:15:28 |
+| ValidTo                           | 2016-11-18 17:15:28 |
+| Signature                         | 60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 33000000bce120fdd27cc8ee930000000000bc |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+      "Signature": "60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "f31f8c784e5d3986ccacb9c88c6d7044",
+        "SHA1": "833498af9a41da339c83e0d384b521f72d053331",
+        "SHA256": "1f47e616b2810165968d76ef4f6587611c276f4b52901bd6aa5822f9c6e52976"
+      },
+      "ValidFrom": "2015-08-18 17:15:28",
+      "ValidTo": "2016-11-18 17:15:28",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/d2c1c960-2c20-4647-ba66-d3c5d3385cff.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/d40485d2-4fea-4d92-99e9-e1531fe4d33a.md b/lolrmm.com/content/bootloaders/d40485d2-4fea-4d92-99e9-e1531fe4d33a.md
new file mode 100644
index 00000000..c113ad80
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/d40485d2-4fea-4d92-99e9-e1531fe4d33a.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "d40485d2-4fea-4d92-99e9-e1531fe4d33a"
+weight = 10
+displayTitle = "d40485d2-4fea-4d92-99e9-e1531fe4d33a"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# d40485d2-4fea-4d92-99e9-e1531fe4d33a ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Unknown and revoked Jul-20
+- **UUID**: d40485d2-4fea-4d92-99e9-e1531fe4d33a
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [1275826206FEF9AA0A48A60BBC15300B3201F76F45E3CCE3FD0064DE2FC7CC5F](https://www.virustotal.com/gui/file/1275826206FEF9AA0A48A60BBC15300B3201F76F45E3CCE3FD0064DE2FC7CC5F) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [DCCC3CE1C00EE4B0B10487D372A0FA47F5C26F57A359BE7B27801E144EACBAC4](https://www.virustotal.com/gui/search/authentihash%253ADCCC3CE1C00EE4B0B10487D372A0FA47F5C26F57A359BE7B27801E144EACBAC4) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/d40485d2-4fea-4d92-99e9-e1531fe4d33a.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/d457a885-6677-4118-9cf3-05bfc65e1fde.md b/lolrmm.com/content/bootloaders/d457a885-6677-4118-9cf3-05bfc65e1fde.md
new file mode 100644
index 00000000..4667a05b
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/d457a885-6677-4118-9cf3-05bfc65e1fde.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "d457a885-6677-4118-9cf3-05bfc65e1fde"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: d457a885-6677-4118-9cf3-05bfc65e1fde
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [E3946218D523E5D20C99A9A5BB22303DDCEF958DE2A978E01AF2F46D2D7A4DDD](https://www.virustotal.com/gui/file/E3946218D523E5D20C99A9A5BB22303DDCEF958DE2A978E01AF2F46D2D7A4DDD) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [B149B29E8211E24827FBE0168D30CB2619CD3365BD6F8173E7A731C5F702DCD9](https://www.virustotal.com/gui/search/authentihash%253AB149B29E8211E24827FBE0168D30CB2619CD3365BD6F8173E7A731C5F702DCD9) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/d457a885-6677-4118-9cf3-05bfc65e1fde.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/d50e4193-70d2-4807-9bc9-671894e82df9.md b/lolrmm.com/content/bootloaders/d50e4193-70d2-4807-9bc9-671894e82df9.md
new file mode 100644
index 00000000..de7dc1ea
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/d50e4193-70d2-4807-9bc9-671894e82df9.md
@@ -0,0 +1,241 @@
++++
+
+description = ""
+title = "d50e4193-70d2-4807-9bc9-671894e82df9"
+weight = 10
+displayTitle = "BOOTIA32.EFI"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# BOOTIA32.EFI ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Red Hat Inc. and revoked Jul-20
+- **UUID**: d50e4193-70d2-4807-9bc9-671894e82df9
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/7de3ac2823e2f7c241f2b181a8417647.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\BOOTIA32.EFI } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | BOOTIA32.EFI |
+| MD5                | [7de3ac2823e2f7c241f2b181a8417647](https://www.virustotal.com/gui/file/7de3ac2823e2f7c241f2b181a8417647) |
+| SHA1               | [c3c4d0ccdc07c03c20f133f9f65f6f12accea87a](https://www.virustotal.com/gui/file/c3c4d0ccdc07c03c20f133f9f65f6f12accea87a) |
+| SHA256             | [c7d9dab91b726dea5abaa893d8f60bd4795f489894044dc56a9d3aad9cc49740](https://www.virustotal.com/gui/file/c7d9dab91b726dea5abaa893d8f60bd4795f489894044dc56a9d3aad9cc49740) |
+| Authentihash MD5   | [7f6637b50f8043e83815eff4f6f6425c](https://www.virustotal.com/gui/search/authentihash%253A7f6637b50f8043e83815eff4f6f6425c) |
+| Authentihash SHA1  | [9519b7ba40ba48be3ef06c3b4c09169824e35bb9](https://www.virustotal.com/gui/search/authentihash%253A9519b7ba40ba48be3ef06c3b4c09169824e35bb9) |
+| Authentihash SHA256| [7f3bdd2e92ae417b2143cc993c7fe48d9363ffa65c9cc461b6a407a779998174](https://www.virustotal.com/gui/search/authentihash%253A7f3bdd2e92ae417b2143cc993c7fe48d9363ffa65c9cc461b6a407a779998174) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000002b4b79b3694d12118700010000002b
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 8d8a1f204c9c80213bd427fa58b387e2  |
+| ToBeSigned (TBS) SHA1             | 8d78e1742b948f0c8298e560dd71fe1594020386 |
+| ToBeSigned (TBS) SHA256           | 1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher |
+| ValidFrom                         | 2018-07-03 20:53:01 |
+| ValidTo                           | 2019-07-26 20:53:01 |
+| Signature                         | 54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000002b4b79b3694d12118700010000002b |
+| Version                           | 3 |
+###### Certificate 6108d3c4000000000004
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 1f23e75a000f0b6db92650dc26ac98e1  |
+| ToBeSigned (TBS) SHA1             | bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d |
+| ToBeSigned (TBS) SHA256           | 9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011 |
+| ValidFrom                         | 2011-06-27 21:22:45 |
+| ValidTo                           | 2026-06-27 21:32:45 |
+| Signature                         | 350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 6108d3c4000000000004 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+      "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+      "TBS": {
+        "MD5": "8d8a1f204c9c80213bd427fa58b387e2",
+        "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386",
+        "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0"
+      },
+      "ValidFrom": "2018-07-03 20:53:01",
+      "ValidTo": "2019-07-26 20:53:01",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "6108d3c4000000000004",
+      "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "TBS": {
+        "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+        "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+        "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+      },
+      "ValidFrom": "2011-06-27 21:22:45",
+      "ValidTo": "2026-06-27 21:32:45",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/d50e4193-70d2-4807-9bc9-671894e82df9.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/d569f749-c5fe-42ff-b6f9-8966a14d06af.md b/lolrmm.com/content/bootloaders/d569f749-c5fe-42ff-b6f9-8966a14d06af.md
new file mode 100644
index 00000000..535613d8
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/d569f749-c5fe-42ff-b6f9-8966a14d06af.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "d569f749-c5fe-42ff-b6f9-8966a14d06af"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: d569f749-c5fe-42ff-b6f9-8966a14d06af
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/9caa5988ee5678dad93374ef1f4fd184.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8">Black Lotus Microsoft Windows 8</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [9caa5988ee5678dad93374ef1f4fd184](https://www.virustotal.com/gui/file/9caa5988ee5678dad93374ef1f4fd184) |
+| SHA1               | [7b09d0dd2b0e37d91ee548a205ba53f8d5b02c7b](https://www.virustotal.com/gui/file/7b09d0dd2b0e37d91ee548a205ba53f8d5b02c7b) |
+| SHA256             | [79baff384ed507030cbe328a3d6c04d13e77932f08d387f76cf2422fb3b2588b](https://www.virustotal.com/gui/file/79baff384ed507030cbe328a3d6c04d13e77932f08d387f76cf2422fb3b2588b) |
+| Authentihash MD5   | [a60e4ec04f4225b91e5ba2c607fd84da](https://www.virustotal.com/gui/search/authentihash%253Aa60e4ec04f4225b91e5ba2c607fd84da) |
+| Authentihash SHA1  | [164e0544942fc32310285c8e8602244194c860b2](https://www.virustotal.com/gui/search/authentihash%253A164e0544942fc32310285c8e8602244194c860b2) |
+| Authentihash SHA256| [fc736034ebab004776581ce9a6c112106dfddfabb315b1f0a4d0842d67308429](https://www.virustotal.com/gui/search/authentihash%253Afc736034ebab004776581ce9a6c112106dfddfabb315b1f0a4d0842d67308429) |
+| RichPEHeaderHash MD5   | [cf754bf89d7037f778daec0827acbe4e](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Acf754bf89d7037f778daec0827acbe4e) |
+| RichPEHeaderHash SHA1  | [d9585e21d15cc1e8ea347a17f536f3fc9ab67510](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Ad9585e21d15cc1e8ea347a17f536f3fc9ab67510) |
+| RichPEHeaderHash SHA256| [dc9623ba46d2c0c39fd89d803d9c8649f6a3b20ebc9b4218da63da3b4fe19373](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Adc9623ba46d2c0c39fd89d803d9c8649f6a3b20ebc9b4218da63da3b4fe19373) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 610bbbd8000000000005
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 158438012e4dcd69b27b762c9358cfa2  |
+| ToBeSigned (TBS) SHA1             | 684ac167849404a4101f166b759f291a43d5f749 |
+| ToBeSigned (TBS) SHA256           | 95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2012-04-09 20:55:50 |
+| ValidTo                           | 2013-07-09 20:55:50 |
+| Signature                         | c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 610bbbd8000000000005 |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "610bbbd8000000000005",
+      "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "158438012e4dcd69b27b762c9358cfa2",
+        "SHA1": "684ac167849404a4101f166b759f291a43d5f749",
+        "SHA256": "95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c"
+      },
+      "ValidFrom": "2012-04-09 20:55:50",
+      "ValidTo": "2013-07-09 20:55:50",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "610bbbd8000000000005",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/d569f749-c5fe-42ff-b6f9-8966a14d06af.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/d69993da-b588-4dcf-aea1-5d11d9ca4dd7.md b/lolrmm.com/content/bootloaders/d69993da-b588-4dcf-aea1-5d11d9ca4dd7.md
new file mode 100644
index 00000000..8f0eebad
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/d69993da-b588-4dcf-aea1-5d11d9ca4dd7.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "d69993da-b588-4dcf-aea1-5d11d9ca4dd7"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: d69993da-b588-4dcf-aea1-5d11d9ca4dd7
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [271A4B174838286F6D4BB9FCE91A47FBC87B28BE586744BD42CD82CEF4600B72](https://www.virustotal.com/gui/file/271A4B174838286F6D4BB9FCE91A47FBC87B28BE586744BD42CD82CEF4600B72) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [FB0BBC256AEA5CF93DA99CF26481CC42F4E7BA6B32DB63B827620807E79E805C](https://www.virustotal.com/gui/search/authentihash%253AFB0BBC256AEA5CF93DA99CF26481CC42F4E7BA6B32DB63B827620807E79E805C) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/d69993da-b588-4dcf-aea1-5d11d9ca4dd7.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/d7cc6936-4efd-40a1-bef3-ea4da008ae4c.md b/lolrmm.com/content/bootloaders/d7cc6936-4efd-40a1-bef3-ea4da008ae4c.md
new file mode 100644
index 00000000..96d3551c
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/d7cc6936-4efd-40a1-bef3-ea4da008ae4c.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "d7cc6936-4efd-40a1-bef3-ea4da008ae4c"
+weight = 10
+displayTitle = "d7cc6936-4efd-40a1-bef3-ea4da008ae4c"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# d7cc6936-4efd-40a1-bef3-ea4da008ae4c ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Cumulus Network and revoked Jul-20
+- **UUID**: d7cc6936-4efd-40a1-bef3-ea4da008ae4c
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [E4FF4E538B4758E8E49010ED16D6D5380417B146F3E8806ACB3AC40611646FDB](https://www.virustotal.com/gui/file/E4FF4E538B4758E8E49010ED16D6D5380417B146F3E8806ACB3AC40611646FDB) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [EAFF8C85C208BA4D5B6B8046F5D6081747D779BADA7768E649D047FF9B1F660C](https://www.virustotal.com/gui/search/authentihash%253AEAFF8C85C208BA4D5B6B8046F5D6081747D779BADA7768E649D047FF9B1F660C) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/d7cc6936-4efd-40a1-bef3-ea4da008ae4c.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/d880c342-2996-430a-b850-fb372cecbef7.md b/lolrmm.com/content/bootloaders/d880c342-2996-430a-b850-fb372cecbef7.md
new file mode 100644
index 00000000..1fea1788
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/d880c342-2996-430a-b850-fb372cecbef7.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "d880c342-2996-430a-b850-fb372cecbef7"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: d880c342-2996-430a-b850-fb372cecbef7
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [C681A40CEB9F33F435A44614FB7E0D34007F1C67B83E8C907506414950CC45EB](https://www.virustotal.com/gui/file/C681A40CEB9F33F435A44614FB7E0D34007F1C67B83E8C907506414950CC45EB) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [245E9B81342E45E1BAF4F8D830D18EA7FAE9FDFF05497290EA6442C4EF0FFA57](https://www.virustotal.com/gui/search/authentihash%253A245E9B81342E45E1BAF4F8D830D18EA7FAE9FDFF05497290EA6442C4EF0FFA57) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/d880c342-2996-430a-b850-fb372cecbef7.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/d8aa2211-8d13-4e4e-88af-60ff17efd3cc.md b/lolrmm.com/content/bootloaders/d8aa2211-8d13-4e4e-88af-60ff17efd3cc.md
new file mode 100644
index 00000000..c3568d3e
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/d8aa2211-8d13-4e4e-88af-60ff17efd3cc.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "d8aa2211-8d13-4e4e-88af-60ff17efd3cc"
+weight = 10
+displayTitle = "d8aa2211-8d13-4e4e-88af-60ff17efd3cc"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# d8aa2211-8d13-4e4e-88af-60ff17efd3cc ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Intel Corporation and revoked Jul-20
+- **UUID**: d8aa2211-8d13-4e4e-88af-60ff17efd3cc
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [407326C7F1C837A861EE8D187170C779A9B6A25B0736761645D7E549EBFA17C2](https://www.virustotal.com/gui/file/407326C7F1C837A861EE8D187170C779A9B6A25B0736761645D7E549EBFA17C2) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [DF91AC85A94FCD0CFB8155BD7CBEFAAC14B8C5EE7397FE2CC85984459E2EA14E](https://www.virustotal.com/gui/search/authentihash%253ADF91AC85A94FCD0CFB8155BD7CBEFAAC14B8C5EE7397FE2CC85984459E2EA14E) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/d8aa2211-8d13-4e4e-88af-60ff17efd3cc.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/d90f0a0a-e161-4ebb-a2e3-5dbaa75cfaaf.md b/lolrmm.com/content/bootloaders/d90f0a0a-e161-4ebb-a2e3-5dbaa75cfaaf.md
new file mode 100644
index 00000000..ac6a318e
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/d90f0a0a-e161-4ebb-a2e3-5dbaa75cfaaf.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "d90f0a0a-e161-4ebb-a2e3-5dbaa75cfaaf"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: d90f0a0a-e161-4ebb-a2e3-5dbaa75cfaaf
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8">Black Lotus Microsoft Windows 8</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [C4081B588CA3FC9965C2D04A0E8CCA3E0016566CC8A84FEB78CBF63A4ED72EED](https://www.virustotal.com/gui/file/C4081B588CA3FC9965C2D04A0E8CCA3E0016566CC8A84FEB78CBF63A4ED72EED) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [5A184E740657E218D635168286F0F70BB5672E4EDB78717550C70686C232EA5B](https://www.virustotal.com/gui/search/authentihash%253A5A184E740657E218D635168286F0F70BB5672E4EDB78717550C70686C232EA5B) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/d90f0a0a-e161-4ebb-a2e3-5dbaa75cfaaf.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/d964e229-7407-4292-88b5-505f8be99d2f.md b/lolrmm.com/content/bootloaders/d964e229-7407-4292-88b5-505f8be99d2f.md
new file mode 100644
index 00000000..5319511c
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/d964e229-7407-4292-88b5-505f8be99d2f.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "d964e229-7407-4292-88b5-505f8be99d2f"
+weight = 10
+displayTitle = "d964e229-7407-4292-88b5-505f8be99d2f"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# d964e229-7407-4292-88b5-505f8be99d2f ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Unknown and revoked Jul-20
+- **UUID**: d964e229-7407-4292-88b5-505f8be99d2f
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [17F186C88052B988B4C9B62F8D7F55023AC317C82324DD5A958D05B8A1246F77](https://www.virustotal.com/gui/file/17F186C88052B988B4C9B62F8D7F55023AC317C82324DD5A958D05B8A1246F77) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [9E0D9074F146461F9ACEE7D27F2C7DD8BEE73EB62AC62CF87F03BEE0C4516528](https://www.virustotal.com/gui/search/authentihash%253A9E0D9074F146461F9ACEE7D27F2C7DD8BEE73EB62AC62CF87F03BEE0C4516528) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/d964e229-7407-4292-88b5-505f8be99d2f.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/d9cb5f15-653d-4fdc-aee2-279681f7f91f.md b/lolrmm.com/content/bootloaders/d9cb5f15-653d-4fdc-aee2-279681f7f91f.md
new file mode 100644
index 00000000..c5e95108
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/d9cb5f15-653d-4fdc-aee2-279681f7f91f.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "d9cb5f15-653d-4fdc-aee2-279681f7f91f"
+weight = 10
+displayTitle = "d9cb5f15-653d-4fdc-aee2-279681f7f91f"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# d9cb5f15-653d-4fdc-aee2-279681f7f91f ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Fedora Project and revoked Jul-20
+- **UUID**: d9cb5f15-653d-4fdc-aee2-279681f7f91f
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [F06D3E0F031A2FDC63DD2BA2BE7F32E0D432434C3515C2F840D812FFBFA530F6](https://www.virustotal.com/gui/file/F06D3E0F031A2FDC63DD2BA2BE7F32E0D432434C3515C2F840D812FFBFA530F6) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [9954A1A99D55E8B189AB1BCA414B91F6A017191F6C40A86B6F3EF368DD860031](https://www.virustotal.com/gui/search/authentihash%253A9954A1A99D55E8B189AB1BCA414B91F6A017191F6C40A86B6F3EF368DD860031) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/d9cb5f15-653d-4fdc-aee2-279681f7f91f.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/da54ae14-5e4d-4280-b91e-4b78d0df036a.md b/lolrmm.com/content/bootloaders/da54ae14-5e4d-4280-b91e-4b78d0df036a.md
new file mode 100644
index 00000000..71c4e836
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/da54ae14-5e4d-4280-b91e-4b78d0df036a.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "da54ae14-5e4d-4280-b91e-4b78d0df036a"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: da54ae14-5e4d-4280-b91e-4b78d0df036a
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [31DCD37C53CEE49C1241978CB976230EFDA89A83C3E3DBC18EDA92099055026A](https://www.virustotal.com/gui/file/31DCD37C53CEE49C1241978CB976230EFDA89A83C3E3DBC18EDA92099055026A) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [23FCD6BF3084CEE6A9F9885E5239230B0ADDE0C870589EE461551D1CA8F4E85B](https://www.virustotal.com/gui/search/authentihash%253A23FCD6BF3084CEE6A9F9885E5239230B0ADDE0C870589EE461551D1CA8F4E85B) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/da54ae14-5e4d-4280-b91e-4b78d0df036a.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/dabe9a66-0446-43a1-b9bc-fe279702a5ab.md b/lolrmm.com/content/bootloaders/dabe9a66-0446-43a1-b9bc-fe279702a5ab.md
new file mode 100644
index 00000000..a3d747c6
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/dabe9a66-0446-43a1-b9bc-fe279702a5ab.md
@@ -0,0 +1,241 @@
++++
+
+description = ""
+title = "dabe9a66-0446-43a1-b9bc-fe279702a5ab"
+weight = 10
+displayTitle = "bootx64.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootx64.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by TeraByte Inc. and revoked Jul-20
+- **UUID**: dabe9a66-0446-43a1-b9bc-fe279702a5ab
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/24a7545dc37bc7d366b05c68752af476.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootx64.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootx64.efi |
+| MD5                | [24a7545dc37bc7d366b05c68752af476](https://www.virustotal.com/gui/file/24a7545dc37bc7d366b05c68752af476) |
+| SHA1               | [63006031749d3e2d445fd952c8da201181b90593](https://www.virustotal.com/gui/file/63006031749d3e2d445fd952c8da201181b90593) |
+| SHA256             | [6b6e59284750fc0e6fac4d6c2a46100e9b0dde54e000b7327edd4a4dced9e9a0](https://www.virustotal.com/gui/file/6b6e59284750fc0e6fac4d6c2a46100e9b0dde54e000b7327edd4a4dced9e9a0) |
+| Authentihash MD5   | [5ebf16973c90bb7a23fb44504d80f390](https://www.virustotal.com/gui/search/authentihash%253A5ebf16973c90bb7a23fb44504d80f390) |
+| Authentihash SHA1  | [ccb632ec30624e6860fe361920b83d1739d9db1a](https://www.virustotal.com/gui/search/authentihash%253Accb632ec30624e6860fe361920b83d1739d9db1a) |
+| Authentihash SHA256| [4b8668a5d465bcdd9000aa8dfcff42044fcbd0aece32fc7011a83e9160e89f09](https://www.virustotal.com/gui/search/authentihash%253A4b8668a5d465bcdd9000aa8dfcff42044fcbd0aece32fc7011a83e9160e89f09) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000002530b3d3726ee3f72f000100000025
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | a5052527524f4998a7bd87f396196fe8  |
+| ToBeSigned (TBS) SHA1             | 2374a3e4f0499d106f0e4d71a22f7b0e709847c0 |
+| ToBeSigned (TBS) SHA256           | f5b4992e0bd1b102ae9d5aeec4bd213f5dd042bd27b9a345ad336d2dda10a138 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher |
+| ValidFrom                         | 2017-08-11 20:20:00 |
+| ValidTo                           | 2018-08-11 20:20:00 |
+| Signature                         | 6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000002530b3d3726ee3f72f000100000025 |
+| Version                           | 3 |
+###### Certificate 6108d3c4000000000004
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 1f23e75a000f0b6db92650dc26ac98e1  |
+| ToBeSigned (TBS) SHA1             | bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d |
+| ToBeSigned (TBS) SHA256           | 9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011 |
+| ValidFrom                         | 2011-06-27 21:22:45 |
+| ValidTo                           | 2026-06-27 21:32:45 |
+| Signature                         | 350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 6108d3c4000000000004 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+      "Signature": "6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+      "TBS": {
+        "MD5": "a5052527524f4998a7bd87f396196fe8",
+        "SHA1": "2374a3e4f0499d106f0e4d71a22f7b0e709847c0",
+        "SHA256": "f5b4992e0bd1b102ae9d5aeec4bd213f5dd042bd27b9a345ad336d2dda10a138"
+      },
+      "ValidFrom": "2017-08-11 20:20:00",
+      "ValidTo": "2018-08-11 20:20:00",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "6108d3c4000000000004",
+      "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "TBS": {
+        "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+        "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+        "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+      },
+      "ValidFrom": "2011-06-27 21:22:45",
+      "ValidTo": "2026-06-27 21:32:45",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/dabe9a66-0446-43a1-b9bc-fe279702a5ab.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/db57d7a1-5937-4ba9-896e-8fdce1ff2990.md b/lolrmm.com/content/bootloaders/db57d7a1-5937-4ba9-896e-8fdce1ff2990.md
new file mode 100644
index 00000000..af9d27bc
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/db57d7a1-5937-4ba9-896e-8fdce1ff2990.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "db57d7a1-5937-4ba9-896e-8fdce1ff2990"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: db57d7a1-5937-4ba9-896e-8fdce1ff2990
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [C79381B9A5D1D2B8A85B6A5B2255923FB2D3A5F500CC00FBBCBF10C6A3A0B40E](https://www.virustotal.com/gui/file/C79381B9A5D1D2B8A85B6A5B2255923FB2D3A5F500CC00FBBCBF10C6A3A0B40E) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [332450890F9C8FFF7EC15C53921BF27227AB9EA06B0E1C816D819F8E21CFB55F](https://www.virustotal.com/gui/search/authentihash%253A332450890F9C8FFF7EC15C53921BF27227AB9EA06B0E1C816D819F8E21CFB55F) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/db57d7a1-5937-4ba9-896e-8fdce1ff2990.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/db9487ab-4dc1-4c3d-a04a-70696d63bcc4.md b/lolrmm.com/content/bootloaders/db9487ab-4dc1-4c3d-a04a-70696d63bcc4.md
new file mode 100644
index 00000000..51bd157b
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/db9487ab-4dc1-4c3d-a04a-70696d63bcc4.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "db9487ab-4dc1-4c3d-a04a-70696d63bcc4"
+weight = 10
+displayTitle = "rhel-7.9-20200730-shim64-bit.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# rhel-7.9-20200730-shim64-bit.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Red Hat, Inc. and revoked Apr-21
+- **UUID**: db9487ab-4dc1-4c3d-a04a-70696d63bcc4
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\rhel-7.9-20200730-shim64-bit.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372">CVE-2020-14372</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632">CVE-2020-25632</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647">CVE-2020-25647</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749">CVE-2020-27749</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779">CVE-2020-27779</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3418">CVE-2021-3418</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225">CVE-2021-20225</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233">CVE-2021-20233</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | rhel-7.9-20200730-shim64-bit.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [24357D13D3CFC29A7E83D86A6BB53FC932461B7D0A653701188D7B427C704FB1](https://www.virustotal.com/gui/file/24357D13D3CFC29A7E83D86A6BB53FC932461B7D0A653701188D7B427C704FB1) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [D6EE8DB782E36CAFFB4D9F8207900487DE930AABCC1D196FA455FBFD6F37273D](https://www.virustotal.com/gui/search/authentihash%253AD6EE8DB782E36CAFFB4D9F8207900487DE930AABCC1D196FA455FBFD6F37273D) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/db9487ab-4dc1-4c3d-a04a-70696d63bcc4.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/dba882ff-03d1-4cf3-9e9d-9358d6416d79.md b/lolrmm.com/content/bootloaders/dba882ff-03d1-4cf3-9e9d-9358d6416d79.md
new file mode 100644
index 00000000..4a8b7dff
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/dba882ff-03d1-4cf3-9e9d-9358d6416d79.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "dba882ff-03d1-4cf3-9e9d-9358d6416d79"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: dba882ff-03d1-4cf3-9e9d-9358d6416d79
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [4759E0891A636E1A3D27472C48AF55F27BF5E3CCF474141FEFBBA2AA124AC410](https://www.virustotal.com/gui/file/4759E0891A636E1A3D27472C48AF55F27BF5E3CCF474141FEFBBA2AA124AC410) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [D417C004525C7BB57523836278CEE120FD66147983BA738AAC011E24BE75E6E2](https://www.virustotal.com/gui/search/authentihash%253AD417C004525C7BB57523836278CEE120FD66147983BA738AAC011E24BE75E6E2) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/dba882ff-03d1-4cf3-9e9d-9358d6416d79.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/dbbed756-4f18-430e-9a68-6f0054091fa3.md b/lolrmm.com/content/bootloaders/dbbed756-4f18-430e-9a68-6f0054091fa3.md
new file mode 100644
index 00000000..513a0f5b
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/dbbed756-4f18-430e-9a68-6f0054091fa3.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "dbbed756-4f18-430e-9a68-6f0054091fa3"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: dbbed756-4f18-430e-9a68-6f0054091fa3
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [573D0A8D59DC7FDB0BE784ABE9B51DA9183848B613FF4C96B143D286043B4E43](https://www.virustotal.com/gui/file/573D0A8D59DC7FDB0BE784ABE9B51DA9183848B613FF4C96B143D286043B4E43) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [EA9C72C1CE865E6044ABFF576FD712D4DF3F5114318753EFCFEFED70EE586884](https://www.virustotal.com/gui/search/authentihash%253AEA9C72C1CE865E6044ABFF576FD712D4DF3F5114318753EFCFEFED70EE586884) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/dbbed756-4f18-430e-9a68-6f0054091fa3.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/dbc9e79d-2655-4892-81fe-830383602432.md b/lolrmm.com/content/bootloaders/dbc9e79d-2655-4892-81fe-830383602432.md
new file mode 100644
index 00000000..8986be7f
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/dbc9e79d-2655-4892-81fe-830383602432.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "dbc9e79d-2655-4892-81fe-830383602432"
+weight = 10
+displayTitle = "dbc9e79d-2655-4892-81fe-830383602432"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# dbc9e79d-2655-4892-81fe-830383602432 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Fedora Project and revoked Jul-20
+- **UUID**: dbc9e79d-2655-4892-81fe-830383602432
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [E1DC3EF55626A4CF6DDC425A353208F309271B8A9FDBF8964082FB08DFB7A170](https://www.virustotal.com/gui/file/E1DC3EF55626A4CF6DDC425A353208F309271B8A9FDBF8964082FB08DFB7A170) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [2B2298EAA26B9DC4A4558AE92E7BB0E4F85CF34BF848FDF636C0C11FBEC49897](https://www.virustotal.com/gui/search/authentihash%253A2B2298EAA26B9DC4A4558AE92E7BB0E4F85CF34BF848FDF636C0C11FBEC49897) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/dbc9e79d-2655-4892-81fe-830383602432.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/dc00f1c1-898a-479d-b9a5-9caa9973e310.md b/lolrmm.com/content/bootloaders/dc00f1c1-898a-479d-b9a5-9caa9973e310.md
new file mode 100644
index 00000000..e6c348c8
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/dc00f1c1-898a-479d-b9a5-9caa9973e310.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "dc00f1c1-898a-479d-b9a5-9caa9973e310"
+weight = 10
+displayTitle = "dc00f1c1-898a-479d-b9a5-9caa9973e310"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# dc00f1c1-898a-479d-b9a5-9caa9973e310 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Unknown and revoked Jul-20
+- **UUID**: dc00f1c1-898a-479d-b9a5-9caa9973e310
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [94BDE75194960FAFF8329DCB4462BD8888B32078B0FB8FB2011C6993FDA0316A](https://www.virustotal.com/gui/file/94BDE75194960FAFF8329DCB4462BD8888B32078B0FB8FB2011C6993FDA0316A) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [9063F5FBC5E57AB6DE6C9488146020E172B176D5AB57D4C89F0F600E17FE2DE2](https://www.virustotal.com/gui/search/authentihash%253A9063F5FBC5E57AB6DE6C9488146020E172B176D5AB57D4C89F0F600E17FE2DE2) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/dc00f1c1-898a-479d-b9a5-9caa9973e310.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/dc63ce55-4d4d-40f7-996d-6fc85f01443f.md b/lolrmm.com/content/bootloaders/dc63ce55-4d4d-40f7-996d-6fc85f01443f.md
new file mode 100644
index 00000000..21d86981
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/dc63ce55-4d4d-40f7-996d-6fc85f01443f.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "dc63ce55-4d4d-40f7-996d-6fc85f01443f"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: dc63ce55-4d4d-40f7-996d-6fc85f01443f
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [76AC59211DF73F8BC0F1369CE290BFF57AD705CD1EB3B402D19E12FE5FFBD6D6](https://www.virustotal.com/gui/file/76AC59211DF73F8BC0F1369CE290BFF57AD705CD1EB3B402D19E12FE5FFBD6D6) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [8FDB0851B7639B3293019BF0A8DBD6B7DD57910AC0CC0224852C3381880F2A45](https://www.virustotal.com/gui/search/authentihash%253A8FDB0851B7639B3293019BF0A8DBD6B7DD57910AC0CC0224852C3381880F2A45) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/dc63ce55-4d4d-40f7-996d-6fc85f01443f.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/dd1e593d-19e6-4e29-8d3f-5b85a21bf35b.md b/lolrmm.com/content/bootloaders/dd1e593d-19e6-4e29-8d3f-5b85a21bf35b.md
new file mode 100644
index 00000000..9562e978
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/dd1e593d-19e6-4e29-8d3f-5b85a21bf35b.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "dd1e593d-19e6-4e29-8d3f-5b85a21bf35b"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: dd1e593d-19e6-4e29-8d3f-5b85a21bf35b
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8">Black Lotus Microsoft Windows 8</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [940A66FBDCB9A3BE16FC8FF56DB63CBFFD7283F15ECF7E50BD9BBAC7EAD303F0](https://www.virustotal.com/gui/file/940A66FBDCB9A3BE16FC8FF56DB63CBFFD7283F15ECF7E50BD9BBAC7EAD303F0) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [FD4591ADD2E5B0664363720C71492982D5B223A141A6248246CD2381F67E926C](https://www.virustotal.com/gui/search/authentihash%253AFD4591ADD2E5B0664363720C71492982D5B223A141A6248246CD2381F67E926C) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/dd1e593d-19e6-4e29-8d3f-5b85a21bf35b.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/dd78a9a0-255d-4856-b9be-76b08852303a.md b/lolrmm.com/content/bootloaders/dd78a9a0-255d-4856-b9be-76b08852303a.md
new file mode 100644
index 00000000..586275b0
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/dd78a9a0-255d-4856-b9be-76b08852303a.md
@@ -0,0 +1,241 @@
++++
+
+description = ""
+title = "dd78a9a0-255d-4856-b9be-76b08852303a"
+weight = 10
+displayTitle = "BOOTX64.EFI"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# BOOTX64.EFI ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Red Hat Inc. and revoked Jul-20
+- **UUID**: dd78a9a0-255d-4856-b9be-76b08852303a
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/d984cf8612284adc59b3b73deccb777f.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\BOOTX64.EFI } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | BOOTX64.EFI |
+| MD5                | [d984cf8612284adc59b3b73deccb777f](https://www.virustotal.com/gui/file/d984cf8612284adc59b3b73deccb777f) |
+| SHA1               | [61ce3d65bef674357febe866d4e922373f809219](https://www.virustotal.com/gui/file/61ce3d65bef674357febe866d4e922373f809219) |
+| SHA256             | [24558c1cb417b6387e2406c70ff13f5438506e8d7560dd7b226499c872c8076f](https://www.virustotal.com/gui/file/24558c1cb417b6387e2406c70ff13f5438506e8d7560dd7b226499c872c8076f) |
+| Authentihash MD5   | [b1e4dc9ee87d701d9aabbb52211a9ba0](https://www.virustotal.com/gui/search/authentihash%253Ab1e4dc9ee87d701d9aabbb52211a9ba0) |
+| Authentihash SHA1  | [ba2a769531f2cb00b2ca9c089f1668c6851b382f](https://www.virustotal.com/gui/search/authentihash%253Aba2a769531f2cb00b2ca9c089f1668c6851b382f) |
+| Authentihash SHA256| [bb1dd16d530008636f232303a7a86f3dff969f848815c0574b12c2d787fec93f](https://www.virustotal.com/gui/search/authentihash%253Abb1dd16d530008636f232303a7a86f3dff969f848815c0574b12c2d787fec93f) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000002b4b79b3694d12118700010000002b
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 8d8a1f204c9c80213bd427fa58b387e2  |
+| ToBeSigned (TBS) SHA1             | 8d78e1742b948f0c8298e560dd71fe1594020386 |
+| ToBeSigned (TBS) SHA256           | 1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher |
+| ValidFrom                         | 2018-07-03 20:53:01 |
+| ValidTo                           | 2019-07-26 20:53:01 |
+| Signature                         | 54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000002b4b79b3694d12118700010000002b |
+| Version                           | 3 |
+###### Certificate 6108d3c4000000000004
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 1f23e75a000f0b6db92650dc26ac98e1  |
+| ToBeSigned (TBS) SHA1             | bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d |
+| ToBeSigned (TBS) SHA256           | 9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011 |
+| ValidFrom                         | 2011-06-27 21:22:45 |
+| ValidTo                           | 2026-06-27 21:32:45 |
+| Signature                         | 350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 6108d3c4000000000004 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+      "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+      "TBS": {
+        "MD5": "8d8a1f204c9c80213bd427fa58b387e2",
+        "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386",
+        "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0"
+      },
+      "ValidFrom": "2018-07-03 20:53:01",
+      "ValidTo": "2019-07-26 20:53:01",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "6108d3c4000000000004",
+      "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "TBS": {
+        "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+        "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+        "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+      },
+      "ValidFrom": "2011-06-27 21:22:45",
+      "ValidTo": "2026-06-27 21:32:45",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/dd78a9a0-255d-4856-b9be-76b08852303a.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/ddacf4b0-e6e4-4546-b3bc-f196645266b1.md b/lolrmm.com/content/bootloaders/ddacf4b0-e6e4-4546-b3bc-f196645266b1.md
new file mode 100644
index 00000000..97f688a6
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/ddacf4b0-e6e4-4546-b3bc-f196645266b1.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "ddacf4b0-e6e4-4546-b3bc-f196645266b1"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: ddacf4b0-e6e4-4546-b3bc-f196645266b1
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8">Black Lotus Microsoft Windows 8</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [39CEDF83BD3417A90588795CDE2BD6BAF7089997FDDB588E552952C179958D84](https://www.virustotal.com/gui/file/39CEDF83BD3417A90588795CDE2BD6BAF7089997FDDB588E552952C179958D84) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [47F7A5F3821286A9C677F66CFE2A84D5CA94CB6FC1EBE8E1986E91EDD58CBE33](https://www.virustotal.com/gui/search/authentihash%253A47F7A5F3821286A9C677F66CFE2A84D5CA94CB6FC1EBE8E1986E91EDD58CBE33) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/ddacf4b0-e6e4-4546-b3bc-f196645266b1.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/ddecc35f-2233-4894-86d8-69e6e473943e.md b/lolrmm.com/content/bootloaders/ddecc35f-2233-4894-86d8-69e6e473943e.md
new file mode 100644
index 00000000..6f1a2698
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/ddecc35f-2233-4894-86d8-69e6e473943e.md
@@ -0,0 +1,234 @@
++++
+
+description = ""
+title = "ddecc35f-2233-4894-86d8-69e6e473943e"
+weight = 10
+displayTitle = "bootia32.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootia32.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Trend Micro and revoked Mar-23
+- **UUID**: ddecc35f-2233-4894-86d8-69e6e473943e
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/ece26d0686590a1ae0f950a412ed1a10.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootia32.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28005">CVE-2023-28005</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootia32.efi |
+| MD5                | [ece26d0686590a1ae0f950a412ed1a10](https://www.virustotal.com/gui/file/ece26d0686590a1ae0f950a412ed1a10) |
+| SHA1               | [15634f8fd748f28e29e4b77ce899a6d561576240](https://www.virustotal.com/gui/file/15634f8fd748f28e29e4b77ce899a6d561576240) |
+| SHA256             | [52febd655c84f4557de0ca35a236d468c03fa3bd0f51f54c31b37db29673da3f](https://www.virustotal.com/gui/file/52febd655c84f4557de0ca35a236d468c03fa3bd0f51f54c31b37db29673da3f) |
+| Authentihash MD5   | [2e2ee7180f421c97f27615cef8531dab](https://www.virustotal.com/gui/search/authentihash%253A2e2ee7180f421c97f27615cef8531dab) |
+| Authentihash SHA1  | [2375db1ba66ae1873c8f31b76f305ec8bfcbf3c2](https://www.virustotal.com/gui/search/authentihash%253A2375db1ba66ae1873c8f31b76f305ec8bfcbf3c2) |
+| Authentihash SHA256| [c4ebdc43048c43f5f11c59ead051a3585a07fafce985cfed8b27b73a5492f9b2](https://www.virustotal.com/gui/search/authentihash%253Ac4ebdc43048c43f5f11c59ead051a3585a07fafce985cfed8b27b73a5492f9b2) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000001e0d8474951a966ce400010000001e
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | b6f099bf203668f11a8f79ab08792ed8  |
+| ToBeSigned (TBS) SHA1             | 4713755a345940554eada6042e90b0151591fad6 |
+| ToBeSigned (TBS) SHA256           | 62a02001fda2712f35e5ba5f619a6403b6a2c10570eab455fdc69455535f49bb |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher |
+| ValidFrom                         | 2016-11-17 22:05:37 |
+| ValidTo                           | 2018-02-17 22:05:37 |
+| Signature                         | 0141873b6d85a37b5ac2a306448d73b6be76f7682ad14efef7ce4b377f0f7a5fbefd76377d59dc2caccd28d1be3eb180a8b66ab19a853bd14c7d5e955e8f07bc2ee0686ac3a2c9e997bd9f58de6dc9b93900c6b7824f64bf415ac51ebaa3dcfe8ad4fc2a41ad95b372c421c4f87835a59867c244e1c8df142abc4b23579f57431565eb8de6a7a0318b2fd17f93876a335c9450d2531f6a877baf43a569f83703a68e49987ca3c6dd42a595827f5be49151d3b79ea262e38ef5b37bda5b1be3462baa6ccb313193cdba21ea3cb1e9bbc751a769f354d63a0d1de3158c67d47b765b92d580ed5f1f1cdb5f61774c4b66c7deb15f4c71d605106064f33a17d31ca6 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000001e0d8474951a966ce400010000001e |
+| Version                           | 3 |
+###### Certificate 6108d3c4000000000004
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 1f23e75a000f0b6db92650dc26ac98e1  |
+| ToBeSigned (TBS) SHA1             | bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d |
+| ToBeSigned (TBS) SHA256           | 9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011 |
+| ValidFrom                         | 2011-06-27 21:22:45 |
+| ValidTo                           | 2026-06-27 21:32:45 |
+| Signature                         | 350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 6108d3c4000000000004 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000001e0d8474951a966ce400010000001e",
+      "Signature": "0141873b6d85a37b5ac2a306448d73b6be76f7682ad14efef7ce4b377f0f7a5fbefd76377d59dc2caccd28d1be3eb180a8b66ab19a853bd14c7d5e955e8f07bc2ee0686ac3a2c9e997bd9f58de6dc9b93900c6b7824f64bf415ac51ebaa3dcfe8ad4fc2a41ad95b372c421c4f87835a59867c244e1c8df142abc4b23579f57431565eb8de6a7a0318b2fd17f93876a335c9450d2531f6a877baf43a569f83703a68e49987ca3c6dd42a595827f5be49151d3b79ea262e38ef5b37bda5b1be3462baa6ccb313193cdba21ea3cb1e9bbc751a769f354d63a0d1de3158c67d47b765b92d580ed5f1f1cdb5f61774c4b66c7deb15f4c71d605106064f33a17d31ca6",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+      "TBS": {
+        "MD5": "b6f099bf203668f11a8f79ab08792ed8",
+        "SHA1": "4713755a345940554eada6042e90b0151591fad6",
+        "SHA256": "62a02001fda2712f35e5ba5f619a6403b6a2c10570eab455fdc69455535f49bb"
+      },
+      "ValidFrom": "2016-11-17 22:05:37",
+      "ValidTo": "2018-02-17 22:05:37",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "6108d3c4000000000004",
+      "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "TBS": {
+        "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+        "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+        "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+      },
+      "ValidFrom": "2011-06-27 21:22:45",
+      "ValidTo": "2026-06-27 21:32:45",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "SerialNumber": "330000001e0d8474951a966ce400010000001e",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/ddecc35f-2233-4894-86d8-69e6e473943e.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/de853203-30c9-4dc4-a050-6812dc4e0113.md b/lolrmm.com/content/bootloaders/de853203-30c9-4dc4-a050-6812dc4e0113.md
new file mode 100644
index 00000000..b4144d8c
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/de853203-30c9-4dc4-a050-6812dc4e0113.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "de853203-30c9-4dc4-a050-6812dc4e0113"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: de853203-30c9-4dc4-a050-6812dc4e0113
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [BA8D25B9FA843DA5A70D38A5AA96549F2166E2F0B4C1C007AF8A07D07E98A528](https://www.virustotal.com/gui/file/BA8D25B9FA843DA5A70D38A5AA96549F2166E2F0B4C1C007AF8A07D07E98A528) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [996C1D55955DFB3698869BDC2A700E6BCC762468716B5CBDA7295CF98841220A](https://www.virustotal.com/gui/search/authentihash%253A996C1D55955DFB3698869BDC2A700E6BCC762468716B5CBDA7295CF98841220A) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/de853203-30c9-4dc4-a050-6812dc4e0113.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/dfa9cb92-1691-442f-96df-9692e4ab29c4.md b/lolrmm.com/content/bootloaders/dfa9cb92-1691-442f-96df-9692e4ab29c4.md
new file mode 100644
index 00000000..d9aa7f87
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/dfa9cb92-1691-442f-96df-9692e4ab29c4.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "dfa9cb92-1691-442f-96df-9692e4ab29c4"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: dfa9cb92-1691-442f-96df-9692e4ab29c4
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/3aaa631aa80579a7ec4606f002de3436.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [3aaa631aa80579a7ec4606f002de3436](https://www.virustotal.com/gui/file/3aaa631aa80579a7ec4606f002de3436) |
+| SHA1               | [293ba261a22d2b62ac580140be62676856d48527](https://www.virustotal.com/gui/file/293ba261a22d2b62ac580140be62676856d48527) |
+| SHA256             | [d038eec123e1e13ab3ad27534de697c9779e9c27c62575f06771f80d3cbb7148](https://www.virustotal.com/gui/file/d038eec123e1e13ab3ad27534de697c9779e9c27c62575f06771f80d3cbb7148) |
+| Authentihash MD5   | [13c9c74d08c33a6231d859bb35a060bf](https://www.virustotal.com/gui/search/authentihash%253A13c9c74d08c33a6231d859bb35a060bf) |
+| Authentihash SHA1  | [833319ae7ee8fd2da9705d51d32ef1a6fd22e2fd](https://www.virustotal.com/gui/search/authentihash%253A833319ae7ee8fd2da9705d51d32ef1a6fd22e2fd) |
+| Authentihash SHA256| [6f53cd5bf434b19b4e14ca127c596752079d989fcc98bb7d7cf3155619ec347d](https://www.virustotal.com/gui/search/authentihash%253A6f53cd5bf434b19b4e14ca127c596752079d989fcc98bb7d7cf3155619ec347d) |
+| RichPEHeaderHash MD5   | [aaf18af925d829095e017c505f1a0039](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Aaaf18af925d829095e017c505f1a0039) |
+| RichPEHeaderHash SHA1  | [c3d13f7d96127a3b16c7a8c0a3dd98fd9f22c3cf](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Ac3d13f7d96127a3b16c7a8c0a3dd98fd9f22c3cf) |
+| RichPEHeaderHash SHA256| [05367ecae4cf78cc575048fb931468b1d210df8c38ff8ca05481124b1a1a6917](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A05367ecae4cf78cc575048fb931468b1d210df8c38ff8ca05481124b1a1a6917) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000033c89c66a7b45bb1fbd00000000033c
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 46f57c3b860b08484cb79066ac1014ad  |
+| ToBeSigned (TBS) SHA1             | c1fe3ab97b834a98460e4ae92fe2468d16f61a92 |
+| ToBeSigned (TBS) SHA256           | d78e6b22fec42de5200f6c56731dd6742c79fa2bf7c01c8dc04d3d5738474c9b |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2021-09-02 18:23:41 |
+| ValidTo                           | 2022-09-01 18:23:41 |
+| Signature                         | 699045742c403812de1bdf9ea2be22132e82a7c006ab278e0c9f460bd435386348031a6b5cbdf450ae5a243331dcb2cc7eace8371cf71ec35a6f663147bd211ea357614e6a611eeacca6486a778d4cd788106ade12d6625574e7a89ecab4eb0bb99295c498dd5f565680a2d26bf2545e727c4204023c48d8021b608fd901c6fefd16ce0c3a669fb0ce758dc671f2cdd7434c163f9de9453e5523d94a78205c828a4615e50330d9f52a8a77f7683d2b61ff1324382d40d31001c518b56b286fbb8c754f6940590c2071385ed0a9387b529c06bf71fff89c74634550fc331b389d558696ace05787144e5af53d20a75a84981bf8380ddac3743f407d8ff27c089e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000033c89c66a7b45bb1fbd00000000033c |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c",
+      "Signature": "699045742c403812de1bdf9ea2be22132e82a7c006ab278e0c9f460bd435386348031a6b5cbdf450ae5a243331dcb2cc7eace8371cf71ec35a6f663147bd211ea357614e6a611eeacca6486a778d4cd788106ade12d6625574e7a89ecab4eb0bb99295c498dd5f565680a2d26bf2545e727c4204023c48d8021b608fd901c6fefd16ce0c3a669fb0ce758dc671f2cdd7434c163f9de9453e5523d94a78205c828a4615e50330d9f52a8a77f7683d2b61ff1324382d40d31001c518b56b286fbb8c754f6940590c2071385ed0a9387b529c06bf71fff89c74634550fc331b389d558696ace05787144e5af53d20a75a84981bf8380ddac3743f407d8ff27c089e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "46f57c3b860b08484cb79066ac1014ad",
+        "SHA1": "c1fe3ab97b834a98460e4ae92fe2468d16f61a92",
+        "SHA256": "d78e6b22fec42de5200f6c56731dd6742c79fa2bf7c01c8dc04d3d5738474c9b"
+      },
+      "ValidFrom": "2021-09-02 18:23:41",
+      "ValidTo": "2022-09-01 18:23:41",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "330000033c89c66a7b45bb1fbd00000000033c",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/dfa9cb92-1691-442f-96df-9692e4ab29c4.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/e0432a67-4ec8-4281-b4c1-a800e1b615be.md b/lolrmm.com/content/bootloaders/e0432a67-4ec8-4281-b4c1-a800e1b615be.md
new file mode 100644
index 00000000..53fd9a3c
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/e0432a67-4ec8-4281-b4c1-a800e1b615be.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "e0432a67-4ec8-4281-b4c1-a800e1b615be"
+weight = 10
+displayTitle = "bootia32.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootia32.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: e0432a67-4ec8-4281-b4c1-a800e1b615be
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootia32.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootia32.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [84897E4405319DAB2822D63147F3DA90AC2A436A7D24EC5DD91B277AB6528FAB](https://www.virustotal.com/gui/file/84897E4405319DAB2822D63147F3DA90AC2A436A7D24EC5DD91B277AB6528FAB) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [6A16ADA3FE0C5468F0A43FB2F597A42F3DA3218C88EE819BF799110CF7A79B6C](https://www.virustotal.com/gui/search/authentihash%253A6A16ADA3FE0C5468F0A43FB2F597A42F3DA3218C88EE819BF799110CF7A79B6C) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/e0432a67-4ec8-4281-b4c1-a800e1b615be.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/e06e3faf-46e8-4902-9bd7-69b462d292d2.md b/lolrmm.com/content/bootloaders/e06e3faf-46e8-4902-9bd7-69b462d292d2.md
new file mode 100644
index 00000000..9249dc6f
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/e06e3faf-46e8-4902-9bd7-69b462d292d2.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "e06e3faf-46e8-4902-9bd7-69b462d292d2"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: e06e3faf-46e8-4902-9bd7-69b462d292d2
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [3EBB964E2D24C5D0F2E07972A9F143B73161344790E960463BF9C229000848C1](https://www.virustotal.com/gui/file/3EBB964E2D24C5D0F2E07972A9F143B73161344790E960463BF9C229000848C1) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [B4938ED2FF001B73EF31E5BBBEBE1D6DBB7D9888A9FBE5251A52A5ED016652CF](https://www.virustotal.com/gui/search/authentihash%253AB4938ED2FF001B73EF31E5BBBEBE1D6DBB7D9888A9FBE5251A52A5ED016652CF) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/e06e3faf-46e8-4902-9bd7-69b462d292d2.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/e081d394-fa4c-46c9-8a1c-c8790790aa3c.md b/lolrmm.com/content/bootloaders/e081d394-fa4c-46c9-8a1c-c8790790aa3c.md
new file mode 100644
index 00000000..eafe86a9
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/e081d394-fa4c-46c9-8a1c-c8790790aa3c.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "e081d394-fa4c-46c9-8a1c-c8790790aa3c"
+weight = 10
+displayTitle = "e081d394-fa4c-46c9-8a1c-c8790790aa3c"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# e081d394-fa4c-46c9-8a1c-c8790790aa3c ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Unknown and revoked Jul-20
+- **UUID**: e081d394-fa4c-46c9-8a1c-c8790790aa3c
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [84A6C5F6C7AC07F1CC405F7B53B69BFF17BE0E4B9A428C21D39DCE0CDD4EF16B](https://www.virustotal.com/gui/file/84A6C5F6C7AC07F1CC405F7B53B69BFF17BE0E4B9A428C21D39DCE0CDD4EF16B) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [91656AA4EF493B3824A0B7263248E4E2D657A5C8488D880CB65B01730932FB53](https://www.virustotal.com/gui/search/authentihash%253A91656AA4EF493B3824A0B7263248E4E2D657A5C8488D880CB65B01730932FB53) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/e081d394-fa4c-46c9-8a1c-c8790790aa3c.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/e0a4512e-03fa-4db8-b7e0-8c8eb6f2bc8a.md b/lolrmm.com/content/bootloaders/e0a4512e-03fa-4db8-b7e0-8c8eb6f2bc8a.md
new file mode 100644
index 00000000..7cb94cc8
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/e0a4512e-03fa-4db8-b7e0-8c8eb6f2bc8a.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "e0a4512e-03fa-4db8-b7e0-8c8eb6f2bc8a"
+weight = 10
+displayTitle = "e0a4512e-03fa-4db8-b7e0-8c8eb6f2bc8a"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# e0a4512e-03fa-4db8-b7e0-8c8eb6f2bc8a ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Oracle Corporation and revoked Jul-20
+- **UUID**: e0a4512e-03fa-4db8-b7e0-8c8eb6f2bc8a
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [7C2FDA323F09B9BE6269BA979A620438413EBA4A93B2BA34F9B39998268AD9CD](https://www.virustotal.com/gui/file/7C2FDA323F09B9BE6269BA979A620438413EBA4A93B2BA34F9B39998268AD9CD) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [37A480374DAF6202CE790C318A2BB8AA3797311261160A8E30558B7DEA78C7A6](https://www.virustotal.com/gui/search/authentihash%253A37A480374DAF6202CE790C318A2BB8AA3797311261160A8E30558B7DEA78C7A6) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/e0a4512e-03fa-4db8-b7e0-8c8eb6f2bc8a.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/e121cfa2-ee0c-4c6d-9b1a-1f48ce500b81.md b/lolrmm.com/content/bootloaders/e121cfa2-ee0c-4c6d-9b1a-1f48ce500b81.md
new file mode 100644
index 00000000..6e96cd0c
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/e121cfa2-ee0c-4c6d-9b1a-1f48ce500b81.md
@@ -0,0 +1,241 @@
++++
+
+description = ""
+title = "e121cfa2-ee0c-4c6d-9b1a-1f48ce500b81"
+weight = 10
+displayTitle = "bootx64.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootx64.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by VMware Inc. and revoked Jul-20
+- **UUID**: e121cfa2-ee0c-4c6d-9b1a-1f48ce500b81
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/07349cf7c406343bb9a9a9d9eec50790.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootx64.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootx64.efi |
+| MD5                | [07349cf7c406343bb9a9a9d9eec50790](https://www.virustotal.com/gui/file/07349cf7c406343bb9a9a9d9eec50790) |
+| SHA1               | [12f8b7152bf718ee95d9d9a8ebd50c1a8fbb9621](https://www.virustotal.com/gui/file/12f8b7152bf718ee95d9d9a8ebd50c1a8fbb9621) |
+| SHA256             | [ef43b4b4a755494b10b7431527aead697feab6fa48cf4684cca4fb5b8cd09035](https://www.virustotal.com/gui/file/ef43b4b4a755494b10b7431527aead697feab6fa48cf4684cca4fb5b8cd09035) |
+| Authentihash MD5   | [96c7007a1ef6ec8ae43756e1e3bf9807](https://www.virustotal.com/gui/search/authentihash%253A96c7007a1ef6ec8ae43756e1e3bf9807) |
+| Authentihash SHA1  | [9574b0676b8540628d0db2f89a8d8bb7b43d863b](https://www.virustotal.com/gui/search/authentihash%253A9574b0676b8540628d0db2f89a8d8bb7b43d863b) |
+| Authentihash SHA256| [5c5805196a85e93789457017d4f9eb6828b97c41cb9ba6d3dc1fcc115f527a55](https://www.virustotal.com/gui/search/authentihash%253A5c5805196a85e93789457017d4f9eb6828b97c41cb9ba6d3dc1fcc115f527a55) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000001e0d8474951a966ce400010000001e
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | b6f099bf203668f11a8f79ab08792ed8  |
+| ToBeSigned (TBS) SHA1             | 4713755a345940554eada6042e90b0151591fad6 |
+| ToBeSigned (TBS) SHA256           | 62a02001fda2712f35e5ba5f619a6403b6a2c10570eab455fdc69455535f49bb |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher |
+| ValidFrom                         | 2016-11-17 22:05:37 |
+| ValidTo                           | 2018-02-17 22:05:37 |
+| Signature                         | 0141873b6d85a37b5ac2a306448d73b6be76f7682ad14efef7ce4b377f0f7a5fbefd76377d59dc2caccd28d1be3eb180a8b66ab19a853bd14c7d5e955e8f07bc2ee0686ac3a2c9e997bd9f58de6dc9b93900c6b7824f64bf415ac51ebaa3dcfe8ad4fc2a41ad95b372c421c4f87835a59867c244e1c8df142abc4b23579f57431565eb8de6a7a0318b2fd17f93876a335c9450d2531f6a877baf43a569f83703a68e49987ca3c6dd42a595827f5be49151d3b79ea262e38ef5b37bda5b1be3462baa6ccb313193cdba21ea3cb1e9bbc751a769f354d63a0d1de3158c67d47b765b92d580ed5f1f1cdb5f61774c4b66c7deb15f4c71d605106064f33a17d31ca6 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000001e0d8474951a966ce400010000001e |
+| Version                           | 3 |
+###### Certificate 6108d3c4000000000004
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 1f23e75a000f0b6db92650dc26ac98e1  |
+| ToBeSigned (TBS) SHA1             | bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d |
+| ToBeSigned (TBS) SHA256           | 9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011 |
+| ValidFrom                         | 2011-06-27 21:22:45 |
+| ValidTo                           | 2026-06-27 21:32:45 |
+| Signature                         | 350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 6108d3c4000000000004 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000001e0d8474951a966ce400010000001e",
+      "Signature": "0141873b6d85a37b5ac2a306448d73b6be76f7682ad14efef7ce4b377f0f7a5fbefd76377d59dc2caccd28d1be3eb180a8b66ab19a853bd14c7d5e955e8f07bc2ee0686ac3a2c9e997bd9f58de6dc9b93900c6b7824f64bf415ac51ebaa3dcfe8ad4fc2a41ad95b372c421c4f87835a59867c244e1c8df142abc4b23579f57431565eb8de6a7a0318b2fd17f93876a335c9450d2531f6a877baf43a569f83703a68e49987ca3c6dd42a595827f5be49151d3b79ea262e38ef5b37bda5b1be3462baa6ccb313193cdba21ea3cb1e9bbc751a769f354d63a0d1de3158c67d47b765b92d580ed5f1f1cdb5f61774c4b66c7deb15f4c71d605106064f33a17d31ca6",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+      "TBS": {
+        "MD5": "b6f099bf203668f11a8f79ab08792ed8",
+        "SHA1": "4713755a345940554eada6042e90b0151591fad6",
+        "SHA256": "62a02001fda2712f35e5ba5f619a6403b6a2c10570eab455fdc69455535f49bb"
+      },
+      "ValidFrom": "2016-11-17 22:05:37",
+      "ValidTo": "2018-02-17 22:05:37",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "6108d3c4000000000004",
+      "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "TBS": {
+        "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+        "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+        "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+      },
+      "ValidFrom": "2011-06-27 21:22:45",
+      "ValidTo": "2026-06-27 21:32:45",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "SerialNumber": "330000001e0d8474951a966ce400010000001e",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/e121cfa2-ee0c-4c6d-9b1a-1f48ce500b81.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/e12666fa-d6b3-449e-b3c3-18cf7a3d5b69.md b/lolrmm.com/content/bootloaders/e12666fa-d6b3-449e-b3c3-18cf7a3d5b69.md
new file mode 100644
index 00000000..f9071c71
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/e12666fa-d6b3-449e-b3c3-18cf7a3d5b69.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "e12666fa-d6b3-449e-b3c3-18cf7a3d5b69"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: e12666fa-d6b3-449e-b3c3-18cf7a3d5b69
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [764D5B7F15EF539E0C8685DF62AB7CC7DBA3FCA50A08A8F7643D108A0A7FF757](https://www.virustotal.com/gui/file/764D5B7F15EF539E0C8685DF62AB7CC7DBA3FCA50A08A8F7643D108A0A7FF757) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [815D98AEE498CF27FD6648C7E02CFC0A4A88AA73237CBB2352FE38384A72683D](https://www.virustotal.com/gui/search/authentihash%253A815D98AEE498CF27FD6648C7E02CFC0A4A88AA73237CBB2352FE38384A72683D) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/e12666fa-d6b3-449e-b3c3-18cf7a3d5b69.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/e1e05cba-138a-4879-84c6-0ab872d03ea5.md b/lolrmm.com/content/bootloaders/e1e05cba-138a-4879-84c6-0ab872d03ea5.md
new file mode 100644
index 00000000..1cb12c70
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/e1e05cba-138a-4879-84c6-0ab872d03ea5.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "e1e05cba-138a-4879-84c6-0ab872d03ea5"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: e1e05cba-138a-4879-84c6-0ab872d03ea5
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/aad10724a4a2b676a69459a61124efec.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [aad10724a4a2b676a69459a61124efec](https://www.virustotal.com/gui/file/aad10724a4a2b676a69459a61124efec) |
+| SHA1               | [e41e22000179036196670a70b71dc199f503f803](https://www.virustotal.com/gui/file/e41e22000179036196670a70b71dc199f503f803) |
+| SHA256             | [25933d1597ead1c390abc59433aec7c8f955c588551024c88c6388afbc84ed40](https://www.virustotal.com/gui/file/25933d1597ead1c390abc59433aec7c8f955c588551024c88c6388afbc84ed40) |
+| Authentihash MD5   | [34dc51ef7732132306a90266b0dcaf95](https://www.virustotal.com/gui/search/authentihash%253A34dc51ef7732132306a90266b0dcaf95) |
+| Authentihash SHA1  | [4f92bc4253c99fb31787f7b1501b0f3af801534a](https://www.virustotal.com/gui/search/authentihash%253A4f92bc4253c99fb31787f7b1501b0f3af801534a) |
+| Authentihash SHA256| [0328f7dd12b552efa7a9e083730333b85f3f4e83d39387fc531863b422f75cc8](https://www.virustotal.com/gui/search/authentihash%253A0328f7dd12b552efa7a9e083730333b85f3f4e83d39387fc531863b422f75cc8) |
+| RichPEHeaderHash MD5   | [2fbc53c18b773e0990639d636825b0ba](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2fbc53c18b773e0990639d636825b0ba) |
+| RichPEHeaderHash SHA1  | [2a1d3ef0d46e4b8b403cdf0c29bcefbe41250cb3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2a1d3ef0d46e4b8b403cdf0c29bcefbe41250cb3) |
+| RichPEHeaderHash SHA256| [d1a38cd90fba6fb39948b1c0ee836f9542268bb74c4379963c2920d11f696f22](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Ad1a38cd90fba6fb39948b1c0ee836f9542268bb74c4379963c2920d11f696f22) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 33000000bce120fdd27cc8ee930000000000bc
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | f31f8c784e5d3986ccacb9c88c6d7044  |
+| ToBeSigned (TBS) SHA1             | 833498af9a41da339c83e0d384b521f72d053331 |
+| ToBeSigned (TBS) SHA256           | 1f47e616b2810165968d76ef4f6587611c276f4b52901bd6aa5822f9c6e52976 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2015-08-18 17:15:28 |
+| ValidTo                           | 2016-11-18 17:15:28 |
+| Signature                         | 60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 33000000bce120fdd27cc8ee930000000000bc |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+      "Signature": "60743a2c8b9d1d20759fd327472b3fb9c434cf9df5a4501199cafd1d0f6806659be78f5346fcdedead6c2615214f653b0306302508cc80e386fb54dc8d0b8c63131e54f259c4f8792335187e2d4f649a82490807f129590c1a5c76d8c56a12e51f4c9bb20f35bb27b3ddc0dfbd849e506ed390bef27d160c5fa33291231b73cffddf7bcc42948b509b88242d401ab88f4283997bb6707c2fd2facf67e2639b5b02da8975568de56dc96eee8061c69bc552d61a0fa49ea527563681fb35f68dde6eee372b99f69761de0eac9b72b1510f80e66f6560bf1d0669dcbdd915ffe13454502833fe26932c018ad8399ad2840a93b0c222b7900151dc9ddb4475e1d7b7",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "f31f8c784e5d3986ccacb9c88c6d7044",
+        "SHA1": "833498af9a41da339c83e0d384b521f72d053331",
+        "SHA256": "1f47e616b2810165968d76ef4f6587611c276f4b52901bd6aa5822f9c6e52976"
+      },
+      "ValidFrom": "2015-08-18 17:15:28",
+      "ValidTo": "2016-11-18 17:15:28",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "33000000bce120fdd27cc8ee930000000000bc",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/e1e05cba-138a-4879-84c6-0ab872d03ea5.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/e2313b7a-714a-4e2c-a692-4259f9bc3b0c.md b/lolrmm.com/content/bootloaders/e2313b7a-714a-4e2c-a692-4259f9bc3b0c.md
new file mode 100644
index 00000000..766f1612
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/e2313b7a-714a-4e2c-a692-4259f9bc3b0c.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "e2313b7a-714a-4e2c-a692-4259f9bc3b0c"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: e2313b7a-714a-4e2c-a692-4259f9bc3b0c
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [C190FBE65C28E7DBCA5AAE188C368CAB9A43ADB7F3B010843086D6DA77C3A6E5](https://www.virustotal.com/gui/file/C190FBE65C28E7DBCA5AAE188C368CAB9A43ADB7F3B010843086D6DA77C3A6E5) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [B344D2F33E30A25EB927E4C1A419D019ACCFA8249A5CE622B8E7C7D8D5807A00](https://www.virustotal.com/gui/search/authentihash%253AB344D2F33E30A25EB927E4C1A419D019ACCFA8249A5CE622B8E7C7D8D5807A00) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/e2313b7a-714a-4e2c-a692-4259f9bc3b0c.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/e314abb1-31d1-460f-9df0-f437263d9e71.md b/lolrmm.com/content/bootloaders/e314abb1-31d1-460f-9df0-f437263d9e71.md
new file mode 100644
index 00000000..fa5e6b21
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/e314abb1-31d1-460f-9df0-f437263d9e71.md
@@ -0,0 +1,241 @@
++++
+
+description = ""
+title = "e314abb1-31d1-460f-9df0-f437263d9e71"
+weight = 10
+displayTitle = "bootx64.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootx64.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by TeraByte Inc. and revoked Jul-20
+- **UUID**: e314abb1-31d1-460f-9df0-f437263d9e71
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/c2d60556e72219f9d4dd063a6843aa37.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootx64.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootx64.efi |
+| MD5                | [c2d60556e72219f9d4dd063a6843aa37](https://www.virustotal.com/gui/file/c2d60556e72219f9d4dd063a6843aa37) |
+| SHA1               | [83720b7f32ce09df641395f39a86bc48b3e8a9b8](https://www.virustotal.com/gui/file/83720b7f32ce09df641395f39a86bc48b3e8a9b8) |
+| SHA256             | [d809eddc88a14239e8a069fa71f81f3e4af4dc293f7575d71d597c80f8767816](https://www.virustotal.com/gui/file/d809eddc88a14239e8a069fa71f81f3e4af4dc293f7575d71d597c80f8767816) |
+| Authentihash MD5   | [50588d1cf5701594eefb3eb90f401614](https://www.virustotal.com/gui/search/authentihash%253A50588d1cf5701594eefb3eb90f401614) |
+| Authentihash SHA1  | [8a6738664c7dd6a99dbbd32c0c43432e9f88c85a](https://www.virustotal.com/gui/search/authentihash%253A8a6738664c7dd6a99dbbd32c0c43432e9f88c85a) |
+| Authentihash SHA256| [9d00ae4cd47a41c783dc48f342c076c2c16f3413f4d2df50d181ca3bb5ad859d](https://www.virustotal.com/gui/search/authentihash%253A9d00ae4cd47a41c783dc48f342c076c2c16f3413f4d2df50d181ca3bb5ad859d) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000000a6642f3f49fb7379600010000000a
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | c52110f552e27ebb1e3fae114abafb3f  |
+| ToBeSigned (TBS) SHA1             | 4954e087123653ce38da4cdd31141b6a1bb999e4 |
+| ToBeSigned (TBS) SHA256           | 1cf7d28cfb21714522a9c91dda9d899ceadb0769f14b25e770799d88365aa54c |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher |
+| ValidFrom                         | 2013-09-24 17:54:03 |
+| ValidTo                           | 2014-12-24 17:54:03 |
+| Signature                         | 2a27d6bd2f34c68a9989ec856449fe4934ad5c0615ec5819664399053737a86be46c914b9478ce393534b759eec5eb6f015b706b853f1d2be51fe9807b178eaa9e0f9558d6a5d913c58c7492cbad106abb7395426801a42f363842e60bf72d046668865db5d8ce2c901c9673044d05abb74c171ac198c0f9376bb9185ec7523bb53e6d2c114642ffbfbe20efc6c2571c2006159cb70ff2c428e997f6ce83bf57ad9a47c47decce9830cf861a156471c62600a0260b44e29ea8e6e33c407c046f37be4a46dcaf38c018b24f969beb716d8e76cebc3d1d19134ed6f216cc2e357848b4998196ebd7326bca3e3ade1ba88e98612a569a46a1f45856f4e2dfa02a5d |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000000a6642f3f49fb7379600010000000a |
+| Version                           | 3 |
+###### Certificate 6108d3c4000000000004
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 1f23e75a000f0b6db92650dc26ac98e1  |
+| ToBeSigned (TBS) SHA1             | bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d |
+| ToBeSigned (TBS) SHA256           | 9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011 |
+| ValidFrom                         | 2011-06-27 21:22:45 |
+| ValidTo                           | 2026-06-27 21:32:45 |
+| Signature                         | 350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 6108d3c4000000000004 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000000a6642f3f49fb7379600010000000a",
+      "Signature": "2a27d6bd2f34c68a9989ec856449fe4934ad5c0615ec5819664399053737a86be46c914b9478ce393534b759eec5eb6f015b706b853f1d2be51fe9807b178eaa9e0f9558d6a5d913c58c7492cbad106abb7395426801a42f363842e60bf72d046668865db5d8ce2c901c9673044d05abb74c171ac198c0f9376bb9185ec7523bb53e6d2c114642ffbfbe20efc6c2571c2006159cb70ff2c428e997f6ce83bf57ad9a47c47decce9830cf861a156471c62600a0260b44e29ea8e6e33c407c046f37be4a46dcaf38c018b24f969beb716d8e76cebc3d1d19134ed6f216cc2e357848b4998196ebd7326bca3e3ade1ba88e98612a569a46a1f45856f4e2dfa02a5d",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+      "TBS": {
+        "MD5": "c52110f552e27ebb1e3fae114abafb3f",
+        "SHA1": "4954e087123653ce38da4cdd31141b6a1bb999e4",
+        "SHA256": "1cf7d28cfb21714522a9c91dda9d899ceadb0769f14b25e770799d88365aa54c"
+      },
+      "ValidFrom": "2013-09-24 17:54:03",
+      "ValidTo": "2014-12-24 17:54:03",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "6108d3c4000000000004",
+      "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "TBS": {
+        "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+        "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+        "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+      },
+      "ValidFrom": "2011-06-27 21:22:45",
+      "ValidTo": "2026-06-27 21:32:45",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "SerialNumber": "330000000a6642f3f49fb7379600010000000a",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/e314abb1-31d1-460f-9df0-f437263d9e71.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/e32b7c1e-14b0-4f29-9c62-d1664d26777d.md b/lolrmm.com/content/bootloaders/e32b7c1e-14b0-4f29-9c62-d1664d26777d.md
new file mode 100644
index 00000000..100e6bbc
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/e32b7c1e-14b0-4f29-9c62-d1664d26777d.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "e32b7c1e-14b0-4f29-9c62-d1664d26777d"
+weight = 10
+displayTitle = "e32b7c1e-14b0-4f29-9c62-d1664d26777d"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# e32b7c1e-14b0-4f29-9c62-d1664d26777d ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Fedora Project and revoked Jul-20
+- **UUID**: e32b7c1e-14b0-4f29-9c62-d1664d26777d
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [52A4F27CCEDCC5405D8EC128BF99861865B2273DA18A9B958ABADEFF63DF5A18](https://www.virustotal.com/gui/file/52A4F27CCEDCC5405D8EC128BF99861865B2273DA18A9B958ABADEFF63DF5A18) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [3765D769C05BF98B427B3511903B2137E8A49B6F859D0AF159ED6A86786AA634](https://www.virustotal.com/gui/search/authentihash%253A3765D769C05BF98B427B3511903B2137E8A49B6F859D0AF159ED6A86786AA634) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/e32b7c1e-14b0-4f29-9c62-d1664d26777d.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/e4cbfa0b-8b40-4ac9-b390-a566dbddd873.md b/lolrmm.com/content/bootloaders/e4cbfa0b-8b40-4ac9-b390-a566dbddd873.md
new file mode 100644
index 00000000..102564b3
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/e4cbfa0b-8b40-4ac9-b390-a566dbddd873.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "e4cbfa0b-8b40-4ac9-b390-a566dbddd873"
+weight = 10
+displayTitle = "e4cbfa0b-8b40-4ac9-b390-a566dbddd873"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# e4cbfa0b-8b40-4ac9-b390-a566dbddd873 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Univention GmbH and revoked Jul-20
+- **UUID**: e4cbfa0b-8b40-4ac9-b390-a566dbddd873
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [2B7A243AC2248C630A51D73889E4BAA33DA94BD58D63E364A5FEF1A0998B4F5E](https://www.virustotal.com/gui/file/2B7A243AC2248C630A51D73889E4BAA33DA94BD58D63E364A5FEF1A0998B4F5E) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [70A1450AF2AD395569AD0AFEB1D9C125324EE90AEC39C258880134D4892D51AB](https://www.virustotal.com/gui/search/authentihash%253A70A1450AF2AD395569AD0AFEB1D9C125324EE90AEC39C258880134D4892D51AB) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/e4cbfa0b-8b40-4ac9-b390-a566dbddd873.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/e638d650-dd39-49a9-a737-b02670064e45.md b/lolrmm.com/content/bootloaders/e638d650-dd39-49a9-a737-b02670064e45.md
new file mode 100644
index 00000000..1009f186
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/e638d650-dd39-49a9-a737-b02670064e45.md
@@ -0,0 +1,164 @@
++++
+
+description = ""
+title = "e638d650-dd39-49a9-a737-b02670064e45"
+weight = 10
+displayTitle = "shim64-bit.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# shim64-bit.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Canonical Ltd and revoked Apr-21
+- **UUID**: e638d650-dd39-49a9-a737-b02670064e45
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/9bdc83ad343e8745e1f3d55c36cf2df6.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\shim64-bit.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372">CVE-2020-14372</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632">CVE-2020-25632</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647">CVE-2020-25647</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749">CVE-2020-27749</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779">CVE-2020-27779</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3418">CVE-2021-3418</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225">CVE-2021-20225</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233">CVE-2021-20233</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | shim64-bit.efi |
+| MD5                | [9bdc83ad343e8745e1f3d55c36cf2df6](https://www.virustotal.com/gui/file/9bdc83ad343e8745e1f3d55c36cf2df6) |
+| SHA1               | [095b16e4a405e6d6dbdfc1475c941c64201d41b5](https://www.virustotal.com/gui/file/095b16e4a405e6d6dbdfc1475c941c64201d41b5) |
+| SHA256             | [84e680f95cd31db85663a5482a68778dd236503d88e8a6d8e3c4a6c9ba201102](https://www.virustotal.com/gui/file/84e680f95cd31db85663a5482a68778dd236503d88e8a6d8e3c4a6c9ba201102) |
+| Authentihash MD5   | [2906120c5459cec104e70135cc2c7ffb](https://www.virustotal.com/gui/search/authentihash%253A2906120c5459cec104e70135cc2c7ffb) |
+| Authentihash SHA1  | [e0a77a7cdefc31ecba261fcd6181b97efce9cc49](https://www.virustotal.com/gui/search/authentihash%253Ae0a77a7cdefc31ecba261fcd6181b97efce9cc49) |
+| Authentihash SHA256| [273d4432af53f07f8fb2013bb13d70bd46ea49c6c1c9de6c631ae4d75c98baf0](https://www.virustotal.com/gui/search/authentihash%253A273d4432af53f07f8fb2013bb13d70bd46ea49c6c1c9de6c631ae4d75c98baf0) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/e638d650-dd39-49a9-a737-b02670064e45.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/e774e770-0d9e-40c1-b9e1-ac09484a837f.md b/lolrmm.com/content/bootloaders/e774e770-0d9e-40c1-b9e1-ac09484a837f.md
new file mode 100644
index 00000000..002c4127
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/e774e770-0d9e-40c1-b9e1-ac09484a837f.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "e774e770-0d9e-40c1-b9e1-ac09484a837f"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: e774e770-0d9e-40c1-b9e1-ac09484a837f
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [DEA5BD5268B76F56B4091A20C806124DE8054FB07A652CF0E883BBA9A0938DE0](https://www.virustotal.com/gui/file/DEA5BD5268B76F56B4091A20C806124DE8054FB07A652CF0E883BBA9A0938DE0) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [7490AD46B3AEA32DD21C46A7A42FF4183FFAA7C486C75C6438ADF936E512B9A5](https://www.virustotal.com/gui/search/authentihash%253A7490AD46B3AEA32DD21C46A7A42FF4183FFAA7C486C75C6438ADF936E512B9A5) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/e774e770-0d9e-40c1-b9e1-ac09484a837f.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/e7f84927-3fb4-41c9-b2fc-e87985cfbcc3.md b/lolrmm.com/content/bootloaders/e7f84927-3fb4-41c9-b2fc-e87985cfbcc3.md
new file mode 100644
index 00000000..f3601744
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/e7f84927-3fb4-41c9-b2fc-e87985cfbcc3.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "e7f84927-3fb4-41c9-b2fc-e87985cfbcc3"
+weight = 10
+displayTitle = "bootarm.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootarm.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: e7f84927-3fb4-41c9-b2fc-e87985cfbcc3
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootarm.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootarm.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [94F92895ED36D4EA45B0942E755640420AF5CA3B8E3EA855FC6A39C9A3661666](https://www.virustotal.com/gui/file/94F92895ED36D4EA45B0942E755640420AF5CA3B8E3EA855FC6A39C9A3661666) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [AF3BBF0C275BDD5EBD8A87F00263847485572F8A983DEF0EAE9895CD93D7FFC3](https://www.virustotal.com/gui/search/authentihash%253AAF3BBF0C275BDD5EBD8A87F00263847485572F8A983DEF0EAE9895CD93D7FFC3) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/e7f84927-3fb4-41c9-b2fc-e87985cfbcc3.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/e84c007a-a263-4bea-ad23-e46447001e91.md b/lolrmm.com/content/bootloaders/e84c007a-a263-4bea-ad23-e46447001e91.md
new file mode 100644
index 00000000..033c875b
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/e84c007a-a263-4bea-ad23-e46447001e91.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "e84c007a-a263-4bea-ad23-e46447001e91"
+weight = 10
+displayTitle = "e84c007a-a263-4bea-ad23-e46447001e91"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# e84c007a-a263-4bea-ad23-e46447001e91 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Oracle Corporation and revoked Jul-20
+- **UUID**: e84c007a-a263-4bea-ad23-e46447001e91
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [44FD1F90799B852B3BED642DE300BCF9EF6CA81036CD5588C24D5B8E00D4B9D1](https://www.virustotal.com/gui/file/44FD1F90799B852B3BED642DE300BCF9EF6CA81036CD5588C24D5B8E00D4B9D1) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [540801DD345DC1C33EF431B35BF4C0E68BD319B577B9ABE1A9CFF1CBC39F548F](https://www.virustotal.com/gui/search/authentihash%253A540801DD345DC1C33EF431B35BF4C0E68BD319B577B9ABE1A9CFF1CBC39F548F) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/e84c007a-a263-4bea-ad23-e46447001e91.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/e91a68c8-807d-4b65-a86b-c51335730c55.md b/lolrmm.com/content/bootloaders/e91a68c8-807d-4b65-a86b-c51335730c55.md
new file mode 100644
index 00000000..429e120d
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/e91a68c8-807d-4b65-a86b-c51335730c55.md
@@ -0,0 +1,241 @@
++++
+
+description = ""
+title = "e91a68c8-807d-4b65-a86b-c51335730c55"
+weight = 10
+displayTitle = "bootx64.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootx64.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Fedora Project and revoked Jul-20
+- **UUID**: e91a68c8-807d-4b65-a86b-c51335730c55
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/abd377408acc02ee7f2f16320ee9b49a.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootx64.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootx64.efi |
+| MD5                | [abd377408acc02ee7f2f16320ee9b49a](https://www.virustotal.com/gui/file/abd377408acc02ee7f2f16320ee9b49a) |
+| SHA1               | [b72252c1c92cac65c4a4637816b0a84428d16681](https://www.virustotal.com/gui/file/b72252c1c92cac65c4a4637816b0a84428d16681) |
+| SHA256             | [475552c7476ad45e42344eee8b30d44c264d200ac2468428aa86fc8795fb6e34](https://www.virustotal.com/gui/file/475552c7476ad45e42344eee8b30d44c264d200ac2468428aa86fc8795fb6e34) |
+| Authentihash MD5   | [fb4d9da53892bb0152dcfd7a4a150fe0](https://www.virustotal.com/gui/search/authentihash%253Afb4d9da53892bb0152dcfd7a4a150fe0) |
+| Authentihash SHA1  | [a070bfbb64dc542d7b6b22de52d9b4d994b0d2f1](https://www.virustotal.com/gui/search/authentihash%253Aa070bfbb64dc542d7b6b22de52d9b4d994b0d2f1) |
+| Authentihash SHA256| [dbaf9e056d3d5b38b68553304abc88827ebc00f80cb9c7e197cdbc5822cd316c](https://www.virustotal.com/gui/search/authentihash%253Adbaf9e056d3d5b38b68553304abc88827ebc00f80cb9c7e197cdbc5822cd316c) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 3300000010a4912943d94ce62e000100000010
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 61509fd4e01160eb7d8007dc182bee5b  |
+| ToBeSigned (TBS) SHA1             | febd34ec96d90e498d9b6fa54d7fab80ce1464d3 |
+| ToBeSigned (TBS) SHA256           | 7d79e52d96bc7c571299d90c3bc4bff9d08e36eb74b7e8b0cd69114980737953 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher |
+| ValidFrom                         | 2014-10-01 18:02:10 |
+| ValidTo                           | 2016-01-01 18:02:10 |
+| Signature                         | 2b1b08b20674b8acbad524875a42f0b4d4ba6df424b9adb1e83c9309e657fe499f386cdf93a4f71393ab57da5eee4e346ebccdf9a7e990b44a76433af4071e90ee0e0fc8744003f9afe6bdda1cbd132fef8235d39c932bb9960f52bbea2062ed773a52beef26b333f603d8e9a0a9652c222a013cb1bd44bb5dc96c1a4135284c91784f0d66a2d7d97c59e26fd19d645e730b656d56e7a8166f228a751a745c4491f1865c8d5a4b1bf61fd4a564811e32699deff03a3328829cd888ae53fccb0819957ee499a2ad79d1c1d73ef7324562bee86575193983b41f66c12c95eb5d171df5c4beda799c4fb314e8e27bc47b195e1c8a2cd2d3bfbb29c8264ebddf95da |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 3300000010a4912943d94ce62e000100000010 |
+| Version                           | 3 |
+###### Certificate 6108d3c4000000000004
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 1f23e75a000f0b6db92650dc26ac98e1  |
+| ToBeSigned (TBS) SHA1             | bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d |
+| ToBeSigned (TBS) SHA256           | 9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011 |
+| ValidFrom                         | 2011-06-27 21:22:45 |
+| ValidTo                           | 2026-06-27 21:32:45 |
+| Signature                         | 350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 6108d3c4000000000004 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "3300000010a4912943d94ce62e000100000010",
+      "Signature": "2b1b08b20674b8acbad524875a42f0b4d4ba6df424b9adb1e83c9309e657fe499f386cdf93a4f71393ab57da5eee4e346ebccdf9a7e990b44a76433af4071e90ee0e0fc8744003f9afe6bdda1cbd132fef8235d39c932bb9960f52bbea2062ed773a52beef26b333f603d8e9a0a9652c222a013cb1bd44bb5dc96c1a4135284c91784f0d66a2d7d97c59e26fd19d645e730b656d56e7a8166f228a751a745c4491f1865c8d5a4b1bf61fd4a564811e32699deff03a3328829cd888ae53fccb0819957ee499a2ad79d1c1d73ef7324562bee86575193983b41f66c12c95eb5d171df5c4beda799c4fb314e8e27bc47b195e1c8a2cd2d3bfbb29c8264ebddf95da",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+      "TBS": {
+        "MD5": "61509fd4e01160eb7d8007dc182bee5b",
+        "SHA1": "febd34ec96d90e498d9b6fa54d7fab80ce1464d3",
+        "SHA256": "7d79e52d96bc7c571299d90c3bc4bff9d08e36eb74b7e8b0cd69114980737953"
+      },
+      "ValidFrom": "2014-10-01 18:02:10",
+      "ValidTo": "2016-01-01 18:02:10",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "6108d3c4000000000004",
+      "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "TBS": {
+        "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+        "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+        "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+      },
+      "ValidFrom": "2011-06-27 21:22:45",
+      "ValidTo": "2026-06-27 21:32:45",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "SerialNumber": "3300000010a4912943d94ce62e000100000010",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/e91a68c8-807d-4b65-a86b-c51335730c55.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/e9402a67-21ec-4fdb-b0a3-7f1700f1ede7.md b/lolrmm.com/content/bootloaders/e9402a67-21ec-4fdb-b0a3-7f1700f1ede7.md
new file mode 100644
index 00000000..7ddaa52c
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/e9402a67-21ec-4fdb-b0a3-7f1700f1ede7.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "e9402a67-21ec-4fdb-b0a3-7f1700f1ede7"
+weight = 10
+displayTitle = "bootia32.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootia32.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: e9402a67-21ec-4fdb-b0a3-7f1700f1ede7
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/670eb63cbc05c4a4fa62f3c63d5b5f0a.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootia32.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootia32.efi |
+| MD5                | [670eb63cbc05c4a4fa62f3c63d5b5f0a](https://www.virustotal.com/gui/file/670eb63cbc05c4a4fa62f3c63d5b5f0a) |
+| SHA1               | [4c53e7cd05e537f0f730ed2b079200c7e1543a72](https://www.virustotal.com/gui/file/4c53e7cd05e537f0f730ed2b079200c7e1543a72) |
+| SHA256             | [132d59d83c29be7351d35c44b846dfc3f37b3c62bc40eac6aec3fd68e7cfcfde](https://www.virustotal.com/gui/file/132d59d83c29be7351d35c44b846dfc3f37b3c62bc40eac6aec3fd68e7cfcfde) |
+| Authentihash MD5   | [40b3933716925a99d7457268b098c42e](https://www.virustotal.com/gui/search/authentihash%253A40b3933716925a99d7457268b098c42e) |
+| Authentihash SHA1  | [f2ffc38ed784f8938830012818332db0e4bebfe3](https://www.virustotal.com/gui/search/authentihash%253Af2ffc38ed784f8938830012818332db0e4bebfe3) |
+| Authentihash SHA256| [4f94f40c6b4bac7bf219c73dafd0870879f1db10de6c8620f6f1333d7aa5455a](https://www.virustotal.com/gui/search/authentihash%253A4f94f40c6b4bac7bf219c73dafd0870879f1db10de6c8620f6f1333d7aa5455a) |
+| RichPEHeaderHash MD5   | [d94c4831d7cd65bd85851b4c2726909e](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Ad94c4831d7cd65bd85851b4c2726909e) |
+| RichPEHeaderHash SHA1  | [e4705a5872fb945b5826084d24ee95df003b18e3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Ae4705a5872fb945b5826084d24ee95df003b18e3) |
+| RichPEHeaderHash SHA256| [e2dd71c959ee2c73c142c38d5f2a2f2566a8d421c88ef20cf4eaf567db79fd44](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Ae2dd71c959ee2c73c142c38d5f2a2f2566a8d421c88ef20cf4eaf567db79fd44) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000004ea1d80770a9bbe94400000000004e
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 9da610547a25cbe89af7ecdb99229623  |
+| ToBeSigned (TBS) SHA1             | 6841cbcbd019586d045c2e9d6d0bc3a98fee3bf7 |
+| ToBeSigned (TBS) SHA256           | 1cfead8146399a4dfe6759e9303c30c521cff3830e7177e87e64021dc3da4931 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2014-07-01 20:32:01 |
+| ValidTo                           | 2015-10-01 20:32:01 |
+| Signature                         | 8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000004ea1d80770a9bbe94400000000004e |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+      "Signature": "8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "9da610547a25cbe89af7ecdb99229623",
+        "SHA1": "6841cbcbd019586d045c2e9d6d0bc3a98fee3bf7",
+        "SHA256": "1cfead8146399a4dfe6759e9303c30c521cff3830e7177e87e64021dc3da4931"
+      },
+      "ValidFrom": "2014-07-01 20:32:01",
+      "ValidTo": "2015-10-01 20:32:01",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/e9402a67-21ec-4fdb-b0a3-7f1700f1ede7.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/e950e347-4bfd-44d7-b2c6-7dbbce0f2667.md b/lolrmm.com/content/bootloaders/e950e347-4bfd-44d7-b2c6-7dbbce0f2667.md
new file mode 100644
index 00000000..5fac4ad1
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/e950e347-4bfd-44d7-b2c6-7dbbce0f2667.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "e950e347-4bfd-44d7-b2c6-7dbbce0f2667"
+weight = 10
+displayTitle = "e950e347-4bfd-44d7-b2c6-7dbbce0f2667"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# e950e347-4bfd-44d7-b2c6-7dbbce0f2667 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Unknown and revoked Jul-20
+- **UUID**: e950e347-4bfd-44d7-b2c6-7dbbce0f2667
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [AA8DB86BE59A48E4C525DD468119BEBA1D836CE4293C76E4B736902D1AD62F27](https://www.virustotal.com/gui/file/AA8DB86BE59A48E4C525DD468119BEBA1D836CE4293C76E4B736902D1AD62F27) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [C69D64A5B839E41BA16742527E17056A18CE3C276FD26E34901A1BC7D0E32219](https://www.virustotal.com/gui/search/authentihash%253AC69D64A5B839E41BA16742527E17056A18CE3C276FD26E34901A1BC7D0E32219) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/e950e347-4bfd-44d7-b2c6-7dbbce0f2667.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/e9785a5c-1caf-4577-85fa-9a2eadc9bfe9.md b/lolrmm.com/content/bootloaders/e9785a5c-1caf-4577-85fa-9a2eadc9bfe9.md
new file mode 100644
index 00000000..bd06e3c8
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/e9785a5c-1caf-4577-85fa-9a2eadc9bfe9.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "e9785a5c-1caf-4577-85fa-9a2eadc9bfe9"
+weight = 10
+displayTitle = "e9785a5c-1caf-4577-85fa-9a2eadc9bfe9"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# e9785a5c-1caf-4577-85fa-9a2eadc9bfe9 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by SUSE Linux and revoked Jul-20
+- **UUID**: e9785a5c-1caf-4577-85fa-9a2eadc9bfe9
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [D389EDE1F84051086D30B8C2CFC362797B129854DF1313CA474F83A143F55D11](https://www.virustotal.com/gui/file/D389EDE1F84051086D30B8C2CFC362797B129854DF1313CA474F83A143F55D11) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [788383A4C733BB87D2BF51673DC73E92DF15AB7D51DC715627AE77686D8D23BC](https://www.virustotal.com/gui/search/authentihash%253A788383A4C733BB87D2BF51673DC73E92DF15AB7D51DC715627AE77686D8D23BC) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/e9785a5c-1caf-4577-85fa-9a2eadc9bfe9.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/ea9f89dc-3143-424c-b3b3-437969245705.md b/lolrmm.com/content/bootloaders/ea9f89dc-3143-424c-b3b3-437969245705.md
new file mode 100644
index 00000000..4e816a2b
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/ea9f89dc-3143-424c-b3b3-437969245705.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "ea9f89dc-3143-424c-b3b3-437969245705"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: ea9f89dc-3143-424c-b3b3-437969245705
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/1aa56b885cc8dcb37e0165fb6774acf3.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [1aa56b885cc8dcb37e0165fb6774acf3](https://www.virustotal.com/gui/file/1aa56b885cc8dcb37e0165fb6774acf3) |
+| SHA1               | [51b1b97472c99971ef217632ae7d9fee3ce3f1ad](https://www.virustotal.com/gui/file/51b1b97472c99971ef217632ae7d9fee3ce3f1ad) |
+| SHA256             | [2b334e6b147104306dd91f77e900c07383c0ddff77c2979ec79ea5d92944c13d](https://www.virustotal.com/gui/file/2b334e6b147104306dd91f77e900c07383c0ddff77c2979ec79ea5d92944c13d) |
+| Authentihash MD5   | [8c6a38741626834657d7c8a8efc9ba4d](https://www.virustotal.com/gui/search/authentihash%253A8c6a38741626834657d7c8a8efc9ba4d) |
+| Authentihash SHA1  | [605ed193044333070a922ead0b80c554c8e73287](https://www.virustotal.com/gui/search/authentihash%253A605ed193044333070a922ead0b80c554c8e73287) |
+| Authentihash SHA256| [71a5716decf09fe8bcbcc73225fe1e7012076cea39b49e9e72afa291b1fb717f](https://www.virustotal.com/gui/search/authentihash%253A71a5716decf09fe8bcbcc73225fe1e7012076cea39b49e9e72afa291b1fb717f) |
+| RichPEHeaderHash MD5   | [d94c4831d7cd65bd85851b4c2726909e](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Ad94c4831d7cd65bd85851b4c2726909e) |
+| RichPEHeaderHash SHA1  | [e4705a5872fb945b5826084d24ee95df003b18e3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Ae4705a5872fb945b5826084d24ee95df003b18e3) |
+| RichPEHeaderHash SHA256| [e2dd71c959ee2c73c142c38d5f2a2f2566a8d421c88ef20cf4eaf567db79fd44](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Ae2dd71c959ee2c73c142c38d5f2a2f2566a8d421c88ef20cf4eaf567db79fd44) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000004ea1d80770a9bbe94400000000004e
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 9da610547a25cbe89af7ecdb99229623  |
+| ToBeSigned (TBS) SHA1             | 6841cbcbd019586d045c2e9d6d0bc3a98fee3bf7 |
+| ToBeSigned (TBS) SHA256           | 1cfead8146399a4dfe6759e9303c30c521cff3830e7177e87e64021dc3da4931 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2014-07-01 20:32:01 |
+| ValidTo                           | 2015-10-01 20:32:01 |
+| Signature                         | 8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000004ea1d80770a9bbe94400000000004e |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+      "Signature": "8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "9da610547a25cbe89af7ecdb99229623",
+        "SHA1": "6841cbcbd019586d045c2e9d6d0bc3a98fee3bf7",
+        "SHA256": "1cfead8146399a4dfe6759e9303c30c521cff3830e7177e87e64021dc3da4931"
+      },
+      "ValidFrom": "2014-07-01 20:32:01",
+      "ValidTo": "2015-10-01 20:32:01",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/ea9f89dc-3143-424c-b3b3-437969245705.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/eba694e7-6b97-4fd7-8e20-e26392cad8e7.md b/lolrmm.com/content/bootloaders/eba694e7-6b97-4fd7-8e20-e26392cad8e7.md
new file mode 100644
index 00000000..2ff06270
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/eba694e7-6b97-4fd7-8e20-e26392cad8e7.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "eba694e7-6b97-4fd7-8e20-e26392cad8e7"
+weight = 10
+displayTitle = "bootarm.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootarm.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: eba694e7-6b97-4fd7-8e20-e26392cad8e7
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootarm.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootarm.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [07463549E9B992F78E7E64BD24BCA93754EF3674F5F5D76C4D44F462060DF0B9](https://www.virustotal.com/gui/file/07463549E9B992F78E7E64BD24BCA93754EF3674F5F5D76C4D44F462060DF0B9) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [86E9384C41F9339D9B0F80B48055D02BE5FF908860F2CEF63359E0D8B7937A27](https://www.virustotal.com/gui/search/authentihash%253A86E9384C41F9339D9B0F80B48055D02BE5FF908860F2CEF63359E0D8B7937A27) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/eba694e7-6b97-4fd7-8e20-e26392cad8e7.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/ec0d55b6-d46c-4f5e-b467-1a8fe09e64d2.md b/lolrmm.com/content/bootloaders/ec0d55b6-d46c-4f5e-b467-1a8fe09e64d2.md
new file mode 100644
index 00000000..2c5d6e8f
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/ec0d55b6-d46c-4f5e-b467-1a8fe09e64d2.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "ec0d55b6-d46c-4f5e-b467-1a8fe09e64d2"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: ec0d55b6-d46c-4f5e-b467-1a8fe09e64d2
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [FB03DB013F31A9AA909B77CF510CD129B9E857A93E37BF9ABB91A79EB296C758](https://www.virustotal.com/gui/file/FB03DB013F31A9AA909B77CF510CD129B9E857A93E37BF9ABB91A79EB296C758) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [0C0C78837FA767EB045B8199E1E20AD666F90928DAEEB8F5E5253D8E7877FCB4](https://www.virustotal.com/gui/search/authentihash%253A0C0C78837FA767EB045B8199E1E20AD666F90928DAEEB8F5E5253D8E7877FCB4) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/ec0d55b6-d46c-4f5e-b467-1a8fe09e64d2.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/eefbdef0-8570-4a68-9824-042e17b71f98.md b/lolrmm.com/content/bootloaders/eefbdef0-8570-4a68-9824-042e17b71f98.md
new file mode 100644
index 00000000..d0cc5b61
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/eefbdef0-8570-4a68-9824-042e17b71f98.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "eefbdef0-8570-4a68-9824-042e17b71f98"
+weight = 10
+displayTitle = "eefbdef0-8570-4a68-9824-042e17b71f98"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# eefbdef0-8570-4a68-9824-042e17b71f98 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Unknown and revoked Jul-20
+- **UUID**: eefbdef0-8570-4a68-9824-042e17b71f98
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [CB9E3E372C5F707858E1DE6421C2D3407C240F9D7BC43A9B9F3BA1F6037615B9](https://www.virustotal.com/gui/file/CB9E3E372C5F707858E1DE6421C2D3407C240F9D7BC43A9B9F3BA1F6037615B9) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [41D1EEB177C0324E17DD6557F384E532DE0CF51A019A446B01EFB351BC259D77](https://www.virustotal.com/gui/search/authentihash%253A41D1EEB177C0324E17DD6557F384E532DE0CF51A019A446B01EFB351BC259D77) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/eefbdef0-8570-4a68-9824-042e17b71f98.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/ef578b44-9fd5-4d83-9609-4c955babbd69.md b/lolrmm.com/content/bootloaders/ef578b44-9fd5-4d83-9609-4c955babbd69.md
new file mode 100644
index 00000000..3ada1cd4
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/ef578b44-9fd5-4d83-9609-4c955babbd69.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "ef578b44-9fd5-4d83-9609-4c955babbd69"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: ef578b44-9fd5-4d83-9609-4c955babbd69
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [E082E310571748B9FE6B2DFAB71550530F2452B8E7E4F7725DE7EB9E4C7B1559](https://www.virustotal.com/gui/file/E082E310571748B9FE6B2DFAB71550530F2452B8E7E4F7725DE7EB9E4C7B1559) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [87176A15E766BD06528ED91A61481C3B3CDE65EE95115403F9FFC6D3A26D43D0](https://www.virustotal.com/gui/search/authentihash%253A87176A15E766BD06528ED91A61481C3B3CDE65EE95115403F9FFC6D3A26D43D0) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/ef578b44-9fd5-4d83-9609-4c955babbd69.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/eff3ed05-f849-4ea0-9f4f-1af40e48c368.md b/lolrmm.com/content/bootloaders/eff3ed05-f849-4ea0-9f4f-1af40e48c368.md
new file mode 100644
index 00000000..0333ce6e
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/eff3ed05-f849-4ea0-9f4f-1af40e48c368.md
@@ -0,0 +1,164 @@
++++
+
+description = ""
+title = "eff3ed05-f849-4ea0-9f4f-1af40e48c368"
+weight = 10
+displayTitle = "shim-0.8-0ubuntu2/shim64-bit.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# shim-0.8-0ubuntu2/shim64-bit.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Canonical Ltd and revoked Apr-21
+- **UUID**: eff3ed05-f849-4ea0-9f4f-1af40e48c368
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/1feeb7cf14b7809b43c9044ff910afd2.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\shim-0.8-0ubuntu2/shim64-bit.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372">CVE-2020-14372</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632">CVE-2020-25632</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647">CVE-2020-25647</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749">CVE-2020-27749</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779">CVE-2020-27779</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3418">CVE-2021-3418</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225">CVE-2021-20225</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233">CVE-2021-20233</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | shim-0.8-0ubuntu2/shim64-bit.efi |
+| MD5                | [1feeb7cf14b7809b43c9044ff910afd2](https://www.virustotal.com/gui/file/1feeb7cf14b7809b43c9044ff910afd2) |
+| SHA1               | [5a9676753387c0f2b6bf9bae87605b78667df8f1](https://www.virustotal.com/gui/file/5a9676753387c0f2b6bf9bae87605b78667df8f1) |
+| SHA256             | [45ec69179be0f20088f10be909fc8b6104f85607db0a556482fee9384eb4d52b](https://www.virustotal.com/gui/file/45ec69179be0f20088f10be909fc8b6104f85607db0a556482fee9384eb4d52b) |
+| Authentihash MD5   | [e5569162d84d9553c5cb32345e717a9e](https://www.virustotal.com/gui/search/authentihash%253Ae5569162d84d9553c5cb32345e717a9e) |
+| Authentihash SHA1  | [64a3960e247176d3389e64a2a61a3be0782dde88](https://www.virustotal.com/gui/search/authentihash%253A64a3960e247176d3389e64a2a61a3be0782dde88) |
+| Authentihash SHA256| [e6ed1aaa082e63c15be118462ad2d14cee3bd9cdd81db5c8801b33ade2183d50](https://www.virustotal.com/gui/search/authentihash%253Ae6ed1aaa082e63c15be118462ad2d14cee3bd9cdd81db5c8801b33ade2183d50) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/eff3ed05-f849-4ea0-9f4f-1af40e48c368.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/f15d8f48-cf83-4954-a1d2-030f6dfd40a3.md b/lolrmm.com/content/bootloaders/f15d8f48-cf83-4954-a1d2-030f6dfd40a3.md
new file mode 100644
index 00000000..04c3fd00
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/f15d8f48-cf83-4954-a1d2-030f6dfd40a3.md
@@ -0,0 +1,234 @@
++++
+
+description = ""
+title = "f15d8f48-cf83-4954-a1d2-030f6dfd40a3"
+weight = 10
+displayTitle = "bootx64.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootx64.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Trend Micro and revoked Mar-23
+- **UUID**: f15d8f48-cf83-4954-a1d2-030f6dfd40a3
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/fcc89caed202cfa0f9d16b9e1c27d970.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootx64.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28005">CVE-2023-28005</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootx64.efi |
+| MD5                | [fcc89caed202cfa0f9d16b9e1c27d970](https://www.virustotal.com/gui/file/fcc89caed202cfa0f9d16b9e1c27d970) |
+| SHA1               | [6a5c3056057baea653d533429110deb3bd7ffec1](https://www.virustotal.com/gui/file/6a5c3056057baea653d533429110deb3bd7ffec1) |
+| SHA256             | [d0eb15fe822c6239a8bb2b42fbc035d0956c72ac6fbd1429c1ab7f7e348b8f94](https://www.virustotal.com/gui/file/d0eb15fe822c6239a8bb2b42fbc035d0956c72ac6fbd1429c1ab7f7e348b8f94) |
+| Authentihash MD5   | [14d423ad7ffd78c631ebcce6c78a6c8c](https://www.virustotal.com/gui/search/authentihash%253A14d423ad7ffd78c631ebcce6c78a6c8c) |
+| Authentihash SHA1  | [872f7f79da66889049503fc77a7d3fefd25a6f55](https://www.virustotal.com/gui/search/authentihash%253A872f7f79da66889049503fc77a7d3fefd25a6f55) |
+| Authentihash SHA256| [6a0e824654b7479152058cf738a378e629483874b6dbd67e0d8c3327b2fcac64](https://www.virustotal.com/gui/search/authentihash%253A6a0e824654b7479152058cf738a378e629483874b6dbd67e0d8c3327b2fcac64) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000001e0d8474951a966ce400010000001e
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | b6f099bf203668f11a8f79ab08792ed8  |
+| ToBeSigned (TBS) SHA1             | 4713755a345940554eada6042e90b0151591fad6 |
+| ToBeSigned (TBS) SHA256           | 62a02001fda2712f35e5ba5f619a6403b6a2c10570eab455fdc69455535f49bb |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher |
+| ValidFrom                         | 2016-11-17 22:05:37 |
+| ValidTo                           | 2018-02-17 22:05:37 |
+| Signature                         | 0141873b6d85a37b5ac2a306448d73b6be76f7682ad14efef7ce4b377f0f7a5fbefd76377d59dc2caccd28d1be3eb180a8b66ab19a853bd14c7d5e955e8f07bc2ee0686ac3a2c9e997bd9f58de6dc9b93900c6b7824f64bf415ac51ebaa3dcfe8ad4fc2a41ad95b372c421c4f87835a59867c244e1c8df142abc4b23579f57431565eb8de6a7a0318b2fd17f93876a335c9450d2531f6a877baf43a569f83703a68e49987ca3c6dd42a595827f5be49151d3b79ea262e38ef5b37bda5b1be3462baa6ccb313193cdba21ea3cb1e9bbc751a769f354d63a0d1de3158c67d47b765b92d580ed5f1f1cdb5f61774c4b66c7deb15f4c71d605106064f33a17d31ca6 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000001e0d8474951a966ce400010000001e |
+| Version                           | 3 |
+###### Certificate 6108d3c4000000000004
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 1f23e75a000f0b6db92650dc26ac98e1  |
+| ToBeSigned (TBS) SHA1             | bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d |
+| ToBeSigned (TBS) SHA256           | 9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011 |
+| ValidFrom                         | 2011-06-27 21:22:45 |
+| ValidTo                           | 2026-06-27 21:32:45 |
+| Signature                         | 350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 6108d3c4000000000004 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000001e0d8474951a966ce400010000001e",
+      "Signature": "0141873b6d85a37b5ac2a306448d73b6be76f7682ad14efef7ce4b377f0f7a5fbefd76377d59dc2caccd28d1be3eb180a8b66ab19a853bd14c7d5e955e8f07bc2ee0686ac3a2c9e997bd9f58de6dc9b93900c6b7824f64bf415ac51ebaa3dcfe8ad4fc2a41ad95b372c421c4f87835a59867c244e1c8df142abc4b23579f57431565eb8de6a7a0318b2fd17f93876a335c9450d2531f6a877baf43a569f83703a68e49987ca3c6dd42a595827f5be49151d3b79ea262e38ef5b37bda5b1be3462baa6ccb313193cdba21ea3cb1e9bbc751a769f354d63a0d1de3158c67d47b765b92d580ed5f1f1cdb5f61774c4b66c7deb15f4c71d605106064f33a17d31ca6",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+      "TBS": {
+        "MD5": "b6f099bf203668f11a8f79ab08792ed8",
+        "SHA1": "4713755a345940554eada6042e90b0151591fad6",
+        "SHA256": "62a02001fda2712f35e5ba5f619a6403b6a2c10570eab455fdc69455535f49bb"
+      },
+      "ValidFrom": "2016-11-17 22:05:37",
+      "ValidTo": "2018-02-17 22:05:37",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "6108d3c4000000000004",
+      "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "TBS": {
+        "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+        "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+        "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+      },
+      "ValidFrom": "2011-06-27 21:22:45",
+      "ValidTo": "2026-06-27 21:32:45",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "SerialNumber": "330000001e0d8474951a966ce400010000001e",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/f15d8f48-cf83-4954-a1d2-030f6dfd40a3.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/f2418902-5951-4626-8a5f-79d4d022337f.md b/lolrmm.com/content/bootloaders/f2418902-5951-4626-8a5f-79d4d022337f.md
new file mode 100644
index 00000000..5f8c5364
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/f2418902-5951-4626-8a5f-79d4d022337f.md
@@ -0,0 +1,241 @@
++++
+
+description = ""
+title = "f2418902-5951-4626-8a5f-79d4d022337f"
+weight = 10
+displayTitle = "bootnetx64.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootnetx64.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Debian Project and revoked Jul-20
+- **UUID**: f2418902-5951-4626-8a5f-79d4d022337f
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/41218ac4af41772dbaa3d4738e0c2bf3.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootnetx64.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootnetx64.efi |
+| MD5                | [41218ac4af41772dbaa3d4738e0c2bf3](https://www.virustotal.com/gui/file/41218ac4af41772dbaa3d4738e0c2bf3) |
+| SHA1               | [4d7caebdafbc4bb3866676173dace618baa6a129](https://www.virustotal.com/gui/file/4d7caebdafbc4bb3866676173dace618baa6a129) |
+| SHA256             | [aef3e0a113345c1adca2d627c5853a11ddfc4e0e07fd28c10049a9b766c0fbc5](https://www.virustotal.com/gui/file/aef3e0a113345c1adca2d627c5853a11ddfc4e0e07fd28c10049a9b766c0fbc5) |
+| Authentihash MD5   | [59ee638030fd199a10f08a99e2cecb60](https://www.virustotal.com/gui/search/authentihash%253A59ee638030fd199a10f08a99e2cecb60) |
+| Authentihash SHA1  | [e123503e3c7764b8d9e60439069505f997287914](https://www.virustotal.com/gui/search/authentihash%253Ae123503e3c7764b8d9e60439069505f997287914) |
+| Authentihash SHA256| [c9ec350406f26e559affb4030de2ebde5435054c35a998605b8fcf04972d8d55](https://www.virustotal.com/gui/search/authentihash%253Ac9ec350406f26e559affb4030de2ebde5435054c35a998605b8fcf04972d8d55) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000001e0d8474951a966ce400010000001e
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | b6f099bf203668f11a8f79ab08792ed8  |
+| ToBeSigned (TBS) SHA1             | 4713755a345940554eada6042e90b0151591fad6 |
+| ToBeSigned (TBS) SHA256           | 62a02001fda2712f35e5ba5f619a6403b6a2c10570eab455fdc69455535f49bb |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher |
+| ValidFrom                         | 2016-11-17 22:05:37 |
+| ValidTo                           | 2018-02-17 22:05:37 |
+| Signature                         | 0141873b6d85a37b5ac2a306448d73b6be76f7682ad14efef7ce4b377f0f7a5fbefd76377d59dc2caccd28d1be3eb180a8b66ab19a853bd14c7d5e955e8f07bc2ee0686ac3a2c9e997bd9f58de6dc9b93900c6b7824f64bf415ac51ebaa3dcfe8ad4fc2a41ad95b372c421c4f87835a59867c244e1c8df142abc4b23579f57431565eb8de6a7a0318b2fd17f93876a335c9450d2531f6a877baf43a569f83703a68e49987ca3c6dd42a595827f5be49151d3b79ea262e38ef5b37bda5b1be3462baa6ccb313193cdba21ea3cb1e9bbc751a769f354d63a0d1de3158c67d47b765b92d580ed5f1f1cdb5f61774c4b66c7deb15f4c71d605106064f33a17d31ca6 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000001e0d8474951a966ce400010000001e |
+| Version                           | 3 |
+###### Certificate 6108d3c4000000000004
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 1f23e75a000f0b6db92650dc26ac98e1  |
+| ToBeSigned (TBS) SHA1             | bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d |
+| ToBeSigned (TBS) SHA256           | 9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011 |
+| ValidFrom                         | 2011-06-27 21:22:45 |
+| ValidTo                           | 2026-06-27 21:32:45 |
+| Signature                         | 350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 6108d3c4000000000004 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000001e0d8474951a966ce400010000001e",
+      "Signature": "0141873b6d85a37b5ac2a306448d73b6be76f7682ad14efef7ce4b377f0f7a5fbefd76377d59dc2caccd28d1be3eb180a8b66ab19a853bd14c7d5e955e8f07bc2ee0686ac3a2c9e997bd9f58de6dc9b93900c6b7824f64bf415ac51ebaa3dcfe8ad4fc2a41ad95b372c421c4f87835a59867c244e1c8df142abc4b23579f57431565eb8de6a7a0318b2fd17f93876a335c9450d2531f6a877baf43a569f83703a68e49987ca3c6dd42a595827f5be49151d3b79ea262e38ef5b37bda5b1be3462baa6ccb313193cdba21ea3cb1e9bbc751a769f354d63a0d1de3158c67d47b765b92d580ed5f1f1cdb5f61774c4b66c7deb15f4c71d605106064f33a17d31ca6",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+      "TBS": {
+        "MD5": "b6f099bf203668f11a8f79ab08792ed8",
+        "SHA1": "4713755a345940554eada6042e90b0151591fad6",
+        "SHA256": "62a02001fda2712f35e5ba5f619a6403b6a2c10570eab455fdc69455535f49bb"
+      },
+      "ValidFrom": "2016-11-17 22:05:37",
+      "ValidTo": "2018-02-17 22:05:37",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "6108d3c4000000000004",
+      "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "TBS": {
+        "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+        "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+        "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+      },
+      "ValidFrom": "2011-06-27 21:22:45",
+      "ValidTo": "2026-06-27 21:32:45",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "SerialNumber": "330000001e0d8474951a966ce400010000001e",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/f2418902-5951-4626-8a5f-79d4d022337f.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/f4268520-fd18-40df-aecf-b2a6e8dcf27d.md b/lolrmm.com/content/bootloaders/f4268520-fd18-40df-aecf-b2a6e8dcf27d.md
new file mode 100644
index 00000000..0af5e463
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/f4268520-fd18-40df-aecf-b2a6e8dcf27d.md
@@ -0,0 +1,241 @@
++++
+
+description = ""
+title = "f4268520-fd18-40df-aecf-b2a6e8dcf27d"
+weight = 10
+displayTitle = "bootx64.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootx64.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by TeraByte Inc. and revoked Jul-20
+- **UUID**: f4268520-fd18-40df-aecf-b2a6e8dcf27d
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/fbec641d8564e4e48784b2b07dd9c196.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootx64.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootx64.efi |
+| MD5                | [fbec641d8564e4e48784b2b07dd9c196](https://www.virustotal.com/gui/file/fbec641d8564e4e48784b2b07dd9c196) |
+| SHA1               | [7ac5c5314da05d3a6e69e4213b9479a62d6f411b](https://www.virustotal.com/gui/file/7ac5c5314da05d3a6e69e4213b9479a62d6f411b) |
+| SHA256             | [ee39a9a3fbde8b15ce4ac34519e248ea746a52ae0ae680da5b0c7ef919e583a3](https://www.virustotal.com/gui/file/ee39a9a3fbde8b15ce4ac34519e248ea746a52ae0ae680da5b0c7ef919e583a3) |
+| Authentihash MD5   | [ba5501c6998594711fe062521d0ba9de](https://www.virustotal.com/gui/search/authentihash%253Aba5501c6998594711fe062521d0ba9de) |
+| Authentihash SHA1  | [8dc43164d1742fd0e3a9590190ee7116bcfc04a8](https://www.virustotal.com/gui/search/authentihash%253A8dc43164d1742fd0e3a9590190ee7116bcfc04a8) |
+| Authentihash SHA256| [96e4509450d380dac362ff8e295589128a1f1ce55885d20d89c27ba2a9d00909](https://www.virustotal.com/gui/search/authentihash%253A96e4509450d380dac362ff8e295589128a1f1ce55885d20d89c27ba2a9d00909) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 33000000081eb17e9c15fc837a000100000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | c5e24205d04c09c94d81b6935af7ec09  |
+| ToBeSigned (TBS) SHA1             | 12622dccb5b07edfd65cae6fc018e24b80ff2c82 |
+| ToBeSigned (TBS) SHA256           | d6afbff1c283d7777501bd3b2adb4aadb8ce32649ee401dfbb06f884362f7507 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher |
+| ValidFrom                         | 2012-07-02 22:25:14 |
+| ValidTo                           | 2013-10-02 22:25:14 |
+| Signature                         | 840831439e4e63e88d00e1b0c0678d70bb89f466e9027ab28177926d5def8175b3240e729f943f1e6bd94a0f27c92e696a5001c0747f6bf7574c09e8485a5eb6d7024244ddd73236c28e9dfad58ec5098b74516234232552d9230c1d0ddae73108b0a0144bd9e9265dac56ebdcce7512cf3627a6858d41876ede19d35e0e27957a6896aae9ea150098327450fe7c72385aac6feff0616b3d066cd0be7e5a537bb18488c67db9f0731c30ac7918fe977b4250ffbfbeea81e1ba3b8a0305b9374f0d22453781cc5823b5faad5e50e84306381f83382fe0ed8b176a9c9ff1868cc6543e7f12b1f112adc62430fd1ba530d877a290f0d2e09eacce07ed37ec439c25 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 33000000081eb17e9c15fc837a000100000008 |
+| Version                           | 3 |
+###### Certificate 6108d3c4000000000004
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 1f23e75a000f0b6db92650dc26ac98e1  |
+| ToBeSigned (TBS) SHA1             | bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d |
+| ToBeSigned (TBS) SHA256           | 9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011 |
+| ValidFrom                         | 2011-06-27 21:22:45 |
+| ValidTo                           | 2026-06-27 21:32:45 |
+| Signature                         | 350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 6108d3c4000000000004 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "33000000081eb17e9c15fc837a000100000008",
+      "Signature": "840831439e4e63e88d00e1b0c0678d70bb89f466e9027ab28177926d5def8175b3240e729f943f1e6bd94a0f27c92e696a5001c0747f6bf7574c09e8485a5eb6d7024244ddd73236c28e9dfad58ec5098b74516234232552d9230c1d0ddae73108b0a0144bd9e9265dac56ebdcce7512cf3627a6858d41876ede19d35e0e27957a6896aae9ea150098327450fe7c72385aac6feff0616b3d066cd0be7e5a537bb18488c67db9f0731c30ac7918fe977b4250ffbfbeea81e1ba3b8a0305b9374f0d22453781cc5823b5faad5e50e84306381f83382fe0ed8b176a9c9ff1868cc6543e7f12b1f112adc62430fd1ba530d877a290f0d2e09eacce07ed37ec439c25",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+      "TBS": {
+        "MD5": "c5e24205d04c09c94d81b6935af7ec09",
+        "SHA1": "12622dccb5b07edfd65cae6fc018e24b80ff2c82",
+        "SHA256": "d6afbff1c283d7777501bd3b2adb4aadb8ce32649ee401dfbb06f884362f7507"
+      },
+      "ValidFrom": "2012-07-02 22:25:14",
+      "ValidTo": "2013-10-02 22:25:14",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "6108d3c4000000000004",
+      "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "TBS": {
+        "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+        "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+        "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+      },
+      "ValidFrom": "2011-06-27 21:22:45",
+      "ValidTo": "2026-06-27 21:32:45",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "SerialNumber": "33000000081eb17e9c15fc837a000100000008",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/f4268520-fd18-40df-aecf-b2a6e8dcf27d.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/f4e945a8-aa6f-48dc-822c-ff44ce513b70.md b/lolrmm.com/content/bootloaders/f4e945a8-aa6f-48dc-822c-ff44ce513b70.md
new file mode 100644
index 00000000..643459ce
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/f4e945a8-aa6f-48dc-822c-ff44ce513b70.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "f4e945a8-aa6f-48dc-822c-ff44ce513b70"
+weight = 10
+displayTitle = "shim-0~20120906.bcd0a4e8-0ubuntu3/shim64-bit.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# shim-0~20120906.bcd0a4e8-0ubuntu3/shim64-bit.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Canonical Ltd and revoked Apr-21
+- **UUID**: f4e945a8-aa6f-48dc-822c-ff44ce513b70
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\shim-0~20120906.bcd0a4e8-0ubuntu3/shim64-bit.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372">CVE-2020-14372</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632">CVE-2020-25632</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647">CVE-2020-25647</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749">CVE-2020-27749</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779">CVE-2020-27779</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3418">CVE-2021-3418</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225">CVE-2021-20225</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233">CVE-2021-20233</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | shim-0~20120906.bcd0a4e8-0ubuntu3/shim64-bit.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [561EEF7131FFB079F75F6EC3E5738354A3C0EEB204863E7A4018B6409B7D26D0](https://www.virustotal.com/gui/file/561EEF7131FFB079F75F6EC3E5738354A3C0EEB204863E7A4018B6409B7D26D0) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [D4241190CD5A369D8C344C660E24F3027FB8E7064FAB33770E93FA765FFB152E](https://www.virustotal.com/gui/search/authentihash%253AD4241190CD5A369D8C344C660E24F3027FB8E7064FAB33770E93FA765FFB152E) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/f4e945a8-aa6f-48dc-822c-ff44ce513b70.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/f57db2b6-025f-43fe-af3a-c50cc2bc1aec.md b/lolrmm.com/content/bootloaders/f57db2b6-025f-43fe-af3a-c50cc2bc1aec.md
new file mode 100644
index 00000000..22611325
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/f57db2b6-025f-43fe-af3a-c50cc2bc1aec.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "f57db2b6-025f-43fe-af3a-c50cc2bc1aec"
+weight = 10
+displayTitle = "f57db2b6-025f-43fe-af3a-c50cc2bc1aec"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# f57db2b6-025f-43fe-af3a-c50cc2bc1aec ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked Jul-20
+- **UUID**: f57db2b6-025f-43fe-af3a-c50cc2bc1aec
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [2AEC3E859816EFA89AF844D6DD8CCAEA345A851CB23006D3C2928081352BEB25](https://www.virustotal.com/gui/file/2AEC3E859816EFA89AF844D6DD8CCAEA345A851CB23006D3C2928081352BEB25) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [91971C1497BF8E5BC68439ACC48D63EBB8FAABFD764DCBE82F3BA977CAC8CF6A](https://www.virustotal.com/gui/search/authentihash%253A91971C1497BF8E5BC68439ACC48D63EBB8FAABFD764DCBE82F3BA977CAC8CF6A) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/f57db2b6-025f-43fe-af3a-c50cc2bc1aec.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/f5fabb82-d43d-45ec-b057-5963c46113a0.md b/lolrmm.com/content/bootloaders/f5fabb82-d43d-45ec-b057-5963c46113a0.md
new file mode 100644
index 00000000..42643cdc
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/f5fabb82-d43d-45ec-b057-5963c46113a0.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "f5fabb82-d43d-45ec-b057-5963c46113a0"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: f5fabb82-d43d-45ec-b057-5963c46113a0
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [C6C85806905E0B76C25C82A88BFF62B995F49124C55413E74D1DCC3461FE8336](https://www.virustotal.com/gui/file/C6C85806905E0B76C25C82A88BFF62B995F49124C55413E74D1DCC3461FE8336) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [8A305C5FBE7C56F9E3214D7ADB8F176341F4020F234F3C14E52335967A2D365F](https://www.virustotal.com/gui/search/authentihash%253A8A305C5FBE7C56F9E3214D7ADB8F176341F4020F234F3C14E52335967A2D365F) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/f5fabb82-d43d-45ec-b057-5963c46113a0.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/f651508a-842a-4af6-b332-559fc9897806.md b/lolrmm.com/content/bootloaders/f651508a-842a-4af6-b332-559fc9897806.md
new file mode 100644
index 00000000..1f0949c1
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/f651508a-842a-4af6-b332-559fc9897806.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "f651508a-842a-4af6-b332-559fc9897806"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: f651508a-842a-4af6-b332-559fc9897806
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [9CD99CEFF9B7496E7B6720AF4C561668D6993376EC18593E3F54B1540E5B31A0](https://www.virustotal.com/gui/file/9CD99CEFF9B7496E7B6720AF4C561668D6993376EC18593E3F54B1540E5B31A0) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [D069A07B5ACDE004FE7286558041F1F123DD88BB1395E5E453F62F48EF37D199](https://www.virustotal.com/gui/search/authentihash%253AD069A07B5ACDE004FE7286558041F1F123DD88BB1395E5E453F62F48EF37D199) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/f651508a-842a-4af6-b332-559fc9897806.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/f65396ab-3920-4a6d-9bf0-fbbf62d52999.md b/lolrmm.com/content/bootloaders/f65396ab-3920-4a6d-9bf0-fbbf62d52999.md
new file mode 100644
index 00000000..06a5aa98
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/f65396ab-3920-4a6d-9bf0-fbbf62d52999.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "f65396ab-3920-4a6d-9bf0-fbbf62d52999"
+weight = 10
+displayTitle = "f65396ab-3920-4a6d-9bf0-fbbf62d52999"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# f65396ab-3920-4a6d-9bf0-fbbf62d52999 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Unknown and revoked Jul-20
+- **UUID**: f65396ab-3920-4a6d-9bf0-fbbf62d52999
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [6A3C1124A642244F23685B68D2E5A0AE036651AA401DE70B3912EFD044B62222](https://www.virustotal.com/gui/file/6A3C1124A642244F23685B68D2E5A0AE036651AA401DE70B3912EFD044B62222) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [08BB2289E9E91B4D20FF3F1562516AB07E979B2C6CEFE2AB70C6DFC1199F8DA5](https://www.virustotal.com/gui/search/authentihash%253A08BB2289E9E91B4D20FF3F1562516AB07E979B2C6CEFE2AB70C6DFC1199F8DA5) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/f65396ab-3920-4a6d-9bf0-fbbf62d52999.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/f901491e-f41b-4b77-8f9f-f9e5a6f03c8c.md b/lolrmm.com/content/bootloaders/f901491e-f41b-4b77-8f9f-f9e5a6f03c8c.md
new file mode 100644
index 00000000..3ca1c29d
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/f901491e-f41b-4b77-8f9f-f9e5a6f03c8c.md
@@ -0,0 +1,164 @@
++++
+
+description = ""
+title = "f901491e-f41b-4b77-8f9f-f9e5a6f03c8c"
+weight = 10
+displayTitle = "shim-15+1533136590.3beb971-0ubuntu1/shim64-bit.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# shim-15+1533136590.3beb971-0ubuntu1/shim64-bit.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Canonical Ltd and revoked Apr-21
+- **UUID**: f901491e-f41b-4b77-8f9f-f9e5a6f03c8c
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/9c9e2e8f49820dbed91f5cae846bbadb.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\shim-15+1533136590.3beb971-0ubuntu1/shim64-bit.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372">CVE-2020-14372</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632">CVE-2020-25632</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647">CVE-2020-25647</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749">CVE-2020-27749</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779">CVE-2020-27779</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3418">CVE-2021-3418</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225">CVE-2021-20225</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233">CVE-2021-20233</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | shim-15+1533136590.3beb971-0ubuntu1/shim64-bit.efi |
+| MD5                | [9c9e2e8f49820dbed91f5cae846bbadb](https://www.virustotal.com/gui/file/9c9e2e8f49820dbed91f5cae846bbadb) |
+| SHA1               | [afc56df60e5ea5a55a1e21f76562d073a56ec46b](https://www.virustotal.com/gui/file/afc56df60e5ea5a55a1e21f76562d073a56ec46b) |
+| SHA256             | [8844d9b3aea1568a7ff298e6dc12564c422dafae6510db377454ca6072861dde](https://www.virustotal.com/gui/file/8844d9b3aea1568a7ff298e6dc12564c422dafae6510db377454ca6072861dde) |
+| Authentihash MD5   | [75a7ca7cd2451ad3190c71a38c41ca02](https://www.virustotal.com/gui/search/authentihash%253A75a7ca7cd2451ad3190c71a38c41ca02) |
+| Authentihash SHA1  | [a60d97d18e48c13e38723508639f0600aa6888f9](https://www.virustotal.com/gui/search/authentihash%253Aa60d97d18e48c13e38723508639f0600aa6888f9) |
+| Authentihash SHA256| [5bfe928eec15454be29504e8f592a4ce5908afe3284b9eeeb259b25145eea2ab](https://www.virustotal.com/gui/search/authentihash%253A5bfe928eec15454be29504e8f592a4ce5908afe3284b9eeeb259b25145eea2ab) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/f901491e-f41b-4b77-8f9f-f9e5a6f03c8c.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/f907fd87-1f8a-4a91-8ed1-e74bf106b15c.md b/lolrmm.com/content/bootloaders/f907fd87-1f8a-4a91-8ed1-e74bf106b15c.md
new file mode 100644
index 00000000..794af160
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/f907fd87-1f8a-4a91-8ed1-e74bf106b15c.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "f907fd87-1f8a-4a91-8ed1-e74bf106b15c"
+weight = 10
+displayTitle = "f907fd87-1f8a-4a91-8ed1-e74bf106b15c"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# f907fd87-1f8a-4a91-8ed1-e74bf106b15c ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by SUSE Linux and revoked Jul-20
+- **UUID**: f907fd87-1f8a-4a91-8ed1-e74bf106b15c
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [B40F5FF7030848DB736573E06A1A1C5BF49F119E66DD0BA7E48E2651E2CE7059](https://www.virustotal.com/gui/file/B40F5FF7030848DB736573E06A1A1C5BF49F119E66DD0BA7E48E2651E2CE7059) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [9DD2DCB72F5E741627F2E9E03AB18503A3403CF6A904A479A4DB05D97E2250A9](https://www.virustotal.com/gui/search/authentihash%253A9DD2DCB72F5E741627F2E9E03AB18503A3403CF6A904A479A4DB05D97E2250A9) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/f907fd87-1f8a-4a91-8ed1-e74bf106b15c.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/f922e65f-baea-45c6-bdfa-0b6ab679bda8.md b/lolrmm.com/content/bootloaders/f922e65f-baea-45c6-bdfa-0b6ab679bda8.md
new file mode 100644
index 00000000..efe975de
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/f922e65f-baea-45c6-bdfa-0b6ab679bda8.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "f922e65f-baea-45c6-bdfa-0b6ab679bda8"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: f922e65f-baea-45c6-bdfa-0b6ab679bda8
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/2eb1ef37d6d0425c505df369802d5d54.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8">Black Lotus Microsoft Windows 8</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [2eb1ef37d6d0425c505df369802d5d54](https://www.virustotal.com/gui/file/2eb1ef37d6d0425c505df369802d5d54) |
+| SHA1               | [8568540072aa5aead8d761d4baa459e4f9a222b2](https://www.virustotal.com/gui/file/8568540072aa5aead8d761d4baa459e4f9a222b2) |
+| SHA256             | [9e14396bca7712b13a5f0b209c8633d754afc3bf577b42ef78304581ddd4e02f](https://www.virustotal.com/gui/file/9e14396bca7712b13a5f0b209c8633d754afc3bf577b42ef78304581ddd4e02f) |
+| Authentihash MD5   | [170d26c08c0bd42cabe41e7223cf1a3b](https://www.virustotal.com/gui/search/authentihash%253A170d26c08c0bd42cabe41e7223cf1a3b) |
+| Authentihash SHA1  | [026ce5f4baea28c655be66c8ac4873ddcd2fb089](https://www.virustotal.com/gui/search/authentihash%253A026ce5f4baea28c655be66c8ac4873ddcd2fb089) |
+| Authentihash SHA256| [8d5332b350577ab7b1987f93fda104b2090f6a62e262214264f554b6163e8050](https://www.virustotal.com/gui/search/authentihash%253A8d5332b350577ab7b1987f93fda104b2090f6a62e262214264f554b6163e8050) |
+| RichPEHeaderHash MD5   | [fa6462badb7aa537a9d3ecf604e9fbd7](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Afa6462badb7aa537a9d3ecf604e9fbd7) |
+| RichPEHeaderHash SHA1  | [caefdafc6f3620830b306d429c83bb077f6bdaa4](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Acaefdafc6f3620830b306d429c83bb077f6bdaa4) |
+| RichPEHeaderHash SHA256| [4689fe3d6e35db99759219db2adef6cefa62105e8b636c0c5bd2a6bec395e471](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A4689fe3d6e35db99759219db2adef6cefa62105e8b636c0c5bd2a6bec395e471) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 610bbbd8000000000005
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 158438012e4dcd69b27b762c9358cfa2  |
+| ToBeSigned (TBS) SHA1             | 684ac167849404a4101f166b759f291a43d5f749 |
+| ToBeSigned (TBS) SHA256           | 95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2012-04-09 20:55:50 |
+| ValidTo                           | 2013-07-09 20:55:50 |
+| Signature                         | c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 610bbbd8000000000005 |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "610bbbd8000000000005",
+      "Signature": "c7f34d30f6c0451fb6ababdce5203035c20b7c75b16784adb0aa9ed8f647c02df4ce8d8277b8e356e3286e4dc0d444172dea83b9af9c6133c491e53680024d6bac0d985d6dfe776988ccb337b35abb32a02b50413514a576dc932b2a4ae2aef96330041e040480e3b1cbf06cd6910cf79ead3ecd332a9bb7156c2d9976e5dfac8b5b59d82ea33a4826470663dfad599e137468da7bd3037243e0238b96c1f99ea1299faa898dd854f812f8834697b7c5991d2e1656db4e2f56d8bc2077e7bb7d886d4fb6907c555c6d54089724435ac3345b1b6dbb605300ba83412517394dcd3b6c82df5013c6f57fcb1e03919b63469dd7606f3fbae8242658f19ab174b03c",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "158438012e4dcd69b27b762c9358cfa2",
+        "SHA1": "684ac167849404a4101f166b759f291a43d5f749",
+        "SHA256": "95b37dd7079bf6836ab18482231be07fb3c05055af99691f8c64c6ad26eb8f9c"
+      },
+      "ValidFrom": "2012-04-09 20:55:50",
+      "ValidTo": "2013-07-09 20:55:50",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "610bbbd8000000000005",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/f922e65f-baea-45c6-bdfa-0b6ab679bda8.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/fa8ffd8e-ef04-4510-bf93-34fe1fadc156.md b/lolrmm.com/content/bootloaders/fa8ffd8e-ef04-4510-bf93-34fe1fadc156.md
new file mode 100644
index 00000000..fe3d39a9
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/fa8ffd8e-ef04-4510-bf93-34fe1fadc156.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "fa8ffd8e-ef04-4510-bf93-34fe1fadc156"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: fa8ffd8e-ef04-4510-bf93-34fe1fadc156
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8">Black Lotus Microsoft Windows 8</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [E21231BE8A60E9FE94AD0D2202ED01C36E4AFC731A30659B8AC44C22B7377FBD](https://www.virustotal.com/gui/file/E21231BE8A60E9FE94AD0D2202ED01C36E4AFC731A30659B8AC44C22B7377FBD) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [1510988D3DCCE120F22696A9E87B02E7FAD6367EF4AE8BFD54CDB528A5C48E99](https://www.virustotal.com/gui/search/authentihash%253A1510988D3DCCE120F22696A9E87B02E7FAD6367EF4AE8BFD54CDB528A5C48E99) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/fa8ffd8e-ef04-4510-bf93-34fe1fadc156.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/faa5ce45-c815-4eec-a757-84e1b181afcf.md b/lolrmm.com/content/bootloaders/faa5ce45-c815-4eec-a757-84e1b181afcf.md
new file mode 100644
index 00000000..1c7aec18
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/faa5ce45-c815-4eec-a757-84e1b181afcf.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "faa5ce45-c815-4eec-a757-84e1b181afcf"
+weight = 10
+displayTitle = "Signed_13652009334930799/shimaa64.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# Signed_13652009334930799/shimaa64.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Debian and revoked Apr-21
+- **UUID**: faa5ce45-c815-4eec-a757-84e1b181afcf
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\Signed_13652009334930799/shimaa64.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372">CVE-2020-14372</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632">CVE-2020-25632</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647">CVE-2020-25647</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749">CVE-2020-27749</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779">CVE-2020-27779</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3418">CVE-2021-3418</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225">CVE-2021-20225</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233">CVE-2021-20233</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | Signed_13652009334930799/shimaa64.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [EBF3E0F060E9ECA943F49444CC0DBF6CBE1AEC2C20AE10DFB9E757335AA26ADD](https://www.virustotal.com/gui/file/EBF3E0F060E9ECA943F49444CC0DBF6CBE1AEC2C20AE10DFB9E757335AA26ADD) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [3E828EF5E880FE62B33D36B78F2235F1A314153899AC80469597297B9A9DD22D](https://www.virustotal.com/gui/search/authentihash%253A3E828EF5E880FE62B33D36B78F2235F1A314153899AC80469597297B9A9DD22D) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/faa5ce45-c815-4eec-a757-84e1b181afcf.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/fb78c0ab-b76a-47b5-b7ef-d64bf38611b4.md b/lolrmm.com/content/bootloaders/fb78c0ab-b76a-47b5-b7ef-d64bf38611b4.md
new file mode 100644
index 00000000..fed3fb86
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/fb78c0ab-b76a-47b5-b7ef-d64bf38611b4.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "fb78c0ab-b76a-47b5-b7ef-d64bf38611b4"
+weight = 10
+displayTitle = "fb78c0ab-b76a-47b5-b7ef-d64bf38611b4"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# fb78c0ab-b76a-47b5-b7ef-d64bf38611b4 ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by EgoSecure and revoked Jul-20
+- **UUID**: fb78c0ab-b76a-47b5-b7ef-d64bf38611b4
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\ } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           |  |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [5C39F0E5E0E7FA3BE05090813B13D161ACAF48494FDE6233B452C416D29CDDBE](https://www.virustotal.com/gui/file/5C39F0E5E0E7FA3BE05090813B13D161ACAF48494FDE6233B452C416D29CDDBE) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [5C39F0E5E0E7FA3BE05090813B13D161ACAF48494FDE6233B452C416D29CDDBE](https://www.virustotal.com/gui/search/authentihash%253A5C39F0E5E0E7FA3BE05090813B13D161ACAF48494FDE6233B452C416D29CDDBE) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/fb78c0ab-b76a-47b5-b7ef-d64bf38611b4.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/fbb59470-8b0e-4ad8-8692-e8a3e1c4df8c.md b/lolrmm.com/content/bootloaders/fbb59470-8b0e-4ad8-8692-e8a3e1c4df8c.md
new file mode 100644
index 00000000..09640832
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/fbb59470-8b0e-4ad8-8692-e8a3e1c4df8c.md
@@ -0,0 +1,241 @@
++++
+
+description = ""
+title = "fbb59470-8b0e-4ad8-8692-e8a3e1c4df8c"
+weight = 10
+displayTitle = "BOOTX64.EFI"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# BOOTX64.EFI ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by HP and revoked Jul-20
+- **UUID**: fbb59470-8b0e-4ad8-8692-e8a3e1c4df8c
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/d55f2dc318b152d9d722021bf8376658.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\BOOTX64.EFI } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | BOOTX64.EFI |
+| MD5                | [d55f2dc318b152d9d722021bf8376658](https://www.virustotal.com/gui/file/d55f2dc318b152d9d722021bf8376658) |
+| SHA1               | [6b4d5fb92240528828725c87f1c2f7de1aa7e7f5](https://www.virustotal.com/gui/file/6b4d5fb92240528828725c87f1c2f7de1aa7e7f5) |
+| SHA256             | [f8e2a41c0444d7da76fc1682f3eb7e2a90140e1b68b413f4426bac357cbe14bb](https://www.virustotal.com/gui/file/f8e2a41c0444d7da76fc1682f3eb7e2a90140e1b68b413f4426bac357cbe14bb) |
+| Authentihash MD5   | [94dfb76b94c30266578ce327901ec791](https://www.virustotal.com/gui/search/authentihash%253A94dfb76b94c30266578ce327901ec791) |
+| Authentihash SHA1  | [909d4c9217388c496ccadd8e1ed5aa58766a60bd](https://www.virustotal.com/gui/search/authentihash%253A909d4c9217388c496ccadd8e1ed5aa58766a60bd) |
+| Authentihash SHA256| [f1863ec8b7f43f94ad14fb0b8b4a69497a8c65ecbc2a55e0bb420e772b8cdc91](https://www.virustotal.com/gui/search/authentihash%253Af1863ec8b7f43f94ad14fb0b8b4a69497a8c65ecbc2a55e0bb420e772b8cdc91) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000002b4b79b3694d12118700010000002b
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 8d8a1f204c9c80213bd427fa58b387e2  |
+| ToBeSigned (TBS) SHA1             | 8d78e1742b948f0c8298e560dd71fe1594020386 |
+| ToBeSigned (TBS) SHA256           | 1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher |
+| ValidFrom                         | 2018-07-03 20:53:01 |
+| ValidTo                           | 2019-07-26 20:53:01 |
+| Signature                         | 54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000002b4b79b3694d12118700010000002b |
+| Version                           | 3 |
+###### Certificate 6108d3c4000000000004
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 1f23e75a000f0b6db92650dc26ac98e1  |
+| ToBeSigned (TBS) SHA1             | bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d |
+| ToBeSigned (TBS) SHA256           | 9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011 |
+| ValidFrom                         | 2011-06-27 21:22:45 |
+| ValidTo                           | 2026-06-27 21:32:45 |
+| Signature                         | 350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 6108d3c4000000000004 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+      "Signature": "54b771f3cef2a39bed4a43589d904c162be7f81b194f02873b74d01ca889553330964be53fdd5f76d346d229e26a5c8e5385e4bb316ffc07317bbe9e1eb58c26b69b793c48801a67c75ae9110e6b0d5704e194f01485478ad0894ea7bdfd053a54bc4d7179b910290bd32006e1d3e670e62c901fcf688f5831d145ddc4acc827c2ede6a6fef612534cdf453c0fca315e1c7c6d9f1a7418eddd53996657e0b0caccaaee5e57c54b07ce33b85447f7dee99fc222785c4c4597dda90599daeb46af237bb2c9714f8b39ca7326d1ceb5757d125034b649befcbf1f666c6e1246bfd2daae96b62ecaa94225e0e4b26133b98fd10d4c81fdfdefbad67ffb645290ddae",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+      "TBS": {
+        "MD5": "8d8a1f204c9c80213bd427fa58b387e2",
+        "SHA1": "8d78e1742b948f0c8298e560dd71fe1594020386",
+        "SHA256": "1bb427b8e9fe460f567310886852fded2aeec70819123b815daab17d1601bca0"
+      },
+      "ValidFrom": "2018-07-03 20:53:01",
+      "ValidTo": "2019-07-26 20:53:01",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "6108d3c4000000000004",
+      "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "TBS": {
+        "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+        "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+        "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+      },
+      "ValidFrom": "2011-06-27 21:22:45",
+      "ValidTo": "2026-06-27 21:32:45",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "SerialNumber": "330000002b4b79b3694d12118700010000002b",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/fbb59470-8b0e-4ad8-8692-e8a3e1c4df8c.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/fbf92874-0ee4-4c8e-9dc5-ab73b6bb4010.md b/lolrmm.com/content/bootloaders/fbf92874-0ee4-4c8e-9dc5-ab73b6bb4010.md
new file mode 100644
index 00000000..8f977ce5
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/fbf92874-0ee4-4c8e-9dc5-ab73b6bb4010.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "fbf92874-0ee4-4c8e-9dc5-ab73b6bb4010"
+weight = 10
+displayTitle = "centos-8.3-shim-20200726-shimia32.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# centos-8.3-shim-20200726-shimia32.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Red Hat, Inc. and revoked Apr-21
+- **UUID**: fbf92874-0ee4-4c8e-9dc5-ab73b6bb4010
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\centos-8.3-shim-20200726-shimia32.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372">CVE-2020-14372</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632">CVE-2020-25632</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647">CVE-2020-25647</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749">CVE-2020-27749</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779">CVE-2020-27779</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3418">CVE-2021-3418</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225">CVE-2021-20225</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233">CVE-2021-20233</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | centos-8.3-shim-20200726-shimia32.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [1A9DDD9AF383AD81787CD7C6A6DC8C8AA86CD995157C32AD476B60D2C494F7FA](https://www.virustotal.com/gui/file/1A9DDD9AF383AD81787CD7C6A6DC8C8AA86CD995157C32AD476B60D2C494F7FA) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [06C670F8572BF89ABAE13D14D81FFE80D5550F696862B1AB386E4D8C56B02016](https://www.virustotal.com/gui/search/authentihash%253A06C670F8572BF89ABAE13D14D81FFE80D5550F696862B1AB386E4D8C56B02016) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/fbf92874-0ee4-4c8e-9dc5-ab73b6bb4010.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/fc53d49c-f8d1-4a46-91be-205a0ec0515a.md b/lolrmm.com/content/bootloaders/fc53d49c-f8d1-4a46-91be-205a0ec0515a.md
new file mode 100644
index 00000000..7dac0b5f
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/fc53d49c-f8d1-4a46-91be-205a0ec0515a.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "fc53d49c-f8d1-4a46-91be-205a0ec0515a"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: fc53d49c-f8d1-4a46-91be-205a0ec0515a
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/6b65628a2e6b0cf6bd54965da59a8b43.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit ARM |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8.1">Black Lotus Microsoft Windows 8.1</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [6b65628a2e6b0cf6bd54965da59a8b43](https://www.virustotal.com/gui/file/6b65628a2e6b0cf6bd54965da59a8b43) |
+| SHA1               | [54fccbba97f50d2b57478a1c01ad8b86a5fc737a](https://www.virustotal.com/gui/file/54fccbba97f50d2b57478a1c01ad8b86a5fc737a) |
+| SHA256             | [dbeb49f986ec6618e7c256d3db4e3d5378a6ee3439c5949ae57e12722a73a198](https://www.virustotal.com/gui/file/dbeb49f986ec6618e7c256d3db4e3d5378a6ee3439c5949ae57e12722a73a198) |
+| Authentihash MD5   | [5f033a228e6fd44ea0f18196d7ca57b8](https://www.virustotal.com/gui/search/authentihash%253A5f033a228e6fd44ea0f18196d7ca57b8) |
+| Authentihash SHA1  | [6ebac91cac25a80ff4130bc69da6c527da05318d](https://www.virustotal.com/gui/search/authentihash%253A6ebac91cac25a80ff4130bc69da6c527da05318d) |
+| Authentihash SHA256| [52ceada58e8d14ab47e706dcd6264d82affc0f9fc62ab46f77be46f262ae1b17](https://www.virustotal.com/gui/search/authentihash%253A52ceada58e8d14ab47e706dcd6264d82affc0f9fc62ab46f77be46f262ae1b17) |
+| RichPEHeaderHash MD5   | [9a33833e2407d8d25146f07e9c5c8444](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A9a33833e2407d8d25146f07e9c5c8444) |
+| RichPEHeaderHash SHA1  | [04243895d74611d8d91937ec718a82b8dd7fe0f9](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A04243895d74611d8d91937ec718a82b8dd7fe0f9) |
+| RichPEHeaderHash SHA256| [2efb0d9096d6fc172537ba8c386ba82f72b5a9bed5047e7830290bb6aafb0ff4](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2efb0d9096d6fc172537ba8c386ba82f72b5a9bed5047e7830290bb6aafb0ff4) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 33000000a6206efff45e063a190000000000a6
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 57c30a2d7e6573994b137079cbff34b8  |
+| ToBeSigned (TBS) SHA1             | 08980baa201ccbfc096accff568fb2b073da66f4 |
+| ToBeSigned (TBS) SHA256           | 19241716f05046843df5ff3c02395bf6e2ed68ad52d441a71a2edcd24ac93056 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2015-07-15 17:04:59 |
+| ValidTo                           | 2016-10-15 17:04:59 |
+| Signature                         | 1af26ac0cce3928cceeb0ebeb5186b1b289be1caa47cba55a0f5e23afa820ee56142a1f158d8d32c2230c6010fa04ae06caf71b10094107e15e2a73e7d6ab6ee827ab9a2dd386dfe2693fcf0e1a88ac736f48f2944a8214bda510dfc68ccbf0fc6c4f0f39036edd3f08e1449b129d7f611b7e5d6b60a97f63530ed8381a11fc8b95beb7fbc45258d4eb767a911095a27d17f613665f70600b30b88091015722e8a64fb43d975f92890d80b545e38317279e44a7071a104715796dd91d0b913c2ec106073f696a236d71979da345d469eac38e7492ac88f7ecdff68180d2dd57051d79a46b2f6ed2c810d6bd51521c3fda183dd8599f282561255ef8bde0f8ed8 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 33000000a6206efff45e063a190000000000a6 |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "33000000a6206efff45e063a190000000000a6",
+      "Signature": "1af26ac0cce3928cceeb0ebeb5186b1b289be1caa47cba55a0f5e23afa820ee56142a1f158d8d32c2230c6010fa04ae06caf71b10094107e15e2a73e7d6ab6ee827ab9a2dd386dfe2693fcf0e1a88ac736f48f2944a8214bda510dfc68ccbf0fc6c4f0f39036edd3f08e1449b129d7f611b7e5d6b60a97f63530ed8381a11fc8b95beb7fbc45258d4eb767a911095a27d17f613665f70600b30b88091015722e8a64fb43d975f92890d80b545e38317279e44a7071a104715796dd91d0b913c2ec106073f696a236d71979da345d469eac38e7492ac88f7ecdff68180d2dd57051d79a46b2f6ed2c810d6bd51521c3fda183dd8599f282561255ef8bde0f8ed8",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "57c30a2d7e6573994b137079cbff34b8",
+        "SHA1": "08980baa201ccbfc096accff568fb2b073da66f4",
+        "SHA256": "19241716f05046843df5ff3c02395bf6e2ed68ad52d441a71a2edcd24ac93056"
+      },
+      "ValidFrom": "2015-07-15 17:04:59",
+      "ValidTo": "2016-10-15 17:04:59",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "33000000a6206efff45e063a190000000000a6",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/fc53d49c-f8d1-4a46-91be-205a0ec0515a.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/fcbb1d82-1e57-4ca2-8679-e366cd7cb4e8.md b/lolrmm.com/content/bootloaders/fcbb1d82-1e57-4ca2-8679-e366cd7cb4e8.md
new file mode 100644
index 00000000..4bc3a842
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/fcbb1d82-1e57-4ca2-8679-e366cd7cb4e8.md
@@ -0,0 +1,154 @@
++++
+
+description = ""
+title = "fcbb1d82-1e57-4ca2-8679-e366cd7cb4e8"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: fcbb1d82-1e57-4ca2-8679-e366cd7cb4e8
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 8">Black Lotus Microsoft Windows 8</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [355B0240DD31FAD0ED13D77B7F880F8EBB32BCC72F9667BECBA3263E099DF378](https://www.virustotal.com/gui/file/355B0240DD31FAD0ED13D77B7F880F8EBB32BCC72F9667BECBA3263E099DF378) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [21F27D89F2E77DEE7CD4336E3A3ADE362A2AAE9FB2EFE2079491A518F3D51FED](https://www.virustotal.com/gui/search/authentihash%253A21F27D89F2E77DEE7CD4336E3A3ADE362A2AAE9FB2EFE2079491A518F3D51FED) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/fcbb1d82-1e57-4ca2-8679-e366cd7cb4e8.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/fd70f49d-4efd-4ebb-a889-5dbbcebe33a0.md b/lolrmm.com/content/bootloaders/fd70f49d-4efd-4ebb-a889-5dbbcebe33a0.md
new file mode 100644
index 00000000..fe832304
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/fd70f49d-4efd-4ebb-a889-5dbbcebe33a0.md
@@ -0,0 +1,161 @@
++++
+
+description = ""
+title = "fd70f49d-4efd-4ebb-a889-5dbbcebe33a0"
+weight = 10
+displayTitle = "centos-7.9-shim-20200726-shimia32.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# centos-7.9-shim-20200726-shimia32.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Red Hat, Inc. and revoked Apr-21
+- **UUID**: fd70f49d-4efd-4ebb-a889-5dbbcebe33a0
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\centos-7.9-shim-20200726-shimia32.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 32-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372">CVE-2020-14372</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632">CVE-2020-25632</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647">CVE-2020-25647</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749">CVE-2020-27749</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779">CVE-2020-27779</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3418">CVE-2021-3418</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225">CVE-2021-20225</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233">CVE-2021-20233</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | centos-7.9-shim-20200726-shimia32.efi |
+| MD5                | [](https://www.virustotal.com/gui/file/) |
+| SHA1               | [](https://www.virustotal.com/gui/file/) |
+| SHA256             | [8C3A26B5831FF45BC3BCA44C2815951E2DA489A91BBCD295F12DFDBCED9958B9](https://www.virustotal.com/gui/file/8C3A26B5831FF45BC3BCA44C2815951E2DA489A91BBCD295F12DFDBCED9958B9) |
+| Authentihash MD5   | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA1  | [](https://www.virustotal.com/gui/search/authentihash%253A) |
+| Authentihash SHA256| [398995770D21E9F66B90D69D1EDE16C9E58C0634B2F7D26B1F22501DD93FDAE5](https://www.virustotal.com/gui/search/authentihash%253A398995770D21E9F66B90D69D1EDE16C9E58C0634B2F7D26B1F22501DD93FDAE5) |
+
+
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/fd70f49d-4efd-4ebb-a889-5dbbcebe33a0.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/fec3976c-cd0e-4929-a01d-23c584cf7e00.md b/lolrmm.com/content/bootloaders/fec3976c-cd0e-4929-a01d-23c584cf7e00.md
new file mode 100644
index 00000000..65ca0c21
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/fec3976c-cd0e-4929-a01d-23c584cf7e00.md
@@ -0,0 +1,241 @@
++++
+
+description = ""
+title = "fec3976c-cd0e-4929-a01d-23c584cf7e00"
+weight = 10
+displayTitle = "bootx64.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootx64.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Miray Software AG and revoked Jul-20
+- **UUID**: fec3976c-cd0e-4929-a01d-23c584cf7e00
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/a1a05331029aa3aa0fd396897cb46e8a.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootx64.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootx64.efi |
+| MD5                | [a1a05331029aa3aa0fd396897cb46e8a](https://www.virustotal.com/gui/file/a1a05331029aa3aa0fd396897cb46e8a) |
+| SHA1               | [5e8fe0458328bfeacd491e1c74857c526f444596](https://www.virustotal.com/gui/file/5e8fe0458328bfeacd491e1c74857c526f444596) |
+| SHA256             | [0e5eb8d0bebf089a974bc0ca85d33d73f9a0bf72ed2a5e3a62a0387b51d509ce](https://www.virustotal.com/gui/file/0e5eb8d0bebf089a974bc0ca85d33d73f9a0bf72ed2a5e3a62a0387b51d509ce) |
+| Authentihash MD5   | [fb9005cf320ed99d82d5b6a98988c576](https://www.virustotal.com/gui/search/authentihash%253Afb9005cf320ed99d82d5b6a98988c576) |
+| Authentihash SHA1  | [f4bc99b43ab88f15d2803b5a9de898223a380563](https://www.virustotal.com/gui/search/authentihash%253Af4bc99b43ab88f15d2803b5a9de898223a380563) |
+| Authentihash SHA256| [68ee4632c7be1c66c83e89dd93eaee1294159abf45b4c2c72d7dc7499aa2a043](https://www.virustotal.com/gui/search/authentihash%253A68ee4632c7be1c66c83e89dd93eaee1294159abf45b4c2c72d7dc7499aa2a043) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000000a6642f3f49fb7379600010000000a
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | c52110f552e27ebb1e3fae114abafb3f  |
+| ToBeSigned (TBS) SHA1             | 4954e087123653ce38da4cdd31141b6a1bb999e4 |
+| ToBeSigned (TBS) SHA256           | 1cf7d28cfb21714522a9c91dda9d899ceadb0769f14b25e770799d88365aa54c |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher |
+| ValidFrom                         | 2013-09-24 17:54:03 |
+| ValidTo                           | 2014-12-24 17:54:03 |
+| Signature                         | 2a27d6bd2f34c68a9989ec856449fe4934ad5c0615ec5819664399053737a86be46c914b9478ce393534b759eec5eb6f015b706b853f1d2be51fe9807b178eaa9e0f9558d6a5d913c58c7492cbad106abb7395426801a42f363842e60bf72d046668865db5d8ce2c901c9673044d05abb74c171ac198c0f9376bb9185ec7523bb53e6d2c114642ffbfbe20efc6c2571c2006159cb70ff2c428e997f6ce83bf57ad9a47c47decce9830cf861a156471c62600a0260b44e29ea8e6e33c407c046f37be4a46dcaf38c018b24f969beb716d8e76cebc3d1d19134ed6f216cc2e357848b4998196ebd7326bca3e3ade1ba88e98612a569a46a1f45856f4e2dfa02a5d |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000000a6642f3f49fb7379600010000000a |
+| Version                           | 3 |
+###### Certificate 6108d3c4000000000004
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 1f23e75a000f0b6db92650dc26ac98e1  |
+| ToBeSigned (TBS) SHA1             | bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d |
+| ToBeSigned (TBS) SHA256           | 9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011 |
+| ValidFrom                         | 2011-06-27 21:22:45 |
+| ValidTo                           | 2026-06-27 21:32:45 |
+| Signature                         | 350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 6108d3c4000000000004 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000000a6642f3f49fb7379600010000000a",
+      "Signature": "2a27d6bd2f34c68a9989ec856449fe4934ad5c0615ec5819664399053737a86be46c914b9478ce393534b759eec5eb6f015b706b853f1d2be51fe9807b178eaa9e0f9558d6a5d913c58c7492cbad106abb7395426801a42f363842e60bf72d046668865db5d8ce2c901c9673044d05abb74c171ac198c0f9376bb9185ec7523bb53e6d2c114642ffbfbe20efc6c2571c2006159cb70ff2c428e997f6ce83bf57ad9a47c47decce9830cf861a156471c62600a0260b44e29ea8e6e33c407c046f37be4a46dcaf38c018b24f969beb716d8e76cebc3d1d19134ed6f216cc2e357848b4998196ebd7326bca3e3ade1ba88e98612a569a46a1f45856f4e2dfa02a5d",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows UEFI Driver Publisher",
+      "TBS": {
+        "MD5": "c52110f552e27ebb1e3fae114abafb3f",
+        "SHA1": "4954e087123653ce38da4cdd31141b6a1bb999e4",
+        "SHA256": "1cf7d28cfb21714522a9c91dda9d899ceadb0769f14b25e770799d88365aa54c"
+      },
+      "ValidFrom": "2013-09-24 17:54:03",
+      "ValidTo": "2014-12-24 17:54:03",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "6108d3c4000000000004",
+      "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "TBS": {
+        "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+        "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+        "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+      },
+      "ValidFrom": "2011-06-27 21:22:45",
+      "ValidTo": "2026-06-27 21:32:45",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "SerialNumber": "330000000a6642f3f49fb7379600010000000a",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/fec3976c-cd0e-4929-a01d-23c584cf7e00.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/fecfe761-f926-4a24-bb10-bf4b8d96750d.md b/lolrmm.com/content/bootloaders/fecfe761-f926-4a24-bb10-bf4b8d96750d.md
new file mode 100644
index 00000000..dfaba4d0
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/fecfe761-f926-4a24-bb10-bf4b8d96750d.md
@@ -0,0 +1,241 @@
++++
+
+description = ""
+title = "fecfe761-f926-4a24-bb10-bf4b8d96750d"
+weight = 10
+displayTitle = "BOOTX64.EFI"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# BOOTX64.EFI ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Fedora Project and revoked Jul-20
+- **UUID**: fecfe761-f926-4a24-bb10-bf4b8d96750d
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/f2c580ccd60898d4aa2676249d67c171.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\BOOTX64.EFI } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713">CVE-2020-10713</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308">CVE-2020-14308</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309">CVE-2020-14309</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310">CVE-2020-14310</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311">CVE-2020-14311</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15705">CVE-2020-15705</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706">CVE-2020-15706</a></li>
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707">CVE-2020-15707</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | BOOTX64.EFI |
+| MD5                | [f2c580ccd60898d4aa2676249d67c171](https://www.virustotal.com/gui/file/f2c580ccd60898d4aa2676249d67c171) |
+| SHA1               | [85fa4266743ebb0262b8c1da8b01d1f26e630404](https://www.virustotal.com/gui/file/85fa4266743ebb0262b8c1da8b01d1f26e630404) |
+| SHA256             | [e6cb6a3dcbd85954e5123759461198af67658aa425a6186ffc9b57b772f9158f](https://www.virustotal.com/gui/file/e6cb6a3dcbd85954e5123759461198af67658aa425a6186ffc9b57b772f9158f) |
+| Authentihash MD5   | [efca75864e4fa65df7ccf2a5c124a3c5](https://www.virustotal.com/gui/search/authentihash%253Aefca75864e4fa65df7ccf2a5c124a3c5) |
+| Authentihash SHA1  | [ad9a72bdb69a17abe85d948e6bbbb89141da2543](https://www.virustotal.com/gui/search/authentihash%253Aad9a72bdb69a17abe85d948e6bbbb89141da2543) |
+| Authentihash SHA256| [0ce02100f67c7ef85f4eed368f02bf7092380a3c23ca91fd7f19430d94b00c19](https://www.virustotal.com/gui/search/authentihash%253A0ce02100f67c7ef85f4eed368f02bf7092380a3c23ca91fd7f19430d94b00c19) |
+| RichPEHeaderHash MD5   | [ffdf660eb1ebf020a1d0a55a90712dfb](https://www.virustotal.com/gui/search/rich_pe_header_hash%253Affdf660eb1ebf020a1d0a55a90712dfb) |
+| RichPEHeaderHash SHA1  | [3e905e3d061d0d59de61fcf39c994fcb0ec1bab3](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A3e905e3d061d0d59de61fcf39c994fcb0ec1bab3) |
+| RichPEHeaderHash SHA256| [2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6) |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000002530b3d3726ee3f72f000100000025
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | a5052527524f4998a7bd87f396196fe8  |
+| ToBeSigned (TBS) SHA1             | 2374a3e4f0499d106f0e4d71a22f7b0e709847c0 |
+| ToBeSigned (TBS) SHA256           | f5b4992e0bd1b102ae9d5aeec4bd213f5dd042bd27b9a345ad336d2dda10a138 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher |
+| ValidFrom                         | 2017-08-11 20:20:00 |
+| ValidTo                           | 2018-08-11 20:20:00 |
+| Signature                         | 6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000002530b3d3726ee3f72f000100000025 |
+| Version                           | 3 |
+###### Certificate 6108d3c4000000000004
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 1f23e75a000f0b6db92650dc26ac98e1  |
+| ToBeSigned (TBS) SHA1             | bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d |
+| ToBeSigned (TBS) SHA256           | 9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011 |
+| ValidFrom                         | 2011-06-27 21:22:45 |
+| ValidTo                           | 2026-06-27 21:32:45 |
+| Signature                         | 350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 6108d3c4000000000004 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+      "Signature": "6650dd7878bef0a62b1d76ba8fa57b6193d9938ddd1975f32a880d6e9363ba516b00907d455d1089cf79e3045a976a794db027534a761a840a29d09dccb3b5978fdb1d27d6be2831b0af31b64c25d3e195056b68a403e961d61c38339c4bfbb4c16102a4b417f52b75f4d6539626736df3e9e7d689e59333e7686df72c6ac70548eb3e6f0913de69895041529dba440132da3699ee3d3ccd6c0cb1ca11d206a157a9e3504c57aea164e700dec89ccb81194b012f697127dcd1cc7dc08ccf9f92014b2a0814fdc2a010b7a7243456e15af7e812bef07b28aebcb29f0f20f5c1900827f32aaf4fef92601853403e718db111c7c35da77eea96c4deb6f903e94543",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows UEFI Driver Publisher",
+      "TBS": {
+        "MD5": "a5052527524f4998a7bd87f396196fe8",
+        "SHA1": "2374a3e4f0499d106f0e4d71a22f7b0e709847c0",
+        "SHA256": "f5b4992e0bd1b102ae9d5aeec4bd213f5dd042bd27b9a345ad336d2dda10a138"
+      },
+      "ValidFrom": "2017-08-11 20:20:00",
+      "ValidTo": "2018-08-11 20:20:00",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "6108d3c4000000000004",
+      "Signature": "350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "TBS": {
+        "MD5": "1f23e75a000f0b6db92650dc26ac98e1",
+        "SHA1": "bc477f73f16f0a5ae09e8ce4745c0a79c0e9a39d",
+        "SHA256": "9589b8c95168f79243f61922faa5990de0a4866de928736fed658ea7bff1a5e2"
+      },
+      "ValidFrom": "2011-06-27 21:22:45",
+      "ValidTo": "2026-06-27 21:32:45",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011",
+      "SerialNumber": "330000002530b3d3726ee3f72f000100000025",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/fecfe761-f926-4a24-bb10-bf4b8d96750d.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/bootloaders/ff057f2b-0bc9-4318-a017-66307880a7c6.md b/lolrmm.com/content/bootloaders/ff057f2b-0bc9-4318-a017-66307880a7c6.md
new file mode 100644
index 00000000..3cd78543
--- /dev/null
+++ b/lolrmm.com/content/bootloaders/ff057f2b-0bc9-4318-a017-66307880a7c6.md
@@ -0,0 +1,238 @@
++++
+
+description = ""
+title = "ff057f2b-0bc9-4318-a017-66307880a7c6"
+weight = 10
+displayTitle = "bootmgfw.efi"
++++
+
+
+{{< block "grid-1" >}}
+{{< column "mt-2 pt-1">}}
+
+
+# bootmgfw.efi ![:inline](/images/twitter_verified.png) 
+
+
+### Description
+
+This was provided by Microsoft and revoked May-23
+- **UUID**: ff057f2b-0bc9-4318-a017-66307880a7c6
+- **Created**: 2023-05-22
+- **Author**: Michael Haag
+- **Acknowledgement**:  | [](https://twitter.com/)
+
+{{< button "https://github.com/magicsword-io/bootloaders/raw/main/bootloaders/28196e29d41524919202b6bd1e38f35c.bin" "Download" >}}
+{{< tip "warning" >}}
+This download link contains the Revoked Bootloader!
+
+{{< /tip >}}
+
+### Commands
+
+```
+bcdedit /copy &#34;{current}&#34; /d &#34;TheBoots&#34; | {% if ($_ -match &#39;{\S+}&#39;) { bcdedit /set $matches[0] path \windows\temp\bootmgfw.efi } }
+```
+
+
+| Use Case | Privileges | Operating System | 
+|:---- | ---- | ---- |
+| Persistence |  | 64-bit |
+
+
+
+### Detections
+
+
+{{< block "grid-3" >}}
+{{< column >}}
+#### YARA 🏹
+{{< details "Expand" >}}
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict.yar" "Exact Match" >}}{{< tip >}}with header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders.yar" "Threat Hunting" >}}{{< tip >}}without header and size limitation{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/yara/yara-rules_bootloaders_strict_renamed.yar" "Renamed" >}}{{< tip >}}for renamed bootloader files{{< /tip >}} 
+
+
+{{< /details >}}
+{{< /column >}}
+
+
+
+{{< column >}}
+
+#### Sigma 🛡️
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders_names.yml" "Names" >}}{{< tip >}}detects loading using name only{{< /tip >}} 
+
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sigma/bootloader_load_win_vuln_bootloaders.yml" "Hashes" >}}{{< tip >}}detects loading using hashes only{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+
+
+{{< column "mb-2" >}}
+
+#### Sysmon 🔎
+{{< details "Expand" >}}
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml" "Block" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< button "https://github.com/magicsword-io/bootloaders/tree/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml" "Alert" >}}{{< tip >}}on hashes{{< /tip >}} 
+
+{{< /details >}}
+
+{{< /column >}}
+{{< /block >}}
+
+
+### Resources
+<br>
+<li><a href="https://uefi.org/revocationlistfile">https://uefi.org/revocationlistfile</a></li>
+<li><a href="https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca">https://support.microsoft.com/en-gb/topic/microsoft-guidance-for-applying-secure-boot-dbx-update-kb4575994-e3b9e4cb-a330-b3ba-a602-15083965d9ca</a></li>
+<br>
+
+### CVE
+
+<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=Black Lotus Microsoft Windows 10 version 1507">Black Lotus Microsoft Windows 10 version 1507</a></li>
+
+### Known Vulnerable Samples
+
+| Property           | Value |
+|:-------------------|:------|
+| Filename           | bootmgfw.efi |
+| MD5                | [28196e29d41524919202b6bd1e38f35c](https://www.virustotal.com/gui/file/28196e29d41524919202b6bd1e38f35c) |
+| SHA1               | [ed2c4554266084506d2e514797b3dfc86a50118a](https://www.virustotal.com/gui/file/ed2c4554266084506d2e514797b3dfc86a50118a) |
+| SHA256             | [f4c53c0b054413691ba25a2d162bcde9c9e35b5e706272f70bff96ed5c05a7b8](https://www.virustotal.com/gui/file/f4c53c0b054413691ba25a2d162bcde9c9e35b5e706272f70bff96ed5c05a7b8) |
+| Authentihash MD5   | [4d7e341b788c22d2ffd0a6e8d7c27190](https://www.virustotal.com/gui/search/authentihash%253A4d7e341b788c22d2ffd0a6e8d7c27190) |
+| Authentihash SHA1  | [2ab7a9fc3312a502e9178fe76930d65d07480b31](https://www.virustotal.com/gui/search/authentihash%253A2ab7a9fc3312a502e9178fe76930d65d07480b31) |
+| Authentihash SHA256| [21554d1f3bf9f52d3cd297d27df56215c0fd08a0bf673868f3d8c6c064dc5609](https://www.virustotal.com/gui/search/authentihash%253A21554d1f3bf9f52d3cd297d27df56215c0fd08a0bf673868f3d8c6c064dc5609) |
+| RichPEHeaderHash MD5   | [8b6b2892c15ff00e4ddf7eb144e1ae12](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A8b6b2892c15ff00e4ddf7eb144e1ae12) |
+| RichPEHeaderHash SHA1  | [89115214dfec813ecfa5a23bed633254c214e62c](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A89115214dfec813ecfa5a23bed633254c214e62c) |
+| RichPEHeaderHash SHA256| [97ff062fbed8c63a4a2526daab5b76fde0b0c54540be4264d13a9116216a1be1](https://www.virustotal.com/gui/search/rich_pe_header_hash%253A97ff062fbed8c63a4a2526daab5b76fde0b0c54540be4264d13a9116216a1be1) |
+| Company           | Microsoft Corporation |
+| Description       | Boot Manager |
+| Product           | Microsoft® Windows® Operating System |
+| OriginalFilename  | bootmgr.exe |
+
+#### Certificates
+
+{{< details "Expand" >}}
+###### Certificate 330000004ea1d80770a9bbe94400000000004e
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 9da610547a25cbe89af7ecdb99229623  |
+| ToBeSigned (TBS) SHA1             | 6841cbcbd019586d045c2e9d6d0bc3a98fee3bf7 |
+| ToBeSigned (TBS) SHA256           | 1cfead8146399a4dfe6759e9303c30c521cff3830e7177e87e64021dc3da4931 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows |
+| ValidFrom                         | 2014-07-01 20:32:01 |
+| ValidTo                           | 2015-10-01 20:32:01 |
+| Signature                         | 8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | False |
+| SerialNumber                      | 330000004ea1d80770a9bbe94400000000004e |
+| Version                           | 3 |
+###### Certificate 61077656000000000008
+| Field                             | Value                      |
+|-----------------------------------|----------------------------|
+| ToBeSigned (TBS) MD5              | 30a3f0b64324ed7f465e7fc618cb69e7  |
+| ToBeSigned (TBS) SHA1             | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
+| ToBeSigned (TBS) SHA256           | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
+| Subject                           | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
+| ValidFrom                         | 2011-10-19 18:41:42 |
+| ValidTo                           | 2026-10-19 18:51:42 |
+| Signature                         | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
+| SignatureAlgorithmOID             | 1.2.840.113549.1.1.11 |
+| IsCertificateAuthority            | True |
+| SerialNumber                      | 61077656000000000008 |
+| Version                           | 3 |
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### Imports
+{{< details "Expand" >}}
+* 
+
+{{< /details >}}
+#### ImportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+#### ExportedFunctions
+{{< details "Expand" >}}
+
+{{< /details >}}
+
+#### Signature
+{{< details "Expand" >}}
+```
+{
+  "Certificates": [
+    {
+      "IsCertificateAuthority": false,
+      "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+      "Signature": "8207b0c79e3b96e7317cd1aac9ab45fb52f1a2c847cda4bed6ff0b366566c6046976257890a79270765662a04b0f6d958c1fbba688b7717f77e10137107f8ccde9ce066d0c99e9fabfa3d669e2eac822a81d86f620828a018738e290f15370886c689af9399fad45f38e2e0fd6e31fcdf1b295ddc015164e757e2c630b05d1c103735e452ea9e3ca1b44e776277a030aa473094499bdfad51ebcdc61c8694148123c150811230bab24f1fb3ca64f018ac37d5cbb61173055b20dd07fbf8955909696be8de608979541932fd0257f932db6f6975b4bc82bd393a432a4ef01d88fc9652cc0d4eede46df519df8488353bfbf4dbc8358efc8dc3215c5538ebbd03e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows",
+      "TBS": {
+        "MD5": "9da610547a25cbe89af7ecdb99229623",
+        "SHA1": "6841cbcbd019586d045c2e9d6d0bc3a98fee3bf7",
+        "SHA256": "1cfead8146399a4dfe6759e9303c30c521cff3830e7177e87e64021dc3da4931"
+      },
+      "ValidFrom": "2014-07-01 20:32:01",
+      "ValidTo": "2015-10-01 20:32:01",
+      "Version": 3
+    },
+    {
+      "IsCertificateAuthority": true,
+      "SerialNumber": "61077656000000000008",
+      "Signature": "14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e",
+      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
+      "Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "TBS": {
+        "MD5": "30a3f0b64324ed7f465e7fc618cb69e7",
+        "SHA1": "002de3561519b662c5e3f5faba1b92c403fb7c41",
+        "SHA256": "4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146"
+      },
+      "ValidFrom": "2011-10-19 18:41:42",
+      "ValidTo": "2026-10-19 18:51:42",
+      "Version": 3
+    }
+  ],
+  "CertificatesInfo": "",
+  "Signer": [
+    {
+      "Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011",
+      "SerialNumber": "330000004ea1d80770a9bbe94400000000004e",
+      "Version": 1
+    }
+  ],
+  "SignerInfo": ""
+}
+```
+
+{{< /details >}}
+-----
+
+
+
+[*source*](https://github.com/magicsword-io/bootloaders/tree/main/yaml/ff057f2b-0bc9-4318-a017-66307880a7c6.yaml)
+
+*last_updated:* 2023-08-31
+
+
+
+
+
+
+
+
+{{< /column >}}
+{{< /block >}}
diff --git a/lolrmm.com/content/lolrmms_table.csv b/lolrmm.com/content/lolrmms_table.csv
new file mode 100644
index 00000000..c53a5e68
--- /dev/null
+++ b/lolrmm.com/content/lolrmms_table.csv
@@ -0,0 +1,520 @@
+[bootmgfw.efi](bootloaders/6ea89297-74dd-4581-b268-475a282c9592/),[9C1812CF5B1D61DC08BD6683D143511BCB5B14798116D1D2714963CD468933FF](bootloaders/6ea89297-74dd-4581-b268-475a282c9592/),Revoked bootloaders,2023-05-22
+[bootx64.efi](bootloaders/38e6bed7-1db9-4c15-8358-040edb77a39c/),[E438149CA86CF5F2FDD1318BF0D6C301593EA74B06940E031964F34561255BC8](bootloaders/38e6bed7-1db9-4c15-8358-040edb77a39c/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/7550a473-863a-43f8-aad7-fff5be3977f0/),[4640438E0AAEEE87664C893198B41AA03BBF3214E181AAC4E2DE81A5400D2C27](bootloaders/7550a473-863a-43f8-aad7-fff5be3977f0/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/5a1e393f-1595-4e4e-993e-7097a184ce42/),[8DA046540148E1E146DE2F96C7D860962ED059A923E9685E868DC4C6065684AA](bootloaders/5a1e393f-1595-4e4e-993e-7097a184ce42/),Revoked bootloaders,2023-05-22
+[518b78e7-eeb3-43b0-a377-acfa0e831ce0](bootloaders/518b78e7-eeb3-43b0-a377-acfa0e831ce0/),[5875DB0835E08A9189F23833B21774FDD1C4C3BD4C5D3459471A49B85CFFD1E1](bootloaders/518b78e7-eeb3-43b0-a377-acfa0e831ce0/),Revoked bootloaders,2023-05-22
+[bootx64.efi](bootloaders/4e70304f-ec00-41a5-b542-69701b5df29b/),[A6E8C6906E4845A30A036FB669BA82146E334908706778AC569DF45CBF8637F7](bootloaders/4e70304f-ec00-41a5-b542-69701b5df29b/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/b7f9ffcf-525f-427e-b3fd-72289f61ffd3/),[462F49B4FC9E4CE706D668042EB76F711B4292BAE2BE8DD5897182B316EF217D](bootloaders/b7f9ffcf-525f-427e-b3fd-72289f61ffd3/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/32eed29e-9d32-4120-8a43-02c7dfc4ae22/),[c6b0d030bb3e54294742b3914ae76c949e52a065abb28d08054fdf90d7eed628](bootloaders/32eed29e-9d32-4120-8a43-02c7dfc4ae22/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/58c24252-f076-486b-90fb-5a1c7b922efa/),[C334B9CA48819E7E408A3A3418879978828AA302BAA3ED86DE64D8AE5ACA0EAB](bootloaders/58c24252-f076-486b-90fb-5a1c7b922efa/),Revoked bootloaders,2023-05-22
+[BOOTIA32.EFI](bootloaders/9308b260-6695-43ee-bddb-a90f20e035f1/),[03c8c9956938147bcc81a19e580ca8b5214e82829ec0494c22b0f59013ca22b2](bootloaders/9308b260-6695-43ee-bddb-a90f20e035f1/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/76724735-ec57-4c1a-8712-f0267d21f0c4/),[4f9398592553ee138d8db48b95789eca19324b8408cafd0f0bc46d030e7b4fd4](bootloaders/76724735-ec57-4c1a-8712-f0267d21f0c4/),Revoked bootloaders,2023-05-22
+[shim-0.9+1474479173.6c180c6-1ubuntu1/shim64-bit.efi](bootloaders/2a4a532a-848c-4ca5-a910-357daefe32e7/),[3c430c719c9053a74d74dcc5e52b40d10f109db1dc9458a05a7a413b86a93467](bootloaders/2a4a532a-848c-4ca5-a910-357daefe32e7/),Revoked bootloaders,2023-05-22
+[87813fcd-6a01-4452-b54c-0dc24402bbfe](bootloaders/87813fcd-6a01-4452-b54c-0dc24402bbfe/),[23EBFBC7BC286CEFC68B4920784B926EC28D7965815238325FBD17892177D6F3](bootloaders/87813fcd-6a01-4452-b54c-0dc24402bbfe/),Revoked bootloaders,2023-05-22
+[9be3b201-fec5-4264-b56b-81d4535b4c9a](bootloaders/9be3b201-fec5-4264-b56b-81d4535b4c9a/),[CD0F9839C6CCBEC5CE38B882E1AB23C8AB44A8993E6B8A02026D8314EAC4EA4C](bootloaders/9be3b201-fec5-4264-b56b-81d4535b4c9a/),Revoked bootloaders,2023-05-22
+[bootnetx64.efi](bootloaders/f2418902-5951-4626-8a5f-79d4d022337f/),[aef3e0a113345c1adca2d627c5853a11ddfc4e0e07fd28c10049a9b766c0fbc5](bootloaders/f2418902-5951-4626-8a5f-79d4d022337f/),Revoked bootloaders,2023-05-22
+[e32b7c1e-14b0-4f29-9c62-d1664d26777d](bootloaders/e32b7c1e-14b0-4f29-9c62-d1664d26777d/),[52A4F27CCEDCC5405D8EC128BF99861865B2273DA18A9B958ABADEFF63DF5A18](bootloaders/e32b7c1e-14b0-4f29-9c62-d1664d26777d/),Revoked bootloaders,2023-05-22
+[164bcf0f-91a1-4754-9c4d-f2c1b90aea06](bootloaders/164bcf0f-91a1-4754-9c4d-f2c1b90aea06/),[9C904F10520295D070DB9CF381101512946AB832C2BD92D4E92D42B934F40DC3](bootloaders/164bcf0f-91a1-4754-9c4d-f2c1b90aea06/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/f922e65f-baea-45c6-bdfa-0b6ab679bda8/),[9e14396bca7712b13a5f0b209c8633d754afc3bf577b42ef78304581ddd4e02f](bootloaders/f922e65f-baea-45c6-bdfa-0b6ab679bda8/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/4cc6cdc2-6f4e-4b25-b3a2-383174f52460/),[24C0732D77F6BC85BE8A6CA9B0FA3BA8611F950CA4E0194E972E59A433DC05C6](bootloaders/4cc6cdc2-6f4e-4b25-b3a2-383174f52460/),Revoked bootloaders,2023-05-22
+[22532a2a-950a-425c-b1c7-ae8f8e4faa5b](bootloaders/22532a2a-950a-425c-b1c7-ae8f8e4faa5b/),[1CC3D6DA3017F0F1422D1B8115622EDEF65FBC497487234D17F4D356670F28EB](bootloaders/22532a2a-950a-425c-b1c7-ae8f8e4faa5b/),Revoked bootloaders,2023-05-22
+[55b45543-5130-4632-b2a9-12f11c8da501](bootloaders/55b45543-5130-4632-b2a9-12f11c8da501/),[BBD53435E3881C13F6EF3D7C17DDE9BCCF2BB2D95D303DC4623CD1AA8F51EF23](bootloaders/55b45543-5130-4632-b2a9-12f11c8da501/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/a93c81ef-3f87-43cd-8d09-67e57167689c/),[C1D93E3D7F580616051BC1456083F6DCC80DB4642E7AA2909041E86F8209583C](bootloaders/a93c81ef-3f87-43cd-8d09-67e57167689c/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/163d69a7-be4d-47bf-ba9b-ad2e76271175/),[73ED112C5EE295BA56BEA8679E062EE22A5E01B23438A7B8F459AF8F61A93BF4](bootloaders/163d69a7-be4d-47bf-ba9b-ad2e76271175/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/ea9f89dc-3143-424c-b3b3-437969245705/),[2b334e6b147104306dd91f77e900c07383c0ddff77c2979ec79ea5d92944c13d](bootloaders/ea9f89dc-3143-424c-b3b3-437969245705/),Revoked bootloaders,2023-05-22
+[3a20e152-907d-41c3-8ae7-14c2a23e4880](bootloaders/3a20e152-907d-41c3-8ae7-14c2a23e4880/),[299E3B66B0283E23793E03FBA6B795A2C6B6034864B6D571449945EBA0D90A20](bootloaders/3a20e152-907d-41c3-8ae7-14c2a23e4880/),Revoked bootloaders,2023-05-22
+[bootx64.efi](bootloaders/59b7d19b-fb7b-4641-b158-0d2f498e375d/),[5156a8ae596c06692aef13ac6524c7f1e20d52e4ea0f5a5ad43a6874edcc5e1f](bootloaders/59b7d19b-fb7b-4641-b158-0d2f498e375d/),Revoked bootloaders,2023-05-22
+[Signed_13652009334930799/shimaa64.efi](bootloaders/faa5ce45-c815-4eec-a757-84e1b181afcf/),[EBF3E0F060E9ECA943F49444CC0DBF6CBE1AEC2C20AE10DFB9E757335AA26ADD](bootloaders/faa5ce45-c815-4eec-a757-84e1b181afcf/),Revoked bootloaders,2023-05-22
+[bootx64.efi](bootloaders/46a49cc4-2dcb-4c79-b1d1-2c49f6df0af0/),[d92b8ac828b827e4e5b9e9aeb02676783cdb1884f42194823769ccf033a7b9c5](bootloaders/46a49cc4-2dcb-4c79-b1d1-2c49f6df0af0/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/3cf4dc5f-5fc3-4a44-b069-bced755a5e5d/),[C990C8BF9D0C8E5A50CAF28C9FF6E8EA1949C5DD6AAAC5AB08B3A77CC0D5F011](bootloaders/3cf4dc5f-5fc3-4a44-b069-bced755a5e5d/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/c5c530c2-b0e2-440b-98c4-3ae3a9581479/),[24119E64BBECB849FDB3CC3EF0BEE550248B13BD5ED5AE540A9389C7D5D7C8BD](bootloaders/c5c530c2-b0e2-440b-98c4-3ae3a9581479/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/2281377f-96d2-494e-91d6-86e4f2c78198/),[fef56f20ef6e5065ed0fde1d85fd19f1f07212403489fd1e2b63aa41f5dc600b](bootloaders/2281377f-96d2-494e-91d6-86e4f2c78198/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/fc53d49c-f8d1-4a46-91be-205a0ec0515a/),[dbeb49f986ec6618e7c256d3db4e3d5378a6ee3439c5949ae57e12722a73a198](bootloaders/fc53d49c-f8d1-4a46-91be-205a0ec0515a/),Revoked bootloaders,2023-05-22
+[grubnetx64.efi](bootloaders/1b134b19-47f4-4bfd-af37-40c05933168f/),[8e8addb29426d845a0101c2c1f26c2e7fe8c78128ab04f16cfcb4e06461b0101](bootloaders/1b134b19-47f4-4bfd-af37-40c05933168f/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/ec0d55b6-d46c-4f5e-b467-1a8fe09e64d2/),[FB03DB013F31A9AA909B77CF510CD129B9E857A93E37BF9ABB91A79EB296C758](bootloaders/ec0d55b6-d46c-4f5e-b467-1a8fe09e64d2/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/cb5a22b9-4471-44a3-9783-c27df207f95a/),[B1EC3A20DD620668852C057FD33023CB945D35122C079F13A59A73F8A4E4FC12](bootloaders/cb5a22b9-4471-44a3-9783-c27df207f95a/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/513ff7cf-418a-4405-9020-8044f5ce24cd/),[4489FA289C24EC5745E69F476FEBB3FA0103501D95349E795BE481E678429DDE](bootloaders/513ff7cf-418a-4405-9020-8044f5ce24cd/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/c2ba98da-826c-45bb-bb56-09db34e78fe0/),[88c2eac45b9480cc7e423558ba1b90097e8f12dbf98f4628c7a574c6371c6030](bootloaders/c2ba98da-826c-45bb-bb56-09db34e78fe0/),Revoked bootloaders,2023-05-22
+[2d78b89b-4a5d-4d38-8c20-2baf76df8699](bootloaders/2d78b89b-4a5d-4d38-8c20-2baf76df8699/),[83B1D2B20830EE199D8845C999D4680B1B2B6D9C1F424DD13826DA3FA7F7139E](bootloaders/2d78b89b-4a5d-4d38-8c20-2baf76df8699/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/52a629bd-deb4-4e92-aa7c-3e4c301a086a/),[e0df7ce01e42a61228f4005fcdb9c42675ff7280a0be9ec1c32ad9d5e0493f10](bootloaders/52a629bd-deb4-4e92-aa7c-3e4c301a086a/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/85443af0-4180-4b3e-978c-e3d8c8d35422/),[669353cc31e65f896a755db94a045d9dc1b4a24baba14fce11d623bdfacec78c](bootloaders/85443af0-4180-4b3e-978c-e3d8c8d35422/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/347957db-bbbc-4322-a736-366891a369d0/),[F736ABAB18FA867218E4FBFEAA8A452C3B55F2981CC7E27E6CAF1FD9181EF294](bootloaders/347957db-bbbc-4322-a736-366891a369d0/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/025ed4ef-d8c6-492b-927f-a1eb484d7b89/),[D0A3923ED57307BBDDA1ECF0FF1C40F478DD6F439F80A072508C3551520CD52C](bootloaders/025ed4ef-d8c6-492b-927f-a1eb484d7b89/),Revoked bootloaders,2023-05-22
+[24b32147-9b69-40e3-a166-b0c457b3c371](bootloaders/24b32147-9b69-40e3-a166-b0c457b3c371/),[3F8091F700DA0DD082C6C06D0D3B68DB8D51FBE03198BBD6E4FA0D4A9EACA522](bootloaders/24b32147-9b69-40e3-a166-b0c457b3c371/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/9ad7a737-68be-4ce9-9595-30623e887396/),[77e2945b3a2b0d14e9943f90ddd7bb87dde9cc5d8be09f9693e9f4166769363d](bootloaders/9ad7a737-68be-4ce9-9595-30623e887396/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/77a4c1f2-a194-4778-8074-4ba1d052129f/),[4f3e97e36ec05236dc378c544310a9685d57409b87020bee731d7ddbf90987c6](bootloaders/77a4c1f2-a194-4778-8074-4ba1d052129f/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/4c9eca9d-f738-4fde-99da-f5f1536910f5/),[399BDFB85E5A072F763B3692AC5B34FDB00D7C5DA4180219E99A2E0693D72B39](bootloaders/4c9eca9d-f738-4fde-99da-f5f1536910f5/),Revoked bootloaders,2023-05-22
+[51d3afbe-d378-492d-86fc-3afcf9396417](bootloaders/51d3afbe-d378-492d-86fc-3afcf9396417/),[0FB12613BC1D4AB6FBB256574EBA9347AE3A87F96E4A3C259028B55CDE1D8053](bootloaders/51d3afbe-d378-492d-86fc-3afcf9396417/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/46e2d5a7-6b08-4c8f-b90a-dac8418621e2/),[b65fe0af8297168749dc235340cba7c08cf6b956fdd25fc2c9f16d20da536713](bootloaders/46e2d5a7-6b08-4c8f-b90a-dac8418621e2/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/94e35789-58de-436e-b04a-8a7b7ded8347/),[12A9833615CAABCF4F732C8BB088C83EC18C286EEF2332CB11F18529B676BD38](bootloaders/94e35789-58de-436e-b04a-8a7b7ded8347/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/3b215ee9-89b8-4437-bd89-dc9fa92cb727/),[21BB3AD3C8E0198CA40E2636E5C3F27EAC047C1C0B39F19D81332FCA03DC4FC0](bootloaders/3b215ee9-89b8-4437-bd89-dc9fa92cb727/),Revoked bootloaders,2023-05-22
+[rhel-8.3-20200730-shim64-bit.efi](bootloaders/365019a1-7820-4c83-a483-15dfd2ca466c/),[FE09433ECE56EFB74EDFFB10BB4E2C05EF9FA3C37C5E60BD5E87FBDEEAB3EB40](bootloaders/365019a1-7820-4c83-a483-15dfd2ca466c/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/3cddc9bb-dc68-4cd7-aee9-227b47b47966/),[413782A6CEE2CFF718F87A737CD989E2A6067E67212B575AD8A7D80B1A62F206](bootloaders/3cddc9bb-dc68-4cd7-aee9-227b47b47966/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/ce52a206-8cc9-43e4-9f5d-28b646502ac3/),[1604f70608f964d1a835c3f3a421e58e449774f0291ff134ac298364e8e3f776](bootloaders/ce52a206-8cc9-43e4-9f5d-28b646502ac3/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/9d219a02-b011-4466-8b2c-6fd725593454/),[4155DCEAAF889DE79ADB9B2130F1CF23AADD24080C2B2C1EC5F4C359C52A8D7D](bootloaders/9d219a02-b011-4466-8b2c-6fd725593454/),Revoked bootloaders,2023-05-22
+[670b1089-ea21-40d1-ac0a-1dc0adeb7b05](bootloaders/670b1089-ea21-40d1-ac0a-1dc0adeb7b05/),[30A947ED2F95D0E7F2746F3A4F3C458FC64554295BA5B4C302FE0EE4F8027C0C](bootloaders/670b1089-ea21-40d1-ac0a-1dc0adeb7b05/),Revoked bootloaders,2023-05-22
+[9a4cfe78-97aa-4d04-a049-9f0c2d3869c1](bootloaders/9a4cfe78-97aa-4d04-a049-9f0c2d3869c1/),[D8C26A5324CA74212B59B59BEF1BC33FB5B6946DCDDE84414C60A2E315EDE741](bootloaders/9a4cfe78-97aa-4d04-a049-9f0c2d3869c1/),Revoked bootloaders,2023-05-22
+[shim-15+1533136590.3beb971-0ubuntu1/shimaa64.efi](bootloaders/67ae7723-5130-48c6-b24b-22a876c9c2c0/),[C58ABF55F773FEE60CDB21D01D02229C4A3FEEB29F5D904CEB3106BC4B435EE7](bootloaders/67ae7723-5130-48c6-b24b-22a876c9c2c0/),Revoked bootloaders,2023-05-22
+[BOOTIA32.EFI](bootloaders/60383f5c-6dcc-4df4-aad0-510733820a1b/),[953a7719b50073e701730fcff79b2fee7054c72c54d1f0b0f2571d3ce7fdb925](bootloaders/60383f5c-6dcc-4df4-aad0-510733820a1b/),Revoked bootloaders,2023-05-22
+[rhel-8.3-shim-20200726-shimia32.efi](bootloaders/063ad364-8db5-4bb6-a731-799b970cf900/),[96DD3FFBAB73A9DAA0CA93C34C4EDA5BD9C8AEEB0480C1A3BD93131F44CA9A29](bootloaders/063ad364-8db5-4bb6-a731-799b970cf900/),Revoked bootloaders,2023-05-22
+[bootia32.efi](bootloaders/1a268d88-47d0-4204-ade4-ed6e4ef6028e/),[B510C9A79CB6CE1BC37912839AF57B453CC4A77C3D5DCC9935F8CCFF7C81F9FE](bootloaders/1a268d88-47d0-4204-ade4-ed6e4ef6028e/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/48d8feab-a988-4578-a65e-c6ba5f43ffac/),[ABF6F968CF9ACDDC04BA5F287F857551CC9D3237CE402D527279930AB5F84894](bootloaders/48d8feab-a988-4578-a65e-c6ba5f43ffac/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/d2c1c960-2c20-4647-ba66-d3c5d3385cff/),[dd3ca7c4bf6698e7d72f6c2fb0eb59997336c294d604062ef495ee8e1f49931c](bootloaders/d2c1c960-2c20-4647-ba66-d3c5d3385cff/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/a34d1cd4-ad9d-4dda-8e4e-ac86e42a6d92/),[331A6D1D07B7A19AB36312AB8303C9FA5B5D2628B6EF5C593846B6F4B824059F](bootloaders/a34d1cd4-ad9d-4dda-8e4e-ac86e42a6d92/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/e2313b7a-714a-4e2c-a692-4259f9bc3b0c/),[C190FBE65C28E7DBCA5AAE188C368CAB9A43ADB7F3B010843086D6DA77C3A6E5](bootloaders/e2313b7a-714a-4e2c-a692-4259f9bc3b0c/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/cc55f472-e9c9-493c-bf44-98d528441570/),[5f3952cba19c9f225aae8b57e57c7e20505ac617aeca845a8b5cde4994405c92](bootloaders/cc55f472-e9c9-493c-bf44-98d528441570/),Revoked bootloaders,2023-05-22
+[centos-8.3-shim-20200726-shimia32.efi](bootloaders/fbf92874-0ee4-4c8e-9dc5-ab73b6bb4010/),[1A9DDD9AF383AD81787CD7C6A6DC8C8AA86CD995157C32AD476B60D2C494F7FA](bootloaders/fbf92874-0ee4-4c8e-9dc5-ab73b6bb4010/),Revoked bootloaders,2023-05-22
+[BOOTX64.EFI](bootloaders/a205120a-b99d-4e65-a96d-b8092539c1d7/),[0CE7F3FEC8BBB04E182027DD6800B7993E9F14EB579504DDECDD2F06294D7739](bootloaders/a205120a-b99d-4e65-a96d-b8092539c1d7/),Revoked bootloaders,2023-05-22
+[miniloader.efi](bootloaders/82bfbd61-4cd5-490f-853a-3486090e0d3e/),[61F2D843B99AC93FA2ED40A50E5C3F0EAD7C75894BB92C32DF33052804CFB77C](bootloaders/82bfbd61-4cd5-490f-853a-3486090e0d3e/),Revoked bootloaders,2023-05-22
+[d7cc6936-4efd-40a1-bef3-ea4da008ae4c](bootloaders/d7cc6936-4efd-40a1-bef3-ea4da008ae4c/),[E4FF4E538B4758E8E49010ED16D6D5380417B146F3E8806ACB3AC40611646FDB](bootloaders/d7cc6936-4efd-40a1-bef3-ea4da008ae4c/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/293680d1-928e-47e7-b45b-421122787ad8/),[66CC4EE53DAE4DD746AE6D8B58B858DDDF1634A498D5EF41F50264E6F948F526](bootloaders/293680d1-928e-47e7-b45b-421122787ad8/),Revoked bootloaders,2023-05-22
+[c1e70cfa-8b21-4b51-8b94-9a06bb4b5550](bootloaders/c1e70cfa-8b21-4b51-8b94-9a06bb4b5550/),[608854C2B7A26B00A3970757C2FA176B361F74FE094F7CFA482C439071279548](bootloaders/c1e70cfa-8b21-4b51-8b94-9a06bb4b5550/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/66d407b1-5e65-4314-89c3-cc6dd5c10d59/),[EBB480F63BB81A4C88F42E97A1B40DAB2EBB926A358EACC1C52A5DB88A2BC6CA](bootloaders/66d407b1-5e65-4314-89c3-cc6dd5c10d59/),Revoked bootloaders,2023-05-22
+[bootaa64.efi](bootloaders/34da0cf6-14d0-43a7-8e56-ea63c3b0c1bd/),[A7CEA30E7B024C8710F9AE5C1302545CEEAF23B8DEBE362FB26562ACDD807325](bootloaders/34da0cf6-14d0-43a7-8e56-ea63c3b0c1bd/),Revoked bootloaders,2023-05-22
+[261d9721-b41e-4711-9ec1-d46057b9c56b](bootloaders/261d9721-b41e-4711-9ec1-d46057b9c56b/),[424C636253B4EFA0C69F91505EE16D7079956B8EDE4524FFCE211A1B037FF692](bootloaders/261d9721-b41e-4711-9ec1-d46057b9c56b/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/635f3ff1-ab0a-468c-b6a3-6a8aa39301d5/),[165a5dcdea3a7de7cfae38298597445eba59282308c7243be50f568aa610f4f2](bootloaders/635f3ff1-ab0a-468c-b6a3-6a8aa39301d5/),Revoked bootloaders,2023-05-22
+[8a6aa8d7-205b-4747-aa92-8b526be3b7d2](bootloaders/8a6aa8d7-205b-4747-aa92-8b526be3b7d2/),[29DA5912698EE1928C239D394EF95A4BEEF0DC59262B6BFFEC24FA205C4B8A10](bootloaders/8a6aa8d7-205b-4747-aa92-8b526be3b7d2/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/6f2d1488-6c25-477a-97ad-e0a570723b20/),[A8CE55447F57564F1CE95A7B3C505A7996BDAC4A06710DD101ECD5B818653E27](bootloaders/6f2d1488-6c25-477a-97ad-e0a570723b20/),Revoked bootloaders,2023-05-22
+[3939d676-6d9d-48b4-8be9-d7d7f3528c08](bootloaders/3939d676-6d9d-48b4-8be9-d7d7f3528c08/),[EDFFF0969567FF1C1867AA921EAA5CF4C65D20F0511BA7EE7328F7B67238DF53](bootloaders/3939d676-6d9d-48b4-8be9-d7d7f3528c08/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/b42db55a-4520-493a-81ec-42002887ea96/),[d1af02fca7522c8d27e053544b3b653ff2daffcae9c420e460235dacab53f7cd](bootloaders/b42db55a-4520-493a-81ec-42002887ea96/),Revoked bootloaders,2023-05-22
+[bootx64.efi](bootloaders/27ce9422-3805-4231-8142-aa0976d3686a/),[EEC3E281A5545CAF11EC02BB0DF159DA19698E639CBA0190A0AEC9AB09296BEB](bootloaders/27ce9422-3805-4231-8142-aa0976d3686a/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/454bb2af-6ee7-483d-8a15-73f2fec386ba/),[1B9401C47B0837F1FA315F2F29F304ED360B5B2E2843141367562B60EDB1CCA9](bootloaders/454bb2af-6ee7-483d-8a15-73f2fec386ba/),Revoked bootloaders,2023-05-22
+[d0f8d27f-26e3-4500-bcb8-dab29c667c29](bootloaders/d0f8d27f-26e3-4500-bcb8-dab29c667c29/),[0742A120E871BBB67D6947D05E9301CDACBCCB4AF650464F996B40352CA9699B](bootloaders/d0f8d27f-26e3-4500-bcb8-dab29c667c29/),Revoked bootloaders,2023-05-22
+[BOOTX64.EFI](bootloaders/52f8c789-bc20-45cd-a1b6-8a564b18fff6/),[d57f40a0e9018765cd79393a0d57d8e6d6d880d93b95fa57cedbda5a0b4a1ae3](bootloaders/52f8c789-bc20-45cd-a1b6-8a564b18fff6/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/29221f48-fbc7-4db4-8fc6-86f1e3e137b8/),[3A5B30A5017105C4CB30A0793FAE4600BF4A1A442D85C79E98405DC0083DEB8C](bootloaders/29221f48-fbc7-4db4-8fc6-86f1e3e137b8/),Revoked bootloaders,2023-05-22
+[5abbd1d8-5850-4e54-9375-6a9639a8db58](bootloaders/5abbd1d8-5850-4e54-9375-6a9639a8db58/),[77F55C6E07D808021F9E66017605D8B2DED6C55944693641902C4CE821E37878](bootloaders/5abbd1d8-5850-4e54-9375-6a9639a8db58/),Revoked bootloaders,2023-05-22
+[add3eacb-c3b2-4adc-ba76-49ddb1af2ae3](bootloaders/add3eacb-c3b2-4adc-ba76-49ddb1af2ae3/),[FCCC2A01967926437DC0F5F49C6ACEED4DC67EBD7E99169023B5F89A7264CB98](bootloaders/add3eacb-c3b2-4adc-ba76-49ddb1af2ae3/),Revoked bootloaders,2023-05-22
+[BOOTIA32.EFI](bootloaders/854018eb-0eb9-4c45-8c0c-edb859445cb9/),[6a6f1c13eefcba07c0fc8aa0b70ab6fe2bc709a9eaf83090b735fec8e0dd576b](bootloaders/854018eb-0eb9-4c45-8c0c-edb859445cb9/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/cb08669d-8b82-45b7-8fc7-ea815f96e336/),[BD6E8218BAF3A86090201D6A118858CFA5F63AA2732CC880DADF39A1609F12E3](bootloaders/cb08669d-8b82-45b7-8fc7-ea815f96e336/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/120f5dbe-0a55-4b54-a42f-e51cb54f75c4/),[7294F03850C2084A287FAEFBA778592D9D01E5062DD2E980537E39FDBFE20316](bootloaders/120f5dbe-0a55-4b54-a42f-e51cb54f75c4/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/c8440951-fa74-42e2-bee5-4a70db2dec53/),[fe26e6c2bc5ac4357e6657624180ca1e946d6dabe79cdb098d7b8b4e440851aa](bootloaders/c8440951-fa74-42e2-bee5-4a70db2dec53/),Revoked bootloaders,2023-05-22
+[shim-opensuse.efi](bootloaders/ce34babf-0f03-4d6d-969d-e063648d5dfe/),[7B40290ADE5BA3316AFC08748CFAB5AE79FB30BB8B5972766D670C3887E3D294](bootloaders/ce34babf-0f03-4d6d-969d-e063648d5dfe/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/79c58c75-492b-46fc-9788-59514261788a/),[E1A44BDE59714FE31A77476FCF73CFB784105333F05755D8F1C05EDE4056D4C6](bootloaders/79c58c75-492b-46fc-9788-59514261788a/),Revoked bootloaders,2023-05-22
+[shim-15+1552672080.a4a1fbe-0ubuntu1/shimaa64.efi](bootloaders/2e98c935-fda6-4fc9-b635-47a7d9157a02/),[B6F807D4488F132AB873DCDE8EDAD2875961895E503F263B86BA34958A290618](bootloaders/2e98c935-fda6-4fc9-b635-47a7d9157a02/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/4c768cdf-df02-45b1-9342-63389224b997/),[593148805FC70C5FBE0299A185DD367DF00A8E7AA95242C90C6567A73C1CD259](bootloaders/4c768cdf-df02-45b1-9342-63389224b997/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/90d2feb1-4600-4854-9a4e-fbf54b14c72a/),[1E75347868FC5FDDD501E1E2B56C7D511030513B0E9F45DC074DC562F11590E7](bootloaders/90d2feb1-4600-4854-9a4e-fbf54b14c72a/),Revoked bootloaders,2023-05-22
+[f907fd87-1f8a-4a91-8ed1-e74bf106b15c](bootloaders/f907fd87-1f8a-4a91-8ed1-e74bf106b15c/),[B40F5FF7030848DB736573E06A1A1C5BF49F119E66DD0BA7E48E2651E2CE7059](bootloaders/f907fd87-1f8a-4a91-8ed1-e74bf106b15c/),Revoked bootloaders,2023-05-22
+[BOOTX64.EFI](bootloaders/fbb59470-8b0e-4ad8-8692-e8a3e1c4df8c/),[f8e2a41c0444d7da76fc1682f3eb7e2a90140e1b68b413f4426bac357cbe14bb](bootloaders/fbb59470-8b0e-4ad8-8692-e8a3e1c4df8c/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/3fd56670-7eb8-406e-af51-68998459de7d/),[894C9E5370DA9DF83426F92C42CFDC5D79CE004ADBD45A7663E9F5E9A6A198C6](bootloaders/3fd56670-7eb8-406e-af51-68998459de7d/),Revoked bootloaders,2023-05-22
+[bootarm.efi](bootloaders/e7f84927-3fb4-41c9-b2fc-e87985cfbcc3/),[94F92895ED36D4EA45B0942E755640420AF5CA3B8E3EA855FC6A39C9A3661666](bootloaders/e7f84927-3fb4-41c9-b2fc-e87985cfbcc3/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/fcbb1d82-1e57-4ca2-8679-e366cd7cb4e8/),[355B0240DD31FAD0ED13D77B7F880F8EBB32BCC72F9667BECBA3263E099DF378](bootloaders/fcbb1d82-1e57-4ca2-8679-e366cd7cb4e8/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/1f0649ef-7118-46ab-b168-e4b9736bcea4/),[3F5AFCDADFA8F590C39764BD9A31CE160FD7A929654491154AFD6738C0523D2C](bootloaders/1f0649ef-7118-46ab-b168-e4b9736bcea4/),Revoked bootloaders,2023-05-22
+[61d9e3c8-8cc0-4c53-b886-e6e2e676f475](bootloaders/61d9e3c8-8cc0-4c53-b886-e6e2e676f475/),[AA909ADBB83E05F92BA2E1144C6A33CB320A760409E1015B00A9EED666063510](bootloaders/61d9e3c8-8cc0-4c53-b886-e6e2e676f475/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/224dff2d-8d29-4951-b7b7-4a0cd2c18dbc/),[7429F9578205C654FC25D2FBE8B6F27D8082E049A962982EB70F55DCA02BE882](bootloaders/224dff2d-8d29-4951-b7b7-4a0cd2c18dbc/),Revoked bootloaders,2023-05-22
+[shim64-bit.efi](bootloaders/4feb177a-ce68-4853-9874-5b834a0b9cb6/),[3898A72298BBF39E2E9B268DA9661B47B6AC5C160518089E27BF8DF25B77D584](bootloaders/4feb177a-ce68-4853-9874-5b834a0b9cb6/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/a434e53e-5631-4181-bd2e-47c546370f7b/),[ec89ddd37880430cd5242f5f15d13f4cf699f50dbe04643e5b70093631608204](bootloaders/a434e53e-5631-4181-bd2e-47c546370f7b/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/66da17c5-7c1b-43c3-8520-4d3efea91899/),[0e93c368f8177bc0fe1a09d79b897a94286f3c374a18a40522c3358cb627d7e2](bootloaders/66da17c5-7c1b-43c3-8520-4d3efea91899/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/ac6f3137-42fd-46e6-8cfb-a22a6785d529/),[566ae5fb2f355b2c03ecbbab4770e92856b0d1c3d659fe0c11263f1a5f8d7086](bootloaders/ac6f3137-42fd-46e6-8cfb-a22a6785d529/),Revoked bootloaders,2023-05-22
+[BOOTIA32.EFI](bootloaders/d50e4193-70d2-4807-9bc9-671894e82df9/),[c7d9dab91b726dea5abaa893d8f60bd4795f489894044dc56a9d3aad9cc49740](bootloaders/d50e4193-70d2-4807-9bc9-671894e82df9/),Revoked bootloaders,2023-05-22
+[shim-0~20120906.bcd0a4e8-0ubuntu4/shim64-bit.efi](bootloaders/51f20c00-6e15-4b45-852a-8f62e6f55436/),[DD33B966BE5F3882EED189E583AA4CA4D28E74B356DDEFFA164234DD7E89ABCA](bootloaders/51f20c00-6e15-4b45-852a-8f62e6f55436/),Revoked bootloaders,2023-05-22
+[3645f533-8562-4958-aaa3-7e5924aadd8e](bootloaders/3645f533-8562-4958-aaa3-7e5924aadd8e/),[A7094801F966FC5C253DBD17066AF5BBCB3AF5E281D0A4DAB24E30C7A4B0FB12](bootloaders/3645f533-8562-4958-aaa3-7e5924aadd8e/),Revoked bootloaders,2023-05-22
+[bf069911-444a-4972-8961-140fd7897324](bootloaders/bf069911-444a-4972-8961-140fd7897324/),[5D6A0CBDAAF188974E98ACA06E664B4AE98D458327717A20B1FF6C80518EEA3D](bootloaders/bf069911-444a-4972-8961-140fd7897324/),Revoked bootloaders,2023-05-22
+[BOOTX64.EFI](bootloaders/216969d0-1120-463f-a8b0-f8832f49fe39/),[487DF121FD496D9A443C3598DA3771FA187D408C589F4CB990041E546C529539](bootloaders/216969d0-1120-463f-a8b0-f8832f49fe39/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/2e84c348-bc0b-46e8-aad0-77b20e8c534e/),[e35cc798f138406bdc5e793574f62fe3be4c7dd6424aa6825e6ec7b2a345b591](bootloaders/2e84c348-bc0b-46e8-aad0-77b20e8c534e/),Revoked bootloaders,2023-05-22
+[a544e544-0e7e-4fcc-9195-e10564ba5674](bootloaders/a544e544-0e7e-4fcc-9195-e10564ba5674/),[3D3434BC5A18F072D4CF59D5651F9CE05B61B6FC3C21EBBCF371777AA1E1E1D5](bootloaders/a544e544-0e7e-4fcc-9195-e10564ba5674/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/ac900b72-efdd-4779-9a1f-401949c3446f/),[F4F5C82CD7BFA5294F973385F7F2FBCAF3AFD3748952B06692C085792BE146F7](bootloaders/ac900b72-efdd-4779-9a1f-401949c3446f/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/bfdc85a7-3cc9-4d18-b798-0fd82f9c5e85/),[78D6FDE56994BCF26964ED51DF446165DAD66BCB0BC6792B9EDD2850F19DEA4F](bootloaders/bfdc85a7-3cc9-4d18-b798-0fd82f9c5e85/),Revoked bootloaders,2023-05-22
+[9517d1f7-d485-4c7e-95b9-bdf297b342e1](bootloaders/9517d1f7-d485-4c7e-95b9-bdf297b342e1/),[BA44BD2BB872DD6C6A8687F65CC138585A963473203D6F3F64770E5365812630](bootloaders/9517d1f7-d485-4c7e-95b9-bdf297b342e1/),Revoked bootloaders,2023-05-22
+[BOOTIA32.EFI](bootloaders/8cb4f77a-a709-4aa9-9563-a21d26fc900f/),[67fe6b4b726451375e2dc3f87a0954cd01083fb4d8f4fb074bf699536450af04](bootloaders/8cb4f77a-a709-4aa9-9563-a21d26fc900f/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/d01601d7-2e46-4b78-801f-d260597e9b74/),[53af0ddbd3c4d33bd003403d8c9b41877e07770d3e789c781e5897858585e299](bootloaders/d01601d7-2e46-4b78-801f-d260597e9b74/),Revoked bootloaders,2023-05-22
+[bootia32.efi](bootloaders/ddecc35f-2233-4894-86d8-69e6e473943e/),[52febd655c84f4557de0ca35a236d468c03fa3bd0f51f54c31b37db29673da3f](bootloaders/ddecc35f-2233-4894-86d8-69e6e473943e/),Revoked bootloaders,2023-05-22
+[e950e347-4bfd-44d7-b2c6-7dbbce0f2667](bootloaders/e950e347-4bfd-44d7-b2c6-7dbbce0f2667/),[AA8DB86BE59A48E4C525DD468119BEBA1D836CE4293C76E4B736902D1AD62F27](bootloaders/e950e347-4bfd-44d7-b2c6-7dbbce0f2667/),Revoked bootloaders,2023-05-22
+[bootx64.efi](bootloaders/d22cf9cb-63e3-4445-8af3-abd3537282d0/),[884A2EC5FFBB42E948401E425123DCF2557664E77B3B7474A728069FDECD46ED](bootloaders/d22cf9cb-63e3-4445-8af3-abd3537282d0/),Revoked bootloaders,2023-05-22
+[BOOTX64.EFI](bootloaders/cb2d5dcd-595c-40d2-a14f-9b80d0fefc7e/),[537b428a0ad622765010c4405c1603ff464fcbb24ae4c2fbf559a10b8ea4593d](bootloaders/cb2d5dcd-595c-40d2-a14f-9b80d0fefc7e/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/94c6901b-e217-41cf-a4c7-b62763759d3e/),[A8FAD7CD0CC1DC152AE0880C21D91F6270FDB410D60E1129963AFCD3DF5841F1](bootloaders/94c6901b-e217-41cf-a4c7-b62763759d3e/),Revoked bootloaders,2023-05-22
+[48c8b841-9f1e-4557-ba59-91461142b90f](bootloaders/48c8b841-9f1e-4557-ba59-91461142b90f/),[571B2AA6CA8EDF6479D3472814B8CDF34A0B8544939E5CE9F50261968E382B45](bootloaders/48c8b841-9f1e-4557-ba59-91461142b90f/),Revoked bootloaders,2023-05-22
+[bootarm.efi](bootloaders/4002b7f5-487f-4822-a1bd-6fbf1167f00a/),[3142879893B677C1B25C92F9CF1DF3F90B209509992D52E9C64C3371296A9A08](bootloaders/4002b7f5-487f-4822-a1bd-6fbf1167f00a/),Revoked bootloaders,2023-05-22
+[d1e51f20-1939-4b7c-8875-2458c9e418d9](bootloaders/d1e51f20-1939-4b7c-8875-2458c9e418d9/),[FD1CD4D4A1AC691E7A0AF14C3DFB17DAF3F2E6A2B286C9E233070979EC36BB6F](bootloaders/d1e51f20-1939-4b7c-8875-2458c9e418d9/),Revoked bootloaders,2023-05-22
+[shim-0.4-0ubuntu3/shim64-bit.efi](bootloaders/bc584a7b-f352-4e0a-b86e-7954c4b63d2e/),[FA07B984FB6FDD32DB497C55225E614759BFEB7093BE1F02AB2E30BE1869B2E7](bootloaders/bc584a7b-f352-4e0a-b86e-7954c4b63d2e/),Revoked bootloaders,2023-05-22
+[centos-8.3-shim-20200726-shim64-bit.efi](bootloaders/6e1223b2-5193-4ba9-b9b5-b09c45dd4286/),[D662EF94388DB203CE52DF9902D77E9E5EFB25A202B5B096351D604FD3E63080](bootloaders/6e1223b2-5193-4ba9-b9b5-b09c45dd4286/),Revoked bootloaders,2023-05-22
+[29bd7324-d53f-4143-acc6-d03d0e4e3aa1](bootloaders/29bd7324-d53f-4143-acc6-d03d0e4e3aa1/),[9EABEA9AE699526AD519782DA21718DA7190490AA3436BBBD80269D4A4CC37C5](bootloaders/29bd7324-d53f-4143-acc6-d03d0e4e3aa1/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/dd1e593d-19e6-4e29-8d3f-5b85a21bf35b/),[940A66FBDCB9A3BE16FC8FF56DB63CBFFD7283F15ECF7E50BD9BBAC7EAD303F0](bootloaders/dd1e593d-19e6-4e29-8d3f-5b85a21bf35b/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/de853203-30c9-4dc4-a050-6812dc4e0113/),[BA8D25B9FA843DA5A70D38A5AA96549F2166E2F0B4C1C007AF8A07D07E98A528](bootloaders/de853203-30c9-4dc4-a050-6812dc4e0113/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/a9874948-be3c-49ba-b6ca-9ff18f01aa9e/),[9E1E22CBF19E9A483E6D57345959A3F8862C3C98E2A825EB995819F0CF210F48](bootloaders/a9874948-be3c-49ba-b6ca-9ff18f01aa9e/),Revoked bootloaders,2023-05-22
+[BOOTX64.EFI](bootloaders/8afa8fb8-bd3a-4033-9f71-3d1e574708ce/),[62c6affbee1ba9a0435562db6e092a5018effeed0bd0f1d0494f34ce6cd403e9](bootloaders/8afa8fb8-bd3a-4033-9f71-3d1e574708ce/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/a6597859-17b0-44f9-b8d8-493a0ff20ed9/),[E23336EB1176965193B9733A01F8B7329DFF26D191EF427DC06ED89DD439C615](bootloaders/a6597859-17b0-44f9-b8d8-493a0ff20ed9/),Revoked bootloaders,2023-05-22
+[shim64-bit.efi](bootloaders/ca7157a0-3de8-4642-95b6-0a42c53a97b3/),[7395EE455BB71B4A37DD973999C875F166037E7BF5B948F812A8B45ADFC03A55](bootloaders/ca7157a0-3de8-4642-95b6-0a42c53a97b3/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/05a8e372-5b24-4953-8d25-d6560076f4f4/),[4BB0A426CA2A23E05B62A3008009AAD7F184F3D24DBD65E9AA81DE341BC5326F](bootloaders/05a8e372-5b24-4953-8d25-d6560076f4f4/),Revoked bootloaders,2023-05-22
+[73af3c3c-dce6-48b2-bebf-ea167cbaef2a](bootloaders/73af3c3c-dce6-48b2-bebf-ea167cbaef2a/),[A2BE1EB17E12E0A66A87342C9D1CFD4D7DB81504A16B4FCB32F15C6BAA3F589D](bootloaders/73af3c3c-dce6-48b2-bebf-ea167cbaef2a/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/d880c342-2996-430a-b850-fb372cecbef7/),[C681A40CEB9F33F435A44614FB7E0D34007F1C67B83E8C907506414950CC45EB](bootloaders/d880c342-2996-430a-b850-fb372cecbef7/),Revoked bootloaders,2023-05-22
+[bootx64.efi](bootloaders/0e0c1a30-7f00-408c-94fc-b8679bfe90ee/),[b06dc8f3de1e7e5a53dc7ad0f8028f78a843df54884b4a92bcec21071f0e649b](bootloaders/0e0c1a30-7f00-408c-94fc-b8679bfe90ee/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/2eba3138-0822-49f5-abb8-ea5cae849369/),[df216fa3f13f8f7472c9586da4d0a7cd11cd60a041f486a611a4667f1c3d2cc6](bootloaders/2eba3138-0822-49f5-abb8-ea5cae849369/),Revoked bootloaders,2023-05-22
+[BOOTia32.efi](bootloaders/2b96f3c6-afdb-4da2-84d4-601c9a71b2a8/),[a9f6c38c2608d6f36f246e74a9fd17e915c89e54eafa2281b8ace86133df22b3](bootloaders/2b96f3c6-afdb-4da2-84d4-601c9a71b2a8/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/2b66ad2e-41d5-498c-bd23-2c88e3a74ccd/),[6DB28A61DEE4A1209B94F5C984C44D9674F69EE700373FD7BF1A3CBDAAB83FA0](bootloaders/2b66ad2e-41d5-498c-bd23-2c88e3a74ccd/),Revoked bootloaders,2023-05-22
+[30e370b5-bc05-4b98-96d1-8e71f41083fe](bootloaders/30e370b5-bc05-4b98-96d1-8e71f41083fe/),[EE721020DB7794DE74F59992A2C6B4DCA5B9FD584BBCBDEF96930B9A7132BE1C](bootloaders/30e370b5-bc05-4b98-96d1-8e71f41083fe/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/d90f0a0a-e161-4ebb-a2e3-5dbaa75cfaaf/),[C4081B588CA3FC9965C2D04A0E8CCA3E0016566CC8A84FEB78CBF63A4ED72EED](bootloaders/d90f0a0a-e161-4ebb-a2e3-5dbaa75cfaaf/),Revoked bootloaders,2023-05-22
+[3b905385-bf3a-4181-9c49-646bb5fb1e6d](bootloaders/3b905385-bf3a-4181-9c49-646bb5fb1e6d/),[65C4AAB0884825A8A2E4C114020E4FDB58A1D2B0CB68B7714A05D6CDE3F821D1](bootloaders/3b905385-bf3a-4181-9c49-646bb5fb1e6d/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/c67be7e5-8f3c-460a-b4ff-174ba2a0fb6d/),[997CCF341DBCE2EB9E119803723130DA90E8F1DD167A7B75400E73CBBADA54FD](bootloaders/c67be7e5-8f3c-460a-b4ff-174ba2a0fb6d/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/0c3bd8f7-9926-4763-98d1-7eaf036f7bf1/),[513310D70C03096167B915705C9F0CF34B2B62AC317AA3F89FA5CC385D74DB54](bootloaders/0c3bd8f7-9926-4763-98d1-7eaf036f7bf1/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/cc522d44-5de1-43fd-8d62-29b630f45f98/),[545c8c806d6a8b2ab307bf7ff5dff05dd86cfc431d3920692e15e7928ac98eed](bootloaders/cc522d44-5de1-43fd-8d62-29b630f45f98/),Revoked bootloaders,2023-05-22
+[bootx64.efi](bootloaders/f15d8f48-cf83-4954-a1d2-030f6dfd40a3/),[d0eb15fe822c6239a8bb2b42fbc035d0956c72ac6fbd1429c1ab7f7e348b8f94](bootloaders/f15d8f48-cf83-4954-a1d2-030f6dfd40a3/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/bab3bdab-1013-4418-bb3c-2ec673c8b6f5/),[9F91A5AAC09BA6E514DC37A013A68589DD22C1F5A7A539F4138CBC8ABC0A45F4](bootloaders/bab3bdab-1013-4418-bb3c-2ec673c8b6f5/),Revoked bootloaders,2023-05-22
+[b842b745-24ab-4f75-a302-5d4c4bf0101b](bootloaders/b842b745-24ab-4f75-a302-5d4c4bf0101b/),[C33397B499368E23DDA3FD5B9CC989647442F279EE6F80B53C620721C958346D](bootloaders/b842b745-24ab-4f75-a302-5d4c4bf0101b/),Revoked bootloaders,2023-05-22
+[536cb2d9-c5ae-4fbc-90af-4502d0f6c9c3](bootloaders/536cb2d9-c5ae-4fbc-90af-4502d0f6c9c3/),[0CA03AD1A65AFE81EC23E2B20E05D80C41AAEB5D6D5F98E2D0C5661F46E0CE9F](bootloaders/536cb2d9-c5ae-4fbc-90af-4502d0f6c9c3/),Revoked bootloaders,2023-05-22
+[72b28839-6c76-40b4-b8ec-6582be7d81eb](bootloaders/72b28839-6c76-40b4-b8ec-6582be7d81eb/),[F69D87F5BC30026B00110DADD0264311D15DECE6B67F046506755284AF5EC002](bootloaders/72b28839-6c76-40b4-b8ec-6582be7d81eb/),Revoked bootloaders,2023-05-22
+[02e8f438-8842-4018-8592-a4fea656bd01](bootloaders/02e8f438-8842-4018-8592-a4fea656bd01/),[8BF4FAC6F3981D1E6180DB0CD53152AE9666DC40884090A522840062E0C926E7](bootloaders/02e8f438-8842-4018-8592-a4fea656bd01/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/57a68cb9-ec2e-4a8b-881b-62a8da44a03b/),[3E73CE2DF3D7B01132C2ED47BC7D1B28E421B0600F0B8D4DECF7F7C23E83EE1B](bootloaders/57a68cb9-ec2e-4a8b-881b-62a8da44a03b/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/4f434341-9305-4574-9289-5bd1370108c7/),[854AD42E44FBE19122072E177080C2AA9F729BFDE223FA6EA98BE1490BB9A4C0](bootloaders/4f434341-9305-4574-9289-5bd1370108c7/),Revoked bootloaders,2023-05-22
+[cent-8.3-20200730-shim64-bit.efi](bootloaders/3dfbbf26-7e19-4d38-9b5a-6e332ba5fc34/),[DA649429AA5899D242782ED21EC332A217C3D530296FC9D7A0E3F1F694EB7FE1](bootloaders/3dfbbf26-7e19-4d38-9b5a-6e332ba5fc34/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/ef578b44-9fd5-4d83-9609-4c955babbd69/),[E082E310571748B9FE6B2DFAB71550530F2452B8E7E4F7725DE7EB9E4C7B1559](bootloaders/ef578b44-9fd5-4d83-9609-4c955babbd69/),Revoked bootloaders,2023-05-22
+[centos-7.9-shim-20200726-shim64-bit.efi](bootloaders/26ede8d7-1e62-43e2-97f4-710a4352d0ba/),[5C512E50028955AED91AF0317813C68B427A7F73A6497BDA82F4551BE1A04936](bootloaders/26ede8d7-1e62-43e2-97f4-710a4352d0ba/),Revoked bootloaders,2023-05-22
+[59605f2c-5575-464b-aacc-af09e949f153](bootloaders/59605f2c-5575-464b-aacc-af09e949f153/),[BA0610793FAA746150C0FD5689158B01DEEEA7320E2F14B31EE9AF4F2C4D1587](bootloaders/59605f2c-5575-464b-aacc-af09e949f153/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/a1a3ef63-ac2d-4613-8918-5bcfd1fc3e40/),[9A395E7EAB9E7976B1C30EC651B05658D780897BEBAB8A664C6091742E592E7B](bootloaders/a1a3ef63-ac2d-4613-8918-5bcfd1fc3e40/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/dfa9cb92-1691-442f-96df-9692e4ab29c4/),[d038eec123e1e13ab3ad27534de697c9779e9c27c62575f06771f80d3cbb7148](bootloaders/dfa9cb92-1691-442f-96df-9692e4ab29c4/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/3f7d85db-fd3c-4a8e-a83d-ac9d89dda3d8/),[626AD87C1D3475B2599DFD36B430BE3ECBFED207A20D9FBAA01F7AE808C0271B](bootloaders/3f7d85db-fd3c-4a8e-a83d-ac9d89dda3d8/),Revoked bootloaders,2023-05-22
+[bootia32.efi](bootloaders/2ca2a15a-a3ca-44f8-a400-6ad9d6c119ce/),[2f871712447dde7c3552f5aa90a2292821c6f32d92788e00dee8566f8d4de209](bootloaders/2ca2a15a-a3ca-44f8-a400-6ad9d6c119ce/),Revoked bootloaders,2023-05-22
+[shdloader.efi](bootloaders/85ef0c80-cca4-48f1-8ace-0ab2fda03b79/),[c3d65e174d47d3772cb431ea599bba76b8670bfaa51081895796432e2ef6461f](bootloaders/85ef0c80-cca4-48f1-8ace-0ab2fda03b79/),Revoked bootloaders,2023-05-22
+[grubx64.efi](bootloaders/2b61baf4-c396-4e1b-b487-87c1ebf4b17a/),[3d23947c39680b9fcf22b092b97c9d38edcc02f7ad13d3a925d1ee0b62797e73](bootloaders/2b61baf4-c396-4e1b-b487-87c1ebf4b17a/),Revoked bootloaders,2023-05-22
+[bootarm.efi](bootloaders/76afa72a-2b55-4649-9fc2-3dbdc27456e6/),[5AA8E7418AE78250745BE3ACFC2B8D1FC1DD4D1DEFB54F19A508BD8247CC958F](bootloaders/76afa72a-2b55-4649-9fc2-3dbdc27456e6/),Revoked bootloaders,2023-05-22
+[f65396ab-3920-4a6d-9bf0-fbbf62d52999](bootloaders/f65396ab-3920-4a6d-9bf0-fbbf62d52999/),[6A3C1124A642244F23685B68D2E5A0AE036651AA401DE70B3912EFD044B62222](bootloaders/f65396ab-3920-4a6d-9bf0-fbbf62d52999/),Revoked bootloaders,2023-05-22
+[c632b521-0428-4bcd-b37c-3cbd25eccc0e](bootloaders/c632b521-0428-4bcd-b37c-3cbd25eccc0e/),[E33E9D1B1D5ADE1934AC7BD39F0BA4CEAC9459A7E2AABB8D204354D4C8652E6E](bootloaders/c632b521-0428-4bcd-b37c-3cbd25eccc0e/),Revoked bootloaders,2023-05-22
+[d8aa2211-8d13-4e4e-88af-60ff17efd3cc](bootloaders/d8aa2211-8d13-4e4e-88af-60ff17efd3cc/),[407326C7F1C837A861EE8D187170C779A9B6A25B0736761645D7E549EBFA17C2](bootloaders/d8aa2211-8d13-4e4e-88af-60ff17efd3cc/),Revoked bootloaders,2023-05-22
+[a280d6df-a426-4031-8dc8-31473975f92b](bootloaders/a280d6df-a426-4031-8dc8-31473975f92b/),[EC16CFB5AE2297154394D9AB6B5B749DCE676404486D72A44064CD9A716EC1F9](bootloaders/a280d6df-a426-4031-8dc8-31473975f92b/),Revoked bootloaders,2023-05-22
+[BOOTX64.EFI](bootloaders/1f6808e6-5b11-4cb3-b2d7-427ea75c1f9e/),[2df05c41acc56d0f4c9371da62ec6cb311c9afb84b4a4d8c3738583ccc874d38](bootloaders/1f6808e6-5b11-4cb3-b2d7-427ea75c1f9e/),Revoked bootloaders,2023-05-22
+[5df619c2-4db7-43f4-95b6-a2e16ebf847f](bootloaders/5df619c2-4db7-43f4-95b6-a2e16ebf847f/),[CEF9A1B433C4ED851EC0C373F7E1F19A2B8C306A821D114F177B14E8C070276F](bootloaders/5df619c2-4db7-43f4-95b6-a2e16ebf847f/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/64508479-d4fc-4415-b202-d787a4d094e6/),[0EF0AD66BA9A0C4E4815BFD072FE7E281DC382D8DE08A4529DF3FF997B19E705](bootloaders/64508479-d4fc-4415-b202-d787a4d094e6/),Revoked bootloaders,2023-05-22
+[Signed_13652009334930799/shimia32.efi](bootloaders/3cd9faa5-1675-4640-8304-86e162b60451/),[ff9f39869baafa17592820f7f5cf101b15a8423831abfa97c89cf193cdd98e89](bootloaders/3cd9faa5-1675-4640-8304-86e162b60451/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/cf8adf07-931e-408c-a85f-d5e45b09a41e/),[A84FFCA344A000BE6FC526DA7D7F701B87EF5559A71D8E63F806276E4D3DFE27](bootloaders/cf8adf07-931e-408c-a85f-d5e45b09a41e/),Revoked bootloaders,2023-05-22
+[ce737ee6-e949-44cb-badf-3f1d775d4832](bootloaders/ce737ee6-e949-44cb-badf-3f1d775d4832/),[10368826DC89AF42B4AD7E69A9E1F4DA9486DD645C088F445998E8DCA18EB0D4](bootloaders/ce737ee6-e949-44cb-badf-3f1d775d4832/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/a24fcdef-7393-4141-ae9a-f97fce196c35/),[98A4F01BD9D8A039C669C2AF9082A0EEFBCEABEA4C739E05A1D0C59C5D851AD1](bootloaders/a24fcdef-7393-4141-ae9a-f97fce196c35/),Revoked bootloaders,2023-05-22
+[shim-13-0ubuntu2/shim64-bit.efi](bootloaders/b1d65631-7072-4168-b25a-5e18d41b3410/),[9be93e365a8240a03b05db26684b708b46d7585be325a3e22170cd5b324e0cb0](bootloaders/b1d65631-7072-4168-b25a-5e18d41b3410/),Revoked bootloaders,2023-05-22
+[2c1b4ac9-5f4e-407f-bf05-bea2bef8d7f3](bootloaders/2c1b4ac9-5f4e-407f-bf05-bea2bef8d7f3/),[191A99A1EF854CE43E64D1CE2FDCC0C942200B88D232F8823A439CBCD7D148C1](bootloaders/2c1b4ac9-5f4e-407f-bf05-bea2bef8d7f3/),Revoked bootloaders,2023-05-22
+[bootia32.efi](bootloaders/7191ca91-6b37-4c4f-821c-a2df6c16e91c/),[3E964DC8AAE03D464F3DEB556C4927075AA9F3A1998C66D65EFDE178F465D7B3](bootloaders/7191ca91-6b37-4c4f-821c-a2df6c16e91c/),Revoked bootloaders,2023-05-22
+[c947ca13-4a5b-42ca-81cd-b1d1d9a4d8dd](bootloaders/c947ca13-4a5b-42ca-81cd-b1d1d9a4d8dd/),[83A5C9C78BC64206AAF7B7F9901867D19BB746201923D855AAE24A2B2330F113](bootloaders/c947ca13-4a5b-42ca-81cd-b1d1d9a4d8dd/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/41327687-8774-4304-bbda-cc7c5835b54b/),[67D204E0E5DBC0C5B2549FC2C003024525378DB4DE12E5CA1451DD996561AED5](bootloaders/41327687-8774-4304-bbda-cc7c5835b54b/),Revoked bootloaders,2023-05-22
+[e84c007a-a263-4bea-ad23-e46447001e91](bootloaders/e84c007a-a263-4bea-ad23-e46447001e91/),[44FD1F90799B852B3BED642DE300BCF9EF6CA81036CD5588C24D5B8E00D4B9D1](bootloaders/e84c007a-a263-4bea-ad23-e46447001e91/),Revoked bootloaders,2023-05-22
+[34e61740-5c56-404a-b796-1db5337dd86e](bootloaders/34e61740-5c56-404a-b796-1db5337dd86e/),[EDE70AA6A98D8130019296CE64B5CCF634A997B26401C0E119B96BBF7ACE1C0C](bootloaders/34e61740-5c56-404a-b796-1db5337dd86e/),Revoked bootloaders,2023-05-22
+[bootx64.efi](bootloaders/cef9f132-2635-47a6-bed7-6011eb7f04ca/),[3f8f266488f3b888eb77b8df43582fa8124366b7d0670ed78926410f9c9f411f](bootloaders/cef9f132-2635-47a6-bed7-6011eb7f04ca/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/84fbccc2-01e7-4a24-adbd-a1d3ca0acc50/),[574695D73FF3813C780728858B4A6D2CE6D24B41308B23281E438B66A60E4424](bootloaders/84fbccc2-01e7-4a24-adbd-a1d3ca0acc50/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/45ac4276-741b-4e22-92bd-bb97042ed4bb/),[0CCF098A0B3F109F35C763E69DFA54190365999A78707EF63863A812C1C07F9C](bootloaders/45ac4276-741b-4e22-92bd-bb97042ed4bb/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/c9f24d64-ce8c-460c-a5b9-13c1082de5c5/),[3EF9FD0B7CEF661D5AF2971DAEF1ECC44D9210D33AF8C95E2DF9EDD694BB0FE2](bootloaders/c9f24d64-ce8c-460c-a5b9-13c1082de5c5/),Revoked bootloaders,2023-05-22
+[shim-0.9+1465500757.14a5905-0ubuntu1/shim64-bit.efi](bootloaders/81ea3a10-a003-4839-ae9f-52cb700d38d4/),[889337B0F67FFBDDD260CEE774DFA332DBB4EAE7D11333B2DDBAD7CA7FA773A2](bootloaders/81ea3a10-a003-4839-ae9f-52cb700d38d4/),Revoked bootloaders,2023-05-22
+[cent-7.9-20200730-shim64-bit.efi](bootloaders/9091dbdc-0263-43e1-a886-3c18c6532dd3/),[5DB10187E0E8BB8D2FF649810E03F80FB6873370F3AB1F013811B8E9670F3863](bootloaders/9091dbdc-0263-43e1-a886-3c18c6532dd3/),Revoked bootloaders,2023-05-22
+[bootia32.efi](bootloaders/13ef8a27-3274-4d3d-831f-36b30bc88627/),[F2F2F729FC1B94C3B3AD210E0664FAE3351D0D7541581FE2C6DC7B087BE2B16C](bootloaders/13ef8a27-3274-4d3d-831f-36b30bc88627/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/aa9b6b05-0b51-423e-b4f7-39cb30cbc987/),[62288f1f5f2f8529292eb45c2ae2a33d1057a3dec12164958e76ded36fbe712b](bootloaders/aa9b6b05-0b51-423e-b4f7-39cb30cbc987/),Revoked bootloaders,2023-05-22
+[ae22fd08-2ecd-43b7-a5c7-3b857e0e3b71](bootloaders/ae22fd08-2ecd-43b7-a5c7-3b857e0e3b71/),[20E870697471F16EAC55A9658212F83A7E443CDB3844C7D1901B4D4271828F7D](bootloaders/ae22fd08-2ecd-43b7-a5c7-3b857e0e3b71/),Revoked bootloaders,2023-05-22
+[BOOTx64.EFI](bootloaders/35c8a2f7-287d-4251-a949-d1ad45040784/),[e352109145416e3b61dcf5e09492d24410828121e7d74c08ce0d3157b45a0831](bootloaders/35c8a2f7-287d-4251-a949-d1ad45040784/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/663a9b38-509f-4a27-b2b8-13801ce4ee89/),[3E8EE29691F1F22F5B46C301EDFE411821D466E7A39672A416E387060A0EEFE0](bootloaders/663a9b38-509f-4a27-b2b8-13801ce4ee89/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/298f4996-3321-455a-bce2-919c3a73da65/),[7AFFFCAF48E9289AA0C44566C53EC0A311BF3E2ABF351E0122C685FD568D97B1](bootloaders/298f4996-3321-455a-bce2-919c3a73da65/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/4a9f5a2f-87ca-4a7e-9a16-15d7e8a44c14/),[c643c3cc182443893728101f5303aaa05b08ec8616310546edc903635c692b5e](bootloaders/4a9f5a2f-87ca-4a7e-9a16-15d7e8a44c14/),Revoked bootloaders,2023-05-22
+[shim-0.9+1474479173.6c180c6-0ubuntu1/shim](bootloaders/9a8ab464-2a24-4329-ba2f-e9eaeb2edb90/),[98799E6AD44F2AFF3D3D7B66E482B2F4DE4438F5752D932D12C97FF56FA1942B](bootloaders/9a8ab464-2a24-4329-ba2f-e9eaeb2edb90/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/934f9364-3471-415f-a502-036969a78958/),[F51C64E1690E8FADAE2C55EDE85377D6680C337DABCFC01FF6CF37D8D87892BA](bootloaders/934f9364-3471-415f-a502-036969a78958/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/32544796-1bfd-476b-a4f6-8fccc5a593a3/),[e443176d6a0621e65cadde51f4019ec7fb25e91fa87cbb6cbaf09d94e9e49918](bootloaders/32544796-1bfd-476b-a4f6-8fccc5a593a3/),Revoked bootloaders,2023-05-22
+[rhel-7.9-20200909-shim64-bit.efi](bootloaders/c900de9c-b4b1-40b1-b106-db0845396462/),[C2405153F56A12F727853FD55BC9C99B81937B42A1A0BC585310DA45D35A3FAD](bootloaders/c900de9c-b4b1-40b1-b106-db0845396462/),Revoked bootloaders,2023-05-22
+[Bootx64.efi](bootloaders/b1ed132f-d99d-4616-9fa6-56b6e8e814f6/),[09f2e41661cbbd714d22986fbb36a2b5764a5544c85f9875d227f6a26e1c8c8b](bootloaders/b1ed132f-d99d-4616-9fa6-56b6e8e814f6/),Revoked bootloaders,2023-05-22
+[a8267643-bd8f-42e9-851a-86b986973758](bootloaders/a8267643-bd8f-42e9-851a-86b986973758/),[AD1A9C1667E89214EE947D6B40D61BFFB7EA942ABCCE85319520CC3DE301FA1B](bootloaders/a8267643-bd8f-42e9-851a-86b986973758/),Revoked bootloaders,2023-05-22
+[bootia32.efi](bootloaders/b03177a4-54ec-4449-b30d-f197e75b8b3e/),[aa6f27b8b2ca5826f497362042c003b5e1d7ca22383d82730fbc5c45e048d839](bootloaders/b03177a4-54ec-4449-b30d-f197e75b8b3e/),Revoked bootloaders,2023-05-22
+[bootx64.efi](bootloaders/94ba0558-c5b6-4f9f-b1fc-598e7448bf13/),[196243A87389B47FC9033AF3884F3FF0A5C891D80E22C82D2ECD5B9A3434186E](bootloaders/94ba0558-c5b6-4f9f-b1fc-598e7448bf13/),Revoked bootloaders,2023-05-22
+[9470ea71-b7e9-4e8e-ae73-a4b5fe32bc04](bootloaders/9470ea71-b7e9-4e8e-ae73-a4b5fe32bc04/),[8310f47ba34eb1aca146a5bdb8b59138173e659fbeb57a4c89355d8c54930b6b](bootloaders/9470ea71-b7e9-4e8e-ae73-a4b5fe32bc04/),Revoked bootloaders,2023-05-22
+[bootia32.efi](bootloaders/81f3828a-1a59-4fc2-a34e-d1f297f0f719/),[CF960A60921EF186A0A511BECC06B264407111D2AE6875C93496121887318EDE](bootloaders/81f3828a-1a59-4fc2-a34e-d1f297f0f719/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/406a9495-809e-4065-8c57-b6aa66dc4029/),[B6FDF73C4B54F57935671B1C6F03FF5F104F8092C72574C2DF2C6FFB1E5F2E61](bootloaders/406a9495-809e-4065-8c57-b6aa66dc4029/),Revoked bootloaders,2023-05-22
+[bootarm.efi](bootloaders/989b4dda-91c9-4903-9027-6ff3e74738b2/),[87150D354E809EE266FC005B1DECA64F70A72B9505AD79062D337EEF012CA896](bootloaders/989b4dda-91c9-4903-9027-6ff3e74738b2/),Revoked bootloaders,2023-05-22
+[bootia32.efi](bootloaders/3175132e-f5d7-4d88-b395-ca30351f8c69/),[55a5bb13e3a985e0ab011e69b41704319de0843f9254cf91ed2964c13af345fe](bootloaders/3175132e-f5d7-4d88-b395-ca30351f8c69/),Revoked bootloaders,2023-05-22
+[c368c62d-85dc-4bc7-8302-09be91700a9f](bootloaders/c368c62d-85dc-4bc7-8302-09be91700a9f/),[7CEE7E91292E5591BA4597D312BCFE9C0EEB906B18B327B8983BA497F9921BF7](bootloaders/c368c62d-85dc-4bc7-8302-09be91700a9f/),Revoked bootloaders,2023-05-22
+[469544ed-d70a-42d6-aca2-690d5ebecb4a](bootloaders/469544ed-d70a-42d6-aca2-690d5ebecb4a/),[2B91C0C8C0F156ABC8F85274C1320C038AF0179FE4696260B1011D5361E50AEA](bootloaders/469544ed-d70a-42d6-aca2-690d5ebecb4a/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/04eaf4b4-a618-4d2c-8eb1-1e0065c05212/),[EA4EEC2975E4EAED0C5EE6C25C887FC8C7A0298FB613852DEC200DACD2485FD3](bootloaders/04eaf4b4-a618-4d2c-8eb1-1e0065c05212/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/c2d12b91-7e1e-403c-8d76-9664229a68c0/),[101EC6206BC939A389713775B3BDB405E91252FAD75509C54FA1DBBE822F4596](bootloaders/c2d12b91-7e1e-403c-8d76-9664229a68c0/),Revoked bootloaders,2023-05-22
+[rhel-7.9-20200730-shim64-bit.efi](bootloaders/db9487ab-4dc1-4c3d-a04a-70696d63bcc4/),[24357D13D3CFC29A7E83D86A6BB53FC932461B7D0A653701188D7B427C704FB1](bootloaders/db9487ab-4dc1-4c3d-a04a-70696d63bcc4/),Revoked bootloaders,2023-05-22
+[3a74fd6f-8747-4f47-b44e-fa10af3da555](bootloaders/3a74fd6f-8747-4f47-b44e-fa10af3da555/),[9EA346FCFE6DB7F3140DA8FFD5738F6CF97D6014DA61033B32049CB17696B372](bootloaders/3a74fd6f-8747-4f47-b44e-fa10af3da555/),Revoked bootloaders,2023-05-22
+[1457ea3c-21cc-46d1-adf3-606e98b3938b](bootloaders/1457ea3c-21cc-46d1-adf3-606e98b3938b/),[97BB9FD717C396231E86ECBE5A760D56DBACF4AE8E963D16D724591E45919B65](bootloaders/1457ea3c-21cc-46d1-adf3-606e98b3938b/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/865cadf5-d63e-438b-a8e9-44591fb69d2a/),[3f28c4f2fb32c10e5faed1debf7db6ae8c821bf286ffdb57a5b31fce0730e111](bootloaders/865cadf5-d63e-438b-a8e9-44591fb69d2a/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/897f5834-55db-41fc-a4ca-9d880ca00ec7/),[FB2F396A01911260D4035CCABF36DB99081DA3F8D98BB40549D7D5E93CE4EAA2](bootloaders/897f5834-55db-41fc-a4ca-9d880ca00ec7/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/d17ff559-85d0-4cc7-9327-516585723ea0/),[B81C6018141EFC89816DA4081BBC1414911125D5184108E47AB01260D84FB9B1](bootloaders/d17ff559-85d0-4cc7-9327-516585723ea0/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/b6967d5b-ea2b-4a4b-b24c-63a8eb8dedcd/),[8E5609A57BD66CC153EC2AC60CC10C2E641334C26EA5068C1FD8373A503EF1D7](bootloaders/b6967d5b-ea2b-4a4b-b24c-63a8eb8dedcd/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/88e2e7f2-0a89-4a66-9f99-1a73ca3a061c/),[DD32DCC6A6E054F4FB518B3F26EE9F41D338AB5EAFFF83F3682E34728EAAECEA](bootloaders/88e2e7f2-0a89-4a66-9f99-1a73ca3a061c/),Revoked bootloaders,2023-05-22
+[4814d421-23eb-4222-8cc1-aab6645981fb](bootloaders/4814d421-23eb-4222-8cc1-aab6645981fb/),[103FE82E5F090184D8DB7A48801D1E503E3C6FC0726783E9A49A84F9FFD4C78A](bootloaders/4814d421-23eb-4222-8cc1-aab6645981fb/),Revoked bootloaders,2023-05-22
+[bf3c5a6b-8fac-470b-a458-c84e7fed7dc7](bootloaders/bf3c5a6b-8fac-470b-a458-c84e7fed7dc7/),[BAE97EFC507382C0BDF7B1E74DBC38C0E31BF65186B7989CD9C7AF29DA27F656](bootloaders/bf3c5a6b-8fac-470b-a458-c84e7fed7dc7/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/a77872f7-4890-473d-887f-bfd93f46641d/),[3bc9ed257486b68fac5899eaa19732a1340d06c8baf4b0ff53c7f5c052e6470f](bootloaders/a77872f7-4890-473d-887f-bfd93f46641d/),Revoked bootloaders,2023-05-22
+[bootarm.efi](bootloaders/285c0ef5-dd8b-4c50-af8f-6ed20f233294/),[FC40897F668AA86E5279CA8FEB62873A06A569742967E0F243F51ED56BDB53CD](bootloaders/285c0ef5-dd8b-4c50-af8f-6ed20f233294/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/a252e6fc-a0e5-46b7-ae78-c11ac44dfecc/),[3927727eb2435b28d2cf0ce1757e72ce3e92a86362b87120040c744c1c08bce9](bootloaders/a252e6fc-a0e5-46b7-ae78-c11ac44dfecc/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/dbbed756-4f18-430e-9a68-6f0054091fa3/),[573D0A8D59DC7FDB0BE784ABE9B51DA9183848B613FF4C96B143D286043B4E43](bootloaders/dbbed756-4f18-430e-9a68-6f0054091fa3/),Revoked bootloaders,2023-05-22
+[ae5b655b-a592-4d17-bce2-99ef497e846c](bootloaders/ae5b655b-a592-4d17-bce2-99ef497e846c/),[6e79e3d0580d244c2fc2179a4f08cb80f945ad33d8c4c325de4e35e0d41584c5](bootloaders/ae5b655b-a592-4d17-bce2-99ef497e846c/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/c8d926b0-b5a4-4960-b951-1f4cfffd940e/),[860c16809e3941bebedff0bde99c32aa77379c0be1f6b174d20038a02162d3d5](bootloaders/c8d926b0-b5a4-4960-b951-1f4cfffd940e/),Revoked bootloaders,2023-05-22
+[esdiags.efi](bootloaders/aa02b41c-fdba-4a15-8cd0-721c8ce19b68/),[1e918f170a796b4b0b1400bb9bdae75be1cf86705c2d0fc8fb9dd0c5016b933b](bootloaders/aa02b41c-fdba-4a15-8cd0-721c8ce19b68/),Revoked bootloaders,2023-05-22
+[shim.efi](bootloaders/b3ceecb6-6bb6-43fa-9ab3-8ba2d6647443/),[9d61099de8327efeff7e4aea81d9f3396a2218e6b22e15d05032a765897c0eba](bootloaders/b3ceecb6-6bb6-43fa-9ab3-8ba2d6647443/),Revoked bootloaders,2023-05-22
+[4f2db5df-2730-4e9e-aa70-51029d2540d1](bootloaders/4f2db5df-2730-4e9e-aa70-51029d2540d1/),[55A3628537C4FBDA0FA7D27001EB2DFCDC515D8A48649715A31E1D0065A7DA35](bootloaders/4f2db5df-2730-4e9e-aa70-51029d2540d1/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/10baff75-83cd-4786-ac2b-ade269c71421/),[268CED16B53E3430A28F1713A0D155A68BED89DB264D8D8170EB6BC548C9424B](bootloaders/10baff75-83cd-4786-ac2b-ade269c71421/),Revoked bootloaders,2023-05-22
+[BOOTX64.EFI](bootloaders/7cd28475-a974-4b4b-becd-b57b605d2b9e/),[a120f42de7b5bfcb55c40afc857b6baf4d1ac60725500c27a5b2942bda970ccf](bootloaders/7cd28475-a974-4b4b-becd-b57b605d2b9e/),Revoked bootloaders,2023-05-22
+[d9cb5f15-653d-4fdc-aee2-279681f7f91f](bootloaders/d9cb5f15-653d-4fdc-aee2-279681f7f91f/),[F06D3E0F031A2FDC63DD2BA2BE7F32E0D432434C3515C2F840D812FFBFA530F6](bootloaders/d9cb5f15-653d-4fdc-aee2-279681f7f91f/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/ad4ed491-2e8d-4c16-9bad-4352f1ce2f67/),[339E7E433DA8002B9FFB9EEB3C768742A93953509FC02BCAF95254228914067F](bootloaders/ad4ed491-2e8d-4c16-9bad-4352f1ce2f67/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/98b2c48c-eaa0-48d4-bcbd-4090cffd2fed/),[575D4DF1AFBDD514A6D293234F4493736200E657D0EB9C618CBE18B3AE8EBB3E](bootloaders/98b2c48c-eaa0-48d4-bcbd-4090cffd2fed/),Revoked bootloaders,2023-05-22
+[Signed_14173467011297444/shimaa64.efi](bootloaders/2d38a9bc-5c3e-4871-9e74-a1181a10764d/),[754952ff4187789c0269982d056f6a863409963f46d870c0a8d054e0fe69857b](bootloaders/2d38a9bc-5c3e-4871-9e74-a1181a10764d/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/2682f970-000c-406a-bf2e-fa4c1ac8bbeb/),[B28C498A7CD61006A32A9EEF404AED4349CA68DC6F2240833BA4EC745D37A1DA](bootloaders/2682f970-000c-406a-bf2e-fa4c1ac8bbeb/),Revoked bootloaders,2023-05-22
+[e9785a5c-1caf-4577-85fa-9a2eadc9bfe9](bootloaders/e9785a5c-1caf-4577-85fa-9a2eadc9bfe9/),[D389EDE1F84051086D30B8C2CFC362797B129854DF1313CA474F83A143F55D11](bootloaders/e9785a5c-1caf-4577-85fa-9a2eadc9bfe9/),Revoked bootloaders,2023-05-22
+[bootarm.efi](bootloaders/312efde5-1d57-4845-860d-cecb9a1af677/),[0EC7C340AE2DAA6D5F7B261BB64A5E7E2351073FC5B893E07D03595DEE28F544](bootloaders/312efde5-1d57-4845-860d-cecb9a1af677/),Revoked bootloaders,2023-05-22
+[8e051211-3998-46bf-abf0-cfba6699c4f1](bootloaders/8e051211-3998-46bf-abf0-cfba6699c4f1/),[07058C9BBCCB99D58FC93EBE2C007CFE28E1BF74E51954584AA3D3CA06689FBA](bootloaders/8e051211-3998-46bf-abf0-cfba6699c4f1/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/46412487-6c24-4809-8b77-f2165d5a8395/),[DEB3FC384826610AD277DDD592F6CA8FA9D00E56457724D470DAAC32962532F9](bootloaders/46412487-6c24-4809-8b77-f2165d5a8395/),Revoked bootloaders,2023-05-22
+[0cb9b7da-f228-4e4b-a07c-06346f0d2e47](bootloaders/0cb9b7da-f228-4e4b-a07c-06346f0d2e47/),[459728935C400CBED125A0AA12D0E618CCB6F4FDE3194BB2D06A511DAA335350](bootloaders/0cb9b7da-f228-4e4b-a07c-06346f0d2e47/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/4885e5bd-31eb-4f63-af7f-efff02e753ee/),[53E9CF33ED9379862E5A5424E0C3FBE6D81D0D622368F773C81658F408A642E3](bootloaders/4885e5bd-31eb-4f63-af7f-efff02e753ee/),Revoked bootloaders,2023-05-22
+[bootx64.efi](bootloaders/8e8db009-ddf8-4196-ac2a-99c9a0e6d9fb/),[71083eb4f247ac78f52aa09f81054396a0dac1064e1191b5b56a43a6976c5c74](bootloaders/8e8db009-ddf8-4196-ac2a-99c9a0e6d9fb/),Revoked bootloaders,2023-05-22
+[e081d394-fa4c-46c9-8a1c-c8790790aa3c](bootloaders/e081d394-fa4c-46c9-8a1c-c8790790aa3c/),[84A6C5F6C7AC07F1CC405F7B53B69BFF17BE0E4B9A428C21D39DCE0CDD4EF16B](bootloaders/e081d394-fa4c-46c9-8a1c-c8790790aa3c/),Revoked bootloaders,2023-05-22
+[bootx64.efi](bootloaders/a3bbd629-976b-4804-b5ea-2e62ee592092/),[777adc7e8a3e1422b3fc9c10ce31e996c057fe801a5292f0902bd5c5365e7287](bootloaders/a3bbd629-976b-4804-b5ea-2e62ee592092/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/bbd79406-168c-449a-8206-9927288fefd4/),[F64F70D1D3AD35BEC25526472C51765BEB40AAF72CA8EC1242E046F62C18C11E](bootloaders/bbd79406-168c-449a-8206-9927288fefd4/),Revoked bootloaders,2023-05-22
+[bootx64.efi](bootloaders/dabe9a66-0446-43a1-b9bc-fe279702a5ab/),[6b6e59284750fc0e6fac4d6c2a46100e9b0dde54e000b7327edd4a4dced9e9a0](bootloaders/dabe9a66-0446-43a1-b9bc-fe279702a5ab/),Revoked bootloaders,2023-05-22
+[b0db7258-fe95-4712-ae0f-fe258342295b](bootloaders/b0db7258-fe95-4712-ae0f-fe258342295b/),[862EF2D92E8E0DF128007AEF6F9E4D6A6D0DE3C656A4D72D1A19A18068C23508](bootloaders/b0db7258-fe95-4712-ae0f-fe258342295b/),Revoked bootloaders,2023-05-22
+[bootarm.efi](bootloaders/44560d47-de27-4691-bee4-6306bc160643/),[7391D51035BE75620EE4F0F597DF65F54D3518A7CFB74276D7A778AAF7B39477](bootloaders/44560d47-de27-4691-bee4-6306bc160643/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/5d92da13-8976-4b19-871d-a9266e342121/),[A84526FB39B09F95A0A1CABE23D34CC28FA554242405EB653D6EAB8669B3C1BC](bootloaders/5d92da13-8976-4b19-871d-a9266e342121/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/7c6d9a9a-0ec1-43b7-8e1f-053fb98e9fbf/),[c9f47991e981394076050cb8b5cddfcbf9fb01b6d7272b9079082e20e4875cc8](bootloaders/7c6d9a9a-0ec1-43b7-8e1f-053fb98e9fbf/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/3d65bba8-925b-4fcc-849e-ddfc0bdf1c49/),[C655C36EA5160603D4134B038D732604394031E177D1C32CFD582CCE0C037887](bootloaders/3d65bba8-925b-4fcc-849e-ddfc0bdf1c49/),Revoked bootloaders,2023-05-22
+[ae979b6b-32b7-42cd-b835-09215a457c01](bootloaders/ae979b6b-32b7-42cd-b835-09215a457c01/),[561694642D87969C00583ED6C4BB6C41527DFF7164A079035E8C8B905A5E4B62](bootloaders/ae979b6b-32b7-42cd-b835-09215a457c01/),Revoked bootloaders,2023-05-22
+[shim-0.4-0ubuntu4/shim64-bit.efi](bootloaders/c8bbda28-7392-4588-a899-755c58de432b/),[702a10fa1541869f455143ed00425e4e9b2d533c3b639259bde6aac97eca15ed](bootloaders/c8bbda28-7392-4588-a899-755c58de432b/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/1d193967-c24f-46c5-83ae-4bf1d5ea80ca/),[9C4A74D11888FA41A0341EE6F0B75DB69C34827851755F46506A6C0ED96CEC8D](bootloaders/1d193967-c24f-46c5-83ae-4bf1d5ea80ca/),Revoked bootloaders,2023-05-22
+[25356276-9f23-4044-a512-863c5b3180df](bootloaders/25356276-9f23-4044-a512-863c5b3180df/),[96520E78051325998A6D82FFFEE0366F85289E6D8834D1F3DA9082C6EE146D26](bootloaders/25356276-9f23-4044-a512-863c5b3180df/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/b7909152-9a87-4045-9aca-ae18890b2b71/),[41607556B9A25F6F3AB73331589519553F83D2CB3629FB3E729303898D173023](bootloaders/b7909152-9a87-4045-9aca-ae18890b2b71/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/9164d869-3953-40eb-91e4-26a837e3aacc/),[1eadf7bf5fde916884a4beb82dd68ba50be05413f00aae8571190a2eaa462640](bootloaders/9164d869-3953-40eb-91e4-26a837e3aacc/),Revoked bootloaders,2023-05-22
+[0d33abea-51fd-4453-a8a3-150328e8ce21](bootloaders/0d33abea-51fd-4453-a8a3-150328e8ce21/),[A121947909D35BB042F0049D18E4EE2B27941E10D14E4D6B1C11945CA79992E6](bootloaders/0d33abea-51fd-4453-a8a3-150328e8ce21/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/d1d2f3cc-064e-455c-af50-3bd0d46a06f2/),[f025a519dccf1df41951c22c6dc5cafa61e21b117e174b4983b45ccc22c6375f](bootloaders/d1d2f3cc-064e-455c-af50-3bd0d46a06f2/),Revoked bootloaders,2023-05-22
+[8d43face-8444-4bf2-ac71-c0213d06ef91](bootloaders/8d43face-8444-4bf2-ac71-c0213d06ef91/),[DA31FE4698AD3D0E30408927BE36C938BF52FA9CB8D46B12F84F5D5EC22DD1C6](bootloaders/8d43face-8444-4bf2-ac71-c0213d06ef91/),Revoked bootloaders,2023-05-22
+[bootia32.efi](bootloaders/7cefffba-3701-43ff-96a7-7a66f008805e/),[C443B4E3083BDBF2296A5E0986022520535C01ECC6CA3E0F0F83F3B683672368](bootloaders/7cefffba-3701-43ff-96a7-7a66f008805e/),Revoked bootloaders,2023-05-22
+[bootx64.efi](bootloaders/163602d8-2ce1-4c1a-9101-568c50a6f887/),[64604ea91f31b815bd0219d56563b9c2d307fc6c71ecc38d498221e0e0e9c4ad](bootloaders/163602d8-2ce1-4c1a-9101-568c50a6f887/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/5ea7cfb0-5f73-4d02-925e-8161b423fa88/),[45A04261C55E72E48C90A5C821C3A519B4A0D9B1A6C3561CE7477AC399D23C5B](bootloaders/5ea7cfb0-5f73-4d02-925e-8161b423fa88/),Revoked bootloaders,2023-05-22
+[bootarm.efi](bootloaders/35a53e95-2bf9-43c3-b7ff-c8a176b73a7e/),[641A3F8E77A42F04B0F300399F0FE6545733DB7EE00FA402358723E84BC62741](bootloaders/35a53e95-2bf9-43c3-b7ff-c8a176b73a7e/),Revoked bootloaders,2023-05-22
+[centos-7.9-shim-20200726-shimia32.efi](bootloaders/fd70f49d-4efd-4ebb-a889-5dbbcebe33a0/),[8C3A26B5831FF45BC3BCA44C2815951E2DA489A91BBCD295F12DFDBCED9958B9](bootloaders/fd70f49d-4efd-4ebb-a889-5dbbcebe33a0/),Revoked bootloaders,2023-05-22
+[bootx64.efi](bootloaders/4d2c43e5-7a66-4890-93c7-3f9ce734f78e/),[24d6b301a1268ba8b373275981538855205eb0115609800f2b5b95377483b108](bootloaders/4d2c43e5-7a66-4890-93c7-3f9ce734f78e/),Revoked bootloaders,2023-05-22
+[bootx64.efi](bootloaders/f4268520-fd18-40df-aecf-b2a6e8dcf27d/),[ee39a9a3fbde8b15ce4ac34519e248ea746a52ae0ae680da5b0c7ef919e583a3](bootloaders/f4268520-fd18-40df-aecf-b2a6e8dcf27d/),Revoked bootloaders,2023-05-22
+[rhel-8.3-20200917-shimia32.efi](bootloaders/7520fd68-dbc4-4182-ab8e-2cc005024183/),[3BA74313087DB77CF93A00E072A2FAE00C0A472DAC5DD6988F9C0993A0769159](bootloaders/7520fd68-dbc4-4182-ab8e-2cc005024183/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/7662d98a-0476-48dd-b532-8e6142d251ec/),[90ea447ccfdcd9771de40de9721d0256d6d8a30d68963e82485c2e92b7eb5257](bootloaders/7662d98a-0476-48dd-b532-8e6142d251ec/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/ca53fb23-c94b-436c-9066-079bd6480ae7/),[97C24B65A08878AEB0002FC577B717A950C0A20E60EBDFC569637EF57059A2BE](bootloaders/ca53fb23-c94b-436c-9066-079bd6480ae7/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/5466b767-bb4f-4044-a72c-1a7aab0d1d4f/),[1EC66D5D99383D9EB6CB553965D6ADEF787ABDDEC162844AF1CC04F24EDBCE08](bootloaders/5466b767-bb4f-4044-a72c-1a7aab0d1d4f/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/312c2d35-25a3-454a-a458-a797350273b1/),[AEFCF3C2010344775B306EFA5FA4A9B7630AA95DA5B59C4E96A2524302B51E50](bootloaders/312c2d35-25a3-454a-a458-a797350273b1/),Revoked bootloaders,2023-05-22
+[cent-8.3-20200730-shimia32.efi](bootloaders/8041563b-fe86-4183-9409-a479ef4f9b46/),[5E9D231F7BC2F98E9CBFBE65DA29F7B663A1E84FEE090250BD0976D65DB3FC0A](bootloaders/8041563b-fe86-4183-9409-a479ef4f9b46/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/5cb571f7-050a-40db-a196-9ad7cd8afed6/),[079A26143F5CD9862331F7C1850FFCF2D6E081FCFA8617F6FFA94FA212834DD1](bootloaders/5cb571f7-050a-40db-a196-9ad7cd8afed6/),Revoked bootloaders,2023-05-22
+[c045cb03-9cfb-4ef9-b058-6734090e1dda](bootloaders/c045cb03-9cfb-4ef9-b058-6734090e1dda/),[34440CB45EB6EC2532EF89D6FCD7D3D9BC2A021677BEBC9D65C47A725A6845D4](bootloaders/c045cb03-9cfb-4ef9-b058-6734090e1dda/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/ddacf4b0-e6e4-4546-b3bc-f196645266b1/),[39CEDF83BD3417A90588795CDE2BD6BAF7089997FDDB588E552952C179958D84](bootloaders/ddacf4b0-e6e4-4546-b3bc-f196645266b1/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/40f5cc74-badf-47d0-8fd7-021190a05953/),[A7BF87F519397CA73C79AB94079E0E8218661C149713A8A286DBF1079E57B4BE](bootloaders/40f5cc74-badf-47d0-8fd7-021190a05953/),Revoked bootloaders,2023-05-22
+[BOOTX64.efi](bootloaders/7cb68e8b-c07d-4b76-9af0-0936553f516c/),[06edb9f17a9007c8b6db6ee2fc240e88e238f06c7c983f987cd9be1b80010d04](bootloaders/7cb68e8b-c07d-4b76-9af0-0936553f516c/),Revoked bootloaders,2023-05-22
+[887e3ac7-c597-4327-86cc-29936e2f8cdb](bootloaders/887e3ac7-c597-4327-86cc-29936e2f8cdb/),[2F1DAE62EA074FD06DBBF620009CB3E65988D15431A061EAAB4D7ED1A97A3689](bootloaders/887e3ac7-c597-4327-86cc-29936e2f8cdb/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/7b45ea3e-38d4-4bac-aac7-54806c6ffb28/),[3E5206C60B696D3B81696DF457D74881F0188ADFD75404A4C0AA627688975671](bootloaders/7b45ea3e-38d4-4bac-aac7-54806c6ffb28/),Revoked bootloaders,2023-05-22
+[27c9ba50-5540-4ff3-90eb-8798c48599a1](bootloaders/27c9ba50-5540-4ff3-90eb-8798c48599a1/),[127B01B1F605183BBA4D1A07B7EEFE01BA88203A6CD6686B28F3883F33C0ED42](bootloaders/27c9ba50-5540-4ff3-90eb-8798c48599a1/),Revoked bootloaders,2023-05-22
+[a74084e3-94b3-4674-99c8-e314f7f6241f](bootloaders/a74084e3-94b3-4674-99c8-e314f7f6241f/),[957D8826BEE05DFEA66994C237E61BD70CC0115CC176E1D931F1D892C6C16814](bootloaders/a74084e3-94b3-4674-99c8-e314f7f6241f/),Revoked bootloaders,2023-05-22
+[shim.efi](bootloaders/1456951c-e037-4508-a34f-5a6ff0065521/),[e50f1f1e9fb9198e5b094773d1d0068cc1cb1987d06583abaca20adc1f8932a9](bootloaders/1456951c-e037-4508-a34f-5a6ff0065521/),Revoked bootloaders,2023-05-22
+[fb78c0ab-b76a-47b5-b7ef-d64bf38611b4](bootloaders/fb78c0ab-b76a-47b5-b7ef-d64bf38611b4/),[5C39F0E5E0E7FA3BE05090813B13D161ACAF48494FDE6233B452C416D29CDDBE](bootloaders/fb78c0ab-b76a-47b5-b7ef-d64bf38611b4/),Revoked bootloaders,2023-05-22
+[rhel-7.9-20200730-shimia32.efi](bootloaders/9b6deeaf-b8bb-4f8e-a8b6-d174312fcb7f/),[2CAD0B454397089723959FAAFC2DB5388C50DFD5C02319703BABA6F03654561C](bootloaders/9b6deeaf-b8bb-4f8e-a8b6-d174312fcb7f/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/ac90e9e0-2035-46a5-b3fc-f0670e6d0ddd/),[2B2025F4C880166D94222A95A88FF0A525C361D7B2C8A886B4E4CE6FBDD6520D](bootloaders/ac90e9e0-2035-46a5-b3fc-f0670e6d0ddd/),Revoked bootloaders,2023-05-22
+[841c43d9-b7a0-40a7-ae7c-fc1affb759af](bootloaders/841c43d9-b7a0-40a7-ae7c-fc1affb759af/),[439983268FC8238CB2DC187B033904DBD682929852D846FB69A22DDA1561A422](bootloaders/841c43d9-b7a0-40a7-ae7c-fc1affb759af/),Revoked bootloaders,2023-05-22
+[bootia32.efi](bootloaders/8b88b928-4717-4a30-832e-dcb3bb15b7a3/),[56f9e50da4817b1de9d9291eb5f2bc63703ca3e6f4a8571bde28cf756e2c80ba](bootloaders/8b88b928-4717-4a30-832e-dcb3bb15b7a3/),Revoked bootloaders,2023-05-22
+[cc9c7842-484d-4427-9ed5-75073efdad17](bootloaders/cc9c7842-484d-4427-9ed5-75073efdad17/),[8A73B6E52B27695C72D4776C0BCFA54D30C1340D534D5EEFF8D890377CDFDFAA](bootloaders/cc9c7842-484d-4427-9ed5-75073efdad17/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/db57d7a1-5937-4ba9-896e-8fdce1ff2990/),[C79381B9A5D1D2B8A85B6A5B2255923FB2D3A5F500CC00FBBCBF10C6A3A0B40E](bootloaders/db57d7a1-5937-4ba9-896e-8fdce1ff2990/),Revoked bootloaders,2023-05-22
+[bootarm.efi](bootloaders/0c015961-2a7d-4fc2-99ca-5cfccf2de27f/),[F50D0AAA4875B0B609D0F796AACB77D582E0246D3FC544F76ADB73B67A156626](bootloaders/0c015961-2a7d-4fc2-99ca-5cfccf2de27f/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/160959a3-8cac-43f9-a0d1-1c108375fb95/),[DBEEA13BD8FC4D613501D8CF564A129A541AEE6FB5AB82CB4A5F448B52FD1C52](bootloaders/160959a3-8cac-43f9-a0d1-1c108375fb95/),Revoked bootloaders,2023-05-22
+[bootx64.efi](bootloaders/b59f1e98-72fb-4ccf-a651-bf9318f14150/),[4b2bd93b32de4be7235c95c97af98e12bed5f0602b7b428700f9a1348cb2f731](bootloaders/b59f1e98-72fb-4ccf-a651-bf9318f14150/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/0dc82e15-40ab-4a65-bfbe-9c8925d3cdbb/),[8DEB88A2435270BD24328760FA6FB5C77BCD5C47F7A0109F15300D644CB9A228](bootloaders/0dc82e15-40ab-4a65-bfbe-9c8925d3cdbb/),Revoked bootloaders,2023-05-22
+[bootx64.efi](bootloaders/2e3641bb-5bd7-42d3-8353-481b4593c641/),[561d28e0888cdb0a8fce41754742aa8eb1bf5c8dd4eacbf9af0f40e0d36013c2](bootloaders/2e3641bb-5bd7-42d3-8353-481b4593c641/),Revoked bootloaders,2023-05-22
+[bootx64.efi](bootloaders/1ab3d6b3-7bd1-477e-8127-a2be4b9a7636/),[990a4dd8c86392421d680fa039af4e88d1ebdc97f61a73f8347d6b314fe8cd51](bootloaders/1ab3d6b3-7bd1-477e-8127-a2be4b9a7636/),Revoked bootloaders,2023-05-22
+[bootarm.efi](bootloaders/cef00ef9-665c-48ed-9b4c-d383d2846e05/),[494A55C84A5A244292DB7F678D4574C7CC6E58D522F0BE270D68B0F1A41E19D3](bootloaders/cef00ef9-665c-48ed-9b4c-d383d2846e05/),Revoked bootloaders,2023-05-22
+[d40485d2-4fea-4d92-99e9-e1531fe4d33a](bootloaders/d40485d2-4fea-4d92-99e9-e1531fe4d33a/),[1275826206FEF9AA0A48A60BBC15300B3201F76F45E3CCE3FD0064DE2FC7CC5F](bootloaders/d40485d2-4fea-4d92-99e9-e1531fe4d33a/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/0e36a4f3-efab-453c-b6db-fe4f613b79d8/),[ac22c4ad2e62a3a8369a311b69e9b3dd558359cb44de8115e6bef2ae5e5e7151](bootloaders/0e36a4f3-efab-453c-b6db-fe4f613b79d8/),Revoked bootloaders,2023-05-22
+[97efcb29-1524-4142-923b-4395a39fe3ee](bootloaders/97efcb29-1524-4142-923b-4395a39fe3ee/),[C31524CF5814D19C11611A5E5C27B2071DCB76B7EC6DC2DEC93FF9DE5CE656DE](bootloaders/97efcb29-1524-4142-923b-4395a39fe3ee/),Revoked bootloaders,2023-05-22
+[bootx64.efi](bootloaders/43311ee4-a044-4086-9a53-ae01c3ef7f4f/),[0b753bd95ae643b2543f501533ca54db34ddc9d20f336358067a7069240a6214](bootloaders/43311ee4-a044-4086-9a53-ae01c3ef7f4f/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/f5fabb82-d43d-45ec-b057-5963c46113a0/),[C6C85806905E0B76C25C82A88BFF62B995F49124C55413E74D1DCC3461FE8336](bootloaders/f5fabb82-d43d-45ec-b057-5963c46113a0/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/9f95756f-dfcf-48ae-9c0c-8d99f4894e28/),[59e4fa86b1c3bb7df3cdb79a17ec36af9ad12e153172f6d8e662fcfb9dbb37d5](bootloaders/9f95756f-dfcf-48ae-9c0c-8d99f4894e28/),Revoked bootloaders,2023-05-22
+[8e87c22a-ea23-4f89-bee2-c301e31b4045](bootloaders/8e87c22a-ea23-4f89-bee2-c301e31b4045/),[24AF7036C63F09FEBAB1B84372ECD6151BE32CDC94E80E57F52F7D2C3665FBC4](bootloaders/8e87c22a-ea23-4f89-bee2-c301e31b4045/),Revoked bootloaders,2023-05-22
+[495a811b-db1c-41f6-88db-36688933fcec](bootloaders/495a811b-db1c-41f6-88db-36688933fcec/),[DF224EF3B05794CBCE084C11BAAF3D85F380A5213D9097E400D9FA42FC412933](bootloaders/495a811b-db1c-41f6-88db-36688933fcec/),Revoked bootloaders,2023-05-22
+[bootia32.efi](bootloaders/2f495b21-1d43-43c5-8770-c221121a2e6a/),[6FDB5AB3815A499948DF5ED732EE275FA44CE8313287A33B2875B2A2B1D60021](bootloaders/2f495b21-1d43-43c5-8770-c221121a2e6a/),Revoked bootloaders,2023-05-22
+[rhel-7.9-shim-20200726-shim64-bit.efi](bootloaders/4b37df07-e561-4581-977f-6eb984d0afbf/),[BD8020CC80D5F842DDFD5AC110C189707A83E85415EEA3386884ABDCFD7F3135](bootloaders/4b37df07-e561-4581-977f-6eb984d0afbf/),Revoked bootloaders,2023-05-22
+[d964e229-7407-4292-88b5-505f8be99d2f](bootloaders/d964e229-7407-4292-88b5-505f8be99d2f/),[17F186C88052B988B4C9B62F8D7F55023AC317C82324DD5A958D05B8A1246F77](bootloaders/d964e229-7407-4292-88b5-505f8be99d2f/),Revoked bootloaders,2023-05-22
+[bootarm.efi](bootloaders/45647cc8-3eeb-483b-97c3-170693cfea9a/),[E8E83E3E343C069277EC4C1E79C5C61D20917E0451B9A980346732EEB7B840C1](bootloaders/45647cc8-3eeb-483b-97c3-170693cfea9a/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/d457a885-6677-4118-9cf3-05bfc65e1fde/),[E3946218D523E5D20C99A9A5BB22303DDCEF958DE2A978E01AF2F46D2D7A4DDD](bootloaders/d457a885-6677-4118-9cf3-05bfc65e1fde/),Revoked bootloaders,2023-05-22
+[bootarm.efi](bootloaders/cc19dcf6-f6e2-4820-8df0-73abc96a95d8/),[4CADDFE7EB99A666652EBDA685A542612C851C732801AA5B15AB39E826D7C1D7](bootloaders/cc19dcf6-f6e2-4820-8df0-73abc96a95d8/),Revoked bootloaders,2023-05-22
+[bf8069da-0ffc-463d-b17c-3e0ee49d0585](bootloaders/bf8069da-0ffc-463d-b17c-3e0ee49d0585/),[5C39F0E5E0E7FA3BE05090813B13D161ACAF48494FDE6233B452C416D29CDDBE](bootloaders/bf8069da-0ffc-463d-b17c-3e0ee49d0585/),Revoked bootloaders,2023-05-22
+[7e14af6f-c8b8-4c15-a2ef-bc0a2b39e085](bootloaders/7e14af6f-c8b8-4c15-a2ef-bc0a2b39e085/),[88B530624B67FAA0C0C1039618958F4DE983A997A6FF762BCCA82B8201194F28](bootloaders/7e14af6f-c8b8-4c15-a2ef-bc0a2b39e085/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/9a34a20c-afea-4d1e-9109-fb7354066e06/),[79193EAE46F687D00B90B3EBA361B35802BD42E2891A8A8C286B4C00119F9F94](bootloaders/9a34a20c-afea-4d1e-9109-fb7354066e06/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/0f3431ba-2b83-4020-b3ff-32eadbcb7205/),[7384B867C248569C3DB81E82AF35585AB3108858E958750098F9D8298CC9B8F6](bootloaders/0f3431ba-2b83-4020-b3ff-32eadbcb7205/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/0fe6f9a2-7b13-4c27-bf9a-412d9acf533f/),[9A02C839424A2DB0C3B98553C179C0583E7B8760C7A061176F76B6970746B8AC](bootloaders/0fe6f9a2-7b13-4c27-bf9a-412d9acf533f/),Revoked bootloaders,2023-05-22
+[Signed_14173467011297444/shim64-bit.efi](bootloaders/d20a9d4f-d336-4400-b839-d2334be05e06/),[599a102b6445fa88392b8c85a31d80ece950624219d846affbfb7131d4bf550b](bootloaders/d20a9d4f-d336-4400-b839-d2334be05e06/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/dc63ce55-4d4d-40f7-996d-6fc85f01443f/),[76AC59211DF73F8BC0F1369CE290BFF57AD705CD1EB3B402D19E12FE5FFBD6D6](bootloaders/dc63ce55-4d4d-40f7-996d-6fc85f01443f/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/da54ae14-5e4d-4280-b91e-4b78d0df036a/),[31DCD37C53CEE49C1241978CB976230EFDA89A83C3E3DBC18EDA92099055026A](bootloaders/da54ae14-5e4d-4280-b91e-4b78d0df036a/),Revoked bootloaders,2023-05-22
+[5ef6ea24-838e-4df6-b00d-3deb0ec3fa33](bootloaders/5ef6ea24-838e-4df6-b00d-3deb0ec3fa33/),[0692A9566F22F280715080EE24B8FF54ED7372A98BD4994670FCF862035281B5](bootloaders/5ef6ea24-838e-4df6-b00d-3deb0ec3fa33/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/b8cfe531-3969-4203-a575-fec35e4880fd/),[D2BF5E584EA2F3844B27CEF320636D1A2CD6BFB023ED65110FF6D0EF09292114](bootloaders/b8cfe531-3969-4203-a575-fec35e4880fd/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/15ca73cc-0098-429e-8191-5df17cae28aa/),[C2D9AB79B0593235C5EDC3CF77C3A48FCFA740D804A0397B3D9BD9AE9EE516D4](bootloaders/15ca73cc-0098-429e-8191-5df17cae28aa/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/357e4bd3-4bc9-4b94-81a1-3833515e2d4e/),[9A59A2B53C8BBD2E536EADE26F26F3EE61129AB027812922B52C572364465E8C](bootloaders/357e4bd3-4bc9-4b94-81a1-3833515e2d4e/),Revoked bootloaders,2023-05-22
+[59b5e207-bca6-4425-b392-2fd0ed44935e](bootloaders/59b5e207-bca6-4425-b392-2fd0ed44935e/),[610D0A80FD4E876EAD581903B33C96ECC4B8BD7115FC9DF5579B3A25416FDAEF](bootloaders/59b5e207-bca6-4425-b392-2fd0ed44935e/),Revoked bootloaders,2023-05-22
+[BOOTX64.EFI](bootloaders/2bfaff34-8a6b-486e-a308-0484d2372727/),[fb5eebcd4100593a1b2890267037b7701c83f32c284b99908ff1c34d5693bfc2](bootloaders/2bfaff34-8a6b-486e-a308-0484d2372727/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/dba882ff-03d1-4cf3-9e9d-9358d6416d79/),[4759E0891A636E1A3D27472C48AF55F27BF5E3CCF474141FEFBBA2AA124AC410](bootloaders/dba882ff-03d1-4cf3-9e9d-9358d6416d79/),Revoked bootloaders,2023-05-22
+[BOOTX64.EFI](bootloaders/dd78a9a0-255d-4856-b9be-76b08852303a/),[24558c1cb417b6387e2406c70ff13f5438506e8d7560dd7b226499c872c8076f](bootloaders/dd78a9a0-255d-4856-b9be-76b08852303a/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/0ecce400-dd9c-4291-9502-c8682a4474a4/),[891C44B16ABB7063144BBEF23BC35609FD14BB3FCD8ADFD1E804526AF344EBD4](bootloaders/0ecce400-dd9c-4291-9502-c8682a4474a4/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/52d2d179-addb-4556-a244-d085e0aefad2/),[EA21E2A1F1779F77C35060CD8690D2E74116C4402DD10B6F8260DB2D00B4A9E5](bootloaders/52d2d179-addb-4556-a244-d085e0aefad2/),Revoked bootloaders,2023-05-22
+[bootx64.efi](bootloaders/fec3976c-cd0e-4929-a01d-23c584cf7e00/),[0e5eb8d0bebf089a974bc0ca85d33d73f9a0bf72ed2a5e3a62a0387b51d509ce](bootloaders/fec3976c-cd0e-4929-a01d-23c584cf7e00/),Revoked bootloaders,2023-05-22
+[bootarm.efi](bootloaders/29a5f4df-eaf4-468f-94e1-da9ba1b1c20a/),[BC5D2B2C7E7CB051D084484259095B2868CAEC001C09A6FD33302B0AA0DFA7E2](bootloaders/29a5f4df-eaf4-468f-94e1-da9ba1b1c20a/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/33559284-bca8-4af2-917e-d209ee8d15c5/),[A37FF7C979ED0E58633D61D00CDFF45A2488E86C740240C77834C8C8C651CB19](bootloaders/33559284-bca8-4af2-917e-d209ee8d15c5/),Revoked bootloaders,2023-05-22
+[f57db2b6-025f-43fe-af3a-c50cc2bc1aec](bootloaders/f57db2b6-025f-43fe-af3a-c50cc2bc1aec/),[2AEC3E859816EFA89AF844D6DD8CCAEA345A851CB23006D3C2928081352BEB25](bootloaders/f57db2b6-025f-43fe-af3a-c50cc2bc1aec/),Revoked bootloaders,2023-05-22
+[bootarm.efi](bootloaders/bbc2661b-25de-4c4b-ac84-367115d44e8c/),[5E189C9D2633F0AC10ECB763A150568925884E29ED684050194D87B883B68B34](bootloaders/bbc2661b-25de-4c4b-ac84-367115d44e8c/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/cf486d6a-cb41-4d0b-9258-81a14e76f719/),[89C7492FAA5DFEFFE4F126764CD556A82B53520404636BD50C32405346959016](bootloaders/cf486d6a-cb41-4d0b-9258-81a14e76f719/),Revoked bootloaders,2023-05-22
+[bootx64.efi](bootloaders/0a9c062b-91a3-44f9-b577-0128708bf124/),[f6208932ed98aa64f5ec0d9f59138d4c1dddbd82437315aac4aa913e5d4f825e](bootloaders/0a9c062b-91a3-44f9-b577-0128708bf124/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/058a1317-f391-4baf-86a8-31ea7b01d6e6/),[905c2df524e664759d55a6dad4b62b58220adc59fec3e852964efc2165b0fc0c](bootloaders/058a1317-f391-4baf-86a8-31ea7b01d6e6/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/44795d05-39b3-4605-a58c-cd20de64f934/),[34776096730EB7B0CAA5415414943E2C31AAA464BB545FBCB8E341E7EBACFAB5](bootloaders/44795d05-39b3-4605-a58c-cd20de64f934/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/c2c1c3d4-441d-4ce1-92c9-094411b3bf09/),[E299D3CA4A5A6579E863DD54488B6E804E47B20B75B7E71DC64B47F6403386B5](bootloaders/c2c1c3d4-441d-4ce1-92c9-094411b3bf09/),Revoked bootloaders,2023-05-22
+[03fbb84a-9153-4d42-aa08-c26fd8260bd1](bootloaders/03fbb84a-9153-4d42-aa08-c26fd8260bd1/),[AD215B731A41CBE37CAFEE5280FFC282A8AC23B5E8BA25DFF3D28A6AAE1D2A0D](bootloaders/03fbb84a-9153-4d42-aa08-c26fd8260bd1/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/2856fed8-45ba-4ef2-8904-8d9c9ecc6cb4/),[E28C1F6E413330EA1DE56643F344702D2962988ED72AC49DC7B33B51B2238537](bootloaders/2856fed8-45ba-4ef2-8904-8d9c9ecc6cb4/),Revoked bootloaders,2023-05-22
+[bootia32.efi](bootloaders/8ceef305-f81d-4d24-bb34-2adf41c5b779/),[6A412612692B81C56395EDBC4E4CB189478D15BD7474A01829ECF867C71ED871](bootloaders/8ceef305-f81d-4d24-bb34-2adf41c5b779/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/61dad3bb-db5d-497c-8aca-74ae55991a3b/),[7c6f0f7062aca9c286fb921917747c8b65ff4a69eb71102b90c1570b4c521fea](bootloaders/61dad3bb-db5d-497c-8aca-74ae55991a3b/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/568b07e2-3499-46e8-928a-843aff3217f5/),[fd69741dcd1bc0d9ab8a02c2a7ee8d466a58613562536aa8aab5ea260bbdf9c3](bootloaders/568b07e2-3499-46e8-928a-843aff3217f5/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/18b807f0-bafd-4f25-8f7d-e2ff15fb5691/),[f88e92940985413acd440daa20c08df99c54613636826d9d95b898d39c44b19b](bootloaders/18b807f0-bafd-4f25-8f7d-e2ff15fb5691/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/47601d49-9a7e-4402-b5e3-69bc03788afc/),[AA4931B170DA278A4A954FEB76CBF7310B657AB9232D1C7A4B6EB628D8A98073](bootloaders/47601d49-9a7e-4402-b5e3-69bc03788afc/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/bcd750be-01b1-4b34-b7a5-065af773d063/),[65FFA344151D7347ABD0DEB599086063A503FB6419BE9E4358851F6B6AE96749](bootloaders/bcd750be-01b1-4b34-b7a5-065af773d063/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/54a6f135-0fba-459b-8749-4a0764d690c1/),[8D76482F549D66048611DE6C4E67289E3B0BF051130B546E9A4B98B8DE0C4EA8](bootloaders/54a6f135-0fba-459b-8749-4a0764d690c1/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/4e6a6f59-083f-4829-baa5-0c388a9a7634/),[5ED5BD6952F8E520D74AA3001BC587493AFB6D628C0A3BF80875676C63F07B75](bootloaders/4e6a6f59-083f-4829-baa5-0c388a9a7634/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/3b7197b1-fac3-4680-b8a4-b91cc56d984b/),[E012F7C26EC6DE9D336AF7843DE0A4278D6191FA7989DDCAC40A978FD927BB6C](bootloaders/3b7197b1-fac3-4680-b8a4-b91cc56d984b/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/e774e770-0d9e-40c1-b9e1-ac09484a837f/),[DEA5BD5268B76F56B4091A20C806124DE8054FB07A652CF0E883BBA9A0938DE0](bootloaders/e774e770-0d9e-40c1-b9e1-ac09484a837f/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/191557da-f224-48bb-b027-94534c5637ae/),[34F107AD8F982B591FB92BCC193BFCDBFF916C720BC69D96A0E9BD22CBA1E84C](bootloaders/191557da-f224-48bb-b027-94534c5637ae/),Revoked bootloaders,2023-05-22
+[2a2e7598-1bd6-4772-a189-6421ab29af37](bootloaders/2a2e7598-1bd6-4772-a189-6421ab29af37/),[6484A487192E0B44CBD30EB7B3D436A9150D5B5AD271974764366BDC4E8677BB](bootloaders/2a2e7598-1bd6-4772-a189-6421ab29af37/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/4936b474-694a-4b6d-b023-1c868be1b2ff/),[FDD173678810D9F9F887B428EB260CF42C837EACC41A11E89C08131E262E2C01](bootloaders/4936b474-694a-4b6d-b023-1c868be1b2ff/),Revoked bootloaders,2023-05-22
+[sbs.efi](bootloaders/9d795efb-5f1e-4db5-920d-97de9ba77753/),[a1111555bfde8807746c8af73deceb4bdadc52dee87004e2ad7239c038687985](bootloaders/9d795efb-5f1e-4db5-920d-97de9ba77753/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/c7f3ce1c-9b48-4d6e-b769-4a2869e09bb4/),[642296E7342D651FE2FE547C1F08329777CCD44DC4F11C75FEC1F037A9B4B9B4](bootloaders/c7f3ce1c-9b48-4d6e-b769-4a2869e09bb4/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/89393561-f676-4029-a1ca-88a4c4fa03b9/),[8536BA8D9039C5F91752BDC45A7AD2F91FDA2334363850DCEB38FD87DB7632E4](bootloaders/89393561-f676-4029-a1ca-88a4c4fa03b9/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/aeb357f2-c2cb-42f1-a37c-3f0a2a355346/),[d1af02fca7522c8d27e053544b3b653ff2daffcae9c420e460235dacab53f7cd](bootloaders/aeb357f2-c2cb-42f1-a37c-3f0a2a355346/),Revoked bootloaders,2023-05-22
+[bootia32.efi](bootloaders/990b3c53-97bc-4fd8-a212-e60c6fda898c/),[B97D5B2A7A9E582652CB9A9BDE1BB68EB631C2329168A996BD19CDD1499408BA](bootloaders/990b3c53-97bc-4fd8-a212-e60c6fda898c/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/c54ad511-bb85-42f4-ae87-e476854748b9/),[4B0C9083430D91770BBB629380DB3A2A89DC73BB8DF677725668F727A2C2147C](bootloaders/c54ad511-bb85-42f4-ae87-e476854748b9/),Revoked bootloaders,2023-05-22
+[Signed_13652009334930799/shim64-bit.efi](bootloaders/63cbc1a5-3884-4049-ad87-f32f77644986/),[cc5c7db3068d99d6271fb38ab15b78c633c92249c4d783db0cdae2b918e97969](bootloaders/63cbc1a5-3884-4049-ad87-f32f77644986/),Revoked bootloaders,2023-05-22
+[BOOTX64.EFI](bootloaders/fecfe761-f926-4a24-bb10-bf4b8d96750d/),[e6cb6a3dcbd85954e5123759461198af67658aa425a6186ffc9b57b772f9158f](bootloaders/fecfe761-f926-4a24-bb10-bf4b8d96750d/),Revoked bootloaders,2023-05-22
+[bootarm.efi](bootloaders/0cbcf08b-1870-478c-bb85-8d12308ec1c2/),[90AA7C82344C06E7657FA919AD2B7395A07F8A1ECA8C159029569BD4467CC7B2](bootloaders/0cbcf08b-1870-478c-bb85-8d12308ec1c2/),Revoked bootloaders,2023-05-22
+[a4e64b6f-16b8-43db-af2f-c77daf3f0ca9](bootloaders/a4e64b6f-16b8-43db-af2f-c77daf3f0ca9/),[D84AE3F1BB7B2F2C41B986E473AD424CF6F1D136B4E91AA5F73824737169D820](bootloaders/a4e64b6f-16b8-43db-af2f-c77daf3f0ca9/),Revoked bootloaders,2023-05-22
+[bootarm.efi](bootloaders/5891ca2a-61e6-4938-942b-bfcc61dcb929/),[CD4A508F248776D8679ECEDB7BB1AF1752C23FDF66284522B4B36F242471B72C](bootloaders/5891ca2a-61e6-4938-942b-bfcc61dcb929/),Revoked bootloaders,2023-05-22
+[bootarm.efi](bootloaders/997fb55c-0910-48f0-adf7-33f2e50473c6/),[9A7FA44AE658F9CDED2AA0CC440EAA8134FC1FAFED290ABBC8C45EC670884605](bootloaders/997fb55c-0910-48f0-adf7-33f2e50473c6/),Revoked bootloaders,2023-05-22
+[e4cbfa0b-8b40-4ac9-b390-a566dbddd873](bootloaders/e4cbfa0b-8b40-4ac9-b390-a566dbddd873/),[2B7A243AC2248C630A51D73889E4BAA33DA94BD58D63E364A5FEF1A0998B4F5E](bootloaders/e4cbfa0b-8b40-4ac9-b390-a566dbddd873/),Revoked bootloaders,2023-05-22
+[b3a8852a-b702-419a-9d1c-4b371a130474](bootloaders/b3a8852a-b702-419a-9d1c-4b371a130474/),[5613DD1553044BEF74610BC012D676375588421FF0000B69DCF62D1081451ECE](bootloaders/b3a8852a-b702-419a-9d1c-4b371a130474/),Revoked bootloaders,2023-05-22
+[04cb75f3-e10f-4f9c-9f8f-97d4a310922c](bootloaders/04cb75f3-e10f-4f9c-9f8f-97d4a310922c/),[0CCD31ED42FF79E74FBA9C064F59F698E3AE9F9E690BE296EA63936E81982000](bootloaders/04cb75f3-e10f-4f9c-9f8f-97d4a310922c/),Revoked bootloaders,2023-05-22
+[af34038a-8535-46ac-8f63-bdf18bb89563](bootloaders/af34038a-8535-46ac-8f63-bdf18bb89563/),[04A779863E698705914958CFCF521450B8D2C9AE321DFE36A2DFDA00AE75ADC1](bootloaders/af34038a-8535-46ac-8f63-bdf18bb89563/),Revoked bootloaders,2023-05-22
+[bootx64.efi](bootloaders/5efb08ce-213c-49be-8c2b-0ae849f64b3c/),[4e371dd0448f1de869ee087b59ff88d11865463715272bcc6c29b0d5e21dbd82](bootloaders/5efb08ce-213c-49be-8c2b-0ae849f64b3c/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/57416bf8-a14e-42bb-b668-d424222ffcdd/),[6E90699DC49B40F02790D085E3A1B9CEB2F81D85F55D2054163B3432FB87F59B](bootloaders/57416bf8-a14e-42bb-b668-d424222ffcdd/),Revoked bootloaders,2023-05-22
+[48eb1fa0-a607-4967-8faf-20dc68913367](bootloaders/48eb1fa0-a607-4967-8faf-20dc68913367/),[7D092A6101832F2CF3F9DE42C66A9948751B05D3D4005FB9C0E8BDF9B8DAEC6B](bootloaders/48eb1fa0-a607-4967-8faf-20dc68913367/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/c748db0c-0a54-4567-a733-2f803c84a914/),[6A7CD85A11D733D1D03A01AAD914A3F22C33AD9590AB27792D2B177E0E51D896](bootloaders/c748db0c-0a54-4567-a733-2f803c84a914/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/116c526f-a50d-4f84-b577-d52dbbde526b/),[46BA7E327D359A9B108CAFBBF2D7B6B32AA6767C2A3A472B4FFE2587FE376977](bootloaders/116c526f-a50d-4f84-b577-d52dbbde526b/),Revoked bootloaders,2023-05-22
+[bootarm.efi](bootloaders/2b807893-889b-4dd8-99be-ff17aecfb58e/),[73DD7327621AA77D919473F71D3175EFA40F174D3C16060C079CEF169CC51363](bootloaders/2b807893-889b-4dd8-99be-ff17aecfb58e/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/34cf714a-cbf0-4339-afb8-bae3643a4075/),[AA38D5E097A9853A25A1DAA838ED83BC43569DB871FDF24888512A434024A866](bootloaders/34cf714a-cbf0-4339-afb8-bae3643a4075/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/7ca92d66-191e-469f-8320-a1f67a1eaa64/),[AB66D5C1C320900FC15984D7E1D44331411F2339DA9376F3E9BC2A4CB9B06014](bootloaders/7ca92d66-191e-469f-8320-a1f67a1eaa64/),Revoked bootloaders,2023-05-22
+[shim-sles.efi](bootloaders/795fbec7-a5f6-4e5d-b2c3-c968bf758e26/),[3166EE4CE65D10105DEEE3A0163E236AC872E2C45652DC1DD78F8CE984463C12](bootloaders/795fbec7-a5f6-4e5d-b2c3-c968bf758e26/),Revoked bootloaders,2023-05-22
+[bootx64.efi](bootloaders/cce60051-3b8f-4752-9e76-a1098bc803b6/),[c4b5797189521611b809720ed9c4734f1dec8a2ee2597781ffe438f652a58ce5](bootloaders/cce60051-3b8f-4752-9e76-a1098bc803b6/),Revoked bootloaders,2023-05-22
+[bootarm.efi](bootloaders/bca306da-15be-48c3-8a55-3165085410b9/),[AC390194D59EC41A1A01BD96417CFE79E833CD6BBCA820B5FCB35CC3FE99653B](bootloaders/bca306da-15be-48c3-8a55-3165085410b9/),Revoked bootloaders,2023-05-22
+[bootarm.efi](bootloaders/eba694e7-6b97-4fd7-8e20-e26392cad8e7/),[07463549E9B992F78E7E64BD24BCA93754EF3674F5F5D76C4D44F462060DF0B9](bootloaders/eba694e7-6b97-4fd7-8e20-e26392cad8e7/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/68bce846-d710-4c06-a74c-bdf24a87157b/),[0b16ad93ee38243d72ff0acd790107767b6d7d3563a4ba8edb7a23eec5c8d531](bootloaders/68bce846-d710-4c06-a74c-bdf24a87157b/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/7c5fa8fd-40fd-437f-a2cd-e21aaa43336f/),[176693F4060E5330AE384BBB5470A0F3C936EC725DAABA81D5DB2B820141D282](bootloaders/7c5fa8fd-40fd-437f-a2cd-e21aaa43336f/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/e06e3faf-46e8-4902-9bd7-69b462d292d2/),[3EBB964E2D24C5D0F2E07972A9F143B73161344790E960463BF9C229000848C1](bootloaders/e06e3faf-46e8-4902-9bd7-69b462d292d2/),Revoked bootloaders,2023-05-22
+[a4e079d3-3919-4c47-84ba-9a7d7d1acbe0](bootloaders/a4e079d3-3919-4c47-84ba-9a7d7d1acbe0/),[D8E8197BB6CB93157BAE6B4E63EFFA60BB49628DEBB6F771F154C229F4205DB3](bootloaders/a4e079d3-3919-4c47-84ba-9a7d7d1acbe0/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/84dbe789-ccc2-4988-a6f0-b4c74b74e133/),[00550ccee4edfefd7b7fb54864d0aa5df059885e9e79ff80d4fb134b4487c05d](bootloaders/84dbe789-ccc2-4988-a6f0-b4c74b74e133/),Revoked bootloaders,2023-05-22
+[rhel-8.3-20200917-shim64-bit.efi](bootloaders/3b5b838e-359b-483e-94e9-a1c1ed3077d6/),[258C72394A0D163E9196A16682D3881E6CB24171EDA78FE026CC9CA9BEBFF22E](bootloaders/3b5b838e-359b-483e-94e9-a1c1ed3077d6/),Revoked bootloaders,2023-05-22
+[bootx64.efi](bootloaders/b3f78afd-8a4f-444e-8561-b32a5d6015f1/),[C8AA71C72318CA43CBA4302FBAD12B474E7E4ED1B0EDA8A48CD71343A32FF155](bootloaders/b3f78afd-8a4f-444e-8561-b32a5d6015f1/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/6a65ed03-95af-404a-8ac0-95fa8ac8eb99/),[0CF738DD9BEA4F3BA350C805AE7A59076147080BC46F1D6D6C994382E77F8486](bootloaders/6a65ed03-95af-404a-8ac0-95fa8ac8eb99/),Revoked bootloaders,2023-05-22
+[shim-15+1533136590.3beb971-0ubuntu1/shim64-bit.efi](bootloaders/f901491e-f41b-4b77-8f9f-f9e5a6f03c8c/),[8844d9b3aea1568a7ff298e6dc12564c422dafae6510db377454ca6072861dde](bootloaders/f901491e-f41b-4b77-8f9f-f9e5a6f03c8c/),Revoked bootloaders,2023-05-22
+[HfiPcieGen3](bootloaders/1387dafb-6dad-48b4-a186-98e52cac74b7/),[0ed1b0fae1a6e705d1b116d08b7184e0a2ee2a0e6b0c372ce69b40e9ef34579f](bootloaders/1387dafb-6dad-48b4-a186-98e52cac74b7/),Revoked bootloaders,2023-05-22
+[gcdx64.efi](bootloaders/5f398d53-d42c-4c4c-acc2-b3766bf08b97/),[0ac2943abf5ef953b939247b74331fb2c437e405a81dd5569d9cff1d6183d53a](bootloaders/5f398d53-d42c-4c4c-acc2-b3766bf08b97/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/fa8ffd8e-ef04-4510-bf93-34fe1fadc156/),[E21231BE8A60E9FE94AD0D2202ED01C36E4AFC731A30659B8AC44C22B7377FBD](bootloaders/fa8ffd8e-ef04-4510-bf93-34fe1fadc156/),Revoked bootloaders,2023-05-22
+[bootx64.efi](bootloaders/af2bf5be-c938-4852-a9b2-14ecff96c414/),[D19F5CAC6AA761C1F66C71B9B7A2D44DFF216B97BE10F66180F5E4EF084C9811](bootloaders/af2bf5be-c938-4852-a9b2-14ecff96c414/),Revoked bootloaders,2023-05-22
+[7489f724-a3b3-435d-b34e-9ca0a94c6ceb](bootloaders/7489f724-a3b3-435d-b34e-9ca0a94c6ceb/),[707BEEAE9B9CBF0D56AEE48AE398F127D3B52FD37D25B95C561CDA1DB5233C50](bootloaders/7489f724-a3b3-435d-b34e-9ca0a94c6ceb/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/11dd8dba-8b90-413b-b2eb-bdb05f573d2b/),[db9643f6d78c6c5bdc29b041660174324639be8b3bc6e247c8c2026e68c4e618](bootloaders/11dd8dba-8b90-413b-b2eb-bdb05f573d2b/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/57f3ded8-3e38-4146-88ad-92ae83c627d5/),[85C838E95601A4B1CFA64600FC4A16330CB50D575FB2E89ECAA08D6B12B50CDF](bootloaders/57f3ded8-3e38-4146-88ad-92ae83c627d5/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/e12666fa-d6b3-449e-b3c3-18cf7a3d5b69/),[764D5B7F15EF539E0C8685DF62AB7CC7DBA3FCA50A08A8F7643D108A0A7FF757](bootloaders/e12666fa-d6b3-449e-b3c3-18cf7a3d5b69/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/7a216607-3204-4536-9507-a3beccc529a8/),[783d088ce72996a064c0da796579475e0aef23c5e6e0e5905c98571bf8620e20](bootloaders/7a216607-3204-4536-9507-a3beccc529a8/),Revoked bootloaders,2023-05-22
+[b089a9fd-d664-400b-b66c-158cd1848428](bootloaders/b089a9fd-d664-400b-b66c-158cd1848428/),[D4D97AEAB61079D3EB0E55794504991DD1BEB0F200315718FFE44BAE89F8F330](bootloaders/b089a9fd-d664-400b-b66c-158cd1848428/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/58907c65-5be5-4821-9c87-8d27b5a8840d/),[376E727A97432EE289CE9485988E24C0E20321DDC45443D7916D20D9C8824883](bootloaders/58907c65-5be5-4821-9c87-8d27b5a8840d/),Revoked bootloaders,2023-05-22
+[shim-0.8-0ubuntu2/shim64-bit.efi](bootloaders/eff3ed05-f849-4ea0-9f4f-1af40e48c368/),[45ec69179be0f20088f10be909fc8b6104f85607db0a556482fee9384eb4d52b](bootloaders/eff3ed05-f849-4ea0-9f4f-1af40e48c368/),Revoked bootloaders,2023-05-22
+[shim64-bit.efi](bootloaders/3e375fd6-edc4-48ff-801e-cf5d4fef7d2e/),[10914C967939CA831D9D39B87332A6E8882FE99901DC0E4DE4931CA5A065B9FF](bootloaders/3e375fd6-edc4-48ff-801e-cf5d4fef7d2e/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/cede5464-786a-4472-9b83-cbf540f90d1e/),[E9F55F39797D7ADAA99F2FE4138D413A10539C9663976B055A705A76C6A916D4](bootloaders/cede5464-786a-4472-9b83-cbf540f90d1e/),Revoked bootloaders,2023-05-22
+[bootx64.efi](bootloaders/9ae39650-46fc-402d-a4dc-569ce8411039/),[7b5dfe4f9e4ee68e3cdd9c91bcae26db334d49ae4c1f9525cecd834de48df110](bootloaders/9ae39650-46fc-402d-a4dc-569ce8411039/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/463dc6a9-273b-448d-b189-ec577fc29317/),[C2B1E1BB8F016D310FEA7225EEF9DC6B6F0E33E5C9DD74E9F24835DF6287296E](bootloaders/463dc6a9-273b-448d-b189-ec577fc29317/),Revoked bootloaders,2023-05-22
+[BOOTX64.EFI](bootloaders/d159a67f-5512-4922-bc1e-5c675a73d0cb/),[df4e1cf6eaf602f99849ddb6802bd91fb13cd5c3f9fb420250d8a3d750642efa](bootloaders/d159a67f-5512-4922-bc1e-5c675a73d0cb/),Revoked bootloaders,2023-05-22
+[rhel-7.9-20200909-shimia32.efi](bootloaders/146ba6ae-683a-4c91-b076-c267a77bbd47/),[FE924700AC79DC4689ADD5F7C6761E0D60E665A65F9572B43915010881B0BFBC](bootloaders/146ba6ae-683a-4c91-b076-c267a77bbd47/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/cfec0cca-c6b7-4327-a2d8-7dca0515e161/),[C1136125F38F6B76285AE4F1A0068F49819CBB5B57F6AB85960640F93FEC21BD](bootloaders/cfec0cca-c6b7-4327-a2d8-7dca0515e161/),Revoked bootloaders,2023-05-22
+[dbc9e79d-2655-4892-81fe-830383602432](bootloaders/dbc9e79d-2655-4892-81fe-830383602432/),[E1DC3EF55626A4CF6DDC425A353208F309271B8A9FDBF8964082FB08DFB7A170](bootloaders/dbc9e79d-2655-4892-81fe-830383602432/),Revoked bootloaders,2023-05-22
+[shimia32.efi](bootloaders/afc98e92-1064-426a-87de-35479bc19474/),[1BBE108A0DA8A6A15221BA576E985B4240AD603D7D967F710428A9CB53B97B0B](bootloaders/afc98e92-1064-426a-87de-35479bc19474/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/23d2d4cc-fb8c-43d8-b736-ae5c4fc3cd96/),[C1B24EBFE119C27A2E5EDD4267EEF37B2CD14FBBD8688DE27E08AF89996DB468](bootloaders/23d2d4cc-fb8c-43d8-b736-ae5c4fc3cd96/),Revoked bootloaders,2023-05-22
+[BOOTx64.efi](bootloaders/cab29561-a4b4-4cb1-b6c6-115700991af8/),[50484376441815f7f85aa294290a9b6072a6a9e8feae79447c5c4de855c5a3d3](bootloaders/cab29561-a4b4-4cb1-b6c6-115700991af8/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/e1e05cba-138a-4879-84c6-0ab872d03ea5/),[25933d1597ead1c390abc59433aec7c8f955c588551024c88c6388afbc84ed40](bootloaders/e1e05cba-138a-4879-84c6-0ab872d03ea5/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/c348343b-faea-4c60-a0bd-c140a51ca9f0/),[4A62256316FBC805231420BAA4668B26023AE08B1BC7203A71C28905D19C817A](bootloaders/c348343b-faea-4c60-a0bd-c140a51ca9f0/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/b262ea41-bb3c-4682-9a8d-a4e52e495c6c/),[81199ecb7a384d04f4e0f5541af731ca6ab0a04f1e2d692b4c386e0f02f15009](bootloaders/b262ea41-bb3c-4682-9a8d-a4e52e495c6c/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/c7e48901-5dda-4d9a-b064-9ec8e51efc06/),[0876FD237955DB876744D5AEFBBF0DB3771AA2603233E123B39F4E772FC3B457](bootloaders/c7e48901-5dda-4d9a-b064-9ec8e51efc06/),Revoked bootloaders,2023-05-22
+[73fc4a00-2d2f-46c4-a597-bd0cc015dfdc](bootloaders/73fc4a00-2d2f-46c4-a597-bd0cc015dfdc/),[690B765C38BE3FBA65B829677D98A67943F92E24E9860EE2A13273F5932B8A0A](bootloaders/73fc4a00-2d2f-46c4-a597-bd0cc015dfdc/),Revoked bootloaders,2023-05-22
+[BOOTX64.EFI](bootloaders/2cb09869-230c-4114-a4ec-a744b3181282/),[0e99607b20d537497169c506c6893243d3f1bd5960505c1566bd97c0a741adfb](bootloaders/2cb09869-230c-4114-a4ec-a744b3181282/),Revoked bootloaders,2023-05-22
+[bootx64.efi](bootloaders/e314abb1-31d1-460f-9df0-f437263d9e71/),[d809eddc88a14239e8a069fa71f81f3e4af4dc293f7575d71d597c80f8767816](bootloaders/e314abb1-31d1-460f-9df0-f437263d9e71/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/a7cc38fb-91b2-4e2c-a0a9-2a6051c31cb5/),[E785D139C9F008F9135EDFAD44492D11D09B83373ABE74AD45B7CADD25EBB464](bootloaders/a7cc38fb-91b2-4e2c-a0a9-2a6051c31cb5/),Revoked bootloaders,2023-05-22
+[07ce0c22-0e7a-4f68-91e2-61a9d9cd566f](bootloaders/07ce0c22-0e7a-4f68-91e2-61a9d9cd566f/),[6A86152DF323185DCD535369C94B9226FEB6AAB4479C00A4A916B4E82E4A85FE](bootloaders/07ce0c22-0e7a-4f68-91e2-61a9d9cd566f/),Revoked bootloaders,2023-05-22
+[bootaa64.efi](bootloaders/2297fba2-2316-41a2-93f7-20ea8c9f6b98/),[2674036BC5EE2446739FBBBE21F8480DA23AD5E98A6768754B4C9B9FC37EF2E2](bootloaders/2297fba2-2316-41a2-93f7-20ea8c9f6b98/),Revoked bootloaders,2023-05-22
+[Signed_14173467011297444/shimia32.efi](bootloaders/40519b35-c303-4cb2-aa20-c08545506e08/),[a80b37c9749d6f2c2fdf64922a3142eb0fd63c72fd2989d7e75dcb4be367299a](bootloaders/40519b35-c303-4cb2-aa20-c08545506e08/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/b429b35f-a9c3-4de9-a7be-da2b2c688a02/),[02FF707BE8808663B2CC33286630839DD7B14AC8E2340F4661870B18A9621D9D](bootloaders/b429b35f-a9c3-4de9-a7be-da2b2c688a02/),Revoked bootloaders,2023-05-22
+[rhel-7.9-shim-20200726-shimia32.efi](bootloaders/a2e0c2d5-a9f3-43f2-83f0-41235cae223d/),[DEF0CE090F4C6B203C317558D43D015427311475231E8CE9B2E00AC0C18D3922](bootloaders/a2e0c2d5-a9f3-43f2-83f0-41235cae223d/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/73fcc470-7c81-4385-8c78-933467e404cf/),[35F731A87345B78EAC85100D339ED77CE83B7DF6151B401B446A79D9FEBCD36D](bootloaders/73fcc470-7c81-4385-8c78-933467e404cf/),Revoked bootloaders,2023-05-22
+[aa7f07a3-cedd-4752-b1fd-0e8043dd54e6](bootloaders/aa7f07a3-cedd-4752-b1fd-0e8043dd54e6/),[7C783057C245A34DFF5A9497C3CD4181FC80D06439884E12AD5D67A4F5266CD6](bootloaders/aa7f07a3-cedd-4752-b1fd-0e8043dd54e6/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/d0acb6e2-2647-424d-b438-eff9f1b605fd/),[1B9A8D23FFC211EFF6F12D17037EB076EA46562DEC937F44CC49D4AF1C119BA0](bootloaders/d0acb6e2-2647-424d-b438-eff9f1b605fd/),Revoked bootloaders,2023-05-22
+[c4189bae-54f2-4fe5-8978-dc3e1ddc20ee](bootloaders/c4189bae-54f2-4fe5-8978-dc3e1ddc20ee/),[9E5773C34073B8473BD1EBC9D4D50780A7CDF9EB767750107D4B0F45BC8EABE8](bootloaders/c4189bae-54f2-4fe5-8978-dc3e1ddc20ee/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/09476ffd-a0fd-4510-9e36-a20727c16b8c/),[A97E2E39DA89F16E0AFB9CF3A213205ED00BF2200A573812B5C5F56FDB8B2402](bootloaders/09476ffd-a0fd-4510-9e36-a20727c16b8c/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/d569f749-c5fe-42ff-b6f9-8966a14d06af/),[79baff384ed507030cbe328a3d6c04d13e77932f08d387f76cf2422fb3b2588b](bootloaders/d569f749-c5fe-42ff-b6f9-8966a14d06af/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/275664b6-bb50-43c5-9d04-b100ea9fe56b/),[3fda721bc5007eab23af6e0c56a6942a7925a858f0d801fbb21011ccf758893b](bootloaders/275664b6-bb50-43c5-9d04-b100ea9fe56b/),Revoked bootloaders,2023-05-22
+[bootia32.efi](bootloaders/e0432a67-4ec8-4281-b4c1-a800e1b615be/),[84897E4405319DAB2822D63147F3DA90AC2A436A7D24EC5DD91B277AB6528FAB](bootloaders/e0432a67-4ec8-4281-b4c1-a800e1b615be/),Revoked bootloaders,2023-05-22
+[shim-0.7-0ubuntu4/shim64-bit.efi](bootloaders/465c1250-966d-4d32-b168-3b2c614e17f2/),[17864e719e9c61d84e29a3cedf2b63aeaecfc10867211efc3077dd216b0a4965](bootloaders/465c1250-966d-4d32-b168-3b2c614e17f2/),Revoked bootloaders,2023-05-22
+[e0a4512e-03fa-4db8-b7e0-8c8eb6f2bc8a](bootloaders/e0a4512e-03fa-4db8-b7e0-8c8eb6f2bc8a/),[7C2FDA323F09B9BE6269BA979A620438413EBA4A93B2BA34F9B39998268AD9CD](bootloaders/e0a4512e-03fa-4db8-b7e0-8c8eb6f2bc8a/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/d69993da-b588-4dcf-aea1-5d11d9ca4dd7/),[271A4B174838286F6D4BB9FCE91A47FBC87B28BE586744BD42CD82CEF4600B72](bootloaders/d69993da-b588-4dcf-aea1-5d11d9ca4dd7/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/5b0c97fd-1a72-4f30-af67-1f398fef3675/),[37CAA54424C152D84DE63C288DF7CE27BA97B8671CF27DE4101066EEAE8BE90C](bootloaders/5b0c97fd-1a72-4f30-af67-1f398fef3675/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/cd328e2d-3b59-4c94-a0e0-60b7f793db09/),[D6D10836B79E28ACE9E2BEC7EF9B67DC736ED6C1C8EA24D395DDAAF05B76CEBD](bootloaders/cd328e2d-3b59-4c94-a0e0-60b7f793db09/),Revoked bootloaders,2023-05-22
+[shim-0~20120906.bcd0a4e8-0ubuntu3/shim64-bit.efi](bootloaders/f4e945a8-aa6f-48dc-822c-ff44ce513b70/),[561EEF7131FFB079F75F6EC3E5738354A3C0EEB204863E7A4018B6409B7D26D0](bootloaders/f4e945a8-aa6f-48dc-822c-ff44ce513b70/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/70316201-97eb-4739-a72b-abdcd208e20b/),[EFA5CA12CFC70DEA81EB71088B4BDBD44D5B45A8F8D81B7DB243D6A03A7F11C4](bootloaders/70316201-97eb-4739-a72b-abdcd208e20b/),Revoked bootloaders,2023-05-22
+[bootx64.efi](bootloaders/e121cfa2-ee0c-4c6d-9b1a-1f48ce500b81/),[ef43b4b4a755494b10b7431527aead697feab6fa48cf4684cca4fb5b8cd09035](bootloaders/e121cfa2-ee0c-4c6d-9b1a-1f48ce500b81/),Revoked bootloaders,2023-05-22
+[4750d526-693a-4831-991f-4ace2cbe92ad](bootloaders/4750d526-693a-4831-991f-4ace2cbe92ad/),[D764AC6251FD2641EEBBFBF7A5A95E212DF5997875990D90562CA65D5D966BAE](bootloaders/4750d526-693a-4831-991f-4ace2cbe92ad/),Revoked bootloaders,2023-05-22
+[96d26340-d5ec-43a8-b1e7-068f46a2aeaa](bootloaders/96d26340-d5ec-43a8-b1e7-068f46a2aeaa/),[A739C0624B7608F40645D417E79CE0B22FA568D885ACEBE51949F268565098B4](bootloaders/96d26340-d5ec-43a8-b1e7-068f46a2aeaa/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/c818cbe0-bc64-4557-a266-570214ebaaa8/),[57B017C3A6AC4676B1852E407297158D1D471373DC299CF557832D9E3F13577A](bootloaders/c818cbe0-bc64-4557-a266-570214ebaaa8/),Revoked bootloaders,2023-05-22
+[0f4b6460-f81b-4770-8dfb-55224983a557](bootloaders/0f4b6460-f81b-4770-8dfb-55224983a557/),[8516257431A250296A10F82A4795F9CF68E5C185CEAA2F6F77CA0942CBE0C999](bootloaders/0f4b6460-f81b-4770-8dfb-55224983a557/),Revoked bootloaders,2023-05-22
+[064e9fe7-c5dc-4858-9006-e9b1e0e3001b](bootloaders/064e9fe7-c5dc-4858-9006-e9b1e0e3001b/),[AECD34387179AFF5CE02103679312CDEB1DA835015A8548FCE93765E7219612E](bootloaders/064e9fe7-c5dc-4858-9006-e9b1e0e3001b/),Revoked bootloaders,2023-05-22
+[bootia32.efi](bootloaders/e9402a67-21ec-4fdb-b0a3-7f1700f1ede7/),[132d59d83c29be7351d35c44b846dfc3f37b3c62bc40eac6aec3fd68e7cfcfde](bootloaders/e9402a67-21ec-4fdb-b0a3-7f1700f1ede7/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/3f6b5528-2fd7-427f-967e-e89cd9e77182/),[540CABD0862F121CE200DCEBB6C9D3B209B266F0CD413CEA2385886F965E5062](bootloaders/3f6b5528-2fd7-427f-967e-e89cd9e77182/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/60aaedd4-4eb0-485b-a534-82645695a185/),[A0946E9C77C27E5E9D19BCEEFE4DC147F97BF1CA7FE12F15280D390BA7A0D67A](bootloaders/60aaedd4-4eb0-485b-a534-82645695a185/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/bcda745b-c931-494a-bf26-4dfd7c824ee9/),[A09DBE91C9743163A3DC26BB7E51398C751DF7140D5DA4DD6D43B1915FA906EC](bootloaders/bcda745b-c931-494a-bf26-4dfd7c824ee9/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/ff057f2b-0bc9-4318-a017-66307880a7c6/),[f4c53c0b054413691ba25a2d162bcde9c9e35b5e706272f70bff96ed5c05a7b8](bootloaders/ff057f2b-0bc9-4318-a017-66307880a7c6/),Revoked bootloaders,2023-05-22
+[78f886c7-28cd-4686-ac8f-ee82f3e0fbcb](bootloaders/78f886c7-28cd-4686-ac8f-ee82f3e0fbcb/),[A95666BFAF48FD9C4CAF2F3ED4EB593145C48BD3C93E4B00638088CE7EE962CF](bootloaders/78f886c7-28cd-4686-ac8f-ee82f3e0fbcb/),Revoked bootloaders,2023-05-22
+[shimaa64.efi](bootloaders/0acd4573-d0e2-4f57-8c94-3d6e57a391e7/),[3C6318DC79E5CE66F7DCCC71DF01C4E4ACC53F14D978011A29033D59D43D9233](bootloaders/0acd4573-d0e2-4f57-8c94-3d6e57a391e7/),Revoked bootloaders,2023-05-22
+[bootx64.efi](bootloaders/837d8bdc-6458-4eba-87cf-c82a32d1eca6/),[106E99968A816752C4A0F5DF6AEACC0400C688DE35832798029040CDB41E1F09](bootloaders/837d8bdc-6458-4eba-87cf-c82a32d1eca6/),Revoked bootloaders,2023-05-22
+[mboot-official_arm64.efi](bootloaders/c10b8a2d-9bdd-46c5-bbdb-177f88c7794f/),[8CC2B48C79FBF5654B28B7BEEC51A3266E4CBB4FBE3A84F843EA0957683A1E93](bootloaders/c10b8a2d-9bdd-46c5-bbdb-177f88c7794f/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/9e382fdf-568a-4b81-b4ce-58c25f3b2d80/),[CB5C370B7BDC87A2153425852F477916BA3B13E4C62EA419AD93DBDD34780BEC](bootloaders/9e382fdf-568a-4b81-b4ce-58c25f3b2d80/),Revoked bootloaders,2023-05-22
+[BOOTX64.EFI](bootloaders/329800cf-dad0-4ca8-bdc9-6ec18ff01421/),[338b89190177e950151a198823fd9d5f4ea25c1faf73e56ca5d9cf69d373fd66](bootloaders/329800cf-dad0-4ca8-bdc9-6ec18ff01421/),Revoked bootloaders,2023-05-22
+[shim-15+1552672080.a4a1fbe-0ubuntu1/shim64-bit.efi](bootloaders/42952e7b-6913-40b6-bc44-5eacd9c673a7/),[CE7A0A3D718747C7263D099FD1477E363ECFE75BD2F639EE47AC1271EC229D80](bootloaders/42952e7b-6913-40b6-bc44-5eacd9c673a7/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/8c855009-8e77-4446-acf1-17ce8b445b01/),[b7313be4901f1a80f84e4e8a6636f090e7125b97fc845d4454d5e4bef3d40ca7](bootloaders/8c855009-8e77-4446-acf1-17ce8b445b01/),Revoked bootloaders,2023-05-22
+[dc00f1c1-898a-479d-b9a5-9caa9973e310](bootloaders/dc00f1c1-898a-479d-b9a5-9caa9973e310/),[94BDE75194960FAFF8329DCB4462BD8888B32078B0FB8FB2011C6993FDA0316A](bootloaders/dc00f1c1-898a-479d-b9a5-9caa9973e310/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/c8069469-51c7-44c5-8032-1d2fde34f8d3/),[D76281DD69E992EFB55604A1B4E6171E552F3B7E1411D75368F98EF91ED69E21](bootloaders/c8069469-51c7-44c5-8032-1d2fde34f8d3/),Revoked bootloaders,2023-05-22
+[BOOTX64.EFI](bootloaders/33ce2528-8820-4680-bc5d-b48fcc1f9d2d/),[899afe09e356003605b30dc209a5ba4ef6910baef23fac268bcac6db3cfee98d](bootloaders/33ce2528-8820-4680-bc5d-b48fcc1f9d2d/),Revoked bootloaders,2023-05-22
+[bootia32.efi](bootloaders/9b9f7199-24ed-4372-8247-e420ab0b7937/),[4E00B1C1CC2BFCB1FF2FDB4184D13CEA5A2617BACC3623C3DF52C50158065E73](bootloaders/9b9f7199-24ed-4372-8247-e420ab0b7937/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/71999c6f-6195-4944-ad16-105579c98549/),[50A8B3CD4F80C8C27FA47242869FDE8B6B7709A8AD1AF0EF0A726D20623007D8](bootloaders/71999c6f-6195-4944-ad16-105579c98549/),Revoked bootloaders,2023-05-22
+[HfiPcieGen3](bootloaders/3c5c1c32-6c09-4fea-863a-2e5cb48bb099/),[98acba206e9f3843a4a7e07c66ead4366fbe7976653b65ed0c311d4efae878ab](bootloaders/3c5c1c32-6c09-4fea-863a-2e5cb48bb099/),Revoked bootloaders,2023-05-22
+[bootarm.efi](bootloaders/25025124-0a03-422d-8fe8-530afd16951c/),[372968218A3CBA11D964EF1B1E8CFF3804EDF96481B96B929208D1B483ADB30C](bootloaders/25025124-0a03-422d-8fe8-530afd16951c/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/0486fe15-0d77-4c66-9918-1278ef014f72/),[86e5b25aa8072895e72e3d5f4beaccc1488a434fb10babe17fb9010da4ed93bc](bootloaders/0486fe15-0d77-4c66-9918-1278ef014f72/),Revoked bootloaders,2023-05-22
+[mboot-official_em64t.efi](bootloaders/0c0db73b-9d53-4fa1-93fe-cab2b3cabf9f/),[918871DEC65B4D8A8D0E29B221351DFEA3A1D9212A4E0D7EE692CC1696E9AFC6](bootloaders/0c0db73b-9d53-4fa1-93fe-cab2b3cabf9f/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/4d31cfeb-3005-497a-b566-7062066398ab/),[9da10b25786d8db0167fd66c051f7e2655781bb561b99584312b439a32be4c32](bootloaders/4d31cfeb-3005-497a-b566-7062066398ab/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/3598ca7a-27b3-4c09-aaca-cb5108eca19f/),[1B455F745A6397C1B4FDFA43E634462EE1414DB21EF5A3391142B0F988F31FFE](bootloaders/3598ca7a-27b3-4c09-aaca-cb5108eca19f/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/7480e25e-d4dd-4e39-b652-33861111c011/),[55C6D083A4E3BE8FF842A5D39EF6F0C82D3DD29FE377C7AEA920C7B419F660D8](bootloaders/7480e25e-d4dd-4e39-b652-33861111c011/),Revoked bootloaders,2023-05-22
+[shimia32.efi](bootloaders/7ad06c0c-5595-41e6-8049-b051fa3e931b/),[7B9D76B66E9E3503682EB5B6CCC8F70B8B5082F140252A7F6127AD9764D8F297](bootloaders/7ad06c0c-5595-41e6-8049-b051fa3e931b/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/b2be4369-0672-4a82-96df-ee4d208d3352/),[79631821A585BFC9A9A5D2D92D37714EFD84A3D856284A0897654461EC1C137D](bootloaders/b2be4369-0672-4a82-96df-ee4d208d3352/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/2a9c12a2-bc01-4af2-bb23-a5f1fcba5bdc/),[B15095CBB09505C8354657EF7DF0FA4046F5F9DC74B26EF12A7D83E82A718322](bootloaders/2a9c12a2-bc01-4af2-bb23-a5f1fcba5bdc/),Revoked bootloaders,2023-05-22
+[rhel-8.3-20200730-shimia32.efi](bootloaders/a1062c3c-45c5-4c75-bbd2-d744c8e3fcb8/),[A1DD22421CC934E050572520A026985AE8C5FC5AD73816510713F1E1D4DFF575](bootloaders/a1062c3c-45c5-4c75-bbd2-d744c8e3fcb8/),Revoked bootloaders,2023-05-22
+[1ca07dec-812e-46a2-ada4-141584aa0c12](bootloaders/1ca07dec-812e-46a2-ada4-141584aa0c12/),[6E5D8278A7A4A58DBBA2F5D01B09B9DE4BB20ACD2DD4890846C8125A65136BF8](bootloaders/1ca07dec-812e-46a2-ada4-141584aa0c12/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/07e76cae-6513-4120-b399-3ab5ae5879a5/),[997CCF341DBCE2EB9E119803723130DA90E8F1DD167A7B75400E73CBBADA54FD](bootloaders/07e76cae-6513-4120-b399-3ab5ae5879a5/),Revoked bootloaders,2023-05-22
+[shim.efi](bootloaders/530ab1a9-d9a6-4f01-986a-5b69c99400b4/),[51BD59697B4E1DF61DF32AD57CEBE394BE54E3E9DBFEB8DC00A3A176D13A5767](bootloaders/530ab1a9-d9a6-4f01-986a-5b69c99400b4/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/077ccbb7-5e3d-455d-abbf-317e3ee73abd/),[DB67C1601CC3B3313B9F6E8F12E76627E7BC6F3936BD8147FCAFAF5FB6556966](bootloaders/077ccbb7-5e3d-455d-abbf-317e3ee73abd/),Revoked bootloaders,2023-05-22
+[0bbd943d-7d16-4fe7-ac8b-f9d12daba1f4](bootloaders/0bbd943d-7d16-4fe7-ac8b-f9d12daba1f4/),[26A8EBB3EF412AA70D4AB4486EBEE8DB42656AE7F2EC868FA95FA656090F01BE](bootloaders/0bbd943d-7d16-4fe7-ac8b-f9d12daba1f4/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/7e81b1d7-7526-4958-98cf-688b36cf8ea0/),[FE4B7349F21EE077096B6986693C3F250758C5DDF96C14AF4BBFD96EE74A70A0](bootloaders/7e81b1d7-7526-4958-98cf-688b36cf8ea0/),Revoked bootloaders,2023-05-22
+[rhel-8.3-shim-20200726-shim64-bit.efi](bootloaders/cc89429d-d9b6-412c-8083-4879ab57f589/),[98721004CFF6B89B3E5A9267D29250710E6A6C8AFAE06EEF29F92745CD70E079](bootloaders/cc89429d-d9b6-412c-8083-4879ab57f589/),Revoked bootloaders,2023-05-22
+[bootia32.efi](bootloaders/cd9dcfdd-25a1-42d5-bd95-3778087060b5/),[4B6C8947CAA89BE6077E2964C4F97425C663AEFEBCDFC373CAFD982367FB5CFF](bootloaders/cd9dcfdd-25a1-42d5-bd95-3778087060b5/),Revoked bootloaders,2023-05-22
+[miniloader.efi](bootloaders/0e46bd88-7635-4162-a02e-85d9bd33be3a/),[30CF3AD2DF14F05D89BC321744559E857055A5C84D7F0834B3DBD261ACE1CF5D](bootloaders/0e46bd88-7635-4162-a02e-85d9bd33be3a/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/f651508a-842a-4af6-b332-559fc9897806/),[9CD99CEFF9B7496E7B6720AF4C561668D6993376EC18593E3F54B1540E5B31A0](bootloaders/f651508a-842a-4af6-b332-559fc9897806/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/0e305520-6001-4144-893d-b4c38ea47886/),[52D826CF8F6A0095938F7069B5F5DA22C16AE037D757BF9115AA84920BCE4EBF](bootloaders/0e305520-6001-4144-893d-b4c38ea47886/),Revoked bootloaders,2023-05-22
+[99b952f7-5438-417b-9dab-c318bdcd75e6](bootloaders/99b952f7-5438-417b-9dab-c318bdcd75e6/),[B6C36B2B18A3E73EA007173F8669D9A9A861FDDF27C3E3C0C3F1315E2AE5B43F](bootloaders/99b952f7-5438-417b-9dab-c318bdcd75e6/),Revoked bootloaders,2023-05-22
+[a950cc79-4054-4d02-bd8d-3de2165a3721](bootloaders/a950cc79-4054-4d02-bd8d-3de2165a3721/),[169D0AC3DA1DDA382812F7F221B8C9CD55961A05D876E3D812641313297848BA](bootloaders/a950cc79-4054-4d02-bd8d-3de2165a3721/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/66314d3b-bec0-4042-94f3-2744b5a337ee/),[88582f3cae30afd77990944709ac4e272d68cdc009d9c3ff6f7c2e19e74f5975](bootloaders/66314d3b-bec0-4042-94f3-2744b5a337ee/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/5cab3a24-4bf3-427a-887e-92ec2ed8f1a7/),[4628ec2698cfbca38d3bb4872df8e65a370ed4591e3fbd613a28b394942b8976](bootloaders/5cab3a24-4bf3-427a-887e-92ec2ed8f1a7/),Revoked bootloaders,2023-05-22
+[bootx64.efi](bootloaders/63cf9ba5-5aec-4ed7-9f58-97d1eff8aa0f/),[1BABF3FB76AE149CCB95B8E33B193CE7408B7134E0A5CC8CE1E884BCD01DFCF2](bootloaders/63cf9ba5-5aec-4ed7-9f58-97d1eff8aa0f/),Revoked bootloaders,2023-05-22
+[bootarm.efi](bootloaders/28fb8eaa-e498-44f7-8f1f-1dcf1dad47d7/),[0E0D94096278CEDCF333D4902F64ADE7815ED4000A1F6EA45EB93D2DBE18E496](bootloaders/28fb8eaa-e498-44f7-8f1f-1dcf1dad47d7/),Revoked bootloaders,2023-05-22
+[shim64-bit.efi](bootloaders/e638d650-dd39-49a9-a737-b02670064e45/),[84e680f95cd31db85663a5482a68778dd236503d88e8a6d8e3c4a6c9ba201102](bootloaders/e638d650-dd39-49a9-a737-b02670064e45/),Revoked bootloaders,2023-05-22
+[BOOTX64.EFI](bootloaders/64c9ea42-80a1-425d-ae59-d9ee4eadf4ba/),[BDD96B78F3AA4B123851342995451880CB2498E785ED12E48CEB36F1A3F49B2B](bootloaders/64c9ea42-80a1-425d-ae59-d9ee4eadf4ba/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/aa0019cf-ba6c-4a6b-8ea9-3e4494562744/),[5052ce3b96db73a909bf0e54355e357f8ab7284fa48f9b21c85efedbb886c100](bootloaders/aa0019cf-ba6c-4a6b-8ea9-3e4494562744/),Revoked bootloaders,2023-05-22
+[shim64-bit.efi](bootloaders/0072a990-7f8a-484c-8727-bd0912dd2ce6/),[DF01F567CF2C2A7B872EB750F12EC534B6F207E760D1ACA6795DB7CB12CFD92D](bootloaders/0072a990-7f8a-484c-8727-bd0912dd2ce6/),Revoked bootloaders,2023-05-22
+[90e05866-5975-498c-bab9-1a71dd286011](bootloaders/90e05866-5975-498c-bab9-1a71dd286011/),[6AE5984A47CCE9129498E534DB84F0FD33FE9AEE2860462414416282EB0CF34A](bootloaders/90e05866-5975-498c-bab9-1a71dd286011/),Revoked bootloaders,2023-05-22
+[BOOTX64.EFI](bootloaders/47020b30-de49-4937-9908-9d72b3d153d5/),[B76C5689D45E7F40F8D78468D4484074167563CB06368CBB9CB4DBED65E1192A](bootloaders/47020b30-de49-4937-9908-9d72b3d153d5/),Revoked bootloaders,2023-05-22
+[cent-7.9-20200730-shimia32.efi](bootloaders/a7bf3e37-f600-48ff-82d4-4f1e82c199d2/),[2D07ABD75C154055A858D4461A1B1B76D763E9ED294E2E10244C20601E072A29](bootloaders/a7bf3e37-f600-48ff-82d4-4f1e82c199d2/),Revoked bootloaders,2023-05-22
+[ccef0d61-ad41-4f54-8ce1-9197ccf0e44d](bootloaders/ccef0d61-ad41-4f54-8ce1-9197ccf0e44d/),[3AE3DA82C39C6BEEFD251265370D57D5BFC67181662736C62F2E6F687409C81B](bootloaders/ccef0d61-ad41-4f54-8ce1-9197ccf0e44d/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/3f2c9d56-984f-41b4-a2b2-49bf97e6ef71/),[C2BC0ADF3826972A0F8EF7E63C008C52D68215CCAE493CCEF14C3D3F4F67BDD0](bootloaders/3f2c9d56-984f-41b4-a2b2-49bf97e6ef71/),Revoked bootloaders,2023-05-22
+[46629c02-f2d8-440a-bc46-d67ad73ea772](bootloaders/46629c02-f2d8-440a-bc46-d67ad73ea772/),[3141C6EF9FCE61084D16F0659A9596B0156F24D6F4B03837C4B7543CFB378D61](bootloaders/46629c02-f2d8-440a-bc46-d67ad73ea772/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/b3b0f086-0c9c-4e10-b65c-47509c6f0dfb/),[d8732eb8bd7240f17d90656424aabc0669c3d13e3117efc4805bb59dd21ceb1d](bootloaders/b3b0f086-0c9c-4e10-b65c-47509c6f0dfb/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/696a399a-9f49-485d-9753-63edd677f144/),[944E6F803D3E1B0C1AA767B14B0F4D960A45F80F0A0A459253CA65147E947F72](bootloaders/696a399a-9f49-485d-9753-63edd677f144/),Revoked bootloaders,2023-05-22
+[bootx64.efi](bootloaders/e91a68c8-807d-4b65-a86b-c51335730c55/),[475552c7476ad45e42344eee8b30d44c264d200ac2468428aa86fc8795fb6e34](bootloaders/e91a68c8-807d-4b65-a86b-c51335730c55/),Revoked bootloaders,2023-05-22
+[BOOTX64.EFI](bootloaders/2ca3cf24-b271-4a27-a228-ca91cab34b93/),[0dd832075d552da3d29b1ef471fc23b47c0d54b9fd1541935b23f1c5813da08c](bootloaders/2ca3cf24-b271-4a27-a228-ca91cab34b93/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/4e4ca92c-52eb-4289-a935-f6ec64b79e3a/),[DA9C62E148457AFB0629FAB0C2D58623F9AC35A9A95EF23388ECFE85451C60C0](bootloaders/4e4ca92c-52eb-4289-a935-f6ec64b79e3a/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/ad6add2d-fe39-4ffb-b31d-7dffaf3ef28c/),[CF61636CEFDF20CF4B35382124800E047F5886952888BD41D1B8426BF34D2D29](bootloaders/ad6add2d-fe39-4ffb-b31d-7dffaf3ef28c/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/a2a7bdd7-c7bd-4195-97d5-a7b127691dfe/),[DE1CB8E571EEF26A3C4BABCEC97BA41894AE9DE7528A35BFF5FDDFF5C025CEED](bootloaders/a2a7bdd7-c7bd-4195-97d5-a7b127691dfe/),Revoked bootloaders,2023-05-22
+[bootmgfw.efi](bootloaders/24c0575d-dfa7-4f1b-8503-e136cf8fcf3a/),[B334937090AC1D2DB8FFFA7D6BB72F97FDE42712300524E2C89F0E7DCA5EF4D5](bootloaders/24c0575d-dfa7-4f1b-8503-e136cf8fcf3a/),Revoked bootloaders,2023-05-22
+[eefbdef0-8570-4a68-9824-042e17b71f98](bootloaders/eefbdef0-8570-4a68-9824-042e17b71f98/),[CB9E3E372C5F707858E1DE6421C2D3407C240F9D7BC43A9B9F3BA1F6037615B9](bootloaders/eefbdef0-8570-4a68-9824-042e17b71f98/),Revoked bootloaders,2023-05-22
diff --git a/lolrmm.com/content/lolrmms_top_5_os.csv b/lolrmm.com/content/lolrmms_top_5_os.csv
new file mode 100644
index 00000000..36784d37
--- /dev/null
+++ b/lolrmm.com/content/lolrmms_top_5_os.csv
@@ -0,0 +1,520 @@
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+345,64-bit
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+94,32-bit ARM
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+71,32-bit
+10,64-bit ARM
+10,64-bit ARM
+10,64-bit ARM
+10,64-bit ARM
+10,64-bit ARM
+10,64-bit ARM
+10,64-bit ARM
+10,64-bit ARM
+10,64-bit ARM
+10,64-bit ARM
diff --git a/lolrmm.com/content/search.md b/lolrmm.com/content/search.md
new file mode 100644
index 00000000..65759a0b
--- /dev/null
+++ b/lolrmm.com/content/search.md
@@ -0,0 +1,5 @@
++++
+title = "Search"
+searchPage = true
+type = "search"
++++
\ No newline at end of file
diff --git a/lolrmm.com/go.mod b/lolrmm.com/go.mod
new file mode 100644
index 00000000..ace5c0f6
--- /dev/null
+++ b/lolrmm.com/go.mod
@@ -0,0 +1,5 @@
+module compose-exampleSite
+
+go 1.15
+
+require github.com/onweru/compose v0.0.0-20230124183858-9412f10b0de5 // indirect
diff --git a/lolrmm.com/go.sum b/lolrmm.com/go.sum
new file mode 100644
index 00000000..77aac0a3
--- /dev/null
+++ b/lolrmm.com/go.sum
@@ -0,0 +1,226 @@
+github.com/onweru/compose v0.0.0-20201006150935-3c1a2b1a5808 h1:6eVMm+cuEWeCodoHVzfjPc1+BOJMvm7boxrsXSMcbBg=
+github.com/onweru/compose v0.0.0-20201006150935-3c1a2b1a5808/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20201008112336-b33efbb800d7 h1:tAyTSeyByfv2gPaqUrYi0kk0Z9jLTkAz24iSqLsotaA=
+github.com/onweru/compose v0.0.0-20201008112336-b33efbb800d7/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20201008113335-f8b4b41a58e2 h1:ua3fH27PUIwBdNecKga2AlR7lb8T02G6bFpG0zRVQWo=
+github.com/onweru/compose v0.0.0-20201008113335-f8b4b41a58e2/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20201008113650-083ed55849e2 h1:CW7Im/HLzVyhSfNekGgHZerjbZxcp+bruuCf6eIvXJs=
+github.com/onweru/compose v0.0.0-20201008113650-083ed55849e2/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20201008121227-97c178d80698 h1:STvi40vd1rZCTLzB5KaJKuxdm1gefZ+MbMXgy2XA8uQ=
+github.com/onweru/compose v0.0.0-20201008121227-97c178d80698/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20201008121826-e8247b9bc410 h1:QK0Xxg0z6Oq3ZJKpK+43rbSpe+q/Z5dzBU2N+3UJEB8=
+github.com/onweru/compose v0.0.0-20201008121826-e8247b9bc410/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20201008122408-49f4d42666f2 h1:ikuDTxJWps7D5f/ZvujVC9e3+VpH2sXgwD0X+GSyAXg=
+github.com/onweru/compose v0.0.0-20201008122408-49f4d42666f2/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20201010204225-28567dd51bf4 h1:tn4ewCzKNHFBIzZiwk3+CcrW1Ljxt4m+i30zlmRUtIg=
+github.com/onweru/compose v0.0.0-20201010204225-28567dd51bf4/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20201010205422-fddda669e1c2 h1:XmRzBg/SSGy2QqA1efr2nwWcU0KljTAfpeYjjKyDJMo=
+github.com/onweru/compose v0.0.0-20201010205422-fddda669e1c2/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20201021163953-71169c94bc96 h1:UudmsVqRvqwhcwYt7JFEIoB6Hu8nRI2seZep1XfQJnM=
+github.com/onweru/compose v0.0.0-20201021163953-71169c94bc96/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20201021164643-118b7b13ea6c h1:7wdWOVbI+KgTT96tVEjWH4WznWjxOClo24h+ZWQZo8s=
+github.com/onweru/compose v0.0.0-20201021164643-118b7b13ea6c/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20201021170218-e838974b8f5f h1:2Apua/rWIFkSpKDXIIeOWhD80luwbtbVKTD9dQ5cijk=
+github.com/onweru/compose v0.0.0-20201021170218-e838974b8f5f/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20201021170551-a59df0abf7f4 h1:14mtXdW9J1v4RQRgxdsl7Enba43dvnXac0e8pQ9LlUE=
+github.com/onweru/compose v0.0.0-20201021170551-a59df0abf7f4/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20201021170635-a845fa556927 h1:mYMgewPZGN23KJvC2xEr81DMUSUTZXzPesQZkrq7Kkg=
+github.com/onweru/compose v0.0.0-20201021170635-a845fa556927/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20201021174004-de1a2ca77ca3 h1:wYTFpkXTxIbz/JjM4q6kvQ31x1YtiP7YCXQbCfZGC1w=
+github.com/onweru/compose v0.0.0-20201021174004-de1a2ca77ca3/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20201021174612-615fff9bf667 h1:Koi+u3FQThlSXUtB9dgt4rTvR62AJsRlpzkpwJuI5I8=
+github.com/onweru/compose v0.0.0-20201021174612-615fff9bf667/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20201021175035-5e79b0ec418a h1:QQjKgcGuLZinA8JkzGArc3NoUoWa8CA5EwAc/rUF9mo=
+github.com/onweru/compose v0.0.0-20201021175035-5e79b0ec418a/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20201021175222-4f400c8f8c2b h1:UbmT8hNWHL51jYVFojvoEUdrwI0k84yjsmjMpsmk8Z8=
+github.com/onweru/compose v0.0.0-20201021175222-4f400c8f8c2b/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20201021175442-c7c21181a551 h1:khRcbAohqeaKiG4y5/hlzqM0fvXCSpCGnu3XARKv/Ns=
+github.com/onweru/compose v0.0.0-20201021175442-c7c21181a551/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20201021180809-d1d3e930323f h1:XlOqXi6xOSYn9w6sWMnA06DwqbZD/AW88+32TgVA+1M=
+github.com/onweru/compose v0.0.0-20201021180809-d1d3e930323f/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20201021184128-3450d45ed32b h1:Zju5PRRsMf2O4KdJzQMRYePI/bg/VOe8cIjl0//CqXs=
+github.com/onweru/compose v0.0.0-20201021184128-3450d45ed32b/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20201021184405-d300d77457a3 h1:80tDm0wfah1LoStXeTZbFArFTWZgg9ajmP2egMT6+3U=
+github.com/onweru/compose v0.0.0-20201021184405-d300d77457a3/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20201021185628-350f3ec7202a h1:Rj5eRcN8ID7wTWCliy4THUF4ioTbG+QoUIPLTefTaD0=
+github.com/onweru/compose v0.0.0-20201021185628-350f3ec7202a/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20201021190329-2d2b0989cf82 h1:7gsZF4R9c9a1CZqKGeVtZGV9r5GldENWe9ahtacDHY8=
+github.com/onweru/compose v0.0.0-20201021190329-2d2b0989cf82/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20201021190919-3b1f666a78a4 h1:WE9MMD/LLRQ1/I/69/gBYaZGvzi9H9310fdsXpgjVCY=
+github.com/onweru/compose v0.0.0-20201021190919-3b1f666a78a4/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20201021192042-fe5cb067b2b6 h1:ntJT+RYeG8KWS//3N9pyVmeiwS+ptKobmF8Bsz7zFIU=
+github.com/onweru/compose v0.0.0-20201021192042-fe5cb067b2b6/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20201021192330-521ff6fab570 h1:JJap8i6nvOVwgsZ8UlwELWsnBd0G0LvQVAup33Z90vA=
+github.com/onweru/compose v0.0.0-20201021192330-521ff6fab570/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20201021192750-dd14b1b097ea h1:Yu4YIQPhd7J7zw29TVO3df3rJhGaXchpkHlEqUs3XGc=
+github.com/onweru/compose v0.0.0-20201021192750-dd14b1b097ea/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20201021192900-ce1ce5689a67 h1:s00e1YRzRP3XKVhKZtSQ+AUd0TazN95CDSeyTG8Ouvw=
+github.com/onweru/compose v0.0.0-20201021192900-ce1ce5689a67/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20201021193621-4f96ac1770ee h1:zECIIhinVWjQCAiOHqcafqZ48x8xgbshxEoNEwOqsQI=
+github.com/onweru/compose v0.0.0-20201021193621-4f96ac1770ee/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20201021194001-a164d9aee922 h1:+88k9pKVVWjIGOOnHYW/zV5GOCxK6KjoNjH57gv3Jdo=
+github.com/onweru/compose v0.0.0-20201021194001-a164d9aee922/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20201021194540-0f02f8b33641 h1:UzS+AVt8+OxOA3ISizsX39/c8ZGUU3gcsLcZfnR4JUU=
+github.com/onweru/compose v0.0.0-20201021194540-0f02f8b33641/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20201114044806-342ee8535ae0 h1:HJ10u43C73zqNH8JjgJQS+6Zdg0Juta0Lo3e2eRBucY=
+github.com/onweru/compose v0.0.0-20201114044806-342ee8535ae0/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20201127133714-261bcbad9b00 h1:3BuVhKh+gUq9fXurWkK4rmDRb3ldjb+Maz2GizMtCTo=
+github.com/onweru/compose v0.0.0-20201127133714-261bcbad9b00/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20201128092456-b8ba681c96c3 h1:AJTiUrOlC9AyXE7+Xhbl4nhbKtoPA4DBGdOtzEEGFoI=
+github.com/onweru/compose v0.0.0-20201128092456-b8ba681c96c3/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20201128124950-c8a10c8b9880 h1:+xMedjRVSuRwEZ23vtWy2ksMI0+0Wvrqq6CTNPEpuuQ=
+github.com/onweru/compose v0.0.0-20201128124950-c8a10c8b9880/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20201129132514-211b9ea9e0a7 h1:uAi0vLn5Mcu6HdnBNNUfrOyRh73kQKjhLy5KUMGtf6c=
+github.com/onweru/compose v0.0.0-20201129132514-211b9ea9e0a7/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20201130180534-fa4914e7415f h1:hL5XAMrWe+tus29HXJr8JTMP7L6SuxUgMH0SlDN4hSM=
+github.com/onweru/compose v0.0.0-20201130180534-fa4914e7415f/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20201203162259-4492ef546c57 h1:R9xda/9fOt1eQdOMNS1mRwot2R40XJC+y4HaYT9cjR4=
+github.com/onweru/compose v0.0.0-20201203162259-4492ef546c57/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20201206171046-1626fddc1ec8 h1:XkVCTal507IBN8zsqfqBaYSzGNj9XQq2xUIfp3E2DN0=
+github.com/onweru/compose v0.0.0-20201206171046-1626fddc1ec8/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20201221201530-bce6744be91e h1:Plv27XxjrCdITkS75XCdzGVoYQP+7emsA+1NV173zBU=
+github.com/onweru/compose v0.0.0-20201221201530-bce6744be91e/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20201227170239-5a520966eaaf h1:GtoRcMu5TiwjoLeozTCH6hGT+XBmsXFsztRhRhGOPhM=
+github.com/onweru/compose v0.0.0-20201227170239-5a520966eaaf/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20201227171332-78e63714b371 h1:IiI3bvmBslOI59MzdyiJPzeJUpm+trce+ITAZyEkp0c=
+github.com/onweru/compose v0.0.0-20201227171332-78e63714b371/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20201228135936-58a6ebcf6cda h1:MjOMGBNpzUbZMoJObKvE18HoMe/IncHFDlz5rszL/eY=
+github.com/onweru/compose v0.0.0-20201228135936-58a6ebcf6cda/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20201228140035-ebd4adbb5ea3 h1:7mgrsmuQnAIm5WoY2eKkUmaxTVcOejUamteEAwxOy1U=
+github.com/onweru/compose v0.0.0-20201228140035-ebd4adbb5ea3/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20201228144629-75926193c03d h1:4RgxKxlF0IfoPvisFlAEt8Z1Q/yJxfn+RiXKOFpeKKM=
+github.com/onweru/compose v0.0.0-20201228144629-75926193c03d/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20210124161915-a5713514f442 h1:6PEXOQo5ppTRqyGvXa64xmVI9Q1Rz27pmZ2behUrt4A=
+github.com/onweru/compose v0.0.0-20210124161915-a5713514f442/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20210126134026-0b25b7525669 h1:Os2y3f4ULz0hTnQvduhqs5UzxXl4T+akSnhXDtpvhh8=
+github.com/onweru/compose v0.0.0-20210126134026-0b25b7525669/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20210127153304-a03f248319a9 h1:5P3NnL57tMAHlsBKRcO57dOh89gjs5S5gPnch/rl378=
+github.com/onweru/compose v0.0.0-20210127153304-a03f248319a9/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20210127153613-7065c3e6448a h1:4bUjg5uQlCiwzjMYaid0DRq4f1CKOUJUzuApt0PJ12o=
+github.com/onweru/compose v0.0.0-20210127153613-7065c3e6448a/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20210130124747-043bd49191d5 h1:9RzdW/Iwmoe8WlhReFm32ScNEOm9ayd9r6F75eWoep0=
+github.com/onweru/compose v0.0.0-20210130124747-043bd49191d5/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20210131005005-e750e05b63fc h1:u/4ZM80MMkK+/2BkrTwZh0xSuLzhY4T/nrho3GYjjes=
+github.com/onweru/compose v0.0.0-20210131005005-e750e05b63fc/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20210131010041-970704432513 h1:mz5GMLeHArvUS4lr2JCgjOFz0Q81a8y1hjY3MMbcdhM=
+github.com/onweru/compose v0.0.0-20210131010041-970704432513/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20210131010156-3d5c30329d77 h1:iBY7ehzCDLpy3dfqrYlF1cxwFiu/jln6HNhy8VzUal8=
+github.com/onweru/compose v0.0.0-20210131010156-3d5c30329d77/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20210131033911-e106802b3505 h1:Ovu5ydj4a3lKlU0caXjJLOSSKFjocd1PVvQGz2z3nXg=
+github.com/onweru/compose v0.0.0-20210131033911-e106802b3505/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20210131042543-4aca05ef578d h1:9969I4oCvQNlkjX2paKk+nAxrkM8QX01wl7UROgTY+Q=
+github.com/onweru/compose v0.0.0-20210131042543-4aca05ef578d/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20210131043449-7335477f0054 h1:4smUEiMOxdZCoESzp+O16CguknloyfD12mWhuDci8Y0=
+github.com/onweru/compose v0.0.0-20210131043449-7335477f0054/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20210131052009-18d57dd16bb0 h1:XC6lxuOoDiQhIXHPXfKRosyNNBTG4/wlOc6QSj7RAno=
+github.com/onweru/compose v0.0.0-20210131052009-18d57dd16bb0/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20210204153750-9331e4f50b68 h1:/mt7RWz6xOhtymUz7sWooh+RRxT4645YFICEywVeDpQ=
+github.com/onweru/compose v0.0.0-20210204153750-9331e4f50b68/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20210204160442-ba75a7400ed6 h1:p4QinP7ojEvKOexchEr5HsuYeiBcYmVCn6a//gAddK8=
+github.com/onweru/compose v0.0.0-20210204160442-ba75a7400ed6/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20210204161020-3b114e43c534 h1:NtL3eJHupwIOBm92Z7XnJ9aaX2dLZ8ykzqkdYNOHn8Y=
+github.com/onweru/compose v0.0.0-20210204161020-3b114e43c534/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20210204161120-fc5d5e82ecf9 h1:VrbsD/faLF8YL3bvKudETXsGwyoXYBT1FatdfyXVplY=
+github.com/onweru/compose v0.0.0-20210204161120-fc5d5e82ecf9/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20210204161300-a2d306fc5f5d h1:xPy1dEMcJPXyxWlAI4iwBD4BqJ/qBCDApciBpgqQJtc=
+github.com/onweru/compose v0.0.0-20210204161300-a2d306fc5f5d/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20210209175519-8ce9375a3199 h1:AJDB9LlnRWD0Rx0nJeSpA7348igKzfAzOtXz5Cos80M=
+github.com/onweru/compose v0.0.0-20210209175519-8ce9375a3199/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20210210164857-d73ed631861a h1:9kP8FJIwkC1NYkZ3hpU5i4wId6KAk0Ovc1JcyDl6vEs=
+github.com/onweru/compose v0.0.0-20210210164857-d73ed631861a/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20210210171312-ec3ff11f4002 h1:IZFhImuiL8EVFA/Caas9NDBPVFkNQc67DrV1LJi45Z4=
+github.com/onweru/compose v0.0.0-20210210171312-ec3ff11f4002/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20210210194600-302c901a2e44 h1:h6KdZQp1kpVe8YMWjMsWWu9iVAbTU3CoXRU3lttxCBY=
+github.com/onweru/compose v0.0.0-20210210194600-302c901a2e44/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20210213203223-6971b3db7684 h1:AUntJnjwqjPFUr/liUeKcbbe8dA7ANTcEozUIvuim+g=
+github.com/onweru/compose v0.0.0-20210213203223-6971b3db7684/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20210213203306-aec7d9b07d12 h1:ujlJ+9ZENudXTzQqhYp0Lkf8cufPayKNAsEfBAmK6xY=
+github.com/onweru/compose v0.0.0-20210213203306-aec7d9b07d12/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20210213204507-6e0a35f8a308 h1:QTlPRqYRBqNk7TdVr83PVqx6usP99bjeDVreoBXrMwk=
+github.com/onweru/compose v0.0.0-20210213204507-6e0a35f8a308/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20210213204617-66b366163e65 h1:0Q5d1PfZmUrqI8Lqgi3D3fW+kMjvTvALtRB65LB6djI=
+github.com/onweru/compose v0.0.0-20210213204617-66b366163e65/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20210222222437-6c4f1c807724 h1:xb77Or8etaZuHUGOojRkHfM2OQeCU9EH1eIHAQ02LQ0=
+github.com/onweru/compose v0.0.0-20210222222437-6c4f1c807724/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20210224223901-8dbb193ddbe3 h1:go0CBCDJXSfRd/pCUpmNAsj8KdWh1rUBbLxh6gFMpY8=
+github.com/onweru/compose v0.0.0-20210224223901-8dbb193ddbe3/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20210226153626-1b67f9ccc7f8 h1:g7NXBSkGk/WR160Nxqc2YdtDLJiGdhIqlGhPlOtvi2c=
+github.com/onweru/compose v0.0.0-20210226153626-1b67f9ccc7f8/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20210301150901-5c5213307e62 h1:pZ3rYbYQjY/YArAvbdiHTgp+hzRDinMczy0tCwuAN9Y=
+github.com/onweru/compose v0.0.0-20210301150901-5c5213307e62/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20210309133307-8a3113c43d31 h1:8xkpWOA0lGo296VNwYzoc8pxh593/T2qRDw4+e+GkuE=
+github.com/onweru/compose v0.0.0-20210309133307-8a3113c43d31/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20210312153401-7f1c7da6d155 h1:EDrVXssmI+WiQ1KgYizL8qTR43e+vRvtrlwOSs1xRkU=
+github.com/onweru/compose v0.0.0-20210312153401-7f1c7da6d155/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20210330103531-e7e0ba391d6a h1:rpCp0Sg4jjcM1EwdFq3mYoMXz/X3ejm1YXPR8ONetUw=
+github.com/onweru/compose v0.0.0-20210330103531-e7e0ba391d6a/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20210406232155-ff1e43943280 h1:CFctzrbQxiwVhPZUjAiwIXYg3RfdeF8koX10fJBoH/Y=
+github.com/onweru/compose v0.0.0-20210406232155-ff1e43943280/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20210406234030-8e6061ff2c8e h1:9QnqTOic8SuPUjckFyjf4fmI75KH5bx0jaYNLera9Hs=
+github.com/onweru/compose v0.0.0-20210406234030-8e6061ff2c8e/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20210414230317-e7b3ea9ebfe4 h1:NQrpHqTpGZcUSanooOC2b522IJZOw+enL8iRDugrMcQ=
+github.com/onweru/compose v0.0.0-20210414230317-e7b3ea9ebfe4/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20210415143632-5e4de2adde5f h1:iSKlLvku3SNGOrJEffSjSwkYq+edM12C2nmUXZFWF0E=
+github.com/onweru/compose v0.0.0-20210415143632-5e4de2adde5f/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20210415153638-a7ebb4827998 h1:ihz6pmmMBL7qjLcDENNS+iz1YL1Em5xWeoqLxQxnPYQ=
+github.com/onweru/compose v0.0.0-20210415153638-a7ebb4827998/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20210430153828-b0b7c86cc0d9 h1:sAZZceW6Uq/2ZrKOUa4hFLP0EQvnFDlvnwCFTvmSvIg=
+github.com/onweru/compose v0.0.0-20210430153828-b0b7c86cc0d9/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20210502152903-185aafcedecd h1:V7uk7wLlMZExjXZ7NgKETWK8HY6rAy5gUAmKejrdOYw=
+github.com/onweru/compose v0.0.0-20210502152903-185aafcedecd/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20210506210640-600d54dc04fe h1:Jl+mf1hdTD0aOBmQTHqxd1FOWi64HpVUNMOByh+lrI4=
+github.com/onweru/compose v0.0.0-20210506210640-600d54dc04fe/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20210506215729-3f2ccb9b9acb h1:SH3djUTpikGJyj4ydrEaBc6AbJW0Ajpu/GTfA/yjE08=
+github.com/onweru/compose v0.0.0-20210506215729-3f2ccb9b9acb/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20211214140020-8242779b31f2 h1:lkxCKkH4AXDrJyRv+/GT41oeUYblNe0kzrMKSKZYFXc=
+github.com/onweru/compose v0.0.0-20211214140020-8242779b31f2/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20211214142049-153714b2b9a6 h1:8lhj4OxL5JSaEsrs89xcoPOYHejSMEl7AzW/MX5eDe4=
+github.com/onweru/compose v0.0.0-20211214142049-153714b2b9a6/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20211214142651-deed342a7846 h1:eIvsGKnMt5fCe09HulPHYEn6IO+QGjHjPMUs2escpnY=
+github.com/onweru/compose v0.0.0-20211214142651-deed342a7846/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20211214150226-c742721de729 h1:uqpu3MRBAPxQpqEBq8oPuQu05BHmQox1vjqa0ykcMws=
+github.com/onweru/compose v0.0.0-20211214150226-c742721de729/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20211214150643-89fe30e71f6b h1:TyJ8mhSfUDDl0pSJo2nywn31hXpDFf7K+Mdn40tQC2A=
+github.com/onweru/compose v0.0.0-20211214150643-89fe30e71f6b/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20211214152438-ce90676ec090 h1:8lZSF5Iahe26t5q5RrLnRKr2+eDBbbgYyI0ICboFSvU=
+github.com/onweru/compose v0.0.0-20211214152438-ce90676ec090/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20211217155542-0ac874fdf11a h1:FWwq5CHbctK7hiM2/qyG4BxhK55A6/MNkBo/nm/Wu3E=
+github.com/onweru/compose v0.0.0-20211217155542-0ac874fdf11a/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20220131221540-e64c1b90bedb h1:ng6lL4gD9vVNaESBJ8P50cGGvqtngx1S485WknP6Pnc=
+github.com/onweru/compose v0.0.0-20220131221540-e64c1b90bedb/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20220131223354-2e884f5b05ff h1:mAyDpj8HHDybJXOTJK34g17lvGv5DpTL++FW7GBQdfI=
+github.com/onweru/compose v0.0.0-20220131223354-2e884f5b05ff/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20220131223935-37a70669b579 h1:YrGNBJMmECIujQTvzHsgNcKvK4fCRBJPjQ/CCFznyfI=
+github.com/onweru/compose v0.0.0-20220131223935-37a70669b579/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20220131224949-17403bce6163 h1:SLXV26hYbYE0zEMo3jHuBdlDJqalcZzFe//oYEotXrQ=
+github.com/onweru/compose v0.0.0-20220131224949-17403bce6163/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20220131230834-1b61f09eea2a h1:sbxlqegWWMUl1EpKvz110tKIlI8Tgrjk/Da1HKUtqUw=
+github.com/onweru/compose v0.0.0-20220131230834-1b61f09eea2a/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20220131233504-ff693a0f9e9d h1:pbtSqDhoriw5JHbiw3GJyMBFU82ZqD4M8GFe/1bNiDc=
+github.com/onweru/compose v0.0.0-20220131233504-ff693a0f9e9d/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20220201002401-8fc05ebec231 h1:wNtaIQ7jJPCOi/KU4CvD89R8dhoXfga2rpJaZ90a7Kk=
+github.com/onweru/compose v0.0.0-20220201002401-8fc05ebec231/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20220201002706-19dcf4f70f4a h1:G4nU+9JMPiVjuCUONovpvWYeFYd2usmxU6gjMbcJJMc=
+github.com/onweru/compose v0.0.0-20220201002706-19dcf4f70f4a/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20220201011553-09a8e1b4a4c3 h1:+0s7j6cuw2l2fedqcDMAoPsj2AWl44KnuZPAdaUiNno=
+github.com/onweru/compose v0.0.0-20220201011553-09a8e1b4a4c3/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20220613153347-85c7d9009d53 h1:Y04Lu7fMoOz+C9PdMWIqYdqfO0EwbxbaaJrmwGOmNZk=
+github.com/onweru/compose v0.0.0-20220613153347-85c7d9009d53/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20220613153906-17d886cf4af7 h1:ukWfKHCT0Hwn25r3XDkdPM6MzIzRFo460pq72aslIc8=
+github.com/onweru/compose v0.0.0-20220613153906-17d886cf4af7/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20220613154008-94eca169c565 h1:A0O9ceHNjZx+f01g0vcEGcdTXgOanQeR/D8qiitYerI=
+github.com/onweru/compose v0.0.0-20220613154008-94eca169c565/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20220613160631-5be4d7fe9437 h1:6fMlXV26iNJk8TTQbYv6baJx4+nvrrspjlYlgCjI23o=
+github.com/onweru/compose v0.0.0-20220613160631-5be4d7fe9437/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20221229203731-77cbaaa296ce h1:SAap40G3K+QdFacjBWcgfMj7Qyv8T9qXvfAKTGGrMyk=
+github.com/onweru/compose v0.0.0-20221229203731-77cbaaa296ce/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20221230112033-882a2a3d9d3b h1:WDFor/3L6oMz8V+F1WMopxWPw2Cqdak2wA8vRr0Fdkk=
+github.com/onweru/compose v0.0.0-20221230112033-882a2a3d9d3b/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20221230112538-1d51381bc2f6 h1:X3ZGW6ZSRJOVYDog4BIN4LeWHPjx/8cJTSKtuz5rK50=
+github.com/onweru/compose v0.0.0-20221230112538-1d51381bc2f6/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20230119130833-e106caa15d62 h1:3a7x3pLsvzqbxbveby7BLxBSsFE2ePpLL7aRjCPxXfA=
+github.com/onweru/compose v0.0.0-20230119130833-e106caa15d62/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20230123162251-ceaf306671ac h1:DUih97iWCvI5MFwmTxBiR3bt5Rrf1XV/Go+T99GpsdM=
+github.com/onweru/compose v0.0.0-20230123162251-ceaf306671ac/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
+github.com/onweru/compose v0.0.0-20230124183858-9412f10b0de5 h1:5aakRf8ExXEffuyhraIMQ/dbPWeIOdD5s2rrqtzaWIc=
+github.com/onweru/compose v0.0.0-20230124183858-9412f10b0de5/go.mod h1:tf1kQIBUcwJ/3mRFU5eiMrMvsDScVTK2IEFsZE3hZOc=
diff --git a/lolrmm.com/resources/_gen/assets/sass/sass/main.sass_ae9eb86df8175869edaecf50caadd93b.content b/lolrmm.com/resources/_gen/assets/sass/sass/main.sass_ae9eb86df8175869edaecf50caadd93b.content
new file mode 100644
index 00000000..e9f08150
--- /dev/null
+++ b/lolrmm.com/resources/_gen/assets/sass/sass/main.sass_ae9eb86df8175869edaecf50caadd93b.content
@@ -0,0 +1,3 @@
+html{--info-icon: url('http://localhost:1313/icons/info.svg');--sun-icon: url('http://localhost:1313/icons/sun.svg');--moon-icon: url('http://localhost:1313/icons/moon.svg');--next-icon: url('http://localhost:1313/icons/next.svg')}html{--color-mode: "light";--light: #fff;--dark:  rgb(28,28,30);--haze: #f2f5f7;--bubble: rgb(36,36,38);--accent: var(--haze);--bg: var(--light);--code-bg: var(--accent);--overlay: var(--light);--text: #111;--font: 'Metropolis', sans-serif;--border-color: #eee;--inline-color: darkgoldenrod;--theme: rgb(255,140,0)  /* changed to DarkOrange */;--ease: ease;--search-border-color: transparent;--next-icon-path: url(../images/icons/double-arrow.svg);--never-icon-path: url(../images/sitting.svg)}html[data-mode="dark"]{--color-mode: "dark";--theme: rgb(0,191,255)  /* remains as Deep Sky Blue */;--bg: var(--dark);--text: #eee;--accent: var(--bubble);--overlay: var(--bubble);--border-color: transparent;--search-bg: var(--accent);--search-border-color: var(--accent)}html[data-mode="dark"] *{box-shadow:none !important}html[data-mode="dark"] .color_choice::after{background-image:var(--moon-icon)}@media (prefers-color-scheme: dark){html.dark:not([data-mode="light"]){--color-mode: "dark";--theme: rgb(0,191,255)  /* remains as Deep Sky Blue */;--bg: var(--dark);--text: #eee;--accent: var(--bubble);--overlay: var(--bubble);--border-color: transparent;--search-bg: var(--accent);--search-border-color: var(--accent)}html.dark:not([data-mode="light"]) *{box-shadow:none !important}}blockquote+.highlight_wrap{margin-top:2.25rem}*{box-sizing:border-box;-webkit-appearance:none;margin:0;padding:0}body,html{scroll-behavior:smooth;scroll-padding-top:1rem;font-kerning:normal;-webkit-text-size-adjust:100%;font-size:18px}body{font-family:var(--font);background-color:var(--bg);color:var(--text);line-height:1.5;margin:0 auto;position:relative;font-kerning:normal;display:flex;flex-direction:column;justify-content:space-between;min-height:100vh;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale;-webkit-overflow-scrolling:touch;max-width:1440px}@media screen and (min-width: 1640px){body{max-width:1600px}}a{text-decoration:none;color:inherit}p{padding:0.75rem 0}p:empty{display:none}li,li p{padding:0.25rem 0}blockquote{opacity:0.8;padding:1rem;position:relative;quotes:"“" "”" "‘" "’";margin:0.75rem 0;display:flex;flex-flow:row wrap;background-repeat:no-repeat;background-size:5rem;background-position:50% 50%;position:relative;background-color:var(--accent);border-radius:0.25rem;overflow:hidden}blockquote::before{content:"";padding:2px;position:absolute;top:0;bottom:0;left:0;background:var(--theme)}blockquote p{padding-left:0.5rem !important;font-size:1.1rem !important;width:100%;font-style:italic}h1,h2,h3,h4,h5{font-family:inherit;font-weight:500;padding:0.33rem 0;color:inherit;line-height:1.35}h1{font-size:200%}h2{font-size:175%}h3{font-size:150%}h4{font-size:125%}h5{font-size:120%}h6{font-size:100%}img,svg,figure{max-width:100%;vertical-align:middle}img{height:auto;margin:1rem auto;padding:0}main{flex:1}@media screen and (min-width: 42rem){main{padding-bottom:45px}}ol,ul{list-style:none}b,strong{font-weight:500}hr{border:none;padding:1px;background:var(--border-color);margin:1rem 0}.aside{overflow-y:auto;background:var(--bg);border-radius:0.25rem;align-self:start;max-height:80vh;position:sticky;z-index:9999;top:0;padding:1rem 0}@media screen and (min-width: 42rem){.aside{padding:1rem 1.5rem;top:2.5rem;margin-top:1rem;padding-top:0}}.aside_inner{height:0;overflow:hidden}@media screen and (min-width: 42rem){.aside_inner{height:initial}}.aside.show .aside_inner{height:initial;overflow:visible}.aside_toggle{padding:0.5rem 1.5rem;border-radius:0.5rem;background:var(--accent);transform:translateY(-1rem);display:flex;justify-content:space-between}@media screen and (min-width: 42rem){.aside_toggle{display:none}}.aside h3{position:relative}.aside ul{padding:0;list-style:none}th,td{padding:0.5rem;font-weight:400 !important}th:not(:first-child),td:not(:first-child){padding-left:1.5rem}thead{background:var(--theme);color:var(--light);font-weight:400;text-align:left}tbody tr:nth-child(even){background-color:var(--accent) !important;box-shadow:0 1rem 0.75rem -0.75rem rgba(0,0,0,0.07)}table{margin:1.5rem 0;width:100%}.main{flex:1}@media screen and (max-width: 667px){.main>.grid-auto{grid-gap:0}}.page-home h1{font-weight:300}.content ul,.content ol{padding-left:1.1rem}.content ul{list-style:initial}.content ol{list-style:decimal}.content a:not(.button){color:var(--theme)}::placeholder{font-size:1rem}svg.icon_sort{fill:var(--light);height:0.7rem;width:0.7rem;display:inline-block;margin-left:auto;vertical-align:middle}canvas{margin:2.5rem auto 0 auto;max-width:450px !important;max-height:450px !important}footer{min-height:150px}del{opacity:0.5}#toTop{background:transparent;outline:0.5rem solid transparent;height:2rem;width:2rem;cursor:pointer;padding:0.5rem;display:flex;align-items:center;justify-content:center;position:fixed;right:0;bottom:2.25rem;transform:rotate(45deg) translate(5rem);opacity:0;transition:opacity 0.5s var(--ease),transform 0.25s var(--ease);z-index:5}#toTop.active{right:1.5rem;opacity:1;transform:rotate(45deg) translate(0)}#toTop::after,#toTop::before{position:absolute;display:block;width:1rem;height:1rem;content:"";border-left:1px solid var(--text);border-top:1px solid var(--text)}#toTop::after{width:0.67rem;height:0.67rem;transform:translate(0.1rem, 0.1rem)}.nav{display:grid;grid-gap:1rem;padding:0 1.5rem !important;align-items:center;background-color:var(--bg)}@media screen and (min-width: 992px){.nav{grid-template-columns:10rem 1fr}}.nav_brand{position:relative}.nav_brand picture,.nav_brand img{max-width:10rem}.nav_header{position:absolute;top:0;left:0;width:100%;background-color:var(--bg);z-index:999999}.nav_toggle{position:absolute;top:0;bottom:0;width:3rem;display:flex;align-items:center;justify-content:flex-end;text-align:center;right:0;color:var(--text)}@media screen and (min-width: 992px){.nav_toggle{display:none}}.nav_body{display:flex;flex-direction:column;background:var(--accent);position:fixed;left:0;top:0;bottom:0;height:100vh;transition:transform 0.25s var(--ease);transform:translateX(-101vw)}@media screen and (min-width: 992px){.nav_body{transform:translateX(0);position:relative;height:initial;justify-content:flex-end;background:transparent;flex-direction:row}}.nav.show .nav_body{transform:translateX(0);box-shadow:0 1rem 4rem rgba(0,0,0,0.1);background:var(--bg)}.nav.show .nav_body li:first-child{margin:1.5rem 1rem 0.5rem 1rem}.nav-link{display:inline-flex;padding:0.5rem 1rem}.nav-item{display:grid;align-items:center}@media screen and (min-width: 992px){.nav-item .search{margin-right:1.5rem}}.nav_repo picture,.nav_repo img{max-width:1.25rem}.section_title{font-size:1.25rem}.section_link{font-size:1rem;font-weight:400}.sidebar-link{display:grid;padding:0.2rem 0}.toc{border-left:2px solid var(--theme);padding:0 1rem;height:0;overflow:hidden;filter:opacity(0.87)}.toc_item{font-size:0.9rem}.toc_active{height:initial}.search{flex:1;display:flex;justify-content:flex-end;position:relative}.search_field{padding:0.5rem 1.5rem 0.5rem 2.5rem;border-radius:1.5rem;width:13.5rem;outline:none;border:1px solid var(--search-border-color);background:transparent;color:var(--text);box-shadow:0 1rem 4rem rgba(0,0,0,0.17);font-size:1rem}.search_field:hover,.search_field:focus{background:var(--search-bg)}.search_label{width:1rem;height:1rem;position:absolute;left:0.33rem;top:0.25rem;opacity:0.33}.search_label svg{width:100%;height:100%;fill:var(--text)}.search_result{padding:0.5rem 1rem}.search_result:not(.passive):hover{background-color:var(--theme);color:var(--light)}.search_result.passive{display:grid}.search_results{width:13.5rem;background-color:var(--overlay);border-radius:0 0 0.25rem 0.25rem;box-shadow:0 1rem 4rem rgba(0,0,0,0.17);position:absolute;top:125%;display:grid;overflow:hidden;z-index:5}.search_results:empty{display:none}.search_title{padding:0.5rem 1rem 0.5rem 1rem;background:var(--theme);color:var(--light);font-size:0.9rem;opacity:0.87;text-transform:uppercase}.button{background-color:var(--theme);color:var(--light);border-radius:0.25rem;display:inline-block;padding:0.75rem 1.25rem;text-align:center}.button:hover{opacity:0.84}.button+.button{background-color:var(--haze);color:var(--dark)}.button_grid{display:grid;max-width:15rem;grid-gap:1rem;grid-template-columns:repeat(auto-fit, minmax(12rem, 1fr))}@media screen and (min-width: 557px){.button_grid{max-width:25rem}}.video{overflow:hidden;padding-bottom:56.25%;position:relative;height:0;margin:1.5rem 0;border-radius:0.6rem;background-color:var(--bg);box-shadow:0 1rem 2rem rgba(0,0,0,0.17)}.video iframe{left:0;top:0;height:100%;width:100%;border:none;position:absolute;transform:scale(1.02)}.icon{width:1.1rem;height:1.1rem;display:inline-flex;justify-content:center;align-items:center;margin:0 0.5rem}.link{opacity:0;position:relative}.link_owner:hover .link{opacity:1}.link_yank{opacity:1}.link_yanked{position:absolute;right:-2.2rem;top:-2rem;background-color:var(--theme);color:var(--light);width:7rem;padding:0.25rem 0.5rem;font-size:0.9rem;border-radius:1rem;text-align:center}.link_yanked::after{position:absolute;top:1rem;content:"";border-color:var(--theme) transparent;border-style:solid;border-width:1rem 1rem 0 1rem;height:0;width:0;transform-origin:50% 50%;transform:rotate(145deg);right:0.45rem}.gallery{width:100%;column-count:3;column-gap:1rem}@media screen and (max-width: 667px){.gallery{column-count:2}}.gallery_item{background-color:transparent;margin:0 0 1rem}.gallery_image{margin:0 auto}.pager{display:flex;justify-content:space-between;align-items:center;padding-top:2rem;margin:2rem 0;max-width:100vw;overflow:hidden}.pager svg{filter:opacity(0.75);width:1.25rem;height:1rem;transform-origin:50% 50%}.pager_lean{justify-content:flex-end}.pager_label{max-width:100%;overflow:hidden;white-space:nowrap;text-overflow:ellipsis}.pager_link{padding:0.5rem 1rem;border-radius:0.25rem;width:12.5rem;max-width:40vw;position:relative;display:flex;align-items:center;text-align:center;justify-content:center}.pager_link::before,.pager_link::after{background-image:var(--next-icon);height:0.8rem;width:0.8rem;background-size:100%;background-repeat:no-repeat;transform-origin:50% 50%}.pager_item{display:flex;flex-direction:column;flex:1;max-width:48%}.pager_item.prev{align-items:flex-start}.pager_item.next{align-items:flex-end}.pager_item.next::after{content:""}.pager_item.prev .pager_link::before{content:"";transform:rotate(180deg);margin-right:0.67rem}.pager_item.next .pager_link::after{content:"";margin-left:0.67rem}.pager_item.next .pager_link{grid-template-columns:1fr 1.5rem}.pager_meta{margin:0.5rem 0}.color_mode{height:1rem;margin-left:1.5rem}.color_choice{outline:none;border:none;-webkit-appearance:none;height:1rem;position:relative;width:1rem;border-radius:1rem;cursor:pointer;z-index:2;right:0;filter:contrast(0.8)}.color_choice::after{content:"";top:0.1rem;bottom:0;left:0;position:absolute;height:0.8rem;background:var(--accent);width:0.8rem;border-radius:0.25rem;z-index:3;transform:scale(1.67);transform-origin:50% 50%;transition:transform 0.5s cubic-bezier(0.19, 1, 0.22, 1);will-change:transform;background-image:var(--sun-icon);background-size:60%;background-repeat:no-repeat;background-position:center}.color_icon{height:1rem;width:1rem;margin:0;z-index:4;position:absolute;transform:translateY(-50%);transition:transform 0.5s cubic-bezier(0.19, 1, 0.22, 1);right:3.5rem}.tip{padding:1.5rem 1rem 1.5rem 1.5rem;margin:1.5rem 0;border-left:0.2rem solid var(--theme);position:relative;background:var(--accent)}.tip blockquote{padding:0;margin:0;border:none}.tip blockquote::before{display:none}.tip p:first-child,.tip p~p{padding-top:0}.tip p:last-child{padding-bottom:0}.tip_warning{--theme: var(--inline-color)}.tip_warning::before{transform:rotate(180deg)}.tip::before{content:"";position:absolute;left:-0.85rem;top:1.5rem;z-index:3;padding:0.75rem;transform-origin:50% 50%;border-radius:50%;background-color:var(--theme);background-image:var(--info-icon);background-size:12%;background-position:50% 50%;background-repeat:no-repeat}.mermaid{--theme: darkgoldenrod;background-color:transparent !important;margin-bottom:2.5rem}.mermaid svg{margin:0 auto;display:block}.mermaid .actor,.mermaid .labelBox,.mermaid .classGroup rect{fill:var(--theme) !important;stroke:var(--theme) !important}.mermaid .messageText,.mermaid tspan,.mermaid text{fill:var(--text) !important;stroke:var(--text) !important}.mermaid .messageLine0,.mermaid .loopLine{stroke:var(--theme) !important;fill:var(--theme) !important}.post{margin:0 auto;width:100%}.post p,.post h1,.post h2,.post h3,.post h4,.post h5,.post h6,.post blockquote,.post ol,.post ul,.post .highlight_wrap,.post hr{max-width:840px !important;margin-left:auto;margin-right:auto}@media screen and (min-width: 1025px){.post img:not(.icon){display:block;width:100vw;max-width:1024px;margin-left:auto;margin-right:auto}}.post h2,.post h3,.post h4{margin:0.5rem auto;text-align:left;padding:5px 0 0 0}.post p{padding-bottom:0.5rem;padding-top:0.5rem;font-size:1.05rem}.posts{display:flex;justify-content:space-between;flex-flow:row wrap;width:100%;align-items:stretch}.posts:not(.aside){padding:0 30px}.post ol{padding:1rem 1.25rem}.post_body img{width:100%;max-width:100%}.post_inner a{color:var(--theme);transition:all 0.3s}.post_inner a:hover{opacity:0.8;text-decoration:underline}.post_inner img:not(.icon){margin-bottom:2rem;box-shadow:0 1.5rem 1rem -1rem rgba(0,0,0,0.25)}.post_inner img:not(.icon)~h1,.post_inner img:not(.icon)~h2,.post_inner img:not(.icon)~h3,.post_inner img:not(.icon)~h4{margin-top:0;padding-top:0}.post .icon{margin-top:0;margin-bottom:0}.post_date{color:var(--theme)}.post_copy{opacity:0;transition:opacity 0.3s ease-out}.post_item{box-shadow:0 0 3rem rgba(0,0,0,0.17);margin:1.25rem 0;border-radius:10px;overflow:hidden;width:100%}.post_item:hover{box-shadow:0 0 5rem rgba(0,0,0,0.255)}@media screen and (min-width: 667px){.post_item{width:47%}}.post_item:hover .post_copy{opacity:1}.post_link{padding:2.5px 0;font-size:1.25em;margin:2.5px 0;text-align:left}.post_meta{overflow:hidden;opacity:0.8;font-size:0.84rem;font-weight:500;display:inline-grid;grid-template-columns:auto 1fr;background-color:var(--light);padding:0;align-items:center;border-radius:0.3rem;color:var(--dark);text-transform:capitalize}.post_meta a:hover{color:var(--theme);text-decoration:underline;opacity:0.9}.post_extra{display:flex;justify-content:flex-end}.post_tag{font-size:0.75rem !important;font-weight:500;background:var(--theme);color:var(--light);padding:0.25rem 0.67rem !important;text-transform:uppercase;display:inline-flex;border-radius:5px}.post_title{margin:1.75rem 0 1rem}.post_time{background:var(--theme);display:inline-grid;padding:0.2rem 0.75rem;color:var(--light)}.post_thumbnail{width:100%;margin:0}.post_nav{padding:3rem 1.5rem;display:grid;margin:2.25rem auto 1rem;text-align:center;color:var(--theme);text-transform:uppercase}.post_nav,.post_nav span{position:relative;z-index:3}.post_nav::before{content:"";position:absolute;background:var(--accent);top:0;left:0;bottom:0;right:0;z-index:1;border-radius:1rem}.post_next{display:inline-grid;margin:0 auto;width:10rem;grid-template-columns:1fr 1.33rem}.post_next::after{content:"";background-image:var(--next-icon-path);background-repeat:repeat no-repeat;background-size:0.8rem;background-position:center right}.excerpt{padding:0 10px 1.5rem 10px;position:relative;z-index:1}.excerpt_meta{display:flex;justify-content:space-between;align-items:center;transform:translateY(-2.5rem);position:relative;z-index:5}.archive_item{display:grid;padding:1.5rem 0}.archive_title{margin:0}.article{box-shadow:0 0.5rem 2rem rgba(0,0,0,0.12);overflow:hidden;border-radius:0.5rem}.article_title{margin:0}.article_excerpt{transition:height 0.5s, opacity 0.5s}.article_excerpt:not(.visible){height:0;opacity:0}.article_excerpt,.article_meta{transform-origin:bottom}.article_meta{padding:10px 1.25rem 1.25rem;color:var(--text);position:relative;z-index:2;transition:margin-top 0.5s;background:var(--bg)}.article_meta.center_y{transform-origin:center;transition:transform 0.5s;display:flex;flex-direction:column;justify-content:center}@media screen and (min-width: 42rem){.article_meta.center_y{left:-2rem}}.article_thumb{display:grid;position:relative;z-index:0;overflow:hidden;height:15rem;background-size:cover;background-position:50% 50%}@media screen and (min-width: 35rem){.article_thumb{height:22.5rem}}.article_thumb img{transition:transform 0.5s, opacity 0.5s}.article_thumb::after{content:'';position:absolute;top:0;left:0;width:100%;bottom:0;z-index:1;background:var(--bg);opacity:0;transition:opacity 0.1s ease-out}.article_showcase .article_thumb{height:15rem}.article_showcase .article_meta{padding-top:1.5rem}.article:hover .article_thumb img{transform:scale(1.1)}.article:hover .article_thumb::after{transition:opacity 0.1s ease-out;opacity:0.5}.article:hover .article_excerpt:not(.visible){height:75px;opacity:1}.article:hover .article_meta:not(.center_y){margin-top:-75px}@media screen and (min-width: 769px){.article:hover .article_meta.center_y{transform:translateX(-3rem)}}.article:hover{box-shadow:0 1.5rem 6rem rgba(0,0,0,0.17)}.article:hover a{color:initial !important}.article_hidden{display:none}.wrap{max-width:1240px}@media screen and (min-width: 1640px){.wrap{max-width:1600px}}.wrap,.wrap{width:100%;padding:0 25px;margin:0 auto}.pt-1{padding-top:1.5rem}.pb-1{padding-bottom:1.5rem}.mt-1{margin-top:1.5rem}.mb-1{margin-bottom:1.5rem}.pt-2{padding-top:3rem}.pb-2{padding-bottom:3rem}.mt-2{margin-top:3rem}.mb-2{margin-bottom:3rem}.pt-3{padding-top:4.5rem}.pb-3{padding-bottom:4.5rem}.mt-3{margin-top:4.5rem}.mb-3{margin-bottom:4.5rem}.pt-4{padding-top:6rem}.pb-4{padding-bottom:6rem}.mt-4{margin-top:6rem}.mb-4{margin-bottom:6rem}.grid-2,.grid-3,.grid-4,.grid-auto,.grid-reverse{display:grid;grid-template-columns:1fr}[class*='grid-']{grid-gap:2rem}@media screen and (min-width: 42rem){.grid-auto{grid-template-columns:2fr 5fr}.grid-reverse{grid-template-columns:3fr 1fr}.grid-2{grid-template-columns:repeat(2, 1fr)}.grid-3{grid-template-columns:repeat(auto-fit, minmax(15rem, 1fr))}.grid-4{grid-template-columns:repeat(auto-fit, minmax(12rem, 1fr))}}.active{color:var(--theme)}.is{background:var(--theme);color:var(--light)}.toggle svg{fill:var(--text);display:inline-block;transform-origin:50% 50%;transform:scale(1.2);cursor:pointer;margin:0}.scrollable{width:100%;overflow-x:hidden;max-width:calc(100vw - 48px)}@media screen and (min-width: 768px){.scrollable{max-width:100%}}.scrollable:hover{overflow-x:auto}.chart{display:grid;grid-gap:1.5rem;max-width:98vw !important;max-height:98vw !important}.link{display:inline-flex;align-items:center;width:2.5rem;margin:0 0.25rem;padding:0 0.25rem;opacity:0;transition:opacity 0.3s cubic-bezier(0.39, 0.575, 0.565, 1)}.link svg,.link img{width:1.5rem;height:1.5rem;fill:var(--theme)}.link_owner:hover .link{opacity:0.9}.copy{cursor:pointer}@keyframes pulse{0%{opacity:1}75%{opacity:0.1}100%{opacity:1}}code{font-size:15px;font-weight:400;overflow-y:hidden;display:block;font-family:'Monaco', monospace;word-break:break-all}code.noClass{color:var(--inline-color);display:inline;line-break:anywhere}.windows .highlight{overflow-x:hidden}.windows .highlight:hover{overflow-x:auto}.highlight{display:grid;width:100%;border-radius:0 0.2rem 0.2rem 0;overflow-x:auto;position:relative}.highlight_wrap{display:grid;background:var(--code-bg) !important;border-radius:0.5rem;position:relative;padding:0 1rem;margin:1.5rem auto 1rem auto}.highlight_wrap .highlight_wrap{margin:0;padding:0}.highlight_wrap+.highlight_wrap{margin-top:2.25rem}.highlight_wrap:hover>div{opacity:1}.highlight_wrap .lang{position:absolute;top:0;right:0;text-align:right;width:7.5rem;padding:0.5rem 1rem;font-style:italic;text-transform:uppercase;font-size:67%;opacity:0.5;color:var(--text)}.highlight_wrap:hover .lang{opacity:0.1}.highlight .highlight{margin:0}.highlight pre{color:var(--text) !important;border-radius:4px;font-family:'Monaco', monospace;padding-top:1.5rem;padding-bottom:2rem}.highlight table{display:grid;max-width:100%;margin-bottom:0;background:transparent}.highlight td,.highlight th{padding:0}.highlight .lntd{width:100%;border:none}.highlight .lntd:first-child,.highlight .lntd:first-child pre{width:2.5rem !important;padding-left:0;padding-right:0;color:rgba(255,255,255,0.5);user-select:none}.highlight .lntd:first-child pre{width:100%;display:flex;align-items:center;flex-direction:column}.err{color:#a61717}.hl{width:100%;background:var(--inline-color)}.ln,.lnt{margin-right:0.75rem;padding:0;transition:opacity 0.3s var(--ease)}.ln,.ln span,.lnt,.lnt span{color:var(--text);opacity:0.5;user-select:none}.k,.kc,.kd,.kn,.kp,.kr,.kt,.nt{color:#6ab825;font-weight:500}.kn,.kp{font-weight:400}.nb,.no,.nv{color:#24909d}.nc,.nf,.nn{color:#447fcf}.s,.sa,.sb,.sc,.dl,.sd,.s2,.se,.sh,.si,.sx,.sr,.s1,.ss{color:#ed9d13}.m,.mb,.mf,.mh,.mi,.il,.mo{color:#3677a9}.ow{color:#6ab825;font-weight:500}.c,.ch,.cm,.c1{color:#999;font-style:italic}.cs{color:#e50808;background-color:#520000;font-weight:500}.cp,.cpf{color:#cd2828;font-weight:500}.gd,.gr{color:#d22323}.ge{font-style:italic}.gh,.gu,.nd,.na,.ne{color:#ffa500;font-weight:500}.gi{color:#589819}.go{color:#ccc}.gp{color:#aaa}.gs{font-weight:500}.gt{color:#d22323}.w{color:#666}.hljs-string{color:#6ab825}.hljs-attr{color:#ed9d13}.p .hljs-attr{color:var(--light)}.pre_wrap{white-space:pre-wrap;white-space:-moz-pre-wrap;white-space:-pre-wrap;white-space:-o-pre-wrap;word-wrap:break-word}.pre_nolines.ln{display:none}.panel_box{display:inline-flex;perspective:300px;grid-gap:1rem;transition:opacity 0.3s var(--easing);background:var(--code-bg);padding:0.5rem 1.5rem;border-radius:2rem;align-items:center;position:absolute;right:0rem;top:-2.1rem;opacity:0}.panel_icon{display:inline-flex;align-items:center;justify-content:center;cursor:pointer;padding:0.1rem;transform-origin:50% 50%;margin:0}.panel_icon.active{animation:pulse 0.1s linear}.panel_icon svg{fill:var(--text);width:1.5rem;height:1.5rem}.panel_hide{display:none}.panel_from{position:absolute;color:var(--theme);bottom:0;font-size:1.5rem;font-weight:500;padding:0.5rem 0;cursor:pointer;letter-spacing:0.1px;z-index:19}.panel_expanded .panel_from{display:none}.shell{position:relative}.shell::before{content:"$";position:relative;margin-right:0.36rem}.line-flex{display:flex}@font-face{font-family:'Metropolis';font-style:normal;font-weight:400;src:local("Metropolis Regular"),local("Metropolis-Regular"),url("../fonts/Metropolis-Regular.woff2") format("woff2"),url("../fonts/Metropolis-Regular.woff") format("woff");font-display:swap}@font-face{font-family:'Metropolis';font-style:normal;font-weight:300;src:local("Metropolis Light"),local("Metropolis-Light"),url("../fonts/Metropolis-Light.woff2") format("woff2"),url("../fonts/Metropolis-Light.woff") format("woff");font-display:swap}@font-face{font-family:'Metropolis';font-style:italic;font-weight:300;src:local("Metropolis Light Italic"),local("Metropolis-LightItalic"),url("../fonts/Metropolis-LightItalic.woff2") format("woff2"),url("../fonts/Metropolis-LightItalic.woff") format("woff");font-display:swap}@font-face{font-family:'Metropolis';font-style:normal;font-weight:500;src:local("Metropolis Medium"),local("Metropolis-Medium"),url("../fonts/Metropolis-Medium.woff2") format("woff2"),url("../fonts/Metropolis-Medium.woff") format("woff");font-display:swap}@font-face{font-family:'Metropolis';font-style:italic;font-weight:500;src:local("Metropolis Medium Italic"),local("Metropolis-MediumItalic"),url("../fonts/Metropolis-MediumItalic.woff2") format("woff2"),url("../fonts/Metropolis-MediumItalic.woff") format("woff");font-display:swap}@font-face{font-family:'Cookie';font-style:normal;font-weight:400;src:local("Cookie-Regular"),url("../fonts/cookie-v10-latin-regular.woff2") format("woff2"),url("../fonts/cookie-v10-latin-regular.woff") format("woff");font-display:swap}@keyframes chartjs-render-animation{0%{opacity:.99}100%{opacity:1}}.chartjs-render-monitor{animation:chartjs-render-animation 1ms}.chartjs-size-monitor,.chartjs-size-monitor-expand,.chartjs-size-monitor-shrink{position:absolute;direction:ltr;left:0;top:0;right:0;bottom:0;overflow:hidden;pointer-events:none;visibility:hidden;z-index:-1}.chartjs-size-monitor-expand>div{position:absolute;width:1000000px;height:1000000px;left:0;top:0}.chartjs-size-monitor-shrink>div{position:absolute;width:200%;height:200%;left:0;top:0}
+
+/*# sourceMappingURL=styles.css.map */
\ No newline at end of file
diff --git a/lolrmm.com/resources/_gen/assets/sass/sass/main.sass_ae9eb86df8175869edaecf50caadd93b.json b/lolrmm.com/resources/_gen/assets/sass/sass/main.sass_ae9eb86df8175869edaecf50caadd93b.json
new file mode 100644
index 00000000..b4a77437
--- /dev/null
+++ b/lolrmm.com/resources/_gen/assets/sass/sass/main.sass_ae9eb86df8175869edaecf50caadd93b.json
@@ -0,0 +1 @@
+{"Target":"css/styles.5e28a48c17aeefa16ec0f8a3990638bcf0812cd157872aaa28e5c9ef0d67265f69fd0161a3224e71f035fac9965497f0077eab5fb09ac3601315b16eb6505c0b.css","MediaType":"text/css","Data":{"Integrity":"sha512-XiikjBeu76FuwPijmQY4vPCBLNFXhyqqKOXJ7w1nJl9p/QFhoyJOcfA1+smWVJfwB36rX7Caw2ATFbFutlBcCw=="}}
\ No newline at end of file
diff --git a/lolrmm.com/resources/_gen/assets/sass/sass/main.sass_ca26857cefa9076967ab300682271513.content b/lolrmm.com/resources/_gen/assets/sass/sass/main.sass_ca26857cefa9076967ab300682271513.content
new file mode 100644
index 00000000..a7944d49
--- /dev/null
+++ b/lolrmm.com/resources/_gen/assets/sass/sass/main.sass_ca26857cefa9076967ab300682271513.content
@@ -0,0 +1,3 @@
+html{--infoIcon: url('http://localhost:1313/icons/info.svg');--sunIcon: url('http://localhost:1313/icons/sun.svg');--moonIcon: url('http://localhost:1313/icons/moon.svg');--nextIcon: url('http://localhost:1313/icons/next.svg')}html{--color-mode: "light";--light: #fff;--dark:  rgb(28,28,30);--haze: #f2f5f7;--bubble: rgb(36,36,38);--accent: var(--haze);--bg: var(--light);--code-bg: var(--accent);--overlay: var(--light);--text: #111;--font: 'Metropolis', sans-serif;--border-color: #eee;--inline-color: darkgoldenrod;--theme: rgb(52,199,89);--ease: ease;--search-border-color: transparent}html[data-mode="dark"]{--color-mode: "dark";--theme: rgb(48,209,88);--bg: var(--dark);--text: #eee;--accent: var(--bubble);--overlay: var(--bubble);--border-color: transparent;--search-bg: var(--accent);--search-border-color: var(--accent)}html[data-mode="dark"] *{box-shadow:none !important}html[data-mode="dark"] .color_choice::after{background-image:var(--moonIcon)}@media (prefers-color-scheme: dark){html.dark:not([data-mode="light"]){--color-mode: "dark";--theme: rgb(48,209,88);--bg: var(--dark);--text: #eee;--accent: var(--bubble);--overlay: var(--bubble);--border-color: transparent;--search-bg: var(--accent);--search-border-color: var(--accent)}html.dark:not([data-mode="light"]) *{box-shadow:none !important}}blockquote+.highlight_wrap{margin-top:2.25rem}*{box-sizing:border-box;-webkit-appearance:none;margin:0;padding:0}body,html{scroll-behavior:smooth;scroll-padding-top:1rem;font-kerning:normal;-webkit-text-size-adjust:100%;font-size:18px}body{font-family:var(--font);background-color:var(--bg);color:var(--text);line-height:1.5;margin:0 auto;position:relative;font-kerning:normal;display:flex;flex-direction:column;justify-content:space-between;min-height:100vh;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale;-webkit-overflow-scrolling:touch;max-width:1440px}@media screen and (min-width: 1640px){body{max-width:1600px}}a{text-decoration:none;color:inherit}p{padding:0.75rem 0}p:empty{display:none}li,li p{padding:0.25rem 0}blockquote{opacity:0.8;padding:1rem;position:relative;quotes:"“" "”" "‘" "’";margin:0.75rem 0;display:flex;flex-flow:row wrap;background-repeat:no-repeat;background-size:5rem;background-position:50% 50%;position:relative;background-color:var(--accent);border-radius:0.25rem;overflow:hidden}blockquote::before{content:"";padding:2px;position:absolute;top:0;bottom:0;left:0;background:var(--theme)}blockquote p{padding-left:0.5rem !important;font-size:1.1rem !important;width:100%;font-style:italic}h1,h2,h3,h4,h5{font-family:inherit;font-weight:500;padding:0.33rem 0;color:inherit;line-height:1.35}h1{font-size:200%}h2{font-size:175%}h3{font-size:150%}h4{font-size:125%}h5{font-size:120%}h6{font-size:100%}img,svg,figure{max-width:100%;vertical-align:middle}img{height:auto;margin:1rem auto;padding:0}main{flex:1}@media screen and (min-width: 42rem){main{padding-bottom:45px}}ol,ul{list-style:none}b,strong{font-weight:500}hr{border:none;padding:1px;background:var(--border-color);margin:1rem 0}.aside{overflow-y:auto;background:var(--bg);border-radius:0.25rem;align-self:start;max-height:80vh;position:sticky;z-index:9999;top:0;padding:1rem 0}@media screen and (min-width: 42rem){.aside{padding:1rem 1.5rem;top:2.5rem;margin-top:1rem;padding-top:0}}.aside_inner{height:0;overflow:hidden}@media screen and (min-width: 42rem){.aside_inner{height:initial}}.aside.show .aside_inner{height:initial;overflow:visible}.aside_toggle{padding:1.5rem 0;margin:-1.5rem 0;display:flex;justify-content:space-between}@media screen and (min-width: 42rem){.aside_toggle{display:none}}.aside h3{position:relative}.aside ul{padding:0;list-style:none}th,td{padding:0.5rem;font-weight:400 !important}th:not(:first-child),td:not(:first-child){padding-left:1.5rem}thead{background:var(--theme);color:var(--light);font-weight:400;text-align:left}tbody tr:nth-child(even){background-color:var(--accent) !important;box-shadow:0 1rem 0.75rem -0.75rem rgba(0,0,0,0.07)}table{margin:1.5rem 0;width:100%}.main{flex:1}.page-home h1{font-weight:300}.content ul,.content ol{padding-left:1.1rem}.content ul{list-style:initial}.content ol{list-style:decimal}.content a:not(.button){color:var(--theme)}::placeholder{font-size:1rem}svg.icon_sort{fill:var(--light);height:0.7rem;width:0.7rem;display:inline-block;margin-left:auto;vertical-align:middle}canvas{margin:2.5rem auto 0 auto;max-width:450px !important;max-height:450px !important}footer{min-height:150px}del{opacity:0.5}#toTop{background:transparent;outline:0.5rem solid transparent;height:2rem;width:2rem;cursor:pointer;padding:0.5rem;display:flex;align-items:center;justify-content:center;position:fixed;right:0;bottom:2.25rem;transform:rotate(45deg) translate(5rem);opacity:0;transition:opacity 0.5s var(--ease),transform 0.25s var(--ease);z-index:5}#toTop.active{right:1.5rem;opacity:1;transform:rotate(45deg) translate(0)}#toTop::after,#toTop::before{position:absolute;display:block;width:1rem;height:1rem;content:"";border-left:1px solid var(--text);border-top:1px solid var(--text)}#toTop::after{width:0.67rem;height:0.67rem;transform:translate(0.1rem, 0.1rem)}.nav{display:grid;grid-gap:1rem;padding:0 1.5rem !important;align-items:center;background-color:var(--bg)}@media screen and (min-width: 992px){.nav{grid-template-columns:10rem 1fr}}.nav_brand{position:relative}.nav_brand picture,.nav_brand img{max-width:10rem}.nav_header{position:absolute;top:0;left:0;width:100%;background-color:var(--bg);z-index:999999}.nav_toggle{position:absolute;top:0;bottom:0;width:3rem;display:flex;align-items:center;justify-content:flex-end;text-align:center;right:0;color:var(--text)}@media screen and (min-width: 992px){.nav_toggle{display:none}}.nav_body{display:flex;flex-direction:column;background:var(--accent);position:fixed;left:0;top:0;bottom:0;height:100vh;transition:transform 0.25s var(--ease);transform:translateX(-101vw)}@media screen and (min-width: 992px){.nav_body{transform:translateX(0);position:relative;height:initial;justify-content:flex-end;background:transparent;flex-direction:row}}.nav.show .nav_body{transform:translateX(0);box-shadow:0 1rem 4rem rgba(0,0,0,0.1);background:var(--bg)}.nav.show .nav_body li:first-child{margin:1.5rem 1rem 0.5rem 1rem}.nav-link{display:inline-flex;padding:0.5rem 1rem}.nav-item{display:grid;align-items:center}@media screen and (min-width: 992px){.nav-item .search{margin-right:1.5rem}}.nav_repo picture,.nav_repo img{max-width:1.25rem}.section_title{font-size:1.25rem}.section_link{font-size:1rem;font-weight:400}.sidebar-link{display:grid;padding:0.2rem 0}.toc{border-left:2px solid var(--theme);padding:0 1rem;height:0;overflow:hidden;filter:opacity(0.87)}.toc_item{font-size:0.9rem}.toc_active{height:initial}.search{flex:1;display:flex;justify-content:flex-end;position:relative}.search_field{padding:0.5rem 1.5rem 0.5rem 2.5rem;border-radius:1.5rem;width:13.5rem;outline:none;border:1px solid var(--search-border-color);background:transparent;color:var(--text);box-shadow:0 1rem 4rem rgba(0,0,0,0.17);font-size:1rem}.search_field:hover,.search_field:focus{background:var(--search-bg)}.search_label{width:1rem;height:1rem;position:absolute;left:0.33rem;top:0.25rem;opacity:0.33}.search_label svg{width:100%;height:100%;fill:var(--text)}.search_result{padding:0.5rem 1rem}.search_result:not(.passive):hover{background-color:var(--theme);color:var(--light)}.search_result.passive{display:grid}.search_results{width:13.5rem;background-color:var(--overlay);border-radius:0 0 0.25rem 0.25rem;box-shadow:0 1rem 4rem rgba(0,0,0,0.17);position:absolute;top:125%;display:grid;overflow:hidden;z-index:5}.search_results:empty{display:none}.search_title{padding:0.5rem 1rem 0.5rem 1rem;background:var(--theme);color:var(--light);font-size:0.9rem;opacity:0.87;text-transform:uppercase}.button{background-color:var(--theme);color:var(--light);border-radius:0.25rem;display:inline-block;padding:0.75rem 1.25rem;text-align:center}.button:hover{opacity:0.84}.button+.button{background-color:var(--haze);color:var(--dark)}.button_grid{display:grid;max-width:15rem;grid-gap:1rem;grid-template-columns:repeat(auto-fit, minmax(12rem, 1fr))}@media screen and (min-width: 557px){.button_grid{max-width:25rem}}.video{overflow:hidden;padding-bottom:56.25%;position:relative;height:0;margin:1.5rem 0;border-radius:0.6rem;background-color:var(--bg);box-shadow:0 1rem 2rem rgba(0,0,0,0.17)}.video iframe{left:0;top:0;height:100%;width:100%;border:none;position:absolute;transform:scale(1.02)}.icon{width:1.1rem;height:1.1rem;display:inline-flex;justify-content:center;align-items:center;margin:0 0.5rem}.link{opacity:0;position:relative}.link_owner:hover .link{opacity:1}.link_yank{opacity:1}.link_yanked{position:absolute;right:-2.2rem;top:-2rem;background-color:var(--theme);color:var(--light);width:7rem;padding:0.25rem 0.5rem;font-size:0.9rem;border-radius:1rem;text-align:center}.link_yanked::after{position:absolute;top:1rem;content:"";border-color:var(--theme) transparent;border-style:solid;border-width:1rem 1rem 0 1rem;height:0;width:0;transform-origin:50% 50%;transform:rotate(145deg);right:0.45rem}.gallery{width:100%;column-count:3;column-gap:1rem}@media screen and (max-width: 667px){.gallery{column-count:2}}.gallery_item{background-color:transparent;margin:0 0 1rem}.gallery_image{margin:0 auto}.pager{display:flex;justify-content:space-between;align-items:center;padding-top:2rem;margin:2rem 0;max-width:100vw;overflow:hidden}.pager svg{filter:opacity(0.75);width:1.25rem;height:1rem;transform-origin:50% 50%}.pager_lean{justify-content:flex-end}.pager_label{max-width:100%;overflow:hidden;white-space:nowrap;text-overflow:ellipsis}.pager_link{padding:0.5rem 1rem;border-radius:0.25rem;width:12.5rem;max-width:40vw;position:relative;display:flex;align-items:center;text-align:center;justify-content:center}.pager_link::before,.pager_link::after{background-image:var(--nextIcon);height:0.8rem;width:0.8rem;background-size:100%;background-repeat:no-repeat;transform-origin:50% 50%}.pager_item{display:flex;flex-direction:column;flex:1;max-width:48%}.pager_item.prev{align-items:flex-start}.pager_item.next{align-items:flex-end}.pager_item.next::after{content:""}.pager_item.prev .pager_link::before{content:"";transform:rotate(180deg);margin-right:0.67rem}.pager_item.next .pager_link::after{content:"";margin-left:0.67rem}.pager_item.next .pager_link{grid-template-columns:1fr 1.5rem}.pager_meta{margin:0.5rem 0}.color_mode{height:1rem;margin-left:1.5rem}.color_choice{outline:none;border:none;-webkit-appearance:none;height:1rem;position:relative;width:1rem;border-radius:1rem;cursor:pointer;z-index:2;right:0;filter:contrast(0.8)}.color_choice::after{content:"";top:0.1rem;bottom:0;left:0;position:absolute;height:0.8rem;background:var(--accent);width:0.8rem;border-radius:0.25rem;z-index:3;transform:scale(1.67);transform-origin:50% 50%;transition:transform 0.5s cubic-bezier(0.19, 1, 0.22, 1);will-change:transform;background-image:var(--sunIcon);background-size:60%;background-repeat:no-repeat;background-position:center}.color_icon{height:1rem;width:1rem;margin:0;z-index:4;position:absolute;transform:translateY(-50%);transition:transform 0.5s cubic-bezier(0.19, 1, 0.22, 1);right:3.5rem}.tip{padding:1.5rem 1rem 1.5rem 1.5rem;margin:1.5rem 0;border-left:0.2rem solid var(--theme);position:relative;background:var(--accent)}.tip blockquote{padding:0;margin:0;border:none}.tip blockquote::before{display:none}.tip p:first-child,.tip p~p{padding-top:0}.tip p:last-child{padding-bottom:0}.tip_warning{--theme: var(--inline-color)}.tip_warning::before{transform:rotate(180deg)}.tip::before{content:"";position:absolute;left:-0.85rem;top:1.5rem;z-index:3;padding:0.75rem;transform-origin:50% 50%;border-radius:50%;background-color:var(--theme);background-image:var(--infoIcon);background-size:12%;background-position:50% 50%;background-repeat:no-repeat}.mermaid{--theme: darkgoldenrod;background-color:transparent !important;margin-bottom:2.5rem}.mermaid svg{margin:0 auto;display:block}.mermaid .actor,.mermaid .labelBox,.mermaid .classGroup rect{fill:var(--theme) !important;stroke:var(--theme) !important}.mermaid .messageText,.mermaid tspan,.mermaid text{fill:var(--text) !important;stroke:var(--text) !important}.mermaid .messageLine0,.mermaid .loopLine{stroke:var(--theme) !important;fill:var(--theme) !important}.post{margin:0 auto;width:100%}.post p,.post h1,.post h2,.post h3,.post h4,.post h5,.post h6,.post blockquote,.post ol,.post ul,.post .highlight_wrap,.post hr{max-width:840px !important;margin-left:auto;margin-right:auto}@media screen and (min-width: 1025px){.post img:not(.icon){display:block;width:100vw;max-width:1024px;margin-left:auto;margin-right:auto}}.post h2,.post h3,.post h4{margin:0.5rem auto;text-align:left;padding:5px 0 0 0}.post p{padding-bottom:0.5rem;padding-top:0.5rem;font-size:1.05rem}.posts{display:flex;justify-content:space-between;flex-flow:row wrap;width:100%;align-items:stretch}.posts:not(.aside){padding:0 30px}.post ol{padding:1rem 1.25rem}.post_body img{width:100%;max-width:100%}.post_inner a{color:var(--theme);transition:all 0.3s}.post_inner a:hover{opacity:0.8;text-decoration:underline}.post_inner img:not(.icon){margin-bottom:2rem;box-shadow:0 1.5rem 1rem -1rem rgba(0,0,0,0.25)}.post_inner img:not(.icon)~h1,.post_inner img:not(.icon)~h2,.post_inner img:not(.icon)~h3,.post_inner img:not(.icon)~h4{margin-top:0;padding-top:0}.post .icon{margin-top:0;margin-bottom:0}.post_date{color:var(--theme)}.post_copy{opacity:0;transition:opacity 0.3s ease-out}.post_item{box-shadow:0 0 3rem rgba(0,0,0,0.17);margin:1.25rem 0;border-radius:10px;overflow:hidden;width:100%}.post_item:hover{box-shadow:0 0 5rem rgba(0,0,0,0.255)}@media screen and (min-width: 667px){.post_item{width:47%}}.post_item:hover .post_copy{opacity:1}.post_link{padding:2.5px 0;font-size:1.25em;margin:2.5px 0;text-align:left}.post_meta{overflow:hidden;opacity:0.8;font-size:0.84rem;font-weight:500;display:inline-grid;grid-template-columns:auto 1fr;background-color:var(--light);padding:0;align-items:center;border-radius:0.3rem;color:var(--dark);text-transform:capitalize}.post_meta a:hover{color:var(--theme);text-decoration:underline;opacity:0.9}.post_extra{display:flex;justify-content:flex-end}.post_tag{font-size:0.75rem !important;font-weight:500;background:var(--theme);color:var(--light);padding:0.25rem 0.67rem !important;text-transform:uppercase;display:inline-flex;border-radius:5px}.post_title{margin:-1rem 0 1rem}.post_time{background:var(--theme);display:inline-grid;padding:0.2rem 0.75rem;color:var(--light)}.post_thumbnail{width:100%;margin:0}.post_nav{padding:3rem 1.5rem;display:grid;margin:2.25rem auto 1rem;text-align:center;color:var(--theme);text-transform:uppercase}.post_nav,.post_nav span{position:relative;z-index:3}.post_nav::before{content:"";position:absolute;background:var(--accent);top:0;left:0;bottom:0;right:0;z-index:1;border-radius:1rem}.post_next{display:inline-grid;margin:0 auto;width:10rem;grid-template-columns:1fr 1.33rem}.post_next::after{content:"";background-image:url("../images/icons/double-arrow.svg");background-repeat:repeat no-repeat;background-size:0.8rem;background-position:center right}.excerpt{padding:0 10px 1.5rem 10px;position:relative;z-index:1}.excerpt_meta{display:flex;justify-content:space-between;align-items:center;transform:translateY(-2.5rem);position:relative;z-index:5}.archive_item{display:grid;padding:1.5rem 0}.archive_title{margin:0}.article{box-shadow:0 0.5rem 2rem rgba(0,0,0,0.12);overflow:hidden;border-radius:0.5rem}.article_title{margin:0}.article_excerpt{transition:height 0.5s, opacity 0.5s}.article_excerpt:not(.visible){height:0;opacity:0}.article_excerpt,.article_meta{transform-origin:bottom}.article_meta{padding:10px 1.25rem 1.25rem;color:var(--text);position:relative;z-index:2;transition:margin-top 0.5s;background:var(--bg)}.article_meta.center_y{transform-origin:center;transition:transform 0.5s;display:flex;flex-direction:column;justify-content:center}@media screen and (min-width: 42rem){.article_meta.center_y{left:-2rem}}.article_thumb{display:grid;position:relative;z-index:0;overflow:hidden;height:15rem;background-size:cover;background-position:50% 50%}@media screen and (min-width: 35rem){.article_thumb{height:22.5rem}}.article_thumb img{transition:transform 0.5s, opacity 0.5s}.article_thumb::after{content:'';position:absolute;top:0;left:0;width:100%;bottom:0;z-index:1;background:var(--bg);opacity:0;transition:opacity 0.1s ease-out}.article_showcase .article_thumb{height:15rem}.article_showcase .article_meta{padding-top:1.5rem}.article:hover .article_thumb img{transform:scale(1.1)}.article:hover .article_thumb::after{transition:opacity 0.1s ease-out;opacity:0.5}.article:hover .article_excerpt:not(.visible){height:75px;opacity:1}.article:hover .article_meta:not(.center_y){margin-top:-75px}@media screen and (min-width: 769px){.article:hover .article_meta.center_y{transform:translateX(-3rem)}}.article:hover{box-shadow:0 1.5rem 6rem rgba(0,0,0,0.17)}.article:hover a{color:initial !important}.article_hidden{display:none}.wrap{max-width:1240px}@media screen and (min-width: 1640px){.wrap{max-width:1600px}}.wrap,.wrap{width:100%;padding:0 25px;margin:0 auto}.pt-1{padding-top:1.5rem}.pb-1{padding-bottom:1.5rem}.mt-1{margin-top:1.5rem}.mb-1{margin-bottom:1.5rem}.pt-2{padding-top:3rem}.pb-2{padding-bottom:3rem}.mt-2{margin-top:3rem}.mb-2{margin-bottom:3rem}.pt-3{padding-top:4.5rem}.pb-3{padding-bottom:4.5rem}.mt-3{margin-top:4.5rem}.mb-3{margin-bottom:4.5rem}.pt-4{padding-top:6rem}.pb-4{padding-bottom:6rem}.mt-4{margin-top:6rem}.mb-4{margin-bottom:6rem}.grid-2,.grid-3,.grid-4,.grid-auto,.grid-reverse{display:grid;grid-template-columns:1fr}[class*='grid-']{grid-gap:2rem}@media screen and (min-width: 42rem){.grid-auto{grid-template-columns:2fr 5fr}.grid-reverse{grid-template-columns:3fr 1fr}.grid-2{grid-template-columns:repeat(2, 1fr)}.grid-3{grid-template-columns:repeat(auto-fit, minmax(15rem, 1fr))}.grid-4{grid-template-columns:repeat(auto-fit, minmax(12rem, 1fr))}}.active{color:var(--theme)}.is{background:var(--theme);color:var(--light)}.toggle svg{fill:var(--text);display:inline-block;transform-origin:50% 50%;transform:scale(1.2);cursor:pointer;margin:0}.scrollable{width:100%;overflow-x:hidden;max-width:calc(100vw - 48px)}@media screen and (min-width: 768px){.scrollable{max-width:100%}}.scrollable:hover{overflow-x:auto}.chart{display:grid;grid-gap:1.5rem;max-width:98vw !important;max-height:98vw !important}.link{display:inline-flex;align-items:center;width:2.5rem;margin:0 0.25rem;padding:0 0.25rem;opacity:0;transition:opacity 0.3s cubic-bezier(0.39, 0.575, 0.565, 1)}.link svg,.link img{width:1.5rem;height:1.5rem;fill:var(--theme)}.link_owner:hover .link{opacity:0.9}.copy{cursor:pointer}@keyframes pulse{0%{opacity:1}75%{opacity:0.1}100%{opacity:1}}code{font-size:15px;font-weight:400;overflow-y:hidden;display:block;font-family:'Monaco', monospace;word-break:break-all}code.noClass{color:var(--inline-color);display:inline;line-break:anywhere}.windows .highlight{overflow-x:hidden}.windows .highlight:hover{overflow-x:auto}.highlight{display:grid;width:100%;border-radius:0 0.2rem 0.2rem 0;overflow-x:auto;position:relative}.highlight_wrap{display:grid;background:var(--code-bg) !important;border-radius:0.5rem;position:relative;padding:0 1rem;margin:1.5rem auto 1rem auto}.highlight_wrap .highlight_wrap{margin:0;padding:0}.highlight_wrap+.highlight_wrap{margin-top:2.25rem}.highlight_wrap:hover>div{opacity:1}.highlight_wrap .lang{position:absolute;top:0;right:0;text-align:right;width:7.5rem;padding:0.5rem 1rem;font-style:italic;text-transform:uppercase;font-size:67%;opacity:0.5;color:var(--text)}.highlight_wrap:hover .lang{opacity:0.1}.highlight .highlight{margin:0}.highlight pre{color:var(--text) !important;border-radius:4px;font-family:'Monaco', monospace;padding-top:1.5rem;padding-bottom:2rem}.highlight table{display:grid;max-width:100%;margin-bottom:0;background:transparent}.highlight td,.highlight th{padding:0}.highlight .lntd{width:100%;border:none}.highlight .lntd:first-child,.highlight .lntd:first-child pre{width:2.5rem !important;padding-left:0;padding-right:0;color:rgba(255,255,255,0.5);user-select:none}.highlight .lntd:first-child pre{width:100%;display:flex;align-items:center;flex-direction:column}.err{color:#a61717}.hl{width:100%;background:var(--inline-color)}.ln,.lnt{margin-right:0.75rem;padding:0;transition:opacity 0.3s var(--ease)}.ln,.ln span,.lnt,.lnt span{color:var(--text);opacity:0.5;user-select:none}.k,.kc,.kd,.kn,.kp,.kr,.kt,.nt{color:#6ab825;font-weight:500}.kn,.kp{font-weight:400}.nb,.no,.nv{color:#24909d}.nc,.nf,.nn{color:#447fcf}.s,.sa,.sb,.sc,.dl,.sd,.s2,.se,.sh,.si,.sx,.sr,.s1,.ss{color:#ed9d13}.m,.mb,.mf,.mh,.mi,.il,.mo{color:#3677a9}.ow{color:#6ab825;font-weight:500}.c,.ch,.cm,.c1{color:#999;font-style:italic}.cs{color:#e50808;background-color:#520000;font-weight:500}.cp,.cpf{color:#cd2828;font-weight:500}.gd,.gr{color:#d22323}.ge{font-style:italic}.gh,.gu,.nd,.na,.ne{color:#ffa500;font-weight:500}.gi{color:#589819}.go{color:#ccc}.gp{color:#aaa}.gs{font-weight:500}.gt{color:#d22323}.w{color:#666}.hljs-string{color:#6ab825}.hljs-attr{color:#ed9d13}.p .hljs-attr{color:var(--light)}.pre_wrap{white-space:pre-wrap;white-space:-moz-pre-wrap;white-space:-pre-wrap;white-space:-o-pre-wrap;word-wrap:break-word}.pre_nolines.ln{display:none}.panel_box{display:inline-flex;perspective:300px;grid-gap:0.5rem;transition:opacity 0.3s var(--easing);background:var(--code-bg);padding:0.5rem 1.5rem;border-radius:2rem;align-items:center;position:absolute;right:0rem;top:-2.1rem;opacity:0}.panel_icon{display:inline-flex;align-items:center;justify-content:center;cursor:pointer;padding:0.1rem;transform-origin:50% 50%}.panel_icon.active{animation:pulse 0.1s linear}.panel_icon svg{fill:var(--text);width:1.5rem;height:1.5rem}.panel_hide{display:none}.panel_from{position:absolute;color:var(--theme);bottom:0;font-size:1.5rem;font-weight:500;padding:0.5rem 0;cursor:pointer;letter-spacing:0.1px;z-index:19}.panel_expanded .panel_from{display:none}@font-face{font-family:'Metropolis';font-style:normal;font-weight:400;src:local("Metropolis Regular"),local("Metropolis-Regular"),url("../fonts/Metropolis-Regular.woff2") format("woff2"),url("../fonts/Metropolis-Regular.woff") format("woff");font-display:swap}@font-face{font-family:'Metropolis';font-style:normal;font-weight:300;src:local("Metropolis Light"),local("Metropolis-Light"),url("../fonts/Metropolis-Light.woff2") format("woff2"),url("../fonts/Metropolis-Light.woff") format("woff");font-display:swap}@font-face{font-family:'Metropolis';font-style:italic;font-weight:300;src:local("Metropolis Light Italic"),local("Metropolis-LightItalic"),url("../fonts/Metropolis-LightItalic.woff2") format("woff2"),url("../fonts/Metropolis-LightItalic.woff") format("woff");font-display:swap}@font-face{font-family:'Metropolis';font-style:normal;font-weight:500;src:local("Metropolis Medium"),local("Metropolis-Medium"),url("../fonts/Metropolis-Medium.woff2") format("woff2"),url("../fonts/Metropolis-Medium.woff") format("woff");font-display:swap}@font-face{font-family:'Metropolis';font-style:italic;font-weight:500;src:local("Metropolis Medium Italic"),local("Metropolis-MediumItalic"),url("../fonts/Metropolis-MediumItalic.woff2") format("woff2"),url("../fonts/Metropolis-MediumItalic.woff") format("woff");font-display:swap}@font-face{font-family:'Cookie';font-style:normal;font-weight:400;src:local("Cookie-Regular"),url("../fonts/cookie-v10-latin-regular.woff2") format("woff2"),url("../fonts/cookie-v10-latin-regular.woff") format("woff");font-display:swap}@keyframes chartjs-render-animation{0%{opacity:.99}100%{opacity:1}}.chartjs-render-monitor{animation:chartjs-render-animation 1ms}.chartjs-size-monitor,.chartjs-size-monitor-expand,.chartjs-size-monitor-shrink{position:absolute;direction:ltr;left:0;top:0;right:0;bottom:0;overflow:hidden;pointer-events:none;visibility:hidden;z-index:-1}.chartjs-size-monitor-expand>div{position:absolute;width:1000000px;height:1000000px;left:0;top:0}.chartjs-size-monitor-shrink>div{position:absolute;width:200%;height:200%;left:0;top:0}
+
+/*# sourceMappingURL=styles.css.map */
\ No newline at end of file
diff --git a/lolrmm.com/resources/_gen/assets/sass/sass/main.sass_ca26857cefa9076967ab300682271513.json b/lolrmm.com/resources/_gen/assets/sass/sass/main.sass_ca26857cefa9076967ab300682271513.json
new file mode 100644
index 00000000..2aa660ed
--- /dev/null
+++ b/lolrmm.com/resources/_gen/assets/sass/sass/main.sass_ca26857cefa9076967ab300682271513.json
@@ -0,0 +1 @@
+{"Target":"css/styles.cd62b2f2422cc4a7954bb12c250bb5a506c534f9f0e02d12144999181257b8046df4a087b684fbe4fa2e60fc50b054922f83d5cb594351423c6425a8cb80434c.css","MediaType":"text/css","Data":{"Integrity":"sha512-zWKy8kIsxKeVS7EsJQu1pQbFNPnw4C0SFEmZGBJXuARt9KCHtoT75PouYPxQsFSSL4PVy1lDUUI8ZCWoy4BDTA=="}}
\ No newline at end of file
diff --git a/lolrmm.com/static/favicons/android-chrome-192x192.png b/lolrmm.com/static/favicons/android-chrome-192x192.png
new file mode 100644
index 00000000..2cc234b9
Binary files /dev/null and b/lolrmm.com/static/favicons/android-chrome-192x192.png differ
diff --git a/lolrmm.com/static/favicons/android-chrome-512x512.png b/lolrmm.com/static/favicons/android-chrome-512x512.png
new file mode 100644
index 00000000..7e2d5b98
Binary files /dev/null and b/lolrmm.com/static/favicons/android-chrome-512x512.png differ
diff --git a/lolrmm.com/static/favicons/apple-touch-icon.png b/lolrmm.com/static/favicons/apple-touch-icon.png
new file mode 100644
index 00000000..5e47b25a
Binary files /dev/null and b/lolrmm.com/static/favicons/apple-touch-icon.png differ
diff --git a/lolrmm.com/static/favicons/favicon-16x16.png b/lolrmm.com/static/favicons/favicon-16x16.png
new file mode 100644
index 00000000..82f3dec4
Binary files /dev/null and b/lolrmm.com/static/favicons/favicon-16x16.png differ
diff --git a/lolrmm.com/static/favicons/favicon-32x32.png b/lolrmm.com/static/favicons/favicon-32x32.png
new file mode 100644
index 00000000..c50856aa
Binary files /dev/null and b/lolrmm.com/static/favicons/favicon-32x32.png differ
diff --git a/lolrmm.com/static/favicons/favicon.ico b/lolrmm.com/static/favicons/favicon.ico
new file mode 100644
index 00000000..f90b4500
Binary files /dev/null and b/lolrmm.com/static/favicons/favicon.ico differ
diff --git a/lolrmm.com/static/favicons/site.webmanifest b/lolrmm.com/static/favicons/site.webmanifest
new file mode 100644
index 00000000..45dc8a20
--- /dev/null
+++ b/lolrmm.com/static/favicons/site.webmanifest
@@ -0,0 +1 @@
+{"name":"","short_name":"","icons":[{"src":"/android-chrome-192x192.png","sizes":"192x192","type":"image/png"},{"src":"/android-chrome-512x512.png","sizes":"512x512","type":"image/png"}],"theme_color":"#ffffff","background_color":"#ffffff","display":"standalone"}
\ No newline at end of file
diff --git a/lolrmm.com/static/images/GitHubMarkDark.svg b/lolrmm.com/static/images/GitHubMarkDark.svg
new file mode 100644
index 00000000..68a69435
--- /dev/null
+++ b/lolrmm.com/static/images/GitHubMarkDark.svg
@@ -0,0 +1,3 @@
+<svg width="1024" height="1024" viewBox="0 0 1024 1024" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path fill-rule="evenodd" clip-rule="evenodd" d="M8 0C3.58 0 0 3.58 0 8C0 11.54 2.29 14.53 5.47 15.59C5.87 15.66 6.02 15.42 6.02 15.21C6.02 15.02 6.01 14.39 6.01 13.72C4 14.09 3.48 13.23 3.32 12.78C3.23 12.55 2.84 11.84 2.5 11.65C2.22 11.5 1.82 11.13 2.49 11.12C3.12 11.11 3.57 11.7 3.72 11.94C4.44 13.15 5.59 12.81 6.05 12.6C6.12 12.08 6.33 11.73 6.56 11.53C4.78 11.33 2.92 10.64 2.92 7.58C2.92 6.71 3.23 5.99 3.74 5.43C3.66 5.23 3.38 4.41 3.82 3.31C3.82 3.31 4.49 3.1 6.02 4.13C6.66 3.95 7.34 3.86 8.02 3.86C8.7 3.86 9.38 3.95 10.02 4.13C11.55 3.09 12.22 3.31 12.22 3.31C12.66 4.41 12.38 5.23 12.3 5.43C12.81 5.99 13.12 6.7 13.12 7.58C13.12 10.65 11.25 11.33 9.47 11.53C9.76 11.78 10.01 12.26 10.01 13.01C10.01 14.08 10 14.94 10 15.21C10 15.42 10.15 15.67 10.55 15.59C13.71 14.53 16 11.53 16 8C16 3.58 12.42 0 8 0Z" transform="scale(64)" fill="#FFF"/>
+</svg>
\ No newline at end of file
diff --git a/lolrmm.com/static/images/GitHubMarkLight.svg b/lolrmm.com/static/images/GitHubMarkLight.svg
new file mode 100644
index 00000000..93af7db5
--- /dev/null
+++ b/lolrmm.com/static/images/GitHubMarkLight.svg
@@ -0,0 +1,3 @@
+<svg width="1024" height="1024" viewBox="0 0 1024 1024" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path fill-rule="evenodd" clip-rule="evenodd" d="M8 0C3.58 0 0 3.58 0 8C0 11.54 2.29 14.53 5.47 15.59C5.87 15.66 6.02 15.42 6.02 15.21C6.02 15.02 6.01 14.39 6.01 13.72C4 14.09 3.48 13.23 3.32 12.78C3.23 12.55 2.84 11.84 2.5 11.65C2.22 11.5 1.82 11.13 2.49 11.12C3.12 11.11 3.57 11.7 3.72 11.94C4.44 13.15 5.59 12.81 6.05 12.6C6.12 12.08 6.33 11.73 6.56 11.53C4.78 11.33 2.92 10.64 2.92 7.58C2.92 6.71 3.23 5.99 3.74 5.43C3.66 5.23 3.38 4.41 3.82 3.31C3.82 3.31 4.49 3.1 6.02 4.13C6.66 3.95 7.34 3.86 8.02 3.86C8.7 3.86 9.38 3.95 10.02 4.13C11.55 3.09 12.22 3.31 12.22 3.31C12.66 4.41 12.38 5.23 12.3 5.43C12.81 5.99 13.12 6.7 13.12 7.58C13.12 10.65 11.25 11.33 9.47 11.53C9.76 11.78 10.01 12.26 10.01 13.01C10.01 14.08 10 14.94 10 15.21C10 15.42 10.15 15.67 10.55 15.59C13.71 14.53 16 11.53 16 8C16 3.58 12.42 0 8 0Z" transform="scale(64)" fill="#1B1F23"/>
+</svg>
\ No newline at end of file
diff --git a/lolrmm.com/static/images/artist.jpg b/lolrmm.com/static/images/artist.jpg
new file mode 100644
index 00000000..5d52ed3c
Binary files /dev/null and b/lolrmm.com/static/images/artist.jpg differ
diff --git a/lolrmm.com/static/images/boy.jpg b/lolrmm.com/static/images/boy.jpg
new file mode 100644
index 00000000..955cdf97
Binary files /dev/null and b/lolrmm.com/static/images/boy.jpg differ
diff --git a/lolrmm.com/static/images/chickens.jpg b/lolrmm.com/static/images/chickens.jpg
new file mode 100644
index 00000000..2efb5dd9
Binary files /dev/null and b/lolrmm.com/static/images/chickens.jpg differ
diff --git a/lolrmm.com/static/images/clarity/article-toc.png b/lolrmm.com/static/images/clarity/article-toc.png
new file mode 100644
index 00000000..a07f85ec
Binary files /dev/null and b/lolrmm.com/static/images/clarity/article-toc.png differ
diff --git a/lolrmm.com/static/images/clarity/image-figure.png b/lolrmm.com/static/images/clarity/image-figure.png
new file mode 100644
index 00000000..67ff2caa
Binary files /dev/null and b/lolrmm.com/static/images/clarity/image-figure.png differ
diff --git a/lolrmm.com/static/images/clarity/image-inline.png b/lolrmm.com/static/images/clarity/image-inline.png
new file mode 100644
index 00000000..93d36f15
Binary files /dev/null and b/lolrmm.com/static/images/clarity/image-inline.png differ
diff --git a/lolrmm.com/static/images/clarity/screenshot-darkmode.png b/lolrmm.com/static/images/clarity/screenshot-darkmode.png
new file mode 100644
index 00000000..539ed63f
Binary files /dev/null and b/lolrmm.com/static/images/clarity/screenshot-darkmode.png differ
diff --git a/lolrmm.com/static/images/clarity/screenshot-mobile-darkmode.png b/lolrmm.com/static/images/clarity/screenshot-mobile-darkmode.png
new file mode 100644
index 00000000..cf89290e
Binary files /dev/null and b/lolrmm.com/static/images/clarity/screenshot-mobile-darkmode.png differ
diff --git a/lolrmm.com/static/images/clarity/screenshot-mobile.png b/lolrmm.com/static/images/clarity/screenshot-mobile.png
new file mode 100644
index 00000000..962f69e7
Binary files /dev/null and b/lolrmm.com/static/images/clarity/screenshot-mobile.png differ
diff --git a/lolrmm.com/static/images/clarity/screenshot.png b/lolrmm.com/static/images/clarity/screenshot.png
new file mode 100644
index 00000000..f08264c0
Binary files /dev/null and b/lolrmm.com/static/images/clarity/screenshot.png differ
diff --git a/lolrmm.com/static/images/clarity/syntax-block.gif b/lolrmm.com/static/images/clarity/syntax-block.gif
new file mode 100644
index 00000000..91de114c
Binary files /dev/null and b/lolrmm.com/static/images/clarity/syntax-block.gif differ
diff --git a/lolrmm.com/static/images/clarity/tags.png b/lolrmm.com/static/images/clarity/tags.png
new file mode 100644
index 00000000..8da6c602
Binary files /dev/null and b/lolrmm.com/static/images/clarity/tags.png differ
diff --git a/lolrmm.com/static/images/clarity/tn-darkmode.png b/lolrmm.com/static/images/clarity/tn-darkmode.png
new file mode 100644
index 00000000..256b5aef
Binary files /dev/null and b/lolrmm.com/static/images/clarity/tn-darkmode.png differ
diff --git a/lolrmm.com/static/images/clarity/tn.png b/lolrmm.com/static/images/clarity/tn.png
new file mode 100644
index 00000000..2b2dcfe2
Binary files /dev/null and b/lolrmm.com/static/images/clarity/tn.png differ
diff --git a/lolrmm.com/static/images/compose-light.svg b/lolrmm.com/static/images/compose-light.svg
new file mode 100644
index 00000000..cdfec1fb
--- /dev/null
+++ b/lolrmm.com/static/images/compose-light.svg
@@ -0,0 +1,10 @@
+<svg width="404" height="88" viewBox="0 0 404 88" fill="none" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
+<path d="M127.368 66.864C135.864 66.864 141.624 62.832 145.656 57.36L140.544 54.552C137.808 58.656 132.84 61.536 127.368 61.536C116.856 61.536 108.864 53.4 108.864 42.024C108.864 30.576 116.856 22.512 127.368 22.512C132.84 22.512 137.808 25.464 140.544 29.496L145.584 26.688C141.768 21.288 135.864 17.184 127.368 17.184C113.544 17.184 102.672 27.264 102.672 42.024C102.672 56.784 113.544 66.864 127.368 66.864ZM168.248 66.864C178.832 66.864 185.456 58.656 185.456 48.576C185.456 38.496 178.832 30.36 168.248 30.36C157.664 30.36 151.04 38.496 151.04 48.576C151.04 58.656 157.664 66.864 168.248 66.864ZM168.248 62.04C160.832 62.04 156.656 55.704 156.656 48.576C156.656 41.52 160.832 35.184 168.248 35.184C175.664 35.184 179.768 41.52 179.768 48.576C179.768 55.704 175.664 62.04 168.248 62.04ZM241.635 66V40.872C241.635 33.888 238.251 30.36 231.915 30.36C226.875 30.36 222.195 33.672 220.251 36.84C219.243 33.24 216.219 30.36 210.891 30.36C205.779 30.36 201.099 34.032 199.659 36.264V31.224H194.259V66H199.659V40.584C201.531 37.776 205.275 35.184 208.803 35.184C213.339 35.184 215.211 37.992 215.211 42.384V66H220.611V40.512C222.411 37.776 226.227 35.184 229.827 35.184C234.291 35.184 236.235 37.992 236.235 42.384V66H241.635ZM269.544 66.864C278.688 66.864 285.024 59.808 285.024 48.576C285.024 37.272 278.688 30.36 269.544 30.36C264.648 30.36 260.328 32.88 257.808 36.408V31.224H252.408V79.248H257.808V60.744C260.616 64.632 264.792 66.864 269.544 66.864ZM268.176 62.04C263.928 62.04 259.68 59.448 257.808 56.424V40.728C259.68 37.704 263.928 35.184 268.176 35.184C275.16 35.184 279.336 40.872 279.336 48.576C279.336 56.28 275.16 62.04 268.176 62.04ZM308.803 66.864C319.387 66.864 326.011 58.656 326.011 48.576C326.011 38.496 319.387 30.36 308.803 30.36C298.219 30.36 291.595 38.496 291.595 48.576C291.595 58.656 298.219 66.864 308.803 66.864ZM308.803 62.04C301.387 62.04 297.211 55.704 297.211 48.576C297.211 41.52 301.387 35.184 308.803 35.184C316.219 35.184 320.323 41.52 320.323 48.576C320.323 55.704 316.219 62.04 308.803 62.04ZM345.83 66.864C354.83 66.864 359.51 62.184 359.51 56.352C359.51 42.816 337.982 47.856 337.982 40.224C337.982 37.128 340.934 34.752 345.686 34.752C350.15 34.752 353.966 36.624 356.054 39.144L358.574 35.4C355.766 32.592 351.59 30.36 345.686 30.36C337.406 30.36 332.726 34.968 332.726 40.368C332.726 53.256 354.254 48.072 354.254 56.496C354.254 59.952 351.374 62.472 346.046 62.472C341.294 62.472 336.902 60.168 334.598 57.504L331.79 61.392C335.318 65.136 340.142 66.864 345.83 66.864ZM383.979 66.864C389.667 66.864 394.347 64.992 397.803 61.536L395.211 58.008C392.475 60.816 388.443 62.4 384.483 62.4C376.995 62.4 372.387 56.928 371.955 50.376H400.107V49.008C400.107 38.568 393.915 30.36 383.403 30.36C373.467 30.36 366.267 38.496 366.267 48.576C366.267 59.448 373.683 66.864 383.979 66.864ZM394.779 46.416H371.955C372.243 41.088 375.915 34.824 383.331 34.824C391.251 34.824 394.707 41.232 394.779 46.416Z" fill="#F2F2F2"/>
+<path d="M88 0H0V88H88V0Z" fill="url(#pattern0)"/>
+<defs>
+<pattern id="pattern0" patternContentUnits="objectBoundingBox" width="1" height="1">
+<use xlink:href="#image0" transform="scale(0.00555556)"/>
+</pattern>
+<image id="image0" width="180" height="180" xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAALQAAAC0CAYAAAA9zQYyAAAgAElEQVR4Xu19B5xV1fH/d869r+zbZRtVinRFsSGooSlYMInR/KIuiQVrfmJPYqJBjMkmxp6qif7MP1GixAIxxlgDKAgIiGBDEaRJkc6ysO21e+f/mfNY2L6v3X1vl3s+4aORc+acM+f75s6ZmTNDcJvLgTRx4NT73uvsUdXHgI0JBBpmE3oAiBLoY5v5LUV4r+eAbV/NnDjRStOUjciQU4RduocPB8aVzvWHfd7zSPFNYB4BQh4YDbEVYfAqxfQv21SPLbp99E4nOOQC2gmuHkY0x5XONcM55l3EuBOAL46tMzPmsxW+bPHPzvoqjv4JdXEBnRC73M51OTC8dFnA66/+qQJ+DFBuAtxhgJYS800Lp4z5AEScwNgWu7qAThcnDzM6JTNmGFs39LgFoIfA8CSzfQKWKsP7vfm3n7YhmfFNjXEBnS5OHk50SlmNyl10PlnW/wEkF78kG1vM9ER5aNuPVpZODCdJpN4wF9Dp4OLhRYNG3zvvbJjG38Dok/LWmSutqHX+krvHz0uZFtDoJpoOmi6NDsyBsffOP8FW9BwIx6Ztm0x/f/eDrddiZurmPFdCp+1UOj6h0x6c29tkz1MMPpMAlcYdL4/Y3nOXTj1tT6o0XUCnysHDZPy4339YGA5V/pOAs9K/Zd7Ayjhn0R2j16VK2wV0qhw8DMaL4yTiMx4G0fUAzHRvmYD1tlITXECnm7MuvUYcKC1lNcs3/+dE6qcA/E6wiICVlteYsPi2USk7WlwJ7cQJdRCaw69b5vEOqLpGgf4MkOHUthh4yxuMfmte6fhgqnO4gE6Vgx14/JiHFnydbUwD0N2pbTLADExdPGXsA+mYwwV0OrjY4WgwnXbvguNNg8Q2XOTo9pi3QakR7/50zNZ0zOMCOh1c7GA0Rv7qnePJo54lwnHObo2r2Kapi6aOfSRd87iAThcnOwid4U+wx1+28C0Qxjq9JWZ+MUSha5dPOWdfuuZyAZ0uTnYAOqf9YUl3syb8Zyi6sIl45nTu0AZooc2RaxffOX5tOgm7gE4nN9sxrW888rpvf3X+wwDfCMAxi4awiIElZsS+dP7dZ6Qtyq6W9S6g2zEI07V0AXNFdeH1DEssDY7YmmvXysAWw+KrFtw19m0gfXHQLqDThYZ2Tkdszf6BwWvB/DCAPGe3Q1tB1g2eGvv1eaXjo07M5UpoJ7jabmgyjX1wwZk207MAujm87H2w7R+8O/WMvzs5jwtoJ7mbzbSZaeSDi0cqWH8DMMThpUbA/IAnZD00r3R8pZNzuYB2krtZTHvkfYuGKMOeCWanbc2SsuBRT9C6Mx2u7dZY6gK6NQ51wL8f/pu5XfxR80mAzgM4nXHNjblF9ELE8tyUjljneI7CBXQ8XOpAfUb+7s1iFc79K4DznQgFbcCqj4hx0cI7x65vKxa6gG4rTmfBPCN/tyiHItY9BLoNzM6dPYFhY0VUec5776df29KWW3duU225C3eu1jlQWqpG+8ffBqifA+jU+oCUemwjxqUL7xybloeviazEBXQi3GqvfUtL1Rj/WZczIBaNtL84qccWRpAIExdOGftKJtjlAjoTXG/jOUc+MP9cAv2VgN4OT72XFKYsvGPsXxyep1nyLqAzxfk2mnfc/Yv7RchaCHAvh6eUdF4P5gcqSt+49Zshh+dyAZ0pBmdy3jH3LTiKDbwIdjquGWEwPxcsDty4fPKI6kzu2ZXQmeS+g3OLRUOFov8CqQmO25qZX/B4AjfP+8mI3Q5uKS7SLqDjYlP76jT6wYWdGPwEMS5xeOWiZqwkxgVtaWtuaU8uoB0+8bYmf8LD/83NtwN3M9PtjkpmAjPzhwzzqsVTRq1o6302N58L6Gw5iTStY9QD7/4vwX40zuTjSc9K4O2s1MR37xizIGkiDgx0Ae0AUzNBcvgTyzw5e4MlzPw4CPkOr2E329Zt3jA/51Rcc7LrdwGdLOeybNzIB+efpUBPpSXFbct7qwDzHZ6Q9ddsA7Ms2wV0lgEz4eUw0+kPLRlicXQmgKEJj09sQATAb4PB8nuWl56fUfOcq0MndnDtpveoe+ceR4bnSYBPcXjRFpifItAdC+8cu9fhuZIm70ropFmX+YGn//qdPlFTPU9EIx2NnpOH2sSvBDlwxfIpI9KWQ8MJDrqAdoKrbUDzgEtbgo3GOWqei6UdWMZ2dNLiqeNXtcHWUprCBXRK7MvM4DFTFhTZhfz/iBxPCCNw/pKjxrhFPxu9MTO7TWxWF9CJ8SvjvbVLOxz9FYNuJcDr5IIIvMVm49pFd46e5eQ86aTtAjqd3HSY1rGlM7zF/l53M+yfOJ0QBqCwIvu7PfqPfWXmRHKsNne6WeYCOt0cdYwe0+gH370GzH9wPiEMqkjhroV3jP2jY9txiLALaIcYm26yox6Y/20CUix02fqqGGQT+KFgUc49mQ4FbX21jXu4gE6Ga208Zsx9C05jwqw2cGnbYH4puCFwyfK/jBAnSrtrLqCz/Mh0kL7i6QA57TixAbzmMXOuyYa45mSPxQV0spxrg3HD7pvfNVfRmwwMczpMgUArLFYXLr5zVFrzNbcBm+pN4QK6rTke53xj75vf1VYkF8BL4xySXDfJocH4gpX63qI7Rn+UHJHsGeUCOnvO4uBKxs1lM7xk4W+I+HqAfA4v8SsFNXnBlNGvx5yC7bu5gM6y85OqrWG/IU6TewFyNocGUQVs3NZz4NanZk5MvXB8NrDSBbSDp8ClpQqXrclDOByAN5AL0+6CCHUFWWHAXAfl240BT+wnqs1kzzTq/kVXEtm/c7ycGlAB0K+CRf4/Lp/cPi0aTR2dC+g0AZoZhHnjDBT3KUaAeoEwBsTjYOMYEHqAUABGnUyfHAXTWhD+A4ufRUVgzag3Lz9OmXgNoC5pWlazZJjxGPuMnyy+bVSN03O1JX0X0Elym7nEiy9yusKIHgUYx4P5JBCOAVMfkM6G74mXNIOqF2/rs+auxRO6RGzldEIYiwkzodQPFt0+eme8a2wv/VxAJ3BSvOw6DwKVPeFR50DRN8AQEBfDRi4ofgA3nHJbVSeUvncmPitzrAJxbEoiZtuerUDfy+Yg/QSOpFFXF9AtcI/njjPR94jOsL2DwPapIJ1TeUQ6s3fuqsnFA8tOx9IdvR0uDaij9FcwqysX3znqw1RAk81jXUA3OB2tC2+6tBBhNfaAFB4OoD+AYqCuDpz6se4N+fGHj8Zg7ub+sJ1/3rlBWXzxgqljPxRJnfrqs5OCC2gxvs4oMTDMmwuPMRARvgLElwDk6Pc/Yiv89bNT8MKa4xG1na0KAWA3MSYtvHPsm9kJw/St6rAGNG8uyUEkcAps+xwAYwCINHY6GThClolnVp2E5744ESHL0aKtojdHYNu3BosDf+tI5rnmfgKHJaB5zS0+GOVXwMYPAQxE7OVHm/BCvvWvrh+C3388GmHHwQymKG5ZGHnrcZSWSvBRh29tcoiZ5iILWDdeWogonQxbfQOEEhB6gZ2tad1w3wLm5Tt64b5lZ2BnjbNFWxmwCfR4MLj3jmzNoeEELjo8oHnDVYWwre8BdAnAx4NRkO7LXbwH8/HuHto8t8thMEu8UbdA1dwtlZ6SpVPP3hPv+jpCvw4JaG1u692rB6C+DcItIAxqa2ncEBwbKwrxq6XjsXpvV0dxYyob3+y7GrcNW1RmKut3YPU89vk20Yi/tMuA/USZ1eEAzWsu6w2oy0GYCOAY5x+Tts7ysmAOSpeeiY929YTtcDW1MT034kfD3kW3nCpZWATgNWA1E6aaRv2nfdn6att3jw4DaF5XUgD2TwTzFCjqVz9uInOHVBH24d5l47Bwa19HF6GIcVKXbfj1yNnI9zYqcSLW9Y0gvh9SDvnIZ8tJ9JIO2No9oPmzEi98fjG53QpgAoCcbDmnsG3giRWn4F/rhiJiO2ueO6nrNtx+8gL07VTewvYpBPC7IP4rlPkG9Z/WUudsYWNC62jXgOZl5wdQVHA7QD8Ao7CtTG/xcNhihac/H4anVw2DOFGcbL3y9uP+kbPQv6AsTtujBvZbYPoZBj39UUeS1u0W0DHrRfRRMH03kcg2J4FVS9uyFV798mj88eNRjtqa5fAG5e/CT4fPx5DiPclY0ncBeArAMxgY/JxoZrtJKNOhHCu84So/rOjdAN3heGXUBH8BUkJ78fY+eGj56dgdDCQ4OrHuPdRe3Fb4Kk4o3AqzkwlPjxwYnRJ85MIcBdGXIDwJr/cJ6vO3ssRWkV2926WE5nWXXwQmybwpNuWsaWLB+HRPd/xs8TkoCzmnyst9rp+xEz/0v4yBxvaD+yevQs5RneA9IicZaS2exAWw1c+xv2wZjXglKxOat3bY7Q7QvO6qwWB7DsBHtra5tv77DfuLcN/7Z+DzvRLf71w73tiI7/tnYaCxrdEkKsdA7rAiGHkJSupDlPYC/CIM87foN211e9Ov2xWgtaoRjb4Aogucg0tylKsiXty5aAI+2NUzOQJxjBLJfJK5Hj/NeRF5FGxyBHkUck8qhFmUcmLS/WD7TvjDT1Gfme3mmVb7AvTaK74D2E8BlFWqRlmVH3/6dBRmbR4UByyT62LAxje8y/E93zsopOa1AaPIg7wTiyDqRxqaOGbka/gouPhtGvxoxmp4x7uXdgNoXvMNH9DlHRBOi3dzjvVjhlUZRWRXCNFdITxZPg7/qjwVUXbG1hxACNflvImxnpXwifOvmSbSOe/kIhgFcT9njJdFku5gGiKdptLQxyrjHZSJfu0C0AdiM6ZCqVLH3yk1OAW2GByyYYcsDeLo3gis8rD+/2HbxKvhUzE9NA5hJK2zNnvuJiwcZXyFy33zcILZstfayDXhP6oTPF0dy0sjnsUl+gyI5lP/aU3rPJlAcZ052weg1046Doy5IDj+vF/zhgGrKorI7hCsvWFY1ZYGNVv2wdxCFhT+Gz4Zfw1OcATM+VSNb3uXYIL3IxRSZfMOE0XwdPPB3y8XRidPMtaNRCG4E8zTYVv309HPZbxYfcPFZz2gmUsMrPP9AqC7HAv7ZGiw2iEb0b1hRLYFEd0fAaymwx0kMGKl1QcPV1+I3Zzeoq0eRNHP2IGrfXNwnLkJqpmQCzIIYtHw9c+Ft3tOml87toZxlnx4HwPWD7Gv06JsiuTLfkBL9BypNwAc1xqbE/17DtuI7osgWh6GtS+iVQqOHJLCTdETiH8W7YtHg9/CV3bnRKdstr+CjSPVLkzwfqh15WalsgLMIh+8R/i1eiF6c4Yag3kbiKaD7Udp8D+2ZGgd9abNfkCvn/RjMB5KZ/Sc6MXhrTUIbayGXR1N6By22J1xb/VEbLbTE9csprieag/+x/sexntWwE/hptdDgFnohX9gHsxCD6Cy5ujkQdB7sCJX09HPZbzsW9ZwpUlpuOnKgQjzXID7JIS6ZjqL9A1vDyK8uVrryIkGUO7ifDxScz4+ig5I+m4qDPcigs6qAgPUdpzmWY1h5noUUDUaRnSK9DVyDRhFXng6+7T1QlSNLGyihW0G47fweadn0n2eldzR9zL96qTP3VC4O2n01J48Q6sVwTUVsCqiEAmdaNvHuXi45kJ8HJVQ68TZJrpxT1WGocYmDeABxnYNYh9F6gPZIIjFwiz2wtPFp2MzyFRtcdlLlCVN9a8G4w1ErB/Tsc9mpK5h4ieTjm3HQYPXX9oXlvo3iE6Ko3vTXeSlaMhCaHM1wluqwZHEgSyEQ+zBk6Gz8UZ4OOxWcs2IA8RDFgIIQiwVAmIxvZ1obkAvVYaARG7WNoKWuOIE0SAu8mppLIFGWaRSJMb+WAL1dTpwjAteb2tnTPYCevVlV8I0HgNzciFrDER2BhH8sgqWWCySwzIiMPFc8HT8O/y1Js1zAmDRe7vRPvQxdqGf2ok+xm50pX0ooirkUQ28WgrHorW1dcJvaMlr5Hl0zIUKGCCfATKz9jgSA3Wst8SzPoewfR8dO71x0EkyFOMYk5UcjMVsWG+ApI514k3Mb6GNVQhvqgbbSSIZQMzWPAyPBb+p0SjCpxbARVSJwcZWjDDXavWhq9p/yIsnXCWS/wEmQdVK4AN6sJjbslQXTpzZrY7gN2CYN6LftI1tEeiUnYBec8W3Qfx8wg9cRSrvCSG0vkrrzKk07RaLDsETNeeiAgFtUhPVQUDcV+1CV7VPqxRibCCxnB2wC6uAGZPAuYa2E4s6oTqe9E2EtRKWuhygX2DgptlE8xIzKyUyUzY9WTp4f1t1TSd4Ii+CIem54m4iiUObqhFcV9msQyRuYgA22V3wcPVFGGpuxLmeD9HTKNO6sVIMlSPqQgy04p0T1UEHA8ndTYvlbORsIrt3pO8uEP0QA55+zklJnXUSmtdeMR7M/9R5l+NsdrUVUzG+qklJxTg4nUdht1kEj4fROacahi92adPA9SsN3sNHZYjzEOLpxlwJ0O8A8080+Cl5/pX2loWAnvQbEH4Yb2IYcVXXrNqvvXzJXvxIEVSuoT1wRr6pwXsQtCZB/t5taeNAGMz/gW3d4EQsSFadFG+9LoCamqVgDG2VfcyI7Amj+rN9OnAokSbWBLEqmPkeHdhjdvZ1NAtDIuzIVN9FIOMqDJi2Np0qSHYB+ovLL4GiaQeygTbLaHGMiL4c2lAJjsZvxVC5po5/EKeFNpf5jPbisMgU6JyeV0B9PQ2ctiJdE2UNoJlv8WFd+dsARrW4OZtR80UlQpur4lMxFMHMN+HrmwtTgnlc9SFd2EkPHcIG2NHzMei5lemQ1NkD6LWXjQbU7JYyH9k1FmrWVCCyvZXYcoI2nZldfPB288Eo9LqXuPTAzykq68QCQgOffjXVCbIC0LGYZ28pSN3VXKCEBBZVflSuX4u0dPmTuAfvkQH4eudoh0a7dSGnerLtb/wO2HwtHTX9tVSWnh2A3nhpEcI6buP0pjYjkXE1n+1DtLz593RaInf1aSCLeS2J+KFU+OiOTQ8HykG4DAMGvkmUXMWB7AD0uklSKm0WGEUN+WIHLVR/ug/RsmY8f/IEqbsP/iNzofJMV7VID7AyR4XwBWx1IQ3++2fJLCI7AL3+iqmw+Z6GT6w0mFfs08+iGjXRk3NM+AfkwtujrZ8gJcNqd0wCHFgJr7oAff6+PtGLYsYBzYtKctDVvxiEE+tuWMAsDpPIzsapIMSO7O0VgK9Pjga1q14kAJV205XeAuzradD0tYksOfOAXn/FqWB+Bwz/wYXbjOqV+/UzqYZNwJwztADebn4XyImcdLvsS6+hir9LJz6jyxHE0zIKaF21de2kUhB+XrtYcZQE11fq2Ix61gx5U9fZF3tTl/5EKvHwyu3T9hyQAruPI+K5k4Y8WRHP9JkF9LrrCsDVLwJ0Vu1i5XVJ8IuK+s+kFODrmwdf30DMFOe2w4kDFSCeTAOnPxfPpjML6C8mHQPFrwI0QBYrloyqT8oh6QVqm6gY4uXzD8hzVYx4TrQj9iF8DI6cT4Oe39za9jIL6HWXnQVW/waQZ1dFUflheb20Ajrf8ZD8WP6J7Hzt3Bp/3b9PDwdE9XgNtn05Df7H/pZIZhbQa6+4BcS/5ygbNZ/XvwTKa4+cY/P18323uRzQHGDchkHBR1oqnZFZQK+5/BkQXR7eXoOalfsPRs5JJFzOMfnpyHHsIqFjcWAlWF1Ag/++rrltZRbQayetsWusQRVL9sRScIlnJWDqhN0pZKDvWEfo7qYuByww30GDp/8uKwFtr7o8WL1yn682ek7UjMCx+TCLfe4F0AVycxxYjWjkTBry/NamOmRUQkeWfTdY9VG5T6waIpkDJxTAbJuUsC5c2i8H5FN+B6YP/D2VNg5gyiigq/99QXVoa02O8inkHFvgZLLu9nt87sobc4DxHjz8HerXOIFNRgG994kJkv/sSFEzdIBRRlfjIqfdcIBRBra+Q0c9O7/hmjMKofL/N2GGr39eib9vrgvmdoOmrFhoEODJNGj601kF6MiSkp8bhb5fkKlzD7nN5UC8HLDB+CUNfuZXWQNo/nhSLnLxPoBj4t2F28/lwEEOMP5Bg5+5PCsAzZ+VeOHz/wbAzW7SLBekyXGAl9Og6fLSqV7LiA7NGy77Giz1CtBGVa2S45g7Kps5QNhAA5/RQW11W5sDWsdAr5skFa1+6VhVq0QPorlcNW3OnUQXfjj35zU0aPpRmQe05H62rLdaTSjj4FmxVCULM+yKCCTXhyU1CMX1LgWw5BcnWURNpStMSTJy8WAakpTcaDelIRzkXtaQXkmDnmmUMq7NZRDHyrStB5D2+r0tslpqEUZtnQ9PFw3aF0koU6mAW8JYpZyaUXAgcU2bcy9rwJT5hTA+psHPNCpX0uZHwmsvvwKgv7cVRyQPnjwc0HW5d4cgj29TavLaPGDC09mrn4RJnjw3VjsljiY3mPEeDX7maxlVOZhLFdatfRKgK5PbRWKjohUR1KyqgL0/klTlq9Zmq63mKu8cPe6j3dbYlda/5wi/o46Z3qhkSZtKaC4tVbhs7d8lBjqtu2tATKSwlDcObqyq95yruTnlOUSYPTCVDY9hxbyWclEUNUX+2VqdFiItqX1HBnQMdwcr/uPkUSVNO7o3/IHnlBeGZ1RCy+S8dtLjAK5PeictDTxYY6VSlzxuKQdeBedgtdVLV4TdZhehRvlw5aD30StQfmgGAXNULpA2bPlTY0GqBch/a6oJkDWwJdNpodd15ztyyDGike3BFd4xM0/IPKDXTJoEQiMffKp71+WOt1QjuLaySfUiCgMC4pXRPlgYGYpPrL6oZD8sGAgYYfzgqHk4+4hVLcdH2QwWY4hYRsojsKU2eNCOXS7rYtwg+PoE4O+XG6u94rb0coCB0JeVq/3nvDQk84Be9b2eMD0rARSka5dicpNcHrrGSgPpGYXCKqsPFkWG4JNoP11wXmoP1rYcI4Kr+i/BRX0+gpKakaJjSMStmPYO/DP2/+usVoplarWEYYdYA1tqIWrpXduPACPfo0Et1hE3C2q6ThtaYNWs2r8h99v/yQLHyrLhHhQd8yyYLk7HFu2gfSCZY+OUYeut7ng6dCZWWP10Ndim2gVHfILJvd6BJxTSL851rRbBZR1gN1JdBMyKDlaBlfosUpdFsGztDsOqiMR+FNKUpGEI6AQ5brL1dJw4tM+g6pPydZ2++9qgzEvoZSUFUY/xshkwz4iJueSbSESd/25P6KBkFEfkDrsAcyInYVZ4GMq4U5MTSAHNM7yfYnKnWci1alq/+LW2TKlX6FOx2oQm6TLMwnip/yISRUx8OQPzdAF6t6XGAVH5qj4q/yR/0uv18iEK1dQQleC6xMoRPu/TKWD6lfIbhpmTfB5nKUJf/Wl5vepXIiHXWL3wl+C5WGP11JVgm2snm2vxo5z/QCrCpr3V1vCWApz5ZuxCuT+iPY3+o/N1VQG3Jc8BufBXf1S+uODaNxuVL2lTQIeWlRwPxiIw8mQ7hj9WdTWRT7F2lOwN63RhWj040MIwsSQyBH8LnoM9zUjl2r591G5MCczUFWHrtQNArFUnpDqsrs8tvwv5mogaUmvKs2r/nXWhTxZ/zYG/r0dTkQa1yjPANbZ27PiOzIW3Z47rkEkS05LEs2bl/tmF18+akDGVQ9LmRkx6hMHfr7sI5VEgn4mo8sBnNu/FE0uCtT+K8KYqRMrC9ezLUTbwauQUvBgahb2sfyvNtt4C5px/op+xM1aP20O6mKauTeg7UFRT/puAubbAkID6AJ41YW2jrgPuaEy1kBrj1r6oviQ2ahIGUoeet+cBvbpjFaxPEqKJDZOkRDWbqqd1vmn21RkDdPWyi05TtnqZgO51F2EzYdHuAXhp2zCM6rkJw7puQydPCB5lwcsR+KwQqCKEyNZY/EWtk0N0ZXGI7LLzMSM0RuvMdgsqhsyZR0H8OPASTvWv0xJTnCCqIMWs/4JrkdBBC9E9Yf2ji7duoqeHHzlH5UP5XdNevJDWtXbeL4tGKyNTi2+c83BGAL1h7jh/z0DXZ0C4qK7eLqBctKs/frvqTJRHAnptOWYEATOiAZ3DIfTi3ejNO7Wu212Vo5CqEIQXW+1ibLS6YXl0EL6yi5urNXRwvwEK4fqiOTinxyp4Cg3IS/OUbhB17NHaZFcj/yH+mol6YZIiuNiLnMGdtInPba1zILwjiOqPy6tg82VFN895OSOADi65eAIpel3U5roL2FhVjJ+vOA+bqxuVVmmg2gr0GYaGLesvvkhj+RMPhEyycX2fefjOgE9j+nCKTZwpYvMWaSz6c6pNJHTg+EI39VkrjBS1s/qTcqnqsI1s9a3Cm//7QZsDunzBpUU53sh0EL5Zd/IoK/zm87Mwe/uQVqVrKoBRxLig5yf434GLtPRPpYmZ0CoLI7o73LiCrUE6d7Xo5JA4avmnVrwPqCSiZ4vrPNh0GWednFIyrXZxs0Y1d0bR8rCY6+SusoIt85udb31jS5sDOri05OsE/ANAcd3J/7vtGPxu1ZmIcD2hnQreGo0VaX5m9y/ww6PnItdspopWPDMyEN0ZQmRHqFGwk1weja7eWFCSgFi8iHL5a2g/Erd5lLXLXAKnxE7d6DBMhZyj8nT9mJTUoXj21A77iM9BEuLDxks1pv/ynpNfqW5TQM+YUWJ8uy//DYquqCuGv6wqxu0ffQd7QrmOsvXkos34xXFvoJOnlcqzLaxCJGpkS40GYt0mAf9msQdmT3/C5jexoYc3VDcZCahryByTD293t7JXXX4Lzyo/KNMXbmK+vfCmOfLIugkh5iCkwktLTrKB2VTnMWzENnDPZ1/Hu7sGOKpq9Ans1WAekLc76R2KVSWyJaiDkeo2o8CEp2eOfp6VrCQV2hrUTUTuidSXigVSEdd9PABtu6/6aG/szgJURS2M63rL7GVtCmhedn4gzP4ZYJxXO7HFhGc2nIZnvjzFUTB38VTitye/hD65e5MDs/hKysIIbWzsEjcKPfD2C6Ql5jnyVTBWt7yJe6WoLVKD0WC4zqQAABCGSURBVNf/MC/FYTNq1lYi9GWsEBYxlhUEImPp6nlNfnYd8xRG3pt4rg17Joh0MIXYm0Uq37vy6wjbzunN+UYNfjDwbYzv3WxO7FZBLvbkyOYGkXu6CpcXnt45aQGz5kmVhdDaqoO5sRstTIol9Q7ANyDv8CyWJGGiUkRqbUXtl8wi0N2FN866v7lDdATQvOw6T8je+ycC/rfW7rw9mI9ffHIe1lR2bRVQyXYQQ97VRe9g4rGfwuNLzpxmV0QRWi8gqz9egoq8A9KrAoi6EV5XBdEPm21iNOnqR2BoQezSebg0ZoQ21cTAfMA0yoytMPnrxZPnrGhTQNcsKzmSLLxFBB3eVxX14k9rztAmOpHUTjQfRfBt73u4asB78PdILuhJdGUtMUP1TWsSpO8bnKsj6dLW9Ct0RnhTNay9rZsTdWy11Gg8DB7l2iEL4S01ulZlgzvGzAhHrul207xmI8ocQVd46cVXM+gJSVUg9uYZG0/GtA1fg/y7U+1c7we4Jv9tdBliJvdKhIHwxmptY65/AyT4B+ZC5R96FJDSHiQmpdLSbnyxa7P8idM5U5tKwdc/F0agY5aEjuwO6cca+gLYwPOqFC7Nnzz7+Zbqf6cd0Dx3nBnJ7fYWg0+Xg/+4vBd+/enXsSfsjIlO1Ixh5nr8OOffKD7Cgrd3TlJ4k4Ci4Jqq+p4/0Zu7+eDtkxzNgwuxGbYkttkfiaVSEDd5chqRJilue2+fALxH5MRc+LVBT0ntPAsGCX+CFoKbaxD5qmnLD4BPq2x7XO+b39rT0orTDujg+xcOABtLCOi6L+LHrz/7Oj4o6+OIVUMWf5K5Drf6X0E3bwW8A3NhdEpCktpAcF0VbAl+qtO0qjEoN2aeS6KJq1Z0clEpdNCSZGdKAcj1FwcdISgPByTISfadSBhuEttJ+xD5MsnrHrH0yCMNuSQ31Zi5hhUmFd8w518x32vzLe2Arl568YUG6J9RW9Hja8fi31tOcATMsqViVYkHAtPQU5VBdTLhG5iblAXCrrQQXF3RiFVmVy+8fWNBU4k2cchIhiZbPp3pAnFzi5CLYxefTqNgFGZ/4hvRkeVLJXpydH/Lr/Nlywx6o+iY8AU0fl4Lt+cYc9IO6OCSkh9A0R/m7xyIhz4/BzVW+qPIZNF91U7cmvMKBhtf6U14evm1pEp4R5L6YFsQka31zZq6JPOQPP0AIZGmpc6eCCI7gnGHkSZCv8W+6oDULvbp6D0pjadyVGZz8h2IZZFKwVoay9dqbzj+DFaM/bbiazrfMOfFePiUVkCL/hzO637fvrD39rs+Ph8r9x8RzxoS7tNd7cVPcl7CMcaB2BRxQhybOPj0r1/SH2yobuTaNoo8WuIn1HQqhRpE9xyK225qPAFRmxECcVQR6e8sM7wSPdswIjGh+et01h7GAwFTkovPLPLE4k0kgKotykzLD7sqqn/YctGTL5a+/CYYYsuE58KV9L89bp8V86y00tIM6Kv8Zf7oY9PWn3b1y1tOhHgG09kMsnF8/lZMtl9BHzr0fMro7IWvX3IBPaLXhtZUxVIQ1DaCVjXMLoKx+Ft0Rwjhr4LNHZrUqF5hA28p4rlRNrcFDN5vRaJheCwKRYxij2H0ti37aFI0lIDBAPrZQE8CSxGa1JkpEjxHnoOZ+lmYWEp0llWTYqragZfs+pJZ+/SsqU+epHg4kFGqFqS22O0jNqxgzIIj7/6afLkTPzslVHi1xeqczjfNarVofZ2jS2CGVrpuXXZd4LnVxz/56lfHfTdsJ3E5a4X+qC7rcUuPOei0afsh7BkE76AkL4MiGUO2tm7Ii5ODTBF1Y3AeJD1BvE17/dZUNo7NIMmIwCvA9s88lm9Jp1vfaPCQsekZdv55XJ7P8BzBwJGw+GybcAGBJB9y+hjb4A2lvlTWRgvWPhkTsNf9Kcm9Vl7oiKSVCEL9nlLCEev8e7xMa7nfHjBfV3jjnJdaMtM1JJH6r74OxXH3zx1kkfFvG9Qob28qexTJfFzhNpQOfQ0528oQ3XXIVqwvg4Nyk/6MxgBdqTMgHQS0TxwposLEZzeXww2vb6y2CD0G3mOmkkSkTHO82v/nCaMsYnlHN4EZnUkh4NiNO5UDS32shNQ9tjvi+cngW99onHClBfppA/S4UjbDOQv/TMzXAhS/aGtl8wLms3usxo2DFiAP1Qh9UXUo+k1u971z4OmefFoADegvKutd4MRMJ55BcWTE07S7fF0jr5YM3QXic4tumPNhPHTi7VPx+IRuDJxq2faZDDqbRICQg16reBeWnn4i8/9CoejUoh/Nq5NoMD7iaQP06AcXXgbGkwAnpni2ss5x3b7Aj4e8rQP0dRxxXeBIQPzQvLiB19RUYtCXH4kkZKxtElHn6x/Qn994mlhIxFJS1zxH4qIh/LTohtm/jYdGMn24FGpX13EBL/m+BvCPGXwmoC+X7bYRY0aB6b+amgjej2dT8Z1YK5TG3LfgKCa8CMJx8UwaTx+/EcE3eq7E9wcsguSfkxbeXAO5eOmmDlzcOqd2flr3FQldx/1sdvfFPI5xcie4ulI7UOo2An1CXhpf8P3/lsWz31T7fFZ6rPeIzj2PhqG+BfA4AoYdKMoU5y5SXUFq4wmQCJqXvOz5Ud5Nrx+6JCVINi2bHfPAggcZuC1dFxaDGCV9PsAl/ZahkxkDsE7IuLLiYBScWCC00yPFHUTLIghLrG2deCQx14nZLp4mkl2vq36gvk3AAwU7R9/dVIH1eOgm20eyU5UXzMuHP6c/OHIeM11GhKOd8Dkku8aG4wgQJ8AfC/LoHroiPvNcc3OnCAdg9K8XjoDJswEUpmODeWYIFx/5IS45crlOZaCbLdK5+uBlUKLeJJQzHdFv9aS+nLpXwX9M/GqMPM2SCL0GrVIpVVJw/X/fTAdPkqXBAJU9clonZeaLxP4fmzCSGOIcyM8SgFvMvJEU7q2sqXquz22La5Lda+24lAA98teLepFpv0Jg+byl3Lwqiu8PXIRv9fwMonLUNv1caX11rVqw3j8kr7/KSz3lkKgZwc8r6lk4tLqRQDBSZFONPKuvv3fidRbsM7rc8PZXKTMlTQR4Rom3fP+eIzhiHi95Kon4LADHAkj+Rp3C2hgsIaDPEtPjhbtGf5KuL1nSgB5XOtcM+81fECA1B5OmU8uTTmYQNx41H+d0Xw1JPVDb5JMuFgS7ymJirFZsX+M7tXh+OtQbrW5sqDp4mdPu7qPz4pf8DP2DqOeU0aY6/k/RzjnfodK6ikwKp+/AULFzm8pzIpj/R8yAYBqoCF4mSF7glM+zmSWLYlfD4KWmRXd36l64hCbOTLGKUwNZkiyvRt079yQY5isE9E6WRu24bv4KffmTlAMHwSx2++ooIl/VsF1h7WS2X7WYftv5xjmrQ+9fvIVAKfnVRecVVaGuN0ueWMl7wXiPU161xPT6eg8CxIl2Y/GNs/8vVb60xXjRuffnLy6MeMODTcM4mW0aDtL11/sRoZgZ/hTXESXQbib+gpmWKpvftD28rHjynH0p0m1yeFK/xOFPLPPklFW/zkRnp7qobr4KTB06C8cVbD0EZltKsen8FdUI2vOI+J78LkUf0MSZ2qMSXlryDgM63jrZJu8GJaD/oAyVl9YSKppA+Km8cBEJ3UAOV0JFxxRdP/fjZNeWqXG6yu9fhps79nf22h67c8BDQ6KMEUrRWO2KZ7szFHXSSayaaST1lxhiP97MNpYoZb0Dy1xW4PXtwLaKMJW2HjGXyv4TB3Qpq1E5Cy8jhtQaTHx8ndX2yy0L3nrUPOuk4i0RtrmSbOywg/beaFnky8iu4HKbrQ86q30f0uTl9QKVQ+9PfJDAt+sDSKKJM0VL59r0BBLI38OnU9wmQlFCQ8Up06CtKcyJnNDcq+QklpsVQ8qeOLtAWdyZyOxiWXYXIvYzwU/2ISeaMtUuG9hmG6E9xQU7d9LElSlk90lu2wkDYvQDC44E6J8An5LclDKKbCJeMGnA0j9f1nv5Xi9CFaGIqsiDtXff5lBwb7iqpt/V80LNBXPXLL34LAV6FUj8cyjqgX6YWnlIdTOKPbHgpgRffmgpv6FB8h7CP4tumF2SPG/ckalwIDFAM9OoBxbeQYRfp3ApixL4n2Hbd/PSqae1+JymuY1VLbvwCNM2X070R6UfpUoWpDrvBiXyTLyCkhs60SapwSTdQW2TsFAQ7iq8YfZDidJy+6eHAwkBeuQD7xyvoMS22jPJ6UWcPcKG+v2i20fvTJIGpCJt6P3PJhPwaLzxw6JmaDBLSi8xokhgWYFHx4LEG4TUcL3a5V3/YUC5zfhu55tmz0p2b+641DgQN6DHlc71R/zmswC+k9SUhApi3Llwytg/JzW+wSABdWTZZ9OYcUmLXwvJglQVRfjLam1vllBEZkSNbj6Pt7c/+Xd4TbwSJ+BzJuObRTe8+WU69ujSSJwDcQN61P3vTiBlvwBO0CMYA9BaxfhFWaj4xZWlQ9N2UeA13/CFyvJuIsK1AKQIY0xvkOT+jC1cY+2K7gz1ipZFitniKgZvVlDvWmS/nHdy4RMg6ps4y2IjxCmjL5Z1YziIf1/YuWhKrTUmWdruuOQ5EB+gS2YYo4cf8TQIlyRhdF+mDL52wU/GrgDV8Zgkv+Z6I5lLjMoFKPZ57AFM1N8wFEUs3lwZ9q3zbt8VMnfY/rBpeH1mMBr1GjWdguX7xWoSXHrxnwh0Y7KWGp2UZvWhgH4CdhKr0QU3/XdtmrbmkkmCA3EBetQD755ObL8C0jEA8bYgAW+GDfu2pbefsSHeQW3VL7ik5BxSeL5h3uq45hd1QyL/al3ejB2s6IdFN8x6obVn9nHRdzslzYFWAT38gdkFPvhfJ6BRTbjmZ+UQoH5vB9XDi0tHtUn4ZKIc0NlRbd9jAF2Z6FjJsSHueF2OgrFLGeonW7bnPz+0NOb4cVvmONAKoJlGPbjgImKaEeenWQK8ttqKf7WvunhaOvVlJ1hUueSS7h4VldovElzV6o9b684hOxJcV1XNVdYOInoxYvGfutw8e1si796c2ItLM8aBFg9x9IMvd2IuepIQT11ussH8Ngi/fDc4ZhFKqeliIlnG+fAHF42wo+oPBIxucWnMUSJ6J7w9+GpwU3AFe9TKLkX5O9MdXJNl7Gl3y2kR0KMemnuSss03GOjR0s5EpSTmvwQp8LPlU0Y4EnTiJGcrl5b08Cq6h21MBLjRPYGB3cpQv/QU7/gr9W860baT63Npx8+B5gFdWqpG+8++B+ApB81hjeiSPGRfpwj31xTmvLB88ohGRVziX0pme0qSnJC3e1/yWCcyc18CAqyMalhY7TO9H2L49O2uWpHZM4pn9mYBPey++V0DRAtBkFwQjZpEdxLwGohu79l/69qZEyemNa41nsU71ScW9FQqf9gFsVNcdoZus4Aeee/8s6RYJlGjV8QWQJsB++lInu+RpTcnF4/hzHZcqoc7B5oF9Kj7FtxKCn+sxyDGfoBnKAOPG9XWJ/NKx7eaDfJwZ7C7/7blQLOAHv3gO1eCjcd0nAShkmEvMmDes+COke874fFr2227s3VUDjQL6NNKl+QrX+RcgsqFidXeqvCKeaXjm61t0VEZ5O6rfXEgLmdC+9qSu9rDmQMuoA/n0++Ae3cB3QEP9XDe0v8Ht+m4w5FunNcAAAAASUVORK5CYII="/>
+</defs>
+</svg>
diff --git a/lolrmm.com/static/images/compose.svg b/lolrmm.com/static/images/compose.svg
new file mode 100644
index 00000000..0f04070d
--- /dev/null
+++ b/lolrmm.com/static/images/compose.svg
@@ -0,0 +1,10 @@
+<svg width="404" height="88" viewBox="0 0 404 88" fill="none" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
+<path d="M127.368 66.864C135.864 66.864 141.624 62.832 145.656 57.36L140.544 54.552C137.808 58.656 132.84 61.536 127.368 61.536C116.856 61.536 108.864 53.4 108.864 42.024C108.864 30.576 116.856 22.512 127.368 22.512C132.84 22.512 137.808 25.464 140.544 29.496L145.584 26.688C141.768 21.288 135.864 17.184 127.368 17.184C113.544 17.184 102.672 27.264 102.672 42.024C102.672 56.784 113.544 66.864 127.368 66.864ZM168.248 66.864C178.832 66.864 185.456 58.656 185.456 48.576C185.456 38.496 178.832 30.36 168.248 30.36C157.664 30.36 151.04 38.496 151.04 48.576C151.04 58.656 157.664 66.864 168.248 66.864ZM168.248 62.04C160.832 62.04 156.656 55.704 156.656 48.576C156.656 41.52 160.832 35.184 168.248 35.184C175.664 35.184 179.768 41.52 179.768 48.576C179.768 55.704 175.664 62.04 168.248 62.04ZM241.635 66V40.872C241.635 33.888 238.251 30.36 231.915 30.36C226.875 30.36 222.195 33.672 220.251 36.84C219.243 33.24 216.219 30.36 210.891 30.36C205.779 30.36 201.099 34.032 199.659 36.264V31.224H194.259V66H199.659V40.584C201.531 37.776 205.275 35.184 208.803 35.184C213.339 35.184 215.211 37.992 215.211 42.384V66H220.611V40.512C222.411 37.776 226.227 35.184 229.827 35.184C234.291 35.184 236.235 37.992 236.235 42.384V66H241.635ZM269.544 66.864C278.688 66.864 285.024 59.808 285.024 48.576C285.024 37.272 278.688 30.36 269.544 30.36C264.648 30.36 260.328 32.88 257.808 36.408V31.224H252.408V79.248H257.808V60.744C260.616 64.632 264.792 66.864 269.544 66.864ZM268.176 62.04C263.928 62.04 259.68 59.448 257.808 56.424V40.728C259.68 37.704 263.928 35.184 268.176 35.184C275.16 35.184 279.336 40.872 279.336 48.576C279.336 56.28 275.16 62.04 268.176 62.04ZM308.803 66.864C319.387 66.864 326.011 58.656 326.011 48.576C326.011 38.496 319.387 30.36 308.803 30.36C298.219 30.36 291.595 38.496 291.595 48.576C291.595 58.656 298.219 66.864 308.803 66.864ZM308.803 62.04C301.387 62.04 297.211 55.704 297.211 48.576C297.211 41.52 301.387 35.184 308.803 35.184C316.219 35.184 320.323 41.52 320.323 48.576C320.323 55.704 316.219 62.04 308.803 62.04ZM345.83 66.864C354.83 66.864 359.51 62.184 359.51 56.352C359.51 42.816 337.982 47.856 337.982 40.224C337.982 37.128 340.934 34.752 345.686 34.752C350.15 34.752 353.966 36.624 356.054 39.144L358.574 35.4C355.766 32.592 351.59 30.36 345.686 30.36C337.406 30.36 332.726 34.968 332.726 40.368C332.726 53.256 354.254 48.072 354.254 56.496C354.254 59.952 351.374 62.472 346.046 62.472C341.294 62.472 336.902 60.168 334.598 57.504L331.79 61.392C335.318 65.136 340.142 66.864 345.83 66.864ZM383.979 66.864C389.667 66.864 394.347 64.992 397.803 61.536L395.211 58.008C392.475 60.816 388.443 62.4 384.483 62.4C376.995 62.4 372.387 56.928 371.955 50.376H400.107V49.008C400.107 38.568 393.915 30.36 383.403 30.36C373.467 30.36 366.267 38.496 366.267 48.576C366.267 59.448 373.683 66.864 383.979 66.864ZM394.779 46.416H371.955C372.243 41.088 375.915 34.824 383.331 34.824C391.251 34.824 394.707 41.232 394.779 46.416Z" fill="black"/>
+<rect width="88" height="88" fill="url(#pattern0)"/>
+<defs>
+<pattern id="pattern0" patternContentUnits="objectBoundingBox" width="1" height="1">
+<use xlink:href="#image0" transform="scale(0.00555556)"/>
+</pattern>
+<image id="image0" width="180" height="180" xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAALQAAAC0CAYAAAA9zQYyAAAgAElEQVR4Xu19B5xV1fH/d869r+zbZRtVinRFsSGooSlYMInR/KIuiQVrfmJPYqJBjMkmxp6qif7MP1GixAIxxlgDKAgIiGBDEaRJkc6ysO21e+f/mfNY2L6v3X1vl3s+4aORc+acM+f75s6ZmTNDcJvLgTRx4NT73uvsUdXHgI0JBBpmE3oAiBLoY5v5LUV4r+eAbV/NnDjRStOUjciQU4RduocPB8aVzvWHfd7zSPFNYB4BQh4YDbEVYfAqxfQv21SPLbp99E4nOOQC2gmuHkY0x5XONcM55l3EuBOAL46tMzPmsxW+bPHPzvoqjv4JdXEBnRC73M51OTC8dFnA66/+qQJ+DFBuAtxhgJYS800Lp4z5AEScwNgWu7qAThcnDzM6JTNmGFs39LgFoIfA8CSzfQKWKsP7vfm3n7YhmfFNjXEBnS5OHk50SlmNyl10PlnW/wEkF78kG1vM9ER5aNuPVpZODCdJpN4wF9Dp4OLhRYNG3zvvbJjG38Dok/LWmSutqHX+krvHz0uZFtDoJpoOmi6NDsyBsffOP8FW9BwIx6Ztm0x/f/eDrddiZurmPFdCp+1UOj6h0x6c29tkz1MMPpMAlcYdL4/Y3nOXTj1tT6o0XUCnysHDZPy4339YGA5V/pOAs9K/Zd7Ayjhn0R2j16VK2wV0qhw8DMaL4yTiMx4G0fUAzHRvmYD1tlITXECnm7MuvUYcKC1lNcs3/+dE6qcA/E6wiICVlteYsPi2USk7WlwJ7cQJdRCaw69b5vEOqLpGgf4MkOHUthh4yxuMfmte6fhgqnO4gE6Vgx14/JiHFnydbUwD0N2pbTLADExdPGXsA+mYwwV0OrjY4WgwnXbvguNNg8Q2XOTo9pi3QakR7/50zNZ0zOMCOh1c7GA0Rv7qnePJo54lwnHObo2r2Kapi6aOfSRd87iAThcnOwid4U+wx1+28C0Qxjq9JWZ+MUSha5dPOWdfuuZyAZ0uTnYAOqf9YUl3syb8Zyi6sIl45nTu0AZooc2RaxffOX5tOgm7gE4nN9sxrW888rpvf3X+wwDfCMAxi4awiIElZsS+dP7dZ6Qtyq6W9S6g2zEI07V0AXNFdeH1DEssDY7YmmvXysAWw+KrFtw19m0gfXHQLqDThYZ2Tkdszf6BwWvB/DCAPGe3Q1tB1g2eGvv1eaXjo07M5UpoJ7jabmgyjX1wwZk207MAujm87H2w7R+8O/WMvzs5jwtoJ7mbzbSZaeSDi0cqWH8DMMThpUbA/IAnZD00r3R8pZNzuYB2krtZTHvkfYuGKMOeCWanbc2SsuBRT9C6Mx2u7dZY6gK6NQ51wL8f/pu5XfxR80mAzgM4nXHNjblF9ELE8tyUjljneI7CBXQ8XOpAfUb+7s1iFc79K4DznQgFbcCqj4hx0cI7x65vKxa6gG4rTmfBPCN/tyiHItY9BLoNzM6dPYFhY0VUec5776df29KWW3duU225C3eu1jlQWqpG+8ffBqifA+jU+oCUemwjxqUL7xybloeviazEBXQi3GqvfUtL1Rj/WZczIBaNtL84qccWRpAIExdOGftKJtjlAjoTXG/jOUc+MP9cAv2VgN4OT72XFKYsvGPsXxyep1nyLqAzxfk2mnfc/Yv7RchaCHAvh6eUdF4P5gcqSt+49Zshh+dyAZ0pBmdy3jH3LTiKDbwIdjquGWEwPxcsDty4fPKI6kzu2ZXQmeS+g3OLRUOFov8CqQmO25qZX/B4AjfP+8mI3Q5uKS7SLqDjYlP76jT6wYWdGPwEMS5xeOWiZqwkxgVtaWtuaU8uoB0+8bYmf8LD/83NtwN3M9PtjkpmAjPzhwzzqsVTRq1o6302N58L6Gw5iTStY9QD7/4vwX40zuTjSc9K4O2s1MR37xizIGkiDgx0Ae0AUzNBcvgTyzw5e4MlzPw4CPkOr2E329Zt3jA/51Rcc7LrdwGdLOeybNzIB+efpUBPpSXFbct7qwDzHZ6Q9ddsA7Ms2wV0lgEz4eUw0+kPLRlicXQmgKEJj09sQATAb4PB8nuWl56fUfOcq0MndnDtpveoe+ceR4bnSYBPcXjRFpifItAdC+8cu9fhuZIm70ropFmX+YGn//qdPlFTPU9EIx2NnpOH2sSvBDlwxfIpI9KWQ8MJDrqAdoKrbUDzgEtbgo3GOWqei6UdWMZ2dNLiqeNXtcHWUprCBXRK7MvM4DFTFhTZhfz/iBxPCCNw/pKjxrhFPxu9MTO7TWxWF9CJ8SvjvbVLOxz9FYNuJcDr5IIIvMVm49pFd46e5eQ86aTtAjqd3HSY1rGlM7zF/l53M+yfOJ0QBqCwIvu7PfqPfWXmRHKsNne6WeYCOt0cdYwe0+gH370GzH9wPiEMqkjhroV3jP2jY9txiLALaIcYm26yox6Y/20CUix02fqqGGQT+KFgUc49mQ4FbX21jXu4gE6Ga208Zsx9C05jwqw2cGnbYH4puCFwyfK/jBAnSrtrLqCz/Mh0kL7i6QA57TixAbzmMXOuyYa45mSPxQV0spxrg3HD7pvfNVfRmwwMczpMgUArLFYXLr5zVFrzNbcBm+pN4QK6rTke53xj75vf1VYkF8BL4xySXDfJocH4gpX63qI7Rn+UHJHsGeUCOnvO4uBKxs1lM7xk4W+I+HqAfA4v8SsFNXnBlNGvx5yC7bu5gM6y85OqrWG/IU6TewFyNocGUQVs3NZz4NanZk5MvXB8NrDSBbSDp8ClpQqXrclDOByAN5AL0+6CCHUFWWHAXAfl240BT+wnqs1kzzTq/kVXEtm/c7ycGlAB0K+CRf4/Lp/cPi0aTR2dC+g0AZoZhHnjDBT3KUaAeoEwBsTjYOMYEHqAUABGnUyfHAXTWhD+A4ufRUVgzag3Lz9OmXgNoC5pWlazZJjxGPuMnyy+bVSN03O1JX0X0Elym7nEiy9yusKIHgUYx4P5JBCOAVMfkM6G74mXNIOqF2/rs+auxRO6RGzldEIYiwkzodQPFt0+eme8a2wv/VxAJ3BSvOw6DwKVPeFR50DRN8AQEBfDRi4ofgA3nHJbVSeUvncmPitzrAJxbEoiZtuerUDfy+Yg/QSOpFFXF9AtcI/njjPR94jOsL2DwPapIJ1TeUQ6s3fuqsnFA8tOx9IdvR0uDaij9FcwqysX3znqw1RAk81jXUA3OB2tC2+6tBBhNfaAFB4OoD+AYqCuDpz6se4N+fGHj8Zg7ub+sJ1/3rlBWXzxgqljPxRJnfrqs5OCC2gxvs4oMTDMmwuPMRARvgLElwDk6Pc/Yiv89bNT8MKa4xG1na0KAWA3MSYtvHPsm9kJw/St6rAGNG8uyUEkcAps+xwAYwCINHY6GThClolnVp2E5744ESHL0aKtojdHYNu3BosDf+tI5rnmfgKHJaB5zS0+GOVXwMYPAQxE7OVHm/BCvvWvrh+C3388GmHHwQymKG5ZGHnrcZSWSvBRh29tcoiZ5iILWDdeWogonQxbfQOEEhB6gZ2tad1w3wLm5Tt64b5lZ2BnjbNFWxmwCfR4MLj3jmzNoeEELjo8oHnDVYWwre8BdAnAx4NRkO7LXbwH8/HuHto8t8thMEu8UbdA1dwtlZ6SpVPP3hPv+jpCvw4JaG1u692rB6C+DcItIAxqa2ncEBwbKwrxq6XjsXpvV0dxYyob3+y7GrcNW1RmKut3YPU89vk20Yi/tMuA/USZ1eEAzWsu6w2oy0GYCOAY5x+Tts7ysmAOSpeeiY929YTtcDW1MT034kfD3kW3nCpZWATgNWA1E6aaRv2nfdn6att3jw4DaF5XUgD2TwTzFCjqVz9uInOHVBH24d5l47Bwa19HF6GIcVKXbfj1yNnI9zYqcSLW9Y0gvh9SDvnIZ8tJ9JIO2No9oPmzEi98fjG53QpgAoCcbDmnsG3giRWn4F/rhiJiO2ueO6nrNtx+8gL07VTewvYpBPC7IP4rlPkG9Z/WUudsYWNC62jXgOZl5wdQVHA7QD8Ao7CtTG/xcNhihac/H4anVw2DOFGcbL3y9uP+kbPQv6AsTtujBvZbYPoZBj39UUeS1u0W0DHrRfRRMH03kcg2J4FVS9uyFV798mj88eNRjtqa5fAG5e/CT4fPx5DiPclY0ncBeArAMxgY/JxoZrtJKNOhHCu84So/rOjdAN3heGXUBH8BUkJ78fY+eGj56dgdDCQ4OrHuPdRe3Fb4Kk4o3AqzkwlPjxwYnRJ85MIcBdGXIDwJr/cJ6vO3ssRWkV2926WE5nWXXwQmybwpNuWsaWLB+HRPd/xs8TkoCzmnyst9rp+xEz/0v4yBxvaD+yevQs5RneA9IicZaS2exAWw1c+xv2wZjXglKxOat3bY7Q7QvO6qwWB7DsBHtra5tv77DfuLcN/7Z+DzvRLf71w73tiI7/tnYaCxrdEkKsdA7rAiGHkJSupDlPYC/CIM87foN211e9Ov2xWgtaoRjb4Aogucg0tylKsiXty5aAI+2NUzOQJxjBLJfJK5Hj/NeRF5FGxyBHkUck8qhFmUcmLS/WD7TvjDT1Gfme3mmVb7AvTaK74D2E8BlFWqRlmVH3/6dBRmbR4UByyT62LAxje8y/E93zsopOa1AaPIg7wTiyDqRxqaOGbka/gouPhtGvxoxmp4x7uXdgNoXvMNH9DlHRBOi3dzjvVjhlUZRWRXCNFdITxZPg7/qjwVUXbG1hxACNflvImxnpXwifOvmSbSOe/kIhgFcT9njJdFku5gGiKdptLQxyrjHZSJfu0C0AdiM6ZCqVLH3yk1OAW2GByyYYcsDeLo3gis8rD+/2HbxKvhUzE9NA5hJK2zNnvuJiwcZXyFy33zcILZstfayDXhP6oTPF0dy0sjnsUl+gyI5lP/aU3rPJlAcZ052weg1046Doy5IDj+vF/zhgGrKorI7hCsvWFY1ZYGNVv2wdxCFhT+Gz4Zfw1OcATM+VSNb3uXYIL3IxRSZfMOE0XwdPPB3y8XRidPMtaNRCG4E8zTYVv309HPZbxYfcPFZz2gmUsMrPP9AqC7HAv7ZGiw2iEb0b1hRLYFEd0fAaymwx0kMGKl1QcPV1+I3Zzeoq0eRNHP2IGrfXNwnLkJqpmQCzIIYtHw9c+Ft3tOml87toZxlnx4HwPWD7Gv06JsiuTLfkBL9BypNwAc1xqbE/17DtuI7osgWh6GtS+iVQqOHJLCTdETiH8W7YtHg9/CV3bnRKdstr+CjSPVLkzwfqh15WalsgLMIh+8R/i1eiF6c4Yag3kbiKaD7Udp8D+2ZGgd9abNfkCvn/RjMB5KZ/Sc6MXhrTUIbayGXR1N6By22J1xb/VEbLbTE9csprieag/+x/sexntWwE/hptdDgFnohX9gHsxCD6Cy5ujkQdB7sCJX09HPZbzsW9ZwpUlpuOnKgQjzXID7JIS6ZjqL9A1vDyK8uVrryIkGUO7ifDxScz4+ig5I+m4qDPcigs6qAgPUdpzmWY1h5noUUDUaRnSK9DVyDRhFXng6+7T1QlSNLGyihW0G47fweadn0n2eldzR9zL96qTP3VC4O2n01J48Q6sVwTUVsCqiEAmdaNvHuXi45kJ8HJVQ68TZJrpxT1WGocYmDeABxnYNYh9F6gPZIIjFwiz2wtPFp2MzyFRtcdlLlCVN9a8G4w1ErB/Tsc9mpK5h4ieTjm3HQYPXX9oXlvo3iE6Ko3vTXeSlaMhCaHM1wluqwZHEgSyEQ+zBk6Gz8UZ4OOxWcs2IA8RDFgIIQiwVAmIxvZ1obkAvVYaARG7WNoKWuOIE0SAu8mppLIFGWaRSJMb+WAL1dTpwjAteb2tnTPYCevVlV8I0HgNzciFrDER2BhH8sgqWWCySwzIiMPFc8HT8O/y1Js1zAmDRe7vRPvQxdqGf2ok+xm50pX0ooirkUQ28WgrHorW1dcJvaMlr5Hl0zIUKGCCfATKz9jgSA3Wst8SzPoewfR8dO71x0EkyFOMYk5UcjMVsWG+ApI514k3Mb6GNVQhvqgbbSSIZQMzWPAyPBb+p0SjCpxbARVSJwcZWjDDXavWhq9p/yIsnXCWS/wEmQdVK4AN6sJjbslQXTpzZrY7gN2CYN6LftI1tEeiUnYBec8W3Qfx8wg9cRSrvCSG0vkrrzKk07RaLDsETNeeiAgFtUhPVQUDcV+1CV7VPqxRibCCxnB2wC6uAGZPAuYa2E4s6oTqe9E2EtRKWuhygX2DgptlE8xIzKyUyUzY9WTp4f1t1TSd4Ii+CIem54m4iiUObqhFcV9msQyRuYgA22V3wcPVFGGpuxLmeD9HTKNO6sVIMlSPqQgy04p0T1UEHA8ndTYvlbORsIrt3pO8uEP0QA55+zklJnXUSmtdeMR7M/9R5l+NsdrUVUzG+qklJxTg4nUdht1kEj4fROacahi92adPA9SsN3sNHZYjzEOLpxlwJ0O8A8080+Cl5/pX2loWAnvQbEH4Yb2IYcVXXrNqvvXzJXvxIEVSuoT1wRr6pwXsQtCZB/t5taeNAGMz/gW3d4EQsSFadFG+9LoCamqVgDG2VfcyI7Amj+rN9OnAokSbWBLEqmPkeHdhjdvZ1NAtDIuzIVN9FIOMqDJi2Np0qSHYB+ovLL4GiaQeygTbLaHGMiL4c2lAJjsZvxVC5po5/EKeFNpf5jPbisMgU6JyeV0B9PQ2ctiJdE2UNoJlv8WFd+dsARrW4OZtR80UlQpur4lMxFMHMN+HrmwtTgnlc9SFd2EkPHcIG2NHzMei5lemQ1NkD6LWXjQbU7JYyH9k1FmrWVCCyvZXYcoI2nZldfPB288Eo9LqXuPTAzykq68QCQgOffjXVCbIC0LGYZ28pSN3VXKCEBBZVflSuX4u0dPmTuAfvkQH4eudoh0a7dSGnerLtb/wO2HwtHTX9tVSWnh2A3nhpEcI6buP0pjYjkXE1n+1DtLz593RaInf1aSCLeS2J+KFU+OiOTQ8HykG4DAMGvkmUXMWB7AD0uklSKm0WGEUN+WIHLVR/ug/RsmY8f/IEqbsP/iNzofJMV7VID7AyR4XwBWx1IQ3++2fJLCI7AL3+iqmw+Z6GT6w0mFfs08+iGjXRk3NM+AfkwtujrZ8gJcNqd0wCHFgJr7oAff6+PtGLYsYBzYtKctDVvxiEE+tuWMAsDpPIzsapIMSO7O0VgK9Pjga1q14kAJV205XeAuzradD0tYksOfOAXn/FqWB+Bwz/wYXbjOqV+/UzqYZNwJwztADebn4XyImcdLvsS6+hir9LJz6jyxHE0zIKaF21de2kUhB+XrtYcZQE11fq2Ix61gx5U9fZF3tTl/5EKvHwyu3T9hyQAruPI+K5k4Y8WRHP9JkF9LrrCsDVLwJ0Vu1i5XVJ8IuK+s+kFODrmwdf30DMFOe2w4kDFSCeTAOnPxfPpjML6C8mHQPFrwI0QBYrloyqT8oh6QVqm6gY4uXzD8hzVYx4TrQj9iF8DI6cT4Oe39za9jIL6HWXnQVW/waQZ1dFUflheb20Ajrf8ZD8WP6J7Hzt3Bp/3b9PDwdE9XgNtn05Df7H/pZIZhbQa6+4BcS/5ygbNZ/XvwTKa4+cY/P18323uRzQHGDchkHBR1oqnZFZQK+5/BkQXR7eXoOalfsPRs5JJFzOMfnpyHHsIqFjcWAlWF1Ag/++rrltZRbQayetsWusQRVL9sRScIlnJWDqhN0pZKDvWEfo7qYuByww30GDp/8uKwFtr7o8WL1yn682ek7UjMCx+TCLfe4F0AVycxxYjWjkTBry/NamOmRUQkeWfTdY9VG5T6waIpkDJxTAbJuUsC5c2i8H5FN+B6YP/D2VNg5gyiigq/99QXVoa02O8inkHFvgZLLu9nt87sobc4DxHjz8HerXOIFNRgG994kJkv/sSFEzdIBRRlfjIqfdcIBRBra+Q0c9O7/hmjMKofL/N2GGr39eib9vrgvmdoOmrFhoEODJNGj601kF6MiSkp8bhb5fkKlzD7nN5UC8HLDB+CUNfuZXWQNo/nhSLnLxPoBj4t2F28/lwEEOMP5Bg5+5PCsAzZ+VeOHz/wbAzW7SLBekyXGAl9Og6fLSqV7LiA7NGy77Giz1CtBGVa2S45g7Kps5QNhAA5/RQW11W5sDWsdAr5skFa1+6VhVq0QPorlcNW3OnUQXfjj35zU0aPpRmQe05H62rLdaTSjj4FmxVCULM+yKCCTXhyU1CMX1LgWw5BcnWURNpStMSTJy8WAakpTcaDelIRzkXtaQXkmDnmmUMq7NZRDHyrStB5D2+r0tslpqEUZtnQ9PFw3aF0koU6mAW8JYpZyaUXAgcU2bcy9rwJT5hTA+psHPNCpX0uZHwmsvvwKgv7cVRyQPnjwc0HW5d4cgj29TavLaPGDC09mrn4RJnjw3VjsljiY3mPEeDX7maxlVOZhLFdatfRKgK5PbRWKjohUR1KyqgL0/klTlq9Zmq63mKu8cPe6j3dbYlda/5wi/o46Z3qhkSZtKaC4tVbhs7d8lBjqtu2tATKSwlDcObqyq95yruTnlOUSYPTCVDY9hxbyWclEUNUX+2VqdFiItqX1HBnQMdwcr/uPkUSVNO7o3/IHnlBeGZ1RCy+S8dtLjAK5PeictDTxYY6VSlzxuKQdeBedgtdVLV4TdZhehRvlw5aD30StQfmgGAXNULpA2bPlTY0GqBch/a6oJkDWwJdNpodd15ztyyDGike3BFd4xM0/IPKDXTJoEQiMffKp71+WOt1QjuLaySfUiCgMC4pXRPlgYGYpPrL6oZD8sGAgYYfzgqHk4+4hVLcdH2QwWY4hYRsojsKU2eNCOXS7rYtwg+PoE4O+XG6u94rb0coCB0JeVq/3nvDQk84Be9b2eMD0rARSka5dicpNcHrrGSgPpGYXCKqsPFkWG4JNoP11wXmoP1rYcI4Kr+i/BRX0+gpKakaJjSMStmPYO/DP2/+usVoplarWEYYdYA1tqIWrpXduPACPfo0Et1hE3C2q6ThtaYNWs2r8h99v/yQLHyrLhHhQd8yyYLk7HFu2gfSCZY+OUYeut7ng6dCZWWP10Ndim2gVHfILJvd6BJxTSL851rRbBZR1gN1JdBMyKDlaBlfosUpdFsGztDsOqiMR+FNKUpGEI6AQ5brL1dJw4tM+g6pPydZ2++9qgzEvoZSUFUY/xshkwz4iJueSbSESd/25P6KBkFEfkDrsAcyInYVZ4GMq4U5MTSAHNM7yfYnKnWci1alq/+LW2TKlX6FOx2oQm6TLMwnip/yISRUx8OQPzdAF6t6XGAVH5qj4q/yR/0uv18iEK1dQQleC6xMoRPu/TKWD6lfIbhpmTfB5nKUJf/Wl5vepXIiHXWL3wl+C5WGP11JVgm2snm2vxo5z/QCrCpr3V1vCWApz5ZuxCuT+iPY3+o/N1VQG3Jc8BufBXf1S+uODaNxuVL2lTQIeWlRwPxiIw8mQ7hj9WdTWRT7F2lOwN63RhWj040MIwsSQyBH8LnoM9zUjl2r591G5MCczUFWHrtQNArFUnpDqsrs8tvwv5mogaUmvKs2r/nXWhTxZ/zYG/r0dTkQa1yjPANbZ27PiOzIW3Z47rkEkS05LEs2bl/tmF18+akDGVQ9LmRkx6hMHfr7sI5VEgn4mo8sBnNu/FE0uCtT+K8KYqRMrC9ezLUTbwauQUvBgahb2sfyvNtt4C5px/op+xM1aP20O6mKauTeg7UFRT/puAubbAkID6AJ41YW2jrgPuaEy1kBrj1r6oviQ2ahIGUoeet+cBvbpjFaxPEqKJDZOkRDWbqqd1vmn21RkDdPWyi05TtnqZgO51F2EzYdHuAXhp2zCM6rkJw7puQydPCB5lwcsR+KwQqCKEyNZY/EWtk0N0ZXGI7LLzMSM0RuvMdgsqhsyZR0H8OPASTvWv0xJTnCCqIMWs/4JrkdBBC9E9Yf2ji7duoqeHHzlH5UP5XdNevJDWtXbeL4tGKyNTi2+c83BGAL1h7jh/z0DXZ0C4qK7eLqBctKs/frvqTJRHAnptOWYEATOiAZ3DIfTi3ejNO7Wu212Vo5CqEIQXW+1ibLS6YXl0EL6yi5urNXRwvwEK4fqiOTinxyp4Cg3IS/OUbhB17NHaZFcj/yH+mol6YZIiuNiLnMGdtInPba1zILwjiOqPy6tg82VFN895OSOADi65eAIpel3U5roL2FhVjJ+vOA+bqxuVVmmg2gr0GYaGLesvvkhj+RMPhEyycX2fefjOgE9j+nCKTZwpYvMWaSz6c6pNJHTg+EI39VkrjBS1s/qTcqnqsI1s9a3Cm//7QZsDunzBpUU53sh0EL5Zd/IoK/zm87Mwe/uQVqVrKoBRxLig5yf434GLtPRPpYmZ0CoLI7o73LiCrUE6d7Xo5JA4avmnVrwPqCSiZ4vrPNh0GWednFIyrXZxs0Y1d0bR8rCY6+SusoIt85udb31jS5sDOri05OsE/ANAcd3J/7vtGPxu1ZmIcD2hnQreGo0VaX5m9y/ww6PnItdspopWPDMyEN0ZQmRHqFGwk1weja7eWFCSgFi8iHL5a2g/Erd5lLXLXAKnxE7d6DBMhZyj8nT9mJTUoXj21A77iM9BEuLDxks1pv/ynpNfqW5TQM+YUWJ8uy//DYquqCuGv6wqxu0ffQd7QrmOsvXkos34xXFvoJOnlcqzLaxCJGpkS40GYt0mAf9msQdmT3/C5jexoYc3VDcZCahryByTD293t7JXXX4Lzyo/KNMXbmK+vfCmOfLIugkh5iCkwktLTrKB2VTnMWzENnDPZ1/Hu7sGOKpq9Ans1WAekLc76R2KVSWyJaiDkeo2o8CEp2eOfp6VrCQV2hrUTUTuidSXigVSEdd9PABtu6/6aG/szgJURS2M63rL7GVtCmhedn4gzP4ZYJxXO7HFhGc2nIZnvjzFUTB38VTitye/hD65e5MDs/hKysIIbWzsEjcKPfD2C6Ql5jnyVTBWt7yJe6WoLVKD0WC4zqQAABCGSURBVNf/MC/FYTNq1lYi9GWsEBYxlhUEImPp6nlNfnYd8xRG3pt4rg17Joh0MIXYm0Uq37vy6wjbzunN+UYNfjDwbYzv3WxO7FZBLvbkyOYGkXu6CpcXnt45aQGz5kmVhdDaqoO5sRstTIol9Q7ANyDv8CyWJGGiUkRqbUXtl8wi0N2FN866v7lDdATQvOw6T8je+ycC/rfW7rw9mI9ffHIe1lR2bRVQyXYQQ97VRe9g4rGfwuNLzpxmV0QRWi8gqz9egoq8A9KrAoi6EV5XBdEPm21iNOnqR2BoQezSebg0ZoQ21cTAfMA0yoytMPnrxZPnrGhTQNcsKzmSLLxFBB3eVxX14k9rztAmOpHUTjQfRfBt73u4asB78PdILuhJdGUtMUP1TWsSpO8bnKsj6dLW9Ct0RnhTNay9rZsTdWy11Gg8DB7l2iEL4S01ulZlgzvGzAhHrul207xmI8ocQVd46cVXM+gJSVUg9uYZG0/GtA1fg/y7U+1c7we4Jv9tdBliJvdKhIHwxmptY65/AyT4B+ZC5R96FJDSHiQmpdLSbnyxa7P8idM5U5tKwdc/F0agY5aEjuwO6cca+gLYwPOqFC7Nnzz7+Zbqf6cd0Dx3nBnJ7fYWg0+Xg/+4vBd+/enXsSfsjIlO1Ixh5nr8OOffKD7Cgrd3TlJ4k4Ci4Jqq+p4/0Zu7+eDtkxzNgwuxGbYkttkfiaVSEDd5chqRJilue2+fALxH5MRc+LVBT0ntPAsGCX+CFoKbaxD5qmnLD4BPq2x7XO+b39rT0orTDujg+xcOABtLCOi6L+LHrz/7Oj4o6+OIVUMWf5K5Drf6X0E3bwW8A3NhdEpCktpAcF0VbAl+qtO0qjEoN2aeS6KJq1Z0clEpdNCSZGdKAcj1FwcdISgPByTISfadSBhuEttJ+xD5MsnrHrH0yCMNuSQ31Zi5hhUmFd8w518x32vzLe2Arl568YUG6J9RW9Hja8fi31tOcATMsqViVYkHAtPQU5VBdTLhG5iblAXCrrQQXF3RiFVmVy+8fWNBU4k2cchIhiZbPp3pAnFzi5CLYxefTqNgFGZ/4hvRkeVLJXpydH/Lr/Nlywx6o+iY8AU0fl4Lt+cYc9IO6OCSkh9A0R/m7xyIhz4/BzVW+qPIZNF91U7cmvMKBhtf6U14evm1pEp4R5L6YFsQka31zZq6JPOQPP0AIZGmpc6eCCI7gnGHkSZCv8W+6oDULvbp6D0pjadyVGZz8h2IZZFKwVoay9dqbzj+DFaM/bbiazrfMOfFePiUVkCL/hzO637fvrD39rs+Ph8r9x8RzxoS7tNd7cVPcl7CMcaB2BRxQhybOPj0r1/SH2yobuTaNoo8WuIn1HQqhRpE9xyK225qPAFRmxECcVQR6e8sM7wSPdswIjGh+et01h7GAwFTkovPLPLE4k0kgKotykzLD7sqqn/YctGTL5a+/CYYYsuE58KV9L89bp8V86y00tIM6Kv8Zf7oY9PWn3b1y1tOhHgG09kMsnF8/lZMtl9BHzr0fMro7IWvX3IBPaLXhtZUxVIQ1DaCVjXMLoKx+Ft0Rwjhr4LNHZrUqF5hA28p4rlRNrcFDN5vRaJheCwKRYxij2H0ti37aFI0lIDBAPrZQE8CSxGa1JkpEjxHnoOZ+lmYWEp0llWTYqragZfs+pJZ+/SsqU+epHg4kFGqFqS22O0jNqxgzIIj7/6afLkTPzslVHi1xeqczjfNarVofZ2jS2CGVrpuXXZd4LnVxz/56lfHfTdsJ3E5a4X+qC7rcUuPOei0afsh7BkE76AkL4MiGUO2tm7Ii5ODTBF1Y3AeJD1BvE17/dZUNo7NIMmIwCvA9s88lm9Jp1vfaPCQsekZdv55XJ7P8BzBwJGw+GybcAGBJB9y+hjb4A2lvlTWRgvWPhkTsNf9Kcm9Vl7oiKSVCEL9nlLCEev8e7xMa7nfHjBfV3jjnJdaMtM1JJH6r74OxXH3zx1kkfFvG9Qob28qexTJfFzhNpQOfQ0528oQ3XXIVqwvg4Nyk/6MxgBdqTMgHQS0TxwposLEZzeXww2vb6y2CD0G3mOmkkSkTHO82v/nCaMsYnlHN4EZnUkh4NiNO5UDS32shNQ9tjvi+cngW99onHClBfppA/S4UjbDOQv/TMzXAhS/aGtl8wLms3usxo2DFiAP1Qh9UXUo+k1u971z4OmefFoADegvKutd4MRMJ55BcWTE07S7fF0jr5YM3QXic4tumPNhPHTi7VPx+IRuDJxq2faZDDqbRICQg16reBeWnn4i8/9CoejUoh/Nq5NoMD7iaQP06AcXXgbGkwAnpni2ss5x3b7Aj4e8rQP0dRxxXeBIQPzQvLiB19RUYtCXH4kkZKxtElHn6x/Qn994mlhIxFJS1zxH4qIh/LTohtm/jYdGMn24FGpX13EBL/m+BvCPGXwmoC+X7bYRY0aB6b+amgjej2dT8Z1YK5TG3LfgKCa8CMJx8UwaTx+/EcE3eq7E9wcsguSfkxbeXAO5eOmmDlzcOqd2flr3FQldx/1sdvfFPI5xcie4ulI7UOo2An1CXhpf8P3/lsWz31T7fFZ6rPeIzj2PhqG+BfA4AoYdKMoU5y5SXUFq4wmQCJqXvOz5Ud5Nrx+6JCVINi2bHfPAggcZuC1dFxaDGCV9PsAl/ZahkxkDsE7IuLLiYBScWCC00yPFHUTLIghLrG2deCQx14nZLp4mkl2vq36gvk3AAwU7R9/dVIH1eOgm20eyU5UXzMuHP6c/OHIeM11GhKOd8Dkku8aG4wgQJ8AfC/LoHroiPvNcc3OnCAdg9K8XjoDJswEUpmODeWYIFx/5IS45crlOZaCbLdK5+uBlUKLeJJQzHdFv9aS+nLpXwX9M/GqMPM2SCL0GrVIpVVJw/X/fTAdPkqXBAJU9clonZeaLxP4fmzCSGOIcyM8SgFvMvJEU7q2sqXquz22La5Lda+24lAA98teLepFpv0Jg+byl3Lwqiu8PXIRv9fwMonLUNv1caX11rVqw3j8kr7/KSz3lkKgZwc8r6lk4tLqRQDBSZFONPKuvv3fidRbsM7rc8PZXKTMlTQR4Rom3fP+eIzhiHi95Kon4LADHAkj+Rp3C2hgsIaDPEtPjhbtGf5KuL1nSgB5XOtcM+81fECA1B5OmU8uTTmYQNx41H+d0Xw1JPVDb5JMuFgS7ymJirFZsX+M7tXh+OtQbrW5sqDp4mdPu7qPz4pf8DP2DqOeU0aY6/k/RzjnfodK6ikwKp+/AULFzm8pzIpj/R8yAYBqoCF4mSF7glM+zmSWLYlfD4KWmRXd36l64hCbOTLGKUwNZkiyvRt079yQY5isE9E6WRu24bv4KffmTlAMHwSx2++ooIl/VsF1h7WS2X7WYftv5xjmrQ+9fvIVAKfnVRecVVaGuN0ueWMl7wXiPU161xPT6eg8CxIl2Y/GNs/8vVb60xXjRuffnLy6MeMODTcM4mW0aDtL11/sRoZgZ/hTXESXQbib+gpmWKpvftD28rHjynH0p0m1yeFK/xOFPLPPklFW/zkRnp7qobr4KTB06C8cVbD0EZltKsen8FdUI2vOI+J78LkUf0MSZ2qMSXlryDgM63jrZJu8GJaD/oAyVl9YSKppA+Km8cBEJ3UAOV0JFxxRdP/fjZNeWqXG6yu9fhps79nf22h67c8BDQ6KMEUrRWO2KZ7szFHXSSayaaST1lxhiP97MNpYoZb0Dy1xW4PXtwLaKMJW2HjGXyv4TB3Qpq1E5Cy8jhtQaTHx8ndX2yy0L3nrUPOuk4i0RtrmSbOywg/beaFnky8iu4HKbrQ86q30f0uTl9QKVQ+9PfJDAt+sDSKKJM0VL59r0BBLI38OnU9wmQlFCQ8Up06CtKcyJnNDcq+QklpsVQ8qeOLtAWdyZyOxiWXYXIvYzwU/2ISeaMtUuG9hmG6E9xQU7d9LElSlk90lu2wkDYvQDC44E6J8An5LclDKKbCJeMGnA0j9f1nv5Xi9CFaGIqsiDtXff5lBwb7iqpt/V80LNBXPXLL34LAV6FUj8cyjqgX6YWnlIdTOKPbHgpgRffmgpv6FB8h7CP4tumF2SPG/ckalwIDFAM9OoBxbeQYRfp3ApixL4n2Hbd/PSqae1+JymuY1VLbvwCNM2X070R6UfpUoWpDrvBiXyTLyCkhs60SapwSTdQW2TsFAQ7iq8YfZDidJy+6eHAwkBeuQD7xyvoMS22jPJ6UWcPcKG+v2i20fvTJIGpCJt6P3PJhPwaLzxw6JmaDBLSi8xokhgWYFHx4LEG4TUcL3a5V3/YUC5zfhu55tmz0p2b+641DgQN6DHlc71R/zmswC+k9SUhApi3Llwytg/JzW+wSABdWTZZ9OYcUmLXwvJglQVRfjLam1vllBEZkSNbj6Pt7c/+Xd4TbwSJ+BzJuObRTe8+WU69ujSSJwDcQN61P3vTiBlvwBO0CMYA9BaxfhFWaj4xZWlQ9N2UeA13/CFyvJuIsK1AKQIY0xvkOT+jC1cY+2K7gz1ipZFitniKgZvVlDvWmS/nHdy4RMg6ps4y2IjxCmjL5Z1YziIf1/YuWhKrTUmWdruuOQ5EB+gS2YYo4cf8TQIlyRhdF+mDL52wU/GrgDV8Zgkv+Z6I5lLjMoFKPZ57AFM1N8wFEUs3lwZ9q3zbt8VMnfY/rBpeH1mMBr1GjWdguX7xWoSXHrxnwh0Y7KWGp2UZvWhgH4CdhKr0QU3/XdtmrbmkkmCA3EBetQD755ObL8C0jEA8bYgAW+GDfu2pbefsSHeQW3VL7ik5BxSeL5h3uq45hd1QyL/al3ejB2s6IdFN8x6obVn9nHRdzslzYFWAT38gdkFPvhfJ6BRTbjmZ+UQoH5vB9XDi0tHtUn4ZKIc0NlRbd9jAF2Z6FjJsSHueF2OgrFLGeonW7bnPz+0NOb4cVvmONAKoJlGPbjgImKaEeenWQK8ttqKf7WvunhaOvVlJ1hUueSS7h4VldovElzV6o9b684hOxJcV1XNVdYOInoxYvGfutw8e1si796c2ItLM8aBFg9x9IMvd2IuepIQT11ussH8Ngi/fDc4ZhFKqeliIlnG+fAHF42wo+oPBIxucWnMUSJ6J7w9+GpwU3AFe9TKLkX5O9MdXJNl7Gl3y2kR0KMemnuSss03GOjR0s5EpSTmvwQp8LPlU0Y4EnTiJGcrl5b08Cq6h21MBLjRPYGB3cpQv/QU7/gr9W860baT63Npx8+B5gFdWqpG+8++B+ApB81hjeiSPGRfpwj31xTmvLB88ohGRVziX0pme0qSnJC3e1/yWCcyc18CAqyMalhY7TO9H2L49O2uWpHZM4pn9mYBPey++V0DRAtBkFwQjZpEdxLwGohu79l/69qZEyemNa41nsU71ScW9FQqf9gFsVNcdoZus4Aeee/8s6RYJlGjV8QWQJsB++lInu+RpTcnF4/hzHZcqoc7B5oF9Kj7FtxKCn+sxyDGfoBnKAOPG9XWJ/NKx7eaDfJwZ7C7/7blQLOAHv3gO1eCjcd0nAShkmEvMmDes+COke874fFr2227s3VUDjQL6NNKl+QrX+RcgsqFidXeqvCKeaXjm61t0VEZ5O6rfXEgLmdC+9qSu9rDmQMuoA/n0++Ae3cB3QEP9XDe0v8Ht+m4w5FunNcAAAAASUVORK5CYII="/>
+</defs>
+</svg>
diff --git a/lolrmm.com/static/images/frustrated.jpg b/lolrmm.com/static/images/frustrated.jpg
new file mode 100644
index 00000000..fe04c0f5
Binary files /dev/null and b/lolrmm.com/static/images/frustrated.jpg differ
diff --git a/lolrmm.com/static/images/its-friday-then-happy-1456306922.gif b/lolrmm.com/static/images/its-friday-then-happy-1456306922.gif
new file mode 100644
index 00000000..fb9bc8cd
Binary files /dev/null and b/lolrmm.com/static/images/its-friday-then-happy-1456306922.gif differ
diff --git a/lolrmm.com/static/images/jose-headshot.png b/lolrmm.com/static/images/jose-headshot.png
new file mode 100644
index 00000000..09ddf114
Binary files /dev/null and b/lolrmm.com/static/images/jose-headshot.png differ
diff --git a/lolrmm.com/static/images/logo-dark.png b/lolrmm.com/static/images/logo-dark.png
new file mode 100644
index 00000000..2bd27565
Binary files /dev/null and b/lolrmm.com/static/images/logo-dark.png differ
diff --git a/lolrmm.com/static/images/logo.png b/lolrmm.com/static/images/logo.png
new file mode 100644
index 00000000..2bd27565
Binary files /dev/null and b/lolrmm.com/static/images/logo.png differ
diff --git a/lolrmm.com/static/images/michael-headshot.png b/lolrmm.com/static/images/michael-headshot.png
new file mode 100644
index 00000000..255e6fa8
Binary files /dev/null and b/lolrmm.com/static/images/michael-headshot.png differ
diff --git a/lolrmm.com/static/images/nas-headshot.png b/lolrmm.com/static/images/nas-headshot.png
new file mode 100644
index 00000000..4f73b308
Binary files /dev/null and b/lolrmm.com/static/images/nas-headshot.png differ
diff --git a/lolrmm.com/static/images/painting.jpg b/lolrmm.com/static/images/painting.jpg
new file mode 100644
index 00000000..c3c0f746
Binary files /dev/null and b/lolrmm.com/static/images/painting.jpg differ
diff --git a/lolrmm.com/static/images/scribble.jpg b/lolrmm.com/static/images/scribble.jpg
new file mode 100644
index 00000000..baf8cc47
Binary files /dev/null and b/lolrmm.com/static/images/scribble.jpg differ
diff --git a/lolrmm.com/static/images/speakers.jpg b/lolrmm.com/static/images/speakers.jpg
new file mode 100644
index 00000000..efd9d953
Binary files /dev/null and b/lolrmm.com/static/images/speakers.jpg differ
diff --git a/lolrmm.com/static/images/street.jpg b/lolrmm.com/static/images/street.jpg
new file mode 100644
index 00000000..68c08877
Binary files /dev/null and b/lolrmm.com/static/images/street.jpg differ
diff --git a/lolrmm.com/static/images/stuck.jpg b/lolrmm.com/static/images/stuck.jpg
new file mode 100644
index 00000000..6c419c78
Binary files /dev/null and b/lolrmm.com/static/images/stuck.jpg differ
diff --git a/lolrmm.com/static/images/twitter_verified.png b/lolrmm.com/static/images/twitter_verified.png
new file mode 100644
index 00000000..6c3aa9c5
Binary files /dev/null and b/lolrmm.com/static/images/twitter_verified.png differ
diff --git a/lolrmm.com/themes/compose/.github/FUNDING.yml b/lolrmm.com/themes/compose/.github/FUNDING.yml
new file mode 100644
index 00000000..aa712b13
--- /dev/null
+++ b/lolrmm.com/themes/compose/.github/FUNDING.yml
@@ -0,0 +1,12 @@
+# These are supported funding model platforms
+
+github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2]
+patreon: # Replace with a single Patreon username
+open_collective: # Replace with a single Open Collective username
+ko_fi: # Replace with a single Ko-fi username
+tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
+community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
+liberapay: # Replace with a single Liberapay username
+issuehunt: # Replace with a single IssueHunt username
+otechie: # Replace with a single Otechie username
+custom: https://neuralvibes.com/sponsor/
diff --git a/lolrmm.com/themes/compose/.github/ISSUE_TEMPLATE/bug_report.md b/lolrmm.com/themes/compose/.github/ISSUE_TEMPLATE/bug_report.md
new file mode 100644
index 00000000..b802f311
--- /dev/null
+++ b/lolrmm.com/themes/compose/.github/ISSUE_TEMPLATE/bug_report.md
@@ -0,0 +1,24 @@
+---
+name: Bug report
+about: Report an issue to help us improve the theme
+title: '[BUG]'
+labels: 'bug'
+assignees: ''
+---
+
+**I have checked all the prerequisites below and I'm yet experiencing a problem**
+
+- [] Read the README.md
+- [] Have the extended version of Hugo installed
+- [] Used the exampleSite's config.toml as a reference
+- [] If and when requested, I'll link my repo to make it easier to debug.
+
+__⚠️ NOTE:__ If the issue isn't easy to reproduce and its author(s) decline to provide reasonable accommodation to debug, the issue will be closed.
+
+**Describe the bug**
+
+A clear and concise description of what the bug is. [REPLACE]
+
+**Desktop (please complete the following information):**
+ - OS: [e.g. iOS 14, Windows 10]
+ - Browser: [e.g. chrome 76, safari 13]
diff --git a/lolrmm.com/themes/compose/.github/ISSUE_TEMPLATE/feature_request.md b/lolrmm.com/themes/compose/.github/ISSUE_TEMPLATE/feature_request.md
new file mode 100644
index 00000000..90bd84d3
--- /dev/null
+++ b/lolrmm.com/themes/compose/.github/ISSUE_TEMPLATE/feature_request.md
@@ -0,0 +1,21 @@
+---
+name: Feature Request
+about: Request a feature to Compose.
+title: '[FEATURE]'
+labels: 'enhancement'
+assignees: ''
+---
+
+**I have checked all the prerequisites below and I don't see this is available**
+
+- [ ] Read the README.md
+- [ ] Have the extended version of Hugo installed
+- [ ] Used the exampleSite's config.toml as a reference
+
+**Describe the feature**
+
+A clear and concise description of what the feature is. [REPLACE]
+
+**Desktop (please complete the following information):**
+ - OS: [e.g. iOS 14, Windows 10]
+ - Browser: [e.g. chrome 76, safari 13]
diff --git a/lolrmm.com/themes/compose/.github/pull-request_template.md b/lolrmm.com/themes/compose/.github/pull-request_template.md
new file mode 100644
index 00000000..f605cca3
--- /dev/null
+++ b/lolrmm.com/themes/compose/.github/pull-request_template.md
@@ -0,0 +1,17 @@
+This PR...
+
+## Changes / fixes
+
+-
+
+## Screenshots (if applicable)
+
+(prefer animated gif)
+
+## Checklist
+
+_Ensure you have checked off the following before submitting your PR._
+
+- [ ] tested locally with the [latest release of Hugo](https://github.com/gohugoio/hugo/releases). This requirement is [a standard](https://github.com/gohugoio/hugoThemes#theme-maintenance)
+- [ ] added new dependencies
+- [ ] updated the [docs]() ⚠️
diff --git a/lolrmm.com/themes/compose/.gitignore b/lolrmm.com/themes/compose/.gitignore
new file mode 100644
index 00000000..4b63e5de
--- /dev/null
+++ b/lolrmm.com/themes/compose/.gitignore
@@ -0,0 +1,3 @@
+public/
+node_modules/
+.DS_Store
diff --git a/lolrmm.com/themes/compose/CODE_OF_CONDUCT.md b/lolrmm.com/themes/compose/CODE_OF_CONDUCT.md
new file mode 100644
index 00000000..307feecf
--- /dev/null
+++ b/lolrmm.com/themes/compose/CODE_OF_CONDUCT.md
@@ -0,0 +1,24 @@
+# Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Will be civil
+* Focusing on what is best for the community
+
+Examples of unacceptable behavior by participants include:
+
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Publishing others' private information, such as a physical or electronic
+ address, without explicit permission
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior. They also have the right to proceed as they wish. Usually on a __good-faith__ basis.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project team at . All
+complaints will be neither be reviewed nor investigated. Instigators will simply be ignored or blocked.
diff --git a/lolrmm.com/themes/compose/LICENSE b/lolrmm.com/themes/compose/LICENSE
new file mode 100644
index 00000000..82709937
--- /dev/null
+++ b/lolrmm.com/themes/compose/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2020 Weru
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/lolrmm.com/themes/compose/README.md b/lolrmm.com/themes/compose/README.md
new file mode 100644
index 00000000..3ac272b5
--- /dev/null
+++ b/lolrmm.com/themes/compose/README.md
@@ -0,0 +1,49 @@
+# Compose
+
+Compose is a [Hugo](https://gohugo.io/) theme for documentation websites, inspired by [forestry.io](https://forestry.io/docs/welcome/)'s docs page. The theme provides a simple navigation & structure.
+
+![Hugo Compose Theme](https://github.com/onweru/compose/blob/master/images/tn.png)
+
+## Features
+
+1. Documentation
+2. Gallery Support
+3. Native lazy loading of images
+4. Live search
+5. Flowcharts, Piecharts, doughnut & bar charts support
+6. Searchable & Sortable tables
+7. Syntax highlighting
+8. Mermaid Support
+
+## Documentation
+
+- [Install compose theme](https://docs.neuralvibes.com/docs/compose/install-theme/)
+- [Use forestry CMS](https://docs.neuralvibes.com/docs/compose/use-forestry-cms/)
+- [Customize your site](https://docs.neuralvibes.com/docs/compose/customize/)
+- [Configure search](https://docs.neuralvibes.com/docs/compose/search/)
+- [Shortcodes](https://docs.neuralvibes.com/docs/compose/shortcodes/)
+- [Mermaid](https://docs.neuralvibes.com/docs/compose/mermaid/)
+
+## ExampleSite
+
+The [exampleSite](https://github.com/onweru/compose/tree/master/exampleSite) serves as this theme's [user guide](https://docs.neuralvibes.com/docs/compose/install-theme/) .
+
+This guide covers the necessary bits. As the project evolves, the user-guide will get more comprehensive
+
+You can use Hugo to generate and serve a local copy of the guide (also useful for testing local theme changes).
+
+```
+git clone --recurse-submodules --depth 1 https://github.com/onweru/compose.git
+cd compose/exampleSite/
+hugo server --themesDir ../..
+```
+
+### Also built by Weru
+
+1. [Clarity Theme](https://github.com/chipzoller/hugo-clarity)
+2. [Newsroom Theme](https://github.com/onweru/newsroom)
+3. [Swift Theme](https://github.com/onweru/hugo-swift-theme)
+
+## License
+
+This theme is available under the [MIT license](https://github.com/onweru/compose/blob/master/LICENSE).
diff --git a/lolrmm.com/themes/compose/assets/js/code.js b/lolrmm.com/themes/compose/assets/js/code.js
new file mode 100644
index 00000000..46bf48c3
--- /dev/null
+++ b/lolrmm.com/themes/compose/assets/js/code.js
@@ -0,0 +1,301 @@
+const snippet_actions = [
+  {
+    icon: 'copy',
+    id: 'copy',
+    title: copy_text,
+    show: true
+  },
+  {
+    icon: 'order',
+    id: 'lines',
+    title: toggle_line_numbers_text,
+    show: true
+  },
+  {
+    icon: 'carly',
+    id: 'wrap',
+    title: toggle_line_wrap_text,
+    show: false
+  },
+  {
+    icon: 'expand',
+    id: 'expand',
+    title: resize_snippet,
+    show: false
+  }
+];
+
+function addLines(block) {
+  let text = block.textContent;
+  const snippet_fragment = [];
+  if (text.includes('\n') && block.closest('pre') && !block.children.length) {
+    text = text.split('\n');
+    text.forEach((text_node, index) => {
+      if(text_node.trim().length) {
+        const new_node = `
+        <span class="line line-flex">
+          <span class="ln">${index + 1}</span>
+          <span class="cl">${text_node.trim()}</span>
+        </span>`.trim();
+        // snippet_fragment.push(':;:');
+        snippet_fragment.push(new_node);
+        block.closest('pre').className = 'chroma';
+        pushClass(block, 'language-unknown');
+        block.dataset.lang = not_set;
+      }
+    });
+
+    block.innerHTML = snippet_fragment.join('').trim(' ');
+  }
+}
+
+function wrapOrphanedPreElements() {
+  const pres = elems('pre');
+  Array.from(pres).forEach(function(pre){
+    const parent = pre.parentNode;
+    const is_orpaned = !containsClass(parent, highlight);
+    if(is_orpaned) {
+      const pre_wrapper = createEl();
+      pre_wrapper.className = highlight;
+      const outer_wrapper = createEl();
+      outer_wrapper.className = highlight_wrap;
+      wrapEl(pre, pre_wrapper);
+      wrapEl(pre_wrapper, outer_wrapper);
+    }
+  })
+  /*
+  @Todo
+  1. Add UI control to orphaned blocks
+  */
+}
+
+wrapOrphanedPreElements();
+
+function codeBlocks() {
+  const marked_code_blocks = elems('code');
+  const blocks = Array.from(marked_code_blocks).filter(function(block){
+    addLines(block);
+    return block.closest("pre") && !Array.from(block.classList).includes('noClass');
+  }).map(function(block){
+    return block
+  });
+  return blocks;
+}
+
+function codeBlockFits(block) {
+  // return false if codeblock overflows
+  const block_width = block.offsetWidth;
+  const highlight_block_width = block.closest(`.${highlight}`).offsetWidth;
+  return block_width <= highlight_block_width ? true : false;
+}
+
+function maxHeightIsSet(elem) {
+  let max_height = elem.style.maxHeight;
+  return max_height.includes('px')
+}
+
+function restrainCodeBlockHeight(lines) {
+  const last_line = lines[max_lines-1];
+  let max_code_block_height = full_height;
+  if(last_line) {
+    const last_line_pos = last_line.offsetTop;
+    if(last_line_pos !== 0) {
+      max_code_block_height = `${last_line_pos}px`;
+      const codeBlock = lines[0].parentNode;
+      const outer_block = codeBlock.closest(`.${highlight}`);
+      const is_expanded = containsClass(outer_block, panel_expanded);
+      if(!is_expanded) {
+        codeBlock.dataset.height = max_code_block_height;
+        codeBlock.style.maxHeight = max_code_block_height;
+      }
+    }
+  }
+}
+
+const blocks = codeBlocks();
+
+function collapseCodeBlock(block) {
+  const lines = elems(line_class, block);
+  const code_lines = lines.length;
+  if (code_lines > max_lines) {
+    const expand_dot = createEl()
+    pushClass(expand_dot, panel_expand);
+    pushClass(expand_dot, panel_from);
+    expand_dot.title = "Toggle snippet";
+    expand_dot.textContent = "...";
+    const outer_block = block.closest('.highlight');
+    window.setTimeout(function(){
+      const expand_icon = outer_block.nextElementSibling.lastElementChild;
+      deleteClass(expand_icon, panel_hide);
+    }, 150)
+
+    restrainCodeBlockHeight(lines);
+    const highlight_element = block.parentNode.parentNode;
+    highlight_element.appendChild(expand_dot);
+  }
+}
+
+blocks.forEach(function(block){
+  collapseCodeBlock(block);
+})
+
+function actionPanel() {
+  const panel = createEl();
+  panel.className = panel_box;
+
+  snippet_actions.forEach(function(button) {
+    // create button
+    const btn = createEl('a');
+    btn.href = '#';
+    btn.title = button.title;
+    btn.className = `icon panel_icon panel_${button.id}`;
+    button.show ? false : pushClass(btn, panel_hide);
+    // load icon inside button
+    loadSvg(button.icon, btn);
+    // append button on panel
+    panel.appendChild(btn);
+  });
+
+  return panel;
+}
+
+function toggleLineNumbers(elems) {
+  if(elems) {
+    // mark the code element when there are no lines
+    elems.forEach(elem => modifyClass(elem, 'pre_nolines'));
+    restrainCodeBlockHeight(elems);
+  }
+}
+
+function toggleLineWrap(elem) {
+  modifyClass(elem, 'pre_wrap');
+  // retain max number of code lines on line wrap
+  const lines = elems('.ln', elem);
+  restrainCodeBlockHeight(lines);
+}
+
+function copyCode(code_element) {
+
+  const copy_btn = code_element.parentNode.parentNode.querySelector(`.${copy_id}`);
+  const original_title = copy_btn.title;
+  loadSvg('check', copy_btn);
+  copy_btn.title = copied_text;
+
+  // remove line numbers before copying
+  code_element = code_element.cloneNode(true);
+  const line_numbers = elems('.ln', code_element);
+  line_numbers.length ? line_numbers.forEach(line => line.remove()) : false;
+
+  // remove leading '$' from all shell snippets
+  let lines = elems('span', code_element);
+  lines.forEach(line => {
+    const text = line.textContent.trim(' ');
+    if(text.indexOf('$') === 0) {
+      line.textContent = line.textContent.replace('$ ', '');
+    }
+  })
+  const snippet = code_element.textContent.trim(' ');
+  // copy code
+  copyToClipboard(snippet);
+
+  setTimeout(function() {
+    copy_btn.title = original_title;
+    loadSvg('copy', copy_btn);
+  }, 2250);
+}
+
+(function codeActions(){
+  const highlight_wrap_id = highlight_wrap;
+  blocks.forEach(function(block){
+    // disable line numbers if disabled globally
+    show_lines === false ? toggleLineNumbers(elems('.ln', block)) : false;
+
+    const highlight_element = block.parentNode.parentNode;
+    // wrap code block in a div
+    const highlight_wrapper = createEl();
+    highlight_wrapper.className = highlight_wrap_id;
+
+    wrapEl(highlight_element, highlight_wrapper);
+
+    const panel = actionPanel();
+    // show wrap icon only if the code block needs wrapping
+    const wrap_icon = elem(`.${wrap_id}`, panel);
+    codeBlockFits(block) ? false : deleteClass(wrap_icon, panel_hide);
+
+    // append buttons
+    highlight_wrapper.appendChild(panel);
+  });
+
+  function isItem(target, id) {
+    // if is item or within item
+    return target.matches(`.${id}`) || target.closest(`.${id}`);
+  }
+
+  function showActive(target, targetClass) {
+    const target_element = target.matches(`.${targetClass}`) ? target : target.closest(`.${targetClass}`);
+
+    deleteClass(target_element, active);
+    setTimeout(function() {
+      modifyClass(target_element, active)
+    }, 50)
+  }
+
+  doc.addEventListener('click', function(event){
+    // copy code block
+    const target = event.target;
+    const is_copy_icon = isItem(target, copy_id);
+    const is_wrap_icon = isItem(target, wrap_id);
+    const is_lines_icon = isItem(target, lines_id);
+    const is_expand_icon = isItem(target, panel_expand);
+    const is_actionable = is_copy_icon || is_wrap_icon || is_lines_icon || is_expand_icon;
+
+    if(is_actionable) {
+      event.preventDefault();
+      showActive(target, 'icon');
+      const code_element = target.closest(`.${highlight_wrap_id}`).firstElementChild.firstElementChild;
+      let lineNumbers = elems('.ln', code_element);
+
+      is_wrap_icon ? toggleLineWrap(code_element) : false;
+      is_lines_icon ? toggleLineNumbers(lineNumbers) : false;
+
+      if (is_expand_icon) {
+        let this_code_block = code_element.firstElementChild;
+        const outer_block = this_code_block.closest('.highlight');
+        if(maxHeightIsSet(this_code_block)) {
+          this_code_block.style.maxHeight = full_height;
+          // mark code block as expanded
+          pushClass(outer_block, panel_expanded)
+        } else {
+          this_code_block.style.maxHeight = this_code_block.dataset.height;
+          // unmark code block as expanded
+          deleteClass(outer_block, panel_expanded)
+        }
+      }
+
+      is_copy_icon ? copyCode(code_element) : false;
+    }
+  });
+
+  (function addLangLabel() {
+    blocks.forEach(block => {
+      let label = block.dataset.lang;
+      const is_shell_based = shell_based.includes(label);
+      if(is_shell_based) {
+        const lines = elems(line_class, block);
+        Array.from(lines).forEach(line => {
+          line = line.lastElementChild;
+          let line_contents = line.textContent.trim(' ');
+          line_contents.indexOf('$') !== 0 ? pushClass(line, 'shell') : false;
+        });
+      }
+
+      label = label === 'sh' ? 'shell' : label;
+      if(label !== "fallback") {
+        const label_el = createEl();
+        label_el.textContent = label;
+        pushClass(label_el, 'lang');
+        block.closest(`.${highlight_wrap}`).appendChild(label_el);
+      }
+    });
+  })();
+})();
diff --git a/lolrmm.com/themes/compose/assets/js/custom.js b/lolrmm.com/themes/compose/assets/js/custom.js
new file mode 100644
index 00000000..11b1d822
--- /dev/null
+++ b/lolrmm.com/themes/compose/assets/js/custom.js
@@ -0,0 +1 @@
+// add custom js in this file
\ No newline at end of file
diff --git a/lolrmm.com/themes/compose/assets/js/functions.js b/lolrmm.com/themes/compose/assets/js/functions.js
new file mode 100644
index 00000000..ae849b58
--- /dev/null
+++ b/lolrmm.com/themes/compose/assets/js/functions.js
@@ -0,0 +1,204 @@
+function isObj(obj) {
+  return (obj && typeof obj === 'object' && obj !== null) ? true : false;
+}
+
+function createEl(element = 'div') {
+  return document.createElement(element);
+}
+
+function emptyEl(el) {
+  while(el.firstChild)
+  el.removeChild(el.firstChild);
+}
+
+function elem(selector, parent = document){
+  let elem = isObj(parent) ? parent.querySelector(selector) : false;
+  return elem ? elem : false;
+}
+
+function elems(selector, parent = document) {
+  return isObj(parent) ? parent.querySelectorAll(selector) : [];
+}
+
+function pushClass(el, targetClass) {
+  if (isObj(el) && targetClass) {
+    let elClass = el.classList;
+    elClass.contains(targetClass) ? false : elClass.add(targetClass);
+  }
+}
+
+function deleteClass(el, targetClass) {
+  if (isObj(el) && targetClass) {
+    let elClass = el.classList;
+    elClass.contains(targetClass) ? elClass.remove(targetClass) : false;
+  }
+}
+
+function modifyClass(el, targetClass) {
+  if (isObj(el) && targetClass) {
+    const elClass = el.classList;
+    elClass.contains(targetClass) ? elClass.remove(targetClass) : elClass.add(targetClass);
+  }
+}
+
+function containsClass(el, targetClass) {
+  if (isObj(el) && targetClass && el !== document ) {
+    return el.classList.contains(targetClass) ? true : false;
+  }
+}
+
+function isChild(node, parentClass) {
+  let objectsAreValid = isObj(node) && parentClass && typeof parentClass == 'string';
+  return (objectsAreValid && node.closest(parentClass)) ? true : false;
+}
+
+function elemAttribute(elem, attr, value = null) {
+  if (value) {
+    elem.setAttribute(attr, value);
+  } else {
+    value = elem.getAttribute(attr);
+    return value ? value : false;
+  }
+}
+
+function deleteChars(str, subs) {
+  let newStr = str;
+  if (Array.isArray(subs)) {
+    for (let i = 0; i < subs.length; i++) {
+      newStr = newStr.replace(subs[i], '');
+    }
+  } else {
+    newStr = newStr.replace(subs, '');
+  }
+  return newStr;
+}
+
+function isBlank(str) {
+  return (!str || str.trim().length === 0);
+}
+
+function isMatch(element, selectors) {
+  if(isObj(element)) {
+    if(selectors.isArray) {
+      let matching = selectors.map(function(selector){
+        return element.matches(selector)
+      })
+      return matching.includes(true);
+    }
+    return element.matches(selectors)
+  }
+}
+
+function closestInt(goal, collection) {
+  return collection.reduce(function (prev, curr) {
+    return (Math.abs(curr - goal) < Math.abs(prev - goal) ? curr : prev);
+  });
+}
+
+function hasClasses(el) {
+  if(isObj(el)) {
+    const classes = el.classList;
+    return classes.length
+  }
+}
+
+function wrapEl(el, wrapper) {
+  el.parentNode.insertBefore(wrapper, el);
+  wrapper.appendChild(el);
+}
+
+function wrapText(text, context, wrapper = 'mark') {
+  let open = `<${wrapper}>`;
+  let close = `</${wrapper}>`;
+  let escapedOpen = `%3C${wrapper}%3E`;
+  let escapedClose = `%3C/${wrapper}%3E`;
+  function wrap(context) {
+    let c = context.innerHTML;
+    let pattern = new RegExp(text, "gi");
+    let matches = text.length ? c.match(pattern) : null;
+
+    if(matches) {
+      matches.forEach(function(matchStr){
+        c = c.replaceAll(matchStr, `${open}${matchStr}${close}`);
+        context.innerHTML = c;
+      });
+
+      const images = elems('img', context);
+
+      if(images) {
+        images.forEach(image => {
+          image.src = image.src.replaceAll(open, '').replaceAll(close, '').replaceAll(escapedOpen, '').replaceAll(escapedClose, '');
+        });
+      }
+    }
+  }
+
+  const contents = ["h1", "h2", "h3", "h4", "h5", "h6", "p", "code", "td"];
+
+  contents.forEach(function(c){
+    const cs = elems(c, context);
+    if(cs.length) {
+      cs.forEach(function(cx, index){
+        if(cx.children.length >= 1) {
+          Array.from(cx.children).forEach(function(child){
+            wrap(child);
+          })
+          wrap(cx);
+        } else {
+          wrap(cx);
+        }
+        // sanitize urls and ids
+      });
+    }
+  });
+
+  const hyperLinks = elems('a');
+  if(hyperLinks) {
+    hyperLinks.forEach(function(link){
+      link.href = link.href.replaceAll(encodeURI(open), "").replaceAll(encodeURI(close), "");
+    });
+  }
+}
+
+function parseBoolean(string = "") {
+  string = string.trim().toLowerCase();
+  switch (string) {
+    case 'true':
+      return true;
+    case 'false':
+      return false;
+    default:
+      return undefined;
+  }
+}
+
+function loadSvg(file, parent, path = iconsPath) {
+  const link = new URL(`${path}${file}.svg`, root_url).href;
+  fetch(link)
+  .then((response) => {
+    return response.text();
+  })
+  .then((svg_data) => {
+    parent.innerHTML = svg_data;
+  });
+}
+
+function copyToClipboard(str) {
+  let copy, selection, selected;
+  copy = createEl('textarea');
+  copy.value = str;
+  copy.setAttribute('readonly', '');
+  copy.style.position = 'absolute';
+  copy.style.left = '-9999px';
+  selection = document.getSelection();
+  doc.appendChild(copy);
+  // check if there is any selected content
+  selected = selection.rangeCount > 0 ? selection.getRangeAt(0) : false;
+  copy.select();
+  document.execCommand('copy');
+  doc.removeChild(copy);
+  if (selected) { // if a selection existed before copying
+    selection.removeAllRanges(); // unselect existing selection
+    selection.addRange(selected); // restore the original selection
+  }
+}
\ No newline at end of file
diff --git a/lolrmm.com/themes/compose/assets/js/fuse.js b/lolrmm.com/themes/compose/assets/js/fuse.js
new file mode 100644
index 00000000..7def5985
--- /dev/null
+++ b/lolrmm.com/themes/compose/assets/js/fuse.js
@@ -0,0 +1,9 @@
+/**
+ * Fuse.js v6.4.6 - Lightweight fuzzy-search (http://fusejs.io)
+ *
+ * Copyright (c) 2021 Kiro Risk (http://kiro.me)
+ * All Rights Reserved. Apache Software License 2.0
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ */
+var e,t;e=this,t=function(){"use strict";function e(t){return(e="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(e){return typeof e}:function(e){return e&&"function"==typeof Symbol&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e})(t)}function t(e,t){if(!(e instanceof t))throw new TypeError("Cannot call a class as a function")}function n(e,t){for(var n=0;n<t.length;n++){var r=t[n];r.enumerable=r.enumerable||!1,r.configurable=!0,"value"in r&&(r.writable=!0),Object.defineProperty(e,r.key,r)}}function r(e,t,r){return t&&n(e.prototype,t),r&&n(e,r),e}function i(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function c(e){for(var t=1;t<arguments.length;t++){var n=null!=arguments[t]?arguments[t]:{};t%2?o(Object(n),!0).forEach((function(t){i(e,t,n[t])})):Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(n)):o(Object(n)).forEach((function(t){Object.defineProperty(e,t,Object.getOwnPropertyDescriptor(n,t))}))}return e}function a(e,t){if("function"!=typeof t&&null!==t)throw new TypeError("Super expression must either be null or a function");e.prototype=Object.create(t&&t.prototype,{constructor:{value:e,writable:!0,configurable:!0}}),t&&u(e,t)}function s(e){return(s=Object.setPrototypeOf?Object.getPrototypeOf:function(e){return e.__proto__||Object.getPrototypeOf(e)})(e)}function u(e,t){return(u=Object.setPrototypeOf||function(e,t){return e.__proto__=t,e})(e,t)}function h(e,t){return!t||"object"!=typeof t&&"function"!=typeof t?function(e){if(void 0===e)throw new ReferenceError("this hasn't been initialised - super() hasn't been called");return e}(e):t}function f(e){var t=function(){if("undefined"==typeof Reflect||!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Date.prototype.toString.call(Reflect.construct(Date,[],(function(){}))),!0}catch(e){return!1}}();return function(){var n,r=s(e);if(t){var i=s(this).constructor;n=Reflect.construct(r,arguments,i)}else n=r.apply(this,arguments);return h(this,n)}}function l(e){return function(e){if(Array.isArray(e))return d(e)}(e)||function(e){if("undefined"!=typeof Symbol&&Symbol.iterator in Object(e))return Array.from(e)}(e)||function(e,t){if(e){if("string"==typeof e)return d(e,t);var n=Object.prototype.toString.call(e).slice(8,-1);return"Object"===n&&e.constructor&&(n=e.constructor.name),"Map"===n||"Set"===n?Array.from(e):"Arguments"===n||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n)?d(e,t):void 0}}(e)||function(){throw new TypeError("Invalid attempt to spread non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}()}function d(e,t){(null==t||t>e.length)&&(t=e.length);for(var n=0,r=new Array(t);n<t;n++)r[n]=e[n];return r}function v(e){return Array.isArray?Array.isArray(e):"[object Array]"===b(e)}function g(e){return"string"==typeof e}function y(e){return"number"==typeof e}function p(e){return!0===e||!1===e||function(e){return m(e)&&null!==e}(e)&&"[object Boolean]"==b(e)}function m(t){return"object"===e(t)}function k(e){return null!=e}function M(e){return!e.trim().length}function b(e){return null==e?void 0===e?"[object Undefined]":"[object Null]":Object.prototype.toString.call(e)}var x=function(e){return"Invalid value for key ".concat(e)},L=function(e){return"Pattern length exceeds max of ".concat(e,".")},S=Object.prototype.hasOwnProperty,w=function(){function e(n){var r=this;t(this,e),this._keys=[],this._keyMap={};var i=0;n.forEach((function(e){var t=_(e);i+=t.weight,r._keys.push(t),r._keyMap[t.id]=t,i+=t.weight})),this._keys.forEach((function(e){e.weight/=i}))}return r(e,[{key:"get",value:function(e){return this._keyMap[e]}},{key:"keys",value:function(){return this._keys}},{key:"toJSON",value:function(){return JSON.stringify(this._keys)}}]),e}();function _(e){var t=null,n=null,r=null,i=1;if(g(e)||v(e))r=e,t=O(e),n=j(e);else{if(!S.call(e,"name"))throw new Error(function(e){return"Missing ".concat(e," property in key")}("name"));var o=e.name;if(r=o,S.call(e,"weight")&&(i=e.weight)<=0)throw new Error(function(e){return"Property 'weight' in key '".concat(e,"' must be a positive integer")}(o));t=O(o),n=j(o)}return{path:t,id:n,weight:i,src:r}}function O(e){return v(e)?e:e.split(".")}function j(e){return v(e)?e.join("."):e}var A=c({},{isCaseSensitive:!1,includeScore:!1,keys:[],shouldSort:!0,sortFn:function(e,t){return e.score===t.score?e.idx<t.idx?-1:1:e.score<t.score?-1:1}},{},{includeMatches:!1,findAllMatches:!1,minMatchCharLength:1},{},{location:0,threshold:.6,distance:100},{},{useExtendedSearch:!1,getFn:function(e,t){var n=[],r=!1;return function e(t,i,o){if(k(t))if(i[o]){var c=t[i[o]];if(!k(c))return;if(o===i.length-1&&(g(c)||y(c)||p(c)))n.push(function(e){return null==e?"":function(e){if("string"==typeof e)return e;var t=e+"";return"0"==t&&1/e==-1/0?"-0":t}(e)}(c));else if(v(c)){r=!0;for(var a=0,s=c.length;a<s;a+=1)e(c[a],i,o+1)}else i.length&&e(c,i,o+1)}else n.push(t)}(e,g(t)?t.split("."):t,0),r?n:n[0]},ignoreLocation:!1,ignoreFieldNorm:!1}),I=/[^ ]+/g;function C(){var e=arguments.length>0&&void 0!==arguments[0]?arguments[0]:3,t=new Map,n=Math.pow(10,e);return{get:function(e){var r=e.match(I).length;if(t.has(r))return t.get(r);var i=1/Math.sqrt(r),o=parseFloat(Math.round(i*n)/n);return t.set(r,o),o},clear:function(){t.clear()}}}var E=function(){function e(){var n=arguments.length>0&&void 0!==arguments[0]?arguments[0]:{},r=n.getFn,i=void 0===r?A.getFn:r;t(this,e),this.norm=C(3),this.getFn=i,this.isCreated=!1,this.setIndexRecords()}return r(e,[{key:"setSources",value:function(){var e=arguments.length>0&&void 0!==arguments[0]?arguments[0]:[];this.docs=e}},{key:"setIndexRecords",value:function(){var e=arguments.length>0&&void 0!==arguments[0]?arguments[0]:[];this.records=e}},{key:"setKeys",value:function(){var e=this,t=arguments.length>0&&void 0!==arguments[0]?arguments[0]:[];this.keys=t,this._keysMap={},t.forEach((function(t,n){e._keysMap[t.id]=n}))}},{key:"create",value:function(){var e=this;!this.isCreated&&this.docs.length&&(this.isCreated=!0,g(this.docs[0])?this.docs.forEach((function(t,n){e._addString(t,n)})):this.docs.forEach((function(t,n){e._addObject(t,n)})),this.norm.clear())}},{key:"add",value:function(e){var t=this.size();g(e)?this._addString(e,t):this._addObject(e,t)}},{key:"removeAt",value:function(e){this.records.splice(e,1);for(var t=e,n=this.size();t<n;t+=1)this.records[t].i-=1}},{key:"getValueForItemAtKeyId",value:function(e,t){return e[this._keysMap[t]]}},{key:"size",value:function(){return this.records.length}},{key:"_addString",value:function(e,t){if(k(e)&&!M(e)){var n={v:e,i:t,n:this.norm.get(e)};this.records.push(n)}}},{key:"_addObject",value:function(e,t){var n=this,r={i:t,$:{}};this.keys.forEach((function(t,i){var o=n.getFn(e,t.path);if(k(o))if(v(o))!function(){for(var e=[],t=[{nestedArrIndex:-1,value:o}];t.length;){var c=t.pop(),a=c.nestedArrIndex,s=c.value;if(k(s))if(g(s)&&!M(s)){var u={v:s,i:a,n:n.norm.get(s)};e.push(u)}else v(s)&&s.forEach((function(e,n){t.push({nestedArrIndex:n,value:e})}))}r.$[i]=e}();else if(!M(o)){var c={v:o,n:n.norm.get(o)};r.$[i]=c}})),this.records.push(r)}},{key:"toJSON",value:function(){return{keys:this.keys,records:this.records}}}]),e}();function $(e,t){var n=arguments.length>2&&void 0!==arguments[2]?arguments[2]:{},r=n.getFn,i=void 0===r?A.getFn:r,o=new E({getFn:i});return o.setKeys(e.map(_)),o.setSources(t),o.create(),o}function R(e){var t=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{},n=t.errors,r=void 0===n?0:n,i=t.currentLocation,o=void 0===i?0:i,c=t.expectedLocation,a=void 0===c?0:c,s=t.distance,u=void 0===s?A.distance:s,h=t.ignoreLocation,f=void 0===h?A.ignoreLocation:h,l=r/e.length;if(f)return l;var d=Math.abs(a-o);return u?l+d/u:d?1:l}function F(){for(var e=arguments.length>0&&void 0!==arguments[0]?arguments[0]:[],t=arguments.length>1&&void 0!==arguments[1]?arguments[1]:A.minMatchCharLength,n=[],r=-1,i=-1,o=0,c=e.length;o<c;o+=1){var a=e[o];a&&-1===r?r=o:a||-1===r||((i=o-1)-r+1>=t&&n.push([r,i]),r=-1)}return e[o-1]&&o-r>=t&&n.push([r,o-1]),n}function P(e){for(var t={},n=0,r=e.length;n<r;n+=1){var i=e.charAt(n);t[i]=(t[i]||0)|1<<r-n-1}return t}var N=function(){function e(n){var r=this,i=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{},o=i.location,c=void 0===o?A.location:o,a=i.threshold,s=void 0===a?A.threshold:a,u=i.distance,h=void 0===u?A.distance:u,f=i.includeMatches,l=void 0===f?A.includeMatches:f,d=i.findAllMatches,v=void 0===d?A.findAllMatches:d,g=i.minMatchCharLength,y=void 0===g?A.minMatchCharLength:g,p=i.isCaseSensitive,m=void 0===p?A.isCaseSensitive:p,k=i.ignoreLocation,M=void 0===k?A.ignoreLocation:k;if(t(this,e),this.options={location:c,threshold:s,distance:h,includeMatches:l,findAllMatches:v,minMatchCharLength:y,isCaseSensitive:m,ignoreLocation:M},this.pattern=m?n:n.toLowerCase(),this.chunks=[],this.pattern.length){var b=function(e,t){r.chunks.push({pattern:e,alphabet:P(e),startIndex:t})},x=this.pattern.length;if(x>32){for(var L=0,S=x%32,w=x-S;L<w;)b(this.pattern.substr(L,32),L),L+=32;if(S){var _=x-32;b(this.pattern.substr(_),_)}}else b(this.pattern,0)}}return r(e,[{key:"searchIn",value:function(e){var t=this.options,n=t.isCaseSensitive,r=t.includeMatches;if(n||(e=e.toLowerCase()),this.pattern===e){var i={isMatch:!0,score:0};return r&&(i.indices=[[0,e.length-1]]),i}var o=this.options,c=o.location,a=o.distance,s=o.threshold,u=o.findAllMatches,h=o.minMatchCharLength,f=o.ignoreLocation,d=[],v=0,g=!1;this.chunks.forEach((function(t){var n=t.pattern,i=t.alphabet,o=t.startIndex,y=function(e,t,n){var r=arguments.length>3&&void 0!==arguments[3]?arguments[3]:{},i=r.location,o=void 0===i?A.location:i,c=r.distance,a=void 0===c?A.distance:c,s=r.threshold,u=void 0===s?A.threshold:s,h=r.findAllMatches,f=void 0===h?A.findAllMatches:h,l=r.minMatchCharLength,d=void 0===l?A.minMatchCharLength:l,v=r.includeMatches,g=void 0===v?A.includeMatches:v,y=r.ignoreLocation,p=void 0===y?A.ignoreLocation:y;if(t.length>32)throw new Error(L(32));for(var m,k=t.length,M=e.length,b=Math.max(0,Math.min(o,M)),x=u,S=b,w=d>1||g,_=w?Array(M):[];(m=e.indexOf(t,S))>-1;){var O=R(t,{currentLocation:m,expectedLocation:b,distance:a,ignoreLocation:p});if(x=Math.min(O,x),S=m+k,w)for(var j=0;j<k;)_[m+j]=1,j+=1}S=-1;for(var I=[],C=1,E=k+M,$=1<<k-1,P=0;P<k;P+=1){for(var N=0,D=E;N<D;){var z=R(t,{errors:P,currentLocation:b+D,expectedLocation:b,distance:a,ignoreLocation:p});z<=x?N=D:E=D,D=Math.floor((E-N)/2+N)}E=D;var K=Math.max(1,b-D+1),q=f?M:Math.min(b+D,M)+k,W=Array(q+2);W[q+1]=(1<<P)-1;for(var J=q;J>=K;J-=1){var T=J-1,U=n[e.charAt(T)];if(w&&(_[T]=+!!U),W[J]=(W[J+1]<<1|1)&U,P&&(W[J]|=(I[J+1]|I[J])<<1|1|I[J+1]),W[J]&$&&(C=R(t,{errors:P,currentLocation:T,expectedLocation:b,distance:a,ignoreLocation:p}))<=x){if(x=C,(S=T)<=b)break;K=Math.max(1,2*b-S)}}var V=R(t,{errors:P+1,currentLocation:b,expectedLocation:b,distance:a,ignoreLocation:p});if(V>x)break;I=W}var B={isMatch:S>=0,score:Math.max(.001,C)};if(w){var G=F(_,d);G.length?g&&(B.indices=G):B.isMatch=!1}return B}(e,n,i,{location:c+o,distance:a,threshold:s,findAllMatches:u,minMatchCharLength:h,includeMatches:r,ignoreLocation:f}),p=y.isMatch,m=y.score,k=y.indices;p&&(g=!0),v+=m,p&&k&&(d=[].concat(l(d),l(k)))}));var y={isMatch:g,score:g?v/this.chunks.length:1};return g&&r&&(y.indices=d),y}}]),e}(),D=function(){function e(n){t(this,e),this.pattern=n}return r(e,[{key:"search",value:function(){}}],[{key:"isMultiMatch",value:function(e){return z(e,this.multiRegex)}},{key:"isSingleMatch",value:function(e){return z(e,this.singleRegex)}}]),e}();function z(e,t){var n=e.match(t);return n?n[1]:null}var K=function(e){a(i,e);var n=f(i);function i(e){return t(this,i),n.call(this,e)}return r(i,[{key:"search",value:function(e){var t=e===this.pattern;return{isMatch:t,score:t?0:1,indices:[0,this.pattern.length-1]}}}],[{key:"type",get:function(){return"exact"}},{key:"multiRegex",get:function(){return/^="(.*)"$/}},{key:"singleRegex",get:function(){return/^=(.*)$/}}]),i}(D),q=function(e){a(i,e);var n=f(i);function i(e){return t(this,i),n.call(this,e)}return r(i,[{key:"search",value:function(e){var t=-1===e.indexOf(this.pattern);return{isMatch:t,score:t?0:1,indices:[0,e.length-1]}}}],[{key:"type",get:function(){return"inverse-exact"}},{key:"multiRegex",get:function(){return/^!"(.*)"$/}},{key:"singleRegex",get:function(){return/^!(.*)$/}}]),i}(D),W=function(e){a(i,e);var n=f(i);function i(e){return t(this,i),n.call(this,e)}return r(i,[{key:"search",value:function(e){var t=e.startsWith(this.pattern);return{isMatch:t,score:t?0:1,indices:[0,this.pattern.length-1]}}}],[{key:"type",get:function(){return"prefix-exact"}},{key:"multiRegex",get:function(){return/^\^"(.*)"$/}},{key:"singleRegex",get:function(){return/^\^(.*)$/}}]),i}(D),J=function(e){a(i,e);var n=f(i);function i(e){return t(this,i),n.call(this,e)}return r(i,[{key:"search",value:function(e){var t=!e.startsWith(this.pattern);return{isMatch:t,score:t?0:1,indices:[0,e.length-1]}}}],[{key:"type",get:function(){return"inverse-prefix-exact"}},{key:"multiRegex",get:function(){return/^!\^"(.*)"$/}},{key:"singleRegex",get:function(){return/^!\^(.*)$/}}]),i}(D),T=function(e){a(i,e);var n=f(i);function i(e){return t(this,i),n.call(this,e)}return r(i,[{key:"search",value:function(e){var t=e.endsWith(this.pattern);return{isMatch:t,score:t?0:1,indices:[e.length-this.pattern.length,e.length-1]}}}],[{key:"type",get:function(){return"suffix-exact"}},{key:"multiRegex",get:function(){return/^"(.*)"\$$/}},{key:"singleRegex",get:function(){return/^(.*)\$$/}}]),i}(D),U=function(e){a(i,e);var n=f(i);function i(e){return t(this,i),n.call(this,e)}return r(i,[{key:"search",value:function(e){var t=!e.endsWith(this.pattern);return{isMatch:t,score:t?0:1,indices:[0,e.length-1]}}}],[{key:"type",get:function(){return"inverse-suffix-exact"}},{key:"multiRegex",get:function(){return/^!"(.*)"\$$/}},{key:"singleRegex",get:function(){return/^!(.*)\$$/}}]),i}(D),V=function(e){a(i,e);var n=f(i);function i(e){var r,o=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{},c=o.location,a=void 0===c?A.location:c,s=o.threshold,u=void 0===s?A.threshold:s,h=o.distance,f=void 0===h?A.distance:h,l=o.includeMatches,d=void 0===l?A.includeMatches:l,v=o.findAllMatches,g=void 0===v?A.findAllMatches:v,y=o.minMatchCharLength,p=void 0===y?A.minMatchCharLength:y,m=o.isCaseSensitive,k=void 0===m?A.isCaseSensitive:m,M=o.ignoreLocation,b=void 0===M?A.ignoreLocation:M;return t(this,i),(r=n.call(this,e))._bitapSearch=new N(e,{location:a,threshold:u,distance:f,includeMatches:d,findAllMatches:g,minMatchCharLength:p,isCaseSensitive:k,ignoreLocation:b}),r}return r(i,[{key:"search",value:function(e){return this._bitapSearch.searchIn(e)}}],[{key:"type",get:function(){return"fuzzy"}},{key:"multiRegex",get:function(){return/^"(.*)"$/}},{key:"singleRegex",get:function(){return/^(.*)$/}}]),i}(D),B=function(e){a(i,e);var n=f(i);function i(e){return t(this,i),n.call(this,e)}return r(i,[{key:"search",value:function(e){for(var t,n=0,r=[],i=this.pattern.length;(t=e.indexOf(this.pattern,n))>-1;)n=t+i,r.push([t,n-1]);var o=!!r.length;return{isMatch:o,score:o?0:1,indices:r}}}],[{key:"type",get:function(){return"include"}},{key:"multiRegex",get:function(){return/^'"(.*)"$/}},{key:"singleRegex",get:function(){return/^'(.*)$/}}]),i}(D),G=[K,B,W,J,U,T,q,V],H=G.length,Q=/ +(?=([^\"]*\"[^\"]*\")*[^\"]*$)/;function X(e){var t=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{};return e.split("|").map((function(e){for(var n=e.trim().split(Q).filter((function(e){return e&&!!e.trim()})),r=[],i=0,o=n.length;i<o;i+=1){for(var c=n[i],a=!1,s=-1;!a&&++s<H;){var u=G[s],h=u.isMultiMatch(c);h&&(r.push(new u(h,t)),a=!0)}if(!a)for(s=-1;++s<H;){var f=G[s],l=f.isSingleMatch(c);if(l){r.push(new f(l,t));break}}}return r}))}var Y=new Set([V.type,B.type]),Z=function(){function e(n){var r=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{},i=r.isCaseSensitive,o=void 0===i?A.isCaseSensitive:i,c=r.includeMatches,a=void 0===c?A.includeMatches:c,s=r.minMatchCharLength,u=void 0===s?A.minMatchCharLength:s,h=r.ignoreLocation,f=void 0===h?A.ignoreLocation:h,l=r.findAllMatches,d=void 0===l?A.findAllMatches:l,v=r.location,g=void 0===v?A.location:v,y=r.threshold,p=void 0===y?A.threshold:y,m=r.distance,k=void 0===m?A.distance:m;t(this,e),this.query=null,this.options={isCaseSensitive:o,includeMatches:a,minMatchCharLength:u,findAllMatches:d,ignoreLocation:f,location:g,threshold:p,distance:k},this.pattern=o?n:n.toLowerCase(),this.query=X(this.pattern,this.options)}return r(e,[{key:"searchIn",value:function(e){var t=this.query;if(!t)return{isMatch:!1,score:1};var n=this.options,r=n.includeMatches;e=n.isCaseSensitive?e:e.toLowerCase();for(var i=0,o=[],c=0,a=0,s=t.length;a<s;a+=1){var u=t[a];o.length=0,i=0;for(var h=0,f=u.length;h<f;h+=1){var d=u[h],v=d.search(e),g=v.isMatch,y=v.indices,p=v.score;if(!g){c=0,i=0,o.length=0;break}if(i+=1,c+=p,r){var m=d.constructor.type;Y.has(m)?o=[].concat(l(o),l(y)):o.push(y)}}if(i){var k={isMatch:!0,score:c/i};return r&&(k.indices=o),k}}return{isMatch:!1,score:1}}}],[{key:"condition",value:function(e,t){return t.useExtendedSearch}}]),e}(),ee=[];function te(e,t){for(var n=0,r=ee.length;n<r;n+=1){var i=ee[n];if(i.condition(e,t))return new i(e,t)}return new N(e,t)}var ne="$and",re="$or",ie="$path",oe="$val",ce=function(e){return!(!e[ne]&&!e[re])},ae=function(e){return!!e[ie]},se=function(e){return!v(e)&&m(e)&&!ce(e)},ue=function(e){return i({},ne,Object.keys(e).map((function(t){return i({},t,e[t])})))};function he(e,t){var n=t.ignoreFieldNorm,r=void 0===n?A.ignoreFieldNorm:n;e.forEach((function(e){var t=1;e.matches.forEach((function(e){var n=e.key,i=e.norm,o=e.score,c=n?n.weight:null;t*=Math.pow(0===o&&c?Number.EPSILON:o,(c||1)*(r?1:i))})),e.score=t}))}function fe(e,t){var n=e.matches;t.matches=[],k(n)&&n.forEach((function(e){if(k(e.indices)&&e.indices.length){var n={indices:e.indices,value:e.value};e.key&&(n.key=e.key.src),e.idx>-1&&(n.refIndex=e.idx),t.matches.push(n)}}))}function le(e,t){t.score=e.score}function de(e,t){var n=arguments.length>2&&void 0!==arguments[2]?arguments[2]:{},r=n.includeMatches,i=void 0===r?A.includeMatches:r,o=n.includeScore,c=void 0===o?A.includeScore:o,a=[];return i&&a.push(fe),c&&a.push(le),e.map((function(e){var n=e.idx,r={item:t[n],refIndex:n};return a.length&&a.forEach((function(t){t(e,r)})),r}))}var ve=function(){function e(n){var r=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{},i=arguments.length>2?arguments[2]:void 0;t(this,e),this.options=c({},A,{},r),this.options.useExtendedSearch,this._keyStore=new w(this.options.keys),this.setCollection(n,i)}return r(e,[{key:"setCollection",value:function(e,t){if(this._docs=e,t&&!(t instanceof E))throw new Error("Incorrect 'index' type");this._myIndex=t||$(this.options.keys,this._docs,{getFn:this.options.getFn})}},{key:"add",value:function(e){k(e)&&(this._docs.push(e),this._myIndex.add(e))}},{key:"remove",value:function(){for(var e=arguments.length>0&&void 0!==arguments[0]?arguments[0]:function(){return!1},t=[],n=0,r=this._docs.length;n<r;n+=1){var i=this._docs[n];e(i,n)&&(this.removeAt(n),n-=1,r-=1,t.push(i))}return t}},{key:"removeAt",value:function(e){this._docs.splice(e,1),this._myIndex.removeAt(e)}},{key:"getIndex",value:function(){return this._myIndex}},{key:"search",value:function(e){var t=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{},n=t.limit,r=void 0===n?-1:n,i=this.options,o=i.includeMatches,c=i.includeScore,a=i.shouldSort,s=i.sortFn,u=i.ignoreFieldNorm,h=g(e)?g(this._docs[0])?this._searchStringList(e):this._searchObjectList(e):this._searchLogical(e);return he(h,{ignoreFieldNorm:u}),a&&h.sort(s),y(r)&&r>-1&&(h=h.slice(0,r)),de(h,this._docs,{includeMatches:o,includeScore:c})}},{key:"_searchStringList",value:function(e){var t=te(e,this.options),n=this._myIndex.records,r=[];return n.forEach((function(e){var n=e.v,i=e.i,o=e.n;if(k(n)){var c=t.searchIn(n),a=c.isMatch,s=c.score,u=c.indices;a&&r.push({item:n,idx:i,matches:[{score:s,value:n,norm:o,indices:u}]})}})),r}},{key:"_searchLogical",value:function(e){var t=this,n=function(e,t){var n=arguments.length>2&&void 0!==arguments[2]?arguments[2]:{},r=n.auto,i=void 0===r||r,o=function e(n){var r=Object.keys(n),o=ae(n);if(!o&&r.length>1&&!ce(n))return e(ue(n));if(se(n)){var c=o?n[ie]:r[0],a=o?n[oe]:n[c];if(!g(a))throw new Error(x(c));var s={keyId:j(c),pattern:a};return i&&(s.searcher=te(a,t)),s}var u={children:[],operator:r[0]};return r.forEach((function(t){var r=n[t];v(r)&&r.forEach((function(t){u.children.push(e(t))}))})),u};return ce(e)||(e=ue(e)),o(e)}(e,this.options),r=this._myIndex.records,i={},o=[];return r.forEach((function(e){var r=e.$,c=e.i;if(k(r)){var a=function e(n,r,i){if(!n.children){var o=n.keyId,c=n.searcher,a=t._findMatches({key:t._keyStore.get(o),value:t._myIndex.getValueForItemAtKeyId(r,o),searcher:c});return a&&a.length?[{idx:i,item:r,matches:a}]:[]}switch(n.operator){case ne:for(var s=[],u=0,h=n.children.length;u<h;u+=1){var f=e(n.children[u],r,i);if(!f.length)return[];s.push.apply(s,l(f))}return s;case re:for(var d=[],v=0,g=n.children.length;v<g;v+=1){var y=e(n.children[v],r,i);if(y.length){d.push.apply(d,l(y));break}}return d}}(n,r,c);a.length&&(i[c]||(i[c]={idx:c,item:r,matches:[]},o.push(i[c])),a.forEach((function(e){var t,n=e.matches;(t=i[c].matches).push.apply(t,l(n))})))}})),o}},{key:"_searchObjectList",value:function(e){var t=this,n=te(e,this.options),r=this._myIndex,i=r.keys,o=r.records,c=[];return o.forEach((function(e){var r=e.$,o=e.i;if(k(r)){var a=[];i.forEach((function(e,i){a.push.apply(a,l(t._findMatches({key:e,value:r[i],searcher:n})))})),a.length&&c.push({idx:o,item:r,matches:a})}})),c}},{key:"_findMatches",value:function(e){var t=e.key,n=e.value,r=e.searcher;if(!k(n))return[];var i=[];if(v(n))n.forEach((function(e){var n=e.v,o=e.i,c=e.n;if(k(n)){var a=r.searchIn(n),s=a.isMatch,u=a.score,h=a.indices;s&&i.push({score:u,key:t,value:n,idx:o,norm:c,indices:h})}}));else{var o=n.v,c=n.n,a=r.searchIn(o),s=a.isMatch,u=a.score,h=a.indices;s&&i.push({score:u,key:t,value:o,norm:c,indices:h})}return i}}]),e}();return ve.version="6.4.6",ve.createIndex=$,ve.parseIndex=function(e){var t=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{},n=t.getFn,r=void 0===n?A.getFn:n,i=e.keys,o=e.records,c=new E({getFn:r});return c.setKeys(i),c.setIndexRecords(o),c},ve.config=A,function(){ee.push.apply(ee,arguments)}(Z),ve},"object"==typeof exports&&"undefined"!=typeof module?module.exports=t():"function"==typeof define&&define.amd?define(t):(e=e||self).Fuse=t();
\ No newline at end of file
diff --git a/lolrmm.com/themes/compose/assets/js/index.js b/lolrmm.com/themes/compose/assets/js/index.js
new file mode 100644
index 00000000..9577ef62
--- /dev/null
+++ b/lolrmm.com/themes/compose/assets/js/index.js
@@ -0,0 +1,347 @@
+(function calcNavHeight(){
+  return (elem('.nav_header').offsetHeight + 25);
+})();
+
+function toggleMenu(event) {
+  const target = event.target;
+  const is_toggle_control = target.matches(`.${toggle_id}`);
+  const is_with_toggle_control = target.closest(`.${toggle_id}`);
+  const show_instances = elems(`.${show_id}`) ? Array.from(elems(`.${show_id}`)) : [];
+  const menu_instance = target.closest(`.${menu}`);
+
+  function showOff(target, self = false) {
+    show_instances.forEach(function(show_instance){
+      !self ? deleteClass(show_instance, show_id) : false;
+      show_instance !== target.closest(`.${menu}`) ? deleteClass(show_instance, show_id) : false;
+    });
+  }
+
+  if(is_toggle_control || is_with_toggle_control) {
+    const menu = is_with_toggle_control ? is_with_toggle_control.parentNode.parentNode : target.parentNode.parentNode;
+    event.preventDefault();
+    modifyClass(menu, show_id);
+  } else {
+    !menu_instance ? showOff(target) : showOff(target, true);
+  }
+}
+
+(function markInlineCodeTags(){
+  const code_blocks = elems('code');
+  if(code_blocks) {
+    code_blocks.forEach(function(code_block){
+      if(!hasClasses(code_block)) {
+        code_block.children.length ? false : pushClass(code_block, 'noClass');
+      }
+    });
+  }
+})();
+
+function featureHeading(){
+  // show active heading at top.
+  const link_class = "section_link";
+  const title_class = "section_title";
+  const parent = elem(".aside");
+  if(parent) {
+    let active_heading = elem(`.${link_class}.${active}`);
+    active_heading = active_heading ? active_heading : elem(`.${title_class}.${active}`);
+    parent.scroll({
+      top: active_heading.offsetTop,
+      left: 0,
+      // behavior: 'smooth'
+    });
+  }
+}
+
+function activeHeading(position, list_links) {
+  let links_to_modify = Object.create(null);
+  links_to_modify.active = list_links.filter(function(link) {
+    return containsClass(link, active);
+  })[0];
+
+  // activeTocLink ? deleteClass
+
+  links_to_modify.new = list_links.filter(function(link){
+    return parseInt(link.dataset.position) === position
+  })[0];
+
+  if (links_to_modify.active != links_to_modify.new) {
+    links_to_modify.active ? deleteClass(links_to_modify.active, active): false;
+    pushClass(links_to_modify.new, active);
+  }
+};
+
+setTimeout(() => {
+  featureHeading();
+}, 50);
+
+function updateDate() {
+  const date = new Date();
+  const year = date.getFullYear().toString;
+  const year_el = elem('.year');
+  year_el ? year.textContent = year : false;
+}
+
+function customizeSidebar() {
+  const tocActive = 'toc_active';
+  const aside = elem('aside');
+  const tocs = elems('nav', aside);
+  if(tocs) {
+    tocs.forEach(function(toc){
+      toc.id = "";
+      pushClass(toc, 'toc');
+      if(toc.children.length >= 1) {
+        const toc_items = Array.from(toc.children[0].children);
+
+        const previous_heading = toc.previousElementSibling;
+        previous_heading.matches(`.${active}`) ? pushClass(toc, tocActive) : false;
+
+        toc_items.forEach(function(item){
+          pushClass(item, 'toc_item');
+          pushClass(item.firstElementChild, 'toc_link');
+        });
+      }
+    });
+
+    const current_toc = elem(`.${tocActive}`);
+
+    if(current_toc) {
+      const page_internal_links = Array.from(elems('a', current_toc));
+
+      const page_ids = page_internal_links.map(function(link){
+        return link.hash;
+      });
+
+      const link_positions = page_ids.map(function(id){
+        const heading = document.getElementById(decodeURIComponent(id.replace('#','')));
+        const position = heading.offsetTop;
+        return position;
+      });
+
+      page_internal_links.forEach(function(link, index){
+        link.dataset.position = link_positions[index]
+      });
+
+      window.addEventListener('scroll', function(e) {
+        // this.setTimeout(function(){
+        let position = window.scrollY;
+        let active = closestInt(position, link_positions);
+        activeHeading(active, page_internal_links);
+        // }, 1500)
+      });
+    }
+  }
+
+  const paragraphs = elems('p');
+  if (paragraphs) {
+    paragraphs.forEach(function(p){
+      const buttons = elems('.button', p);
+      buttons.length > 1 ? pushClass(p, 'button_grid') : false;
+    });
+  }
+}
+
+function markExternalLinks() {
+  let links = elems('a');
+  if(links) {
+    Array.from(links).forEach(function(link){
+      let target, rel, blank, noopener, attr1, attr2, url, is_external;
+      url = new URL(link.href);
+      // definition of same origin: RFC 6454, section 4 (https://tools.ietf.org/html/rfc6454#section-4)
+      is_external = url.host !== location.host || url.protocol !== location.protocol || url.port !== location.port;
+      if(is_external) {
+        target = 'target';
+        rel = 'rel';
+        blank = '_blank';
+        noopener = 'noopener';
+        attr1 = elemAttribute(link, target);
+        attr2 = elemAttribute(link, noopener);
+
+        attr1 ? false : elemAttribute(link, target, blank);
+        attr2 ? false : elemAttribute(link, rel, noopener);
+      }
+    });
+  }
+}
+
+function loadActions() {
+  updateDate();
+  customizeSidebar();
+  markExternalLinks();
+
+  let heading_nodes = [], results, link, icon, current, id,
+  tags = ['h2', 'h3', 'h4', 'h5', 'h6'];
+
+  current = document.URL;
+
+  tags.forEach(function(tag){
+    results = document.getElementsByTagName(tag);
+    Array.prototype.push.apply(heading_nodes, results);
+  });
+
+  function sanitizeURL(url) {
+    // removes any existing id on url
+    const hash = '#';
+    const position_of_hash = url.indexOf(hash);
+    if(position_of_hash > -1 ) {
+      const id = url.substr(position_of_hash, url.length - 1);
+      url = url.replace(id, '');
+    }
+    return url
+  }
+
+  heading_nodes.forEach(function(node){
+    link = createEl('a');
+    icon = createEl('img');
+    icon.src = '{{ absURL "icons/link.svg" }}';
+    link.className = 'link icon';
+    link.appendChild(icon);
+    id = node.getAttribute('id');
+    if(id) {
+      link.href = `${sanitizeURL(current)}#${id}`;
+      node.appendChild(link);
+      pushClass(node, 'link_owner');
+    }
+  });
+
+  function copyFeedback(parent) {
+    const copy_txt = document.createElement('div');
+    const yanked = 'link_yanked';
+    copy_txt.classList.add(yanked);
+    copy_txt.innerText = copied_text;
+    if(!elem(`.${yanked}`, parent)) {
+      const icon = parent.getElementsByTagName('img')[0];
+      const original_src = icon.src;
+      icon.src = '{{ absURL "icons/check.svg" }}';
+      parent.appendChild(copy_txt);
+      setTimeout(function() {
+        parent.removeChild(copy_txt)
+        icon.src = original_src;
+      }, 2250);
+    }
+  }
+
+  (function copyHeadingLink() {
+    let deeplink, deeplinks, new_link, parent, target;
+    deeplink = 'link';
+    deeplinks = elems(`.${deeplink}`);
+    if(deeplinks) {
+      document.addEventListener('click', function(event)
+      {
+        target = event.target;
+        parent = target.parentNode;
+        if (target && containsClass(target, deeplink) || containsClass(parent, deeplink)) {
+          event.preventDefault();
+          new_link = target.href != undefined ? target.href : target.parentNode.href;
+          copyToClipboard(new_link);
+          target.href != undefined ?  copyFeedback(target) : copyFeedback(target.parentNode);
+        }
+      });
+    }
+  })();
+
+  function prefersColor(mode){
+    return `(prefers-color-scheme: ${mode})`;
+  }
+
+  function systemMode() {
+    if (window.matchMedia) {
+      const prefers = prefersColor(dark);
+      return window.matchMedia(prefers).matches ? dark : light;
+    }
+    return light;
+  }
+
+  function currentMode() {
+    let acceptable_chars = light + dark;
+    acceptable_chars = [...acceptable_chars];
+    let mode = getComputedStyle(doc).getPropertyValue(key).replace(/\"/g, '').trim();
+
+    mode = [...mode].filter(function(letter){
+      return acceptable_chars.includes(letter);
+    });
+
+    return mode.join('');
+  }
+
+  function changeMode(is_dark_mode) {
+    if(is_dark_mode) {
+      bank.setItem(storageKey, light)
+      elemAttribute(doc, mode_data, light);
+    } else {
+      bank.setItem(storageKey, dark);
+      elemAttribute(doc, mode_data, dark);
+    }
+  }
+
+  (function lazy() {
+    function lazyLoadMedia(element) {
+      let media_items = elems(element);
+      if(media_items) {
+        Array.from(media_items).forEach(function(item) {
+          item.loading = "lazy";
+        });
+      }
+    }
+    lazyLoadMedia('iframe');
+    lazyLoadMedia('img');
+  })();
+
+  (function makeTablesResponsive(){
+    const tables = elems('table');
+    if (tables) {
+      tables.forEach(function(table){
+        const table_wrapper = createEl();
+        pushClass(table_wrapper, 'scrollable');
+        wrapEl(table, table_wrapper);
+      });
+    }
+  })();
+
+  function pickModePicture(mode) {
+    elems('picture').forEach(function(picture){
+      let source = picture.firstElementChild;
+      const picture_data = picture.dataset;
+      const images = [picture_data.lit, picture_data.dark];
+      source.src = mode == 'dark' ? images[1] : images[0];
+    });
+  }
+
+  function setUserColorMode(mode = false) {
+    const is_dark_mode = currentMode() == dark;
+    const stored_mode = bank.getItem(storageKey);
+    const sys_mode = systemMode();
+    if(stored_mode) {
+      mode ? changeMode(is_dark_mode) : elemAttribute(doc, mode_data, stored_mode);
+    } else {
+      mode === true ? changeMode(is_dark_mode) : changeMode(sys_mode!==dark);
+    }
+    const user_mode = doc.dataset.mode;
+    doc.dataset.systemmode = sys_mode;
+    user_mode ? pickModePicture(user_mode) : false;
+  }
+
+  setUserColorMode();
+
+  doc.addEventListener('click', function(event) {
+    let target = event.target;
+    let mode_class = 'color_choice';
+    let is_mode_toggle = containsClass(target, mode_class);
+    is_mode_toggle ? setUserColorMode(true) : false;
+    toggleMenu(event);
+  });
+
+  (function backToTop(){
+    const toTop = elem("#toTop");
+    window.addEventListener("scroll", () => {
+      const last_known_scroll_pos = window.scrollY;
+      if(last_known_scroll_pos >= 200) {
+        toTop.style.display = "flex";
+        pushClass(toTop, active);
+      } else {
+        deleteClass(toTop, active);
+      }
+    });
+  })();
+}
+
+window.addEventListener('load', loadActions());
diff --git a/lolrmm.com/themes/compose/assets/js/search.js b/lolrmm.com/themes/compose/assets/js/search.js
new file mode 100644
index 00000000..a30ae0ac
--- /dev/null
+++ b/lolrmm.com/themes/compose/assets/js/search.js
@@ -0,0 +1,209 @@
+function initializeSearch(index) {
+  let search_keys = ['title', 'id', 'link', 'body', 'section'];
+  search_keys = search_keys.concat(other_searchable_fields);
+
+  const search_page_element = elem('#searchpage');
+
+  const search_options = {
+    ignoreLocation: true,
+    findAllMatches: true,
+    includeScore: true,
+    shouldSort: true,
+    keys: search_keys,
+    threshold: 0.5
+  };
+
+  index = new Fuse(index, search_options);
+
+  function minQueryLen(query) {
+    query = query.trim();
+    const query_is_float = parseFloat(query);
+    const min_query_length = query_is_float ? 1 : 2;
+    return min_query_length;
+  }
+
+  function searchResults(results=[], query="", passive = false) {
+    let results_fragment = new DocumentFragment();
+    let show_results = elem('.search_results');
+    if(passive) {
+      show_results = search_page_element;
+    }
+    emptyEl(show_results);
+
+    const query_len = query.length;
+    const required_query_len = minQueryLen(query);
+
+    if(results.length && query_len >= required_query_len) {
+      let results_title = createEl('h3');
+      results_title.className = 'search_title';
+      results_title.innerText = quick_links;
+
+      let go_back_button = createEl('button');
+      go_back_button.textContent = 'Go Back';
+      go_back_button.className = go_back_class;
+      if(passive) {
+        results_title.innerText = search_results_label;
+      }
+      if(!search_page_element) {
+        results = results.slice(0,8);
+      } else {
+        results_fragment.appendChild(go_back_button);
+        results = results.slice(0,12);
+      }
+      results_fragment.appendChild(results_title);
+
+      results.forEach(function(result){
+        let item = createEl('a');
+        item.href = `${result.link}?query=${query}`;
+        item.className = 'search_result';
+        item.style.order = result.score;
+        if(passive) {
+          pushClass(item, 'passive');
+          let item_title = createEl('h3');
+          item_title.textContent = result.title;
+          item.appendChild(item_title);
+
+          let item_description = createEl('p');
+          // position of first search term instance
+          let query_instance = result.body.indexOf(query);
+          item_description.textContent = `${result.body.substring(query_instance, query_instance + 200)}`;
+          item.appendChild(item_description);
+        } else {
+          item.textContent = result.title;
+        }
+        results_fragment.appendChild(item);
+      });
+    }
+
+    if(query_len >= required_query_len) {
+      if (!results.length) {
+        show_results.innerHTML = `<span class="search_result">${no_matches_found}</span>`;
+      }
+    } else {
+      show_results.innerHTML = `<label for="find" class="search_result">${ query_len > 1 ? short_search_query : type_to_search }</label>`
+    }
+
+    show_results.appendChild(results_fragment);
+  }
+
+  function search(search_term, scope = null, passive = false) {
+    if(search_term.length) {
+      let raw_results = index.search(search_term);
+      raw_results = raw_results.map(function(result){
+        const score = result.score;
+        const result_item = result.item;
+        result_item.score = (parseFloat(score) * 50).toFixed(0);
+        return result_item;
+      })
+
+      if(scope) {
+        raw_results = raw_results.filter(result_item => {
+          return result_item.section == scope;
+        });
+      }
+
+      passive ? searchResults(raw_results, search_term, true) : searchResults(raw_results, search_term);
+
+    } else {
+      passive ? searchResults([], "", true) : searchResults();
+    }
+  }
+
+  function liveSearch() {
+    const search_field = elem(search_field_class);
+
+    if (search_field) {
+      const search_scope = search_field.dataset.scope;
+      search_field.addEventListener('input', function() {
+        const search_term = search_field.value.trim().toLowerCase();
+        search(search_term, search_scope);
+      });
+
+      if(!search_page_element) {
+        search_field.addEventListener('search', function(){
+          const search_term = search_field.value.trim().toLowerCase();
+          if(search_term.length)  {
+            const scope_parameter = search_scope ? `&scope=${search_scope}` : '';
+            window.location.href = new URL(`search/?query=${search_term}${ scope_parameter }`, root_url).href;
+          }
+        });
+      }
+    }
+  }
+
+  function findQuery(query = 'query') {
+    const url_params = new URLSearchParams(window.location.search);
+    return url_params.has(query) ? url_params.get(query) : "";
+  }
+
+  function passiveSearch() {
+    if(search_page_element) {
+      const search_term = findQuery();
+      const search_scope = findQuery('scope');
+      // search actively after search page has loaded
+      const search_field = elem(search_field_class);
+
+      search(search_term, search_scope, true);
+
+      if(search_field) {
+        search_field.addEventListener('input', function() {
+          const search_term = search_field.value.trim().toLowerCase();
+          search(search_term, true);
+          wrapText(search_term, main);
+        });
+      }
+    }
+  }
+
+  function hasSearchResults() {
+    const search_results = elem('.results');
+    if(search_results) {
+        const body = search_results.innerHTML.length;
+        return [search_results, body];
+    }
+    return false
+  }
+
+  function clearSearchResults() {
+    let search_results = hasSearchResults();
+    if(search_results) {
+      search_results = search_results[0];
+      search_results.innerHTML = "";
+      // clear search field
+      const search_field = elem(search_field_class);
+      search_field.value = "";
+    }
+  }
+
+  function onEscape(fn){
+    window.addEventListener('keydown', event => event.code === "Escape" ? fn() : false);
+  }
+
+  let main = elem('main');
+  main = main ? main : elem('.main');
+
+  search_page_element ? false : liveSearch();
+  passiveSearch();
+
+  wrapText(findQuery(), main);
+
+  onEscape(clearSearchResults);
+
+  window.addEventListener('click', function(event){
+    const target = event.target;
+    const is_search = target.closest(search_class) || target.matches(search_class);
+    !is_search && !search_page_element ? clearSearchResults() : false;
+  });
+}
+
+window.addEventListener('load', function() {
+  const page_language = document.documentElement.lang;
+  const search_index = `${ page_language === 'en' ? '': page_language}/index.json`;
+  fetch(new URL(search_index, root_url).href)
+  .then(response => response.json())
+  .then(function(search_data) {
+    search_data = search_data.length ? search_data : [];
+    initializeSearch(search_data);
+  })
+  .catch((error) => console.error(error));
+});
diff --git a/lolrmm.com/themes/compose/assets/js/variables.js b/lolrmm.com/themes/compose/assets/js/variables.js
new file mode 100644
index 00000000..ef9fa50c
--- /dev/null
+++ b/lolrmm.com/themes/compose/assets/js/variables.js
@@ -0,0 +1,68 @@
+'use strict';
+
+// global variables;
+const doc = document.documentElement;
+const toggle_id = 'toggle';
+const show_id = 'show';
+const menu = 'menu';
+const active = 'active';
+// root_url must end with '/' for relative URLs to work properly
+let root_url = '{{ strings.TrimSuffix "/" .Site.BaseURL }}/';
+root_url = root_url.startsWith('http') ? root_url : window.location.origin;
+
+const search_field_class = '.search_field';
+const search_class = '.search';
+const go_back_class = 'button_back';
+const line_class = '.line';
+
+// config defined values
+const code_block_config = JSON.parse('{{ partial "functions/getCodeConfig" . }}');
+const iconsPath = `{{ partialCached "functions/getIconPath" . }}`;
+
+// values defined under config/_default/params.toml
+let other_searchable_fields = '{{ delimit (default slice site.Params.otherSearchableFields) ", " }}'
+
+if(other_searchable_fields.length > 2) {
+  other_searchable_fields = other_searchable_fields
+    .split(",")
+    .map(search_value => search_value.toLowerCase().trim());
+} else {
+  other_searchable_fields = [];
+}
+
+// defined in i18n / translation files
+const quick_links = '{{ T "quick_links" }}';
+const search_results_label = '{{ T "search_results_label" }}';
+const short_search_query = '{{ T "short_search_query" }}'
+const type_to_search = '{{ T "type_to_search" }}';
+const no_matches_found = '{{ T "no_matches" }}';
+const copy_text = '{{ T "copy" }}';
+const copied_text = '{{ T "copied" }}';
+const toggle_line_numbers_text = '{{ T "toggle_line_numbers" }}';
+const toggle_line_wrap_text = '{{ T "toggle_line_wrap" }}';
+const resize_snippet = '{{ T "resize_snippet" }}';
+const not_set = '{{ T "not_set" }}';
+
+const shell_based = ['sh', 'shell', 'zsh', 'bash'];
+
+const body = elem('body');
+const max_lines = code_block_config.maximum;
+const show_lines = code_block_config.show;
+const copy_id = 'panel_copy';
+const wrap_id = 'panel_wrap';
+const lines_id = 'panel_lines';
+const panel_expand = 'panel_expand';
+const panel_expanded = 'panel_expanded';
+const panel_box = 'panel_box';
+const panel_hide = 'panel_hide';
+const panel_from = 'panel_from';
+const full_height = 'initial';
+const highlight = 'highlight';
+const highlight_wrap = 'highlight_wrap'
+
+const light = 'light';
+const dark = 'dark';
+const storageKey = 'colorMode';
+const key = '--color-mode';
+const mode_data = 'data-mode';
+const bank = window.localStorage;
diff --git a/lolrmm.com/themes/compose/assets/sass/_base.sass b/lolrmm.com/themes/compose/assets/sass/_base.sass
new file mode 100644
index 00000000..e46c0bdd
--- /dev/null
+++ b/lolrmm.com/themes/compose/assets/sass/_base.sass
@@ -0,0 +1,255 @@
+*
+  box-sizing: border-box
+  -webkit-appearance: none
+  margin: 0
+  padding: 0
+
+body, html
+  scroll-behavior: smooth
+  scroll-padding-top: 1rem
+  font-kerning: normal
+  -webkit-text-size-adjust: 100%
+  font-size: 18px
+
+body
+  font-family: var(--font)
+  background-color: var(--bg)
+  color: var(--text)
+  line-height: 1.5
+  margin: 0 auto
+  position: relative
+  font-kerning: normal
+  display: flex
+  flex-direction: column
+  justify-content: space-between
+  min-height: 100vh
+  -webkit-font-smoothing: antialiased
+  -moz-osx-font-smoothing: grayscale
+  -webkit-overflow-scrolling: touch
+  max-width: 1440px
+  @media screen and (min-width: 1640px)
+    max-width: 1600px
+
+a
+  text-decoration: none
+  color: inherit
+p
+  padding: 0.75rem 0
+  // opacity: 0.9
+  &:empty
+    display: none
+li
+  &, p
+    padding: 0.25rem 0
+blockquote
+  opacity: 0.8
+  padding: 1rem
+  position: relative
+  quotes: '\201C''\201D''\2018''\2019'
+  margin: 0.75rem 0
+  display: flex
+  flex-flow: row wrap
+  background-repeat: no-repeat
+  background-size: 5rem
+  background-position: 50% 50%
+  position: relative
+  background-color: var(--accent)
+  border-radius: 0.25rem
+  overflow: hidden
+  &::before
+    content: ""
+    padding: 2px
+    position: absolute
+    top: 0
+    bottom: 0
+    left: 0
+    background: var(--theme)
+
+  p
+    padding-left: 0.5rem !important
+    font-size: 1.1rem !important
+    width: 100%
+    font-style: italic
+
+h1,h2,h3,h4,h5
+  font-family: inherit
+  font-weight: 500
+  padding: 0.33rem 0
+  color: inherit
+  line-height: 1.35
+
+h1
+  font-size: 200%
+h2
+  font-size: 175%
+h3
+  font-size: 150%
+h4
+  font-size: 125%
+h5
+  font-size: 120%
+h6
+  font-size: 100%
+
+img, svg, figure
+  max-width: 100%
+  vertical-align: middle
+img
+  height: auto
+  margin: 1rem auto
+  padding: 0
+
+main
+  flex: 1
+  @media screen and (min-width: 42rem)
+    padding-bottom: 45px
+
+ol, ul
+  list-style: none
+
+b, strong
+  font-weight: 500
+
+hr
+  border: none
+  padding: 1px
+  background: var(--border-color)
+  margin: 1rem 0
+
+.aside
+  overflow-y: auto
+  background: var(--bg)
+  border-radius: 0.25rem
+  align-self: start
+  max-height: 80vh
+  position: sticky
+  z-index: 9999
+  top: 0
+  padding: 1rem 0
+  @media screen and (min-width: 42rem)
+    padding: 1rem 1.5rem
+    top: 2.5rem
+    margin-top: 1rem
+    padding-top: 0
+  &_inner
+    height: 0
+    overflow: hidden
+    @media screen and (min-width: 42rem)
+      height: initial
+  &.show &_inner
+    height: initial
+    overflow: visible
+  &_toggle
+    padding: 0.5rem 1.5rem
+    border-radius: 0.5rem
+    background: var(--accent)
+    transform: translateY(-1rem)
+    display: flex
+    justify-content: space-between
+    @media screen and (min-width: 42rem)
+      display: none
+  h3
+    position: relative
+  ul
+    padding: 0
+    list-style: none
+
+th, td
+  padding: 0.5rem
+  font-weight: 400 !important
+  &:not(:first-child)
+    padding-left: 1.5rem
+
+thead
+  background: var(--theme)
+  color: var(--light)
+  font-weight: 400
+  text-align: left
+
+tbody
+  tr
+    &:nth-child(even)
+      background-color: var(--accent) !important
+      box-shadow: 0 1rem 0.75rem -0.75rem rgba(0,0,0,0.07)
+
+table
+  margin: 1.5rem 0
+  width:  100%
+
+.main
+  flex: 1
+  > .grid-auto
+    @media screen and (max-width: 667px)
+      grid-gap: 0
+
+.page
+  &-home
+    h1
+      font-weight: 300
+
+.content
+  ul, ol
+    padding-left: 1.1rem
+  ul
+    list-style: initial
+  ol
+    list-style: decimal
+  a:not(.button)
+    color: var(--theme)
+
+::placeholder
+  font-size: 1rem
+
+svg
+  &.icon_sort
+    fill: var(--light)
+    height: 0.7rem
+    width: 0.7rem
+    display: inline-block
+    margin-left: auto
+    vertical-align: middle
+
+canvas
+  margin: 2.5rem auto 0 auto
+  max-width: 450px !important
+  max-height: 450px !important
+
+footer
+  min-height: 150px
+
+del
+  opacity: 0.5
+
+#toTop
+  background: transparent
+  outline: 0.5rem solid transparent
+  height: 2rem
+  width: 2rem
+  cursor: pointer
+  padding: 0.5rem
+  display: flex
+  align-items: center
+  justify-content: center
+  position: fixed
+  right: 0
+  bottom: 2.25rem
+  transform: rotate(45deg) translate(5rem) 
+  opacity: 0
+  transition: opacity 0.5s var(--ease), transform 0.25s var(--ease)
+  z-index: 5
+  &.active
+    right: 1.5rem
+    opacity: 1
+    transform: rotate(45deg) translate(0)
+  &::after, &::before
+    position: absolute
+    display: block
+    width: 1rem
+    height: 1rem
+    content: ""
+    border-left: 1px solid var(--text)
+    border-top: 1px solid var(--text)
+  &::after
+    width: 0.67rem
+    height: 0.67rem
+    transform: translate(0.1rem, 0.1rem)
diff --git a/lolrmm.com/themes/compose/assets/sass/_blog.sass b/lolrmm.com/themes/compose/assets/sass/_blog.sass
new file mode 100644
index 00000000..918453c0
--- /dev/null
+++ b/lolrmm.com/themes/compose/assets/sass/_blog.sass
@@ -0,0 +1,306 @@
+@mixin shadow($opacity: 0.17)
+  box-shadow: 0 0 3rem rgba(0,0,0,$opacity)
+  &:hover
+    box-shadow: 0 0 5rem rgba(0,0,0, (1.5 * $opacity))
+
+.post
+  margin: 0 auto
+  width: 100%
+  p, h1, h2, h3, h4, h5, h6, blockquote, ol, ul, .highlight_wrap, hr
+    max-width: 840px !important
+    margin-left: auto
+    margin-right: auto
+
+  img:not(.icon)
+    @media screen and (min-width: 1025px)
+      display: block
+      width: 100vw
+      max-width: 1024px
+      margin-left: auto
+      margin-right: auto
+
+  h2,h3,h4
+    margin: 0.5rem auto
+    text-align: left
+    padding: 5px 0 0 0
+
+  p
+    padding-bottom: 0.5rem
+    padding-top: 0.5rem
+    font-size: 1.05rem
+
+  &s
+    display: flex
+    justify-content: space-between
+    flex-flow: row wrap
+    width: 100%
+    align-items: stretch
+
+  &s:not(.aside)
+    padding: 0 30px
+
+  ol
+    padding: 1rem 1.25rem
+
+  &_body
+    img
+      width: 100%
+      max-width: 100%
+  &_inner
+    a
+      color: var(--theme)
+      transition: all 0.3s
+      &:hover
+        opacity: 0.8
+        text-decoration: underline
+
+    img:not(.icon)
+      margin-bottom: 2rem
+      box-shadow: 0 1.5rem 1rem -1rem rgba(0,0,0,0.25)
+      ~ h1, ~ h2, ~ h3, ~ h4
+        margin-top: 0
+        padding-top: 0
+
+  .icon
+    margin-top: 0
+    margin-bottom: 0
+
+  &_date
+    color: var(--theme)
+
+  &_copy
+    opacity: 0
+    transition: opacity 0.3s ease-out
+
+  &_item
+    @include shadow
+    margin: 1.25rem 0
+    border-radius: 10px
+    overflow: hidden
+    width: 100%
+    @media screen and (min-width:667px)
+      width: 47%
+
+  &_item:hover &_copy
+    opacity: 1
+
+  &_link
+    padding: 2.5px 0
+    font-size: 1.25em
+    margin: 2.5px 0
+    text-align: left
+
+  &_meta
+    overflow: hidden
+    opacity: 0.8
+    font-size: 0.84rem
+    font-weight: 500
+    display: inline-grid
+    grid-template-columns: auto 1fr
+    background-color: var(--light)
+    padding: 0
+    align-items: center
+    border-radius: 0.3rem
+    color: var(--dark)
+    text-transform: capitalize
+    a
+      &:hover
+        color: var(--theme)
+        text-decoration: underline
+        opacity: 0.9
+
+  &_extra
+    display: flex
+    justify-content: flex-end
+
+  &_tag
+    font-size: 0.75rem !important
+    font-weight: 500
+    background: var(--theme)
+    color: var(--light)
+    padding: 0.25rem 0.67rem !important
+    text-transform: uppercase
+    display: inline-flex
+    border-radius: 5px
+
+  &_title
+    margin: 1.75rem 0 1rem
+
+  &_time
+    background: var(--theme)
+    display: inline-grid
+    padding: 0.2rem 0.75rem
+    color: var(--light)
+
+  &_thumbnail
+    width: 100%
+    margin: 0
+
+  &_nav
+    padding: 3rem 1.5rem
+    display: grid
+    margin: 2.25rem auto 1rem
+    text-align: center
+    color: var(--theme)
+    // box-shadow: 0 1rem 3rem -1rem rgba(0,0,0,0.15)
+    text-transform: uppercase
+    &, span
+      position: relative
+      z-index: 3
+
+    &::before
+      content: ""
+      position: absolute
+      background: var(--accent)
+      top: 0
+      left: 0
+      bottom: 0
+      right: 0
+      z-index: 1
+      border-radius: 1rem
+
+  &_next
+    display: inline-grid
+    margin: 0 auto
+    width: 10rem
+    grid-template-columns: 1fr 1.33rem
+    &::after
+      content: ""
+      background-image: var(--next-icon-path)
+      background-repeat: repeat no-repeat
+      background-size: 0.8rem
+      background-position: center right
+
+// .pager
+//   display: grid
+//   grid-template-columns: 2.5rem 1fr 2.5rem
+//   margin: 2rem auto 0
+//   max-width: 12.5rem
+//   &, &_item
+//     justify-content: center
+//     align-items: center
+
+//   &_item
+//     height: 2.5rem
+//     width: 2.5rem
+//     display: inline-flex
+//     margin-left: 5px
+//     margin-right: 5px
+//     background-color: var(--accent)
+//     color: var(--light)
+//     border-radius: 50%
+//     &:hover
+//       opacity: 0.5
+
+//   span
+//     text-align: center
+
+.excerpt
+  padding: 0 10px 1.5rem 10px
+  position: relative
+  z-index: 1
+  &_meta
+    display: flex
+    justify-content: space-between
+    align-items: center
+    transform: translateY(-2.5rem)
+    position: relative
+    z-index: 5
+
+.archive
+  &_item
+    display: grid
+    padding: 1.5rem 0
+
+  &_title
+    margin: 0
+
+.article
+  box-shadow: 0 0.5rem 2rem rgba(0,0,0,0.12)
+  overflow: hidden
+  border-radius: 0.5rem
+  &_title
+    margin: 0
+  &_excerpt
+    &:not(.visible)
+      height: 0
+      opacity: 0
+    transition: height 0.5s, opacity 0.5s
+  &_excerpt,
+  &_meta
+    transform-origin: bottom
+  &_meta
+    padding: 10px 1.25rem 1.25rem
+    color: var(--text)
+    position: relative
+    z-index: 2
+    transition: margin-top 0.5s
+    background: var(--bg)
+    &.center_y
+      transform-origin: center
+      transition: transform 0.5s
+      display: flex
+      flex-direction: column
+      justify-content: center
+      @media screen and (min-width: 42rem)
+        left: -2rem
+
+  &_thumb
+    display: grid
+    position: relative
+    z-index: 0
+    overflow: hidden
+    height: 15rem
+    background-size: cover
+    background-position: 50% 50%
+    @media screen and (min-width: 35rem)
+      height: 22.5rem
+
+    img
+      transition: transform 0.5s, opacity 0.5s
+
+    &::after
+      content: ''
+      position: absolute
+      top: 0
+      left: 0
+      width: 100%
+      bottom: 0
+      z-index: 1
+      background: var(--bg)
+      opacity: 0
+      transition: opacity 0.1s ease-out
+
+  &_showcase &_thumb
+    height: 15rem
+
+  &_showcase &_meta
+    padding-top: 1.5rem
+
+  &:hover &_thumb
+    img
+      transform: scale(1.1)
+
+    &::after
+      transition: opacity 0.1s ease-out
+      opacity: 0.5
+
+  &:hover &_excerpt:not(.visible)
+    height: 75px
+    opacity: 1
+
+  &:hover &_meta
+    &:not(.center_y)
+      margin-top: -75px
+
+    @media screen and (min-width: 769px)
+      &.center_y
+        transform: translateX(-3rem)
+
+  &:hover
+    box-shadow: 0 1.5rem 6rem rgba(0,0,0,0.17)
+    a
+      color: initial !important
+
+  &_hidden
+    display: none
\ No newline at end of file
diff --git a/lolrmm.com/themes/compose/assets/sass/_chart.sass b/lolrmm.com/themes/compose/assets/sass/_chart.sass
new file mode 100644
index 00000000..d376872c
--- /dev/null
+++ b/lolrmm.com/themes/compose/assets/sass/_chart.sass
@@ -0,0 +1,38 @@
+@keyframes chartjs-render-animation
+  0%
+    opacity: .99
+  100%
+    opacity: 1
+
+.chartjs
+  &-render-monitor
+    animation: chartjs-render-animation 1ms
+
+  &-size-monitor
+    &, &-expand, &-shrink
+      position: absolute
+      direction: ltr
+      left: 0
+      top: 0
+      right: 0
+      bottom: 0
+      overflow: hidden
+      pointer-events: none
+      visibility: hidden
+      z-index: -1
+    
+    &-expand
+      > div
+        position: absolute
+        width: 1000000px
+        height: 1000000px
+        left: 0
+        top: 0
+      
+    &-shrink
+      > div
+        position: absolute
+        width: 200%
+        height: 200%
+        left: 0
+        top: 0
diff --git a/lolrmm.com/themes/compose/assets/sass/_components.sass b/lolrmm.com/themes/compose/assets/sass/_components.sass
new file mode 100644
index 00000000..2cd95f26
--- /dev/null
+++ b/lolrmm.com/themes/compose/assets/sass/_components.sass
@@ -0,0 +1,339 @@
+.section
+  &_title
+    font-size: 1.25rem
+  &_link
+    font-size: 1rem
+    font-weight: 400
+
+.sidebar
+  &-link
+    display: grid
+    padding: 0.2rem 0
+
+.toc
+  border-left: 2px solid var(--theme)
+  padding: 0 1rem
+  height: 0
+  overflow: hidden
+  filter: opacity(0.87)
+  &_item
+    font-size: 0.9rem
+  &_active
+    height: initial
+.search
+  flex: 1
+  display: flex
+  justify-content: flex-end
+  position: relative
+  &_field
+    padding: 0.5rem 1.5rem 0.5rem 2.5rem
+    border-radius: 1.5rem
+    width: 13.5rem
+    outline: none
+    border: 1px solid var(--search-border-color)
+    background: transparent
+    color: var(--text)
+    box-shadow: 0 1rem 4rem rgba(0,0,0,0.17)
+    font-size: 1rem
+    &:hover, &:focus
+      background: var(--search-bg)
+  &_label
+    width: 1rem
+    height: 1rem
+    position: absolute
+    left: 0.33rem
+    top: 0.25rem
+    opacity: 0.33
+    svg
+      width: 100%
+      height: 100%
+      fill: var(--text)
+  &_result
+    padding: 0.5rem 1rem
+    &:not(.passive):hover
+      background-color: var(--theme)
+      color: var(--light)
+    &.passive
+      display: grid
+    &s
+      width: 13.5rem
+      background-color: var(--overlay)
+      border-radius: 0 0 0.25rem 0.25rem
+      box-shadow: 0 1rem 4rem rgba(0,0,0,0.17)
+      position: absolute
+      top: 125%
+      display: grid
+      overflow: hidden
+      z-index: 5
+      &:empty
+        display: none
+  &_title
+    padding: 0.5rem 1rem 0.5rem 1rem
+    background: var(--theme)
+    color: var(--light)
+    font-size: 0.9rem
+    opacity: 0.87
+    text-transform: uppercase
+
+.button
+  background-color: var(--theme)
+  color: var(--light)
+  border-radius: 0.25rem
+  display: inline-block
+  padding: 0.75rem 1.25rem
+  text-align: center
+  &:hover
+    opacity: 0.84
+  & + &
+    background-color: var(--haze)
+    color: var(--dark)
+  &_grid
+    display: grid
+    max-width: 15rem
+    grid-gap: 1rem
+    grid-template-columns: repeat( auto-fit, minmax(12rem, 1fr) )
+    @media  screen and (min-width: 557px)
+      max-width: 25rem
+
+.video
+  overflow: hidden
+  padding-bottom: 56.25%
+  position: relative
+  height: 0
+  margin: 1.5rem 0
+  border-radius: 0.6rem
+  background-color: var(--bg)
+  box-shadow: 0 1rem 2rem rgba(0,0,0,0.17)
+  iframe
+    left: 0
+    top: 0
+    height: 100%
+    width: 100%
+    border: none
+    position: absolute
+    transform: scale(1.02)
+.icon
+  width: 1.1rem
+  height: 1.1rem
+  display: inline-flex
+  justify-content: center
+  align-items: center
+  margin: 0 0.5rem
+
+.link
+  opacity: 0
+  position: relative
+  &_owner:hover &
+    opacity: 1
+  &_yank
+    opacity: 1
+    &ed
+      position: absolute
+      right: -2.2rem
+      top: -2rem
+      background-color: var(--theme)
+      color: var(--light)
+      width: 7rem
+      padding: 0.25rem 0.5rem
+      font-size: 0.9rem
+      border-radius: 1rem
+      text-align: center
+      &::after
+        position: absolute
+        top: 1rem
+        content: ""
+        border-color: var(--theme) transparent
+        border-style: solid
+        border-width: 1rem 1rem 0 1rem
+        height: 0
+        width: 0
+        transform-origin: 50% 50%
+        transform: rotate(145deg)
+        right: 0.45rem
+
+.gallery
+  width: 100%
+  column-count: 3
+  column-gap: 1rem
+  @media screen and (max-width: 667px)
+    column-count: 2
+  &_item
+    background-color: transparent
+    margin: 0 0 1rem
+  &_image
+    margin: 0 auto
+
+.pager
+  display: flex
+  justify-content: space-between
+  align-items: center
+  padding-top: 2rem
+  margin: 2rem 0
+  max-width: 100vw
+  overflow: hidden
+  svg
+    filter: opacity(0.75)
+    width: 1.25rem
+    height: 1rem
+    transform-origin: 50% 50%
+
+  &_lean
+    justify-content: flex-end
+
+  &_label
+    max-width: 100%
+    overflow: hidden
+    white-space: nowrap
+    text-overflow: ellipsis
+
+  &_link
+    padding: 0.5rem 1rem
+    border-radius: 0.25rem
+    width: 12.5rem
+    max-width: 40vw
+    position: relative
+    display: flex
+    align-items: center
+    text-align: center
+    justify-content: center
+    &::before, &::after
+      background-image: var(--next-icon)
+      height: 0.8rem
+      width: 0.8rem
+      background-size: 100%
+      background-repeat: no-repeat
+      transform-origin: 50% 50%
+
+  &_item
+    display: flex
+    flex-direction: column
+    flex: 1
+    max-width: 48%
+    // filter: opacity(0.87)
+    &.prev
+      align-items: flex-start
+      // margin-right: 0.5rem
+
+    &.next
+      align-items: flex-end
+      // margin-left: 0.5rem
+      &::after
+        content: ""
+
+  &_item.prev &_link
+    &::before
+      content: ""
+      transform: rotate(180deg)
+      margin-right: 0.67rem
+
+  &_item.next &_link
+    &::after
+      content: ""
+      margin-left: 0.67rem
+
+  &_item.next &_link
+    grid-template-columns: 1fr 1.5rem
+
+  &_meta
+    margin: 0.5rem 0
+
+.color
+  &_mode
+    height: 1rem
+    margin-left: 1.5rem
+
+  &_choice
+    outline: none
+    border: none
+    -webkit-appearance: none
+    height: 1rem
+    position: relative
+    width: 1rem
+    border-radius: 1rem
+    cursor: pointer
+    z-index: 2
+    right: 0
+    filter: contrast(0.8)
+
+    &::after
+      content: ""
+      top: 0.1rem
+      bottom: 0
+      left: 0
+      position: absolute
+      height: 0.8rem
+      background: var(--accent)
+      width: 0.8rem
+      border-radius: 0.25rem
+      z-index: 3
+      transform: scale(1.67)
+      transform-origin: 50% 50%
+      transition: transform 0.5s cubic-bezier(.19,1,.22,1)
+      will-change: transform
+      background-image: var(--sun-icon)
+      background-size: 60%
+      background-repeat: no-repeat
+      background-position: center
+
+  &_icon
+    height: 1rem
+    width: 1rem
+    margin: 0
+    z-index: 4
+    position: absolute
+    transform: translateY(-50%)
+    transition: transform 0.5s cubic-bezier(.19,1,.22,1)
+    right: 3.5rem
+
+.tip
+  padding: 1.5rem 1rem 1.5rem 1.5rem
+  margin: 1.5rem 0
+  border-left: 0.2rem solid var(--theme)
+  position: relative
+  background: var(--accent)
+  blockquote
+    padding: 0
+    margin: 0
+    border: none
+    &::before
+      display: none
+  p
+    &:first-child, ~ p
+      padding-top: 0
+    &:last-child
+      padding-bottom: 0
+  &_warning
+    --theme: var(--inline-color)
+  &_warning::before
+    transform: rotate(180deg)
+  &::before
+    content: ""
+    position: absolute
+    left: -0.85rem
+    top: 1.5rem
+    z-index: 3
+    padding: 0.75rem
+    transform-origin: 50% 50%
+    border-radius: 50%
+    background-color: var(--theme)
+    background-image: var(--info-icon)
+    background-size: 12%
+    background-position: 50% 50%
+    background-repeat: no-repeat
+
+.mermaid
+  --theme: darkgoldenrod
+  background-color: transparent !important
+  margin-bottom: 2.5rem
+  svg
+    margin: 0 auto
+    display: block
+  .actor, .labelBox, .classGroup rect
+    fill: var(--theme) !important
+    stroke: var(--theme) !important
+  .messageText, tspan, text
+    fill: var(--text) !important
+    stroke: var(--text) !important
+  .messageLine0, .loopLine
+    stroke: var(--theme) !important
+    fill: var(--theme) !important
diff --git a/lolrmm.com/themes/compose/assets/sass/_custom.sass b/lolrmm.com/themes/compose/assets/sass/_custom.sass
new file mode 100644
index 00000000..2d22745d
--- /dev/null
+++ b/lolrmm.com/themes/compose/assets/sass/_custom.sass
@@ -0,0 +1,4 @@
+// add customs styles and general overrides here
+// due to the cascading nature of css, if you try to override theme css variables in this file, those changes will not apply. Instead, override css variables in the `override.sass` file
+// we recommend not editing this file directly. Instead, create an `assets/sass/_custom.sass` file at the root level of your site.
+// if you edit this file directly, you will have to resolve git conflicts when and if you decide to pull changes we make on the theme
diff --git a/lolrmm.com/themes/compose/assets/sass/_fonts.sass b/lolrmm.com/themes/compose/assets/sass/_fonts.sass
new file mode 100644
index 00000000..29d5f29a
--- /dev/null
+++ b/lolrmm.com/themes/compose/assets/sass/_fonts.sass
@@ -0,0 +1,42 @@
+$font-path: "../fonts"
+@font-face
+  font-family: 'Metropolis'
+  font-style: normal
+  font-weight: 400
+  src: local('Metropolis Regular'), local('Metropolis-Regular'), url('#{$font-path}/Metropolis-Regular.woff2') format('woff2'), url('#{$font-path}/Metropolis-Regular.woff') format('woff')
+  font-display: swap
+
+@font-face
+  font-family: 'Metropolis'
+  font-style: normal
+  font-weight: 300
+  src: local('Metropolis Light'), local('Metropolis-Light'), url('#{$font-path}/Metropolis-Light.woff2') format('woff2'), url('#{$font-path}/Metropolis-Light.woff') format('woff')
+  font-display: swap
+
+@font-face
+  font-family: 'Metropolis'
+  font-style: italic
+  font-weight: 300
+  src: local('Metropolis Light Italic'), local('Metropolis-LightItalic'), url('#{$font-path}/Metropolis-LightItalic.woff2') format('woff2'), url('#{$font-path}/Metropolis-LightItalic.woff') format('woff')
+  font-display: swap
+
+@font-face
+  font-family: 'Metropolis'
+  font-style: normal
+  font-weight: 500
+  src: local('Metropolis Medium'), local('Metropolis-Medium'), url('#{$font-path}/Metropolis-Medium.woff2') format('woff2'), url('#{$font-path}/Metropolis-Medium.woff') format('woff')
+  font-display: swap
+
+@font-face
+  font-family: 'Metropolis'
+  font-style: italic
+  font-weight: 500
+  src: local('Metropolis Medium Italic'), local('Metropolis-MediumItalic'), url('#{$font-path}/Metropolis-MediumItalic.woff2') format('woff2'), url('#{$font-path}/Metropolis-MediumItalic.woff') format('woff')
+  font-display: swap
+
+@font-face
+  font-family: 'Cookie'
+  font-style: normal
+  font-weight: 400
+  src: local('Cookie-Regular'), url('#{$font-path}/cookie-v10-latin-regular.woff2') format('woff2'), url('#{$font-path}/cookie-v10-latin-regular.woff') format('woff')
+  font-display: swap
diff --git a/lolrmm.com/themes/compose/assets/sass/_nav.sass b/lolrmm.com/themes/compose/assets/sass/_nav.sass
new file mode 100644
index 00000000..919ca5d4
--- /dev/null
+++ b/lolrmm.com/themes/compose/assets/sass/_nav.sass
@@ -0,0 +1,70 @@
+.nav
+  display: grid
+  grid-gap: 1rem
+  padding: 0 1.5rem !important
+  align-items: center
+  background-color: var(--bg)
+  @media screen and (min-width: 992px)
+    grid-template-columns: 10rem 1fr
+  &_brand
+    position: relative
+    picture, img
+      max-width: 10rem
+  &_header
+    position: absolute
+    top: 0
+    left: 0
+    width: 100%
+    background-color: var(--bg)
+    z-index: 999999
+  &_toggle
+    position: absolute
+    top: 0
+    bottom: 0
+    width: 3rem
+    display: flex
+    align-items: center
+    justify-content: flex-end
+    text-align: center
+    right: 0
+    color: var(--text)
+    @media screen and (min-width: 992px)
+      display: none
+  &_body
+    display: flex
+    flex-direction: column
+    background: var(--accent)
+    position: fixed
+    left: 0
+    top: 0
+    bottom: 0
+    height: 100vh
+    transition: transform 0.25s var(--ease)
+    transform: translateX(-101vw)
+    @media screen and (min-width: 992px)
+      transform: translateX(0)
+      position: relative
+      height: initial
+      justify-content: flex-end
+      background: transparent
+      flex-direction: row
+  &.show &_body
+    transform: translateX(0)
+    box-shadow: 0 1rem 4rem rgba(0,0,0,0.1)
+    background: var(--bg)
+    li:first-child
+      margin: 1.5rem 1rem 0.5rem 1rem
+    // input
+    //   background: var(--accent)
+  &-link
+    display: inline-flex
+    padding: 0.5rem 1rem
+  &-item
+    display: grid
+    align-items: center
+    .search
+      @media screen and (min-width: 992px)
+        margin-right: 1.5rem
+  &_repo
+    picture, img
+      max-width: 1.25rem
diff --git a/lolrmm.com/themes/compose/assets/sass/_syntax.sass b/lolrmm.com/themes/compose/assets/sass/_syntax.sass
new file mode 100644
index 00000000..9253c308
--- /dev/null
+++ b/lolrmm.com/themes/compose/assets/sass/_syntax.sass
@@ -0,0 +1,246 @@
+@keyframes pulse
+  0%
+    opacity: 1
+  75%
+    opacity: 0.1
+  100%
+    opacity: 1
+
+code
+  font-size: 15px
+  font-weight: 400
+  overflow-y: hidden
+  display: block
+  font-family: 'Monaco', monospace
+  word-break: break-all
+  &.noClass
+    color: var(--inline-color)
+    display: inline
+    line-break: anywhere
+.windows .highlight
+  overflow-x: hidden
+  &:hover
+    overflow-x: auto
+
+.highlight
+  display: grid
+  width: 100%
+  border-radius: 0 0.2rem 0.2rem 0
+  overflow-x: auto
+  position: relative
+  &_wrap
+    display: grid
+    background: var(--code-bg) !important
+    border-radius: 0.5rem
+    position: relative
+    padding: 0 1rem
+    margin: 1.5rem auto 1rem auto
+    & &
+      margin: 0
+      padding: 0
+    & + &
+      margin-top: 2.25rem
+    &:hover > div
+      opacity: 1
+    .lang
+      position: absolute
+      top: 0
+      right: 0
+      text-align: right
+      width: 7.5rem
+      padding: 0.5rem 1rem
+      font-style: italic
+      text-transform: uppercase
+      font-size: 67%
+      opacity: 0.5
+      color: var(--text)
+    &:hover .lang
+      opacity: 0.1
+  & &
+    margin: 0
+  pre
+    color: var(--text) !important
+    border-radius: 4px
+    font-family: 'Monaco', monospace
+    padding-top: 1.5rem
+    padding-bottom: 2rem
+
+  table
+    display: grid
+    max-width: 100%
+    margin-bottom: 0
+    background: transparent
+  td, th
+    padding: 0
+
+  .lntd
+    width: 100%
+    border: none
+    &:first-child
+      &, pre
+        width: 2.5rem !important
+        padding-left: 0
+        padding-right: 0
+        color: rgba(255,255,255,0.5)
+        user-select: none
+
+      pre
+        width: 100%
+        display: flex
+        align-items: center
+        flex-direction: column
+
+.err
+  color: #a61717
+.hl
+  width: 100%
+  background: var(--inline-color)
+.ln, .lnt
+  margin-right: 0.75rem
+  padding: 0
+  transition: opacity 0.3s var(--ease)
+  &, span
+    color: var(--text)
+    opacity: 0.5
+    user-select: none
+
+.k, .kc, .kd, .kn, .kp, .kr, .kt, .nt  
+  color: #6ab825
+  font-weight: 500
+
+.kn, .kp
+  font-weight: 400
+
+.nb, .no, .nv
+  color: #24909d
+
+.nc, .nf, .nn
+  color: #447fcf
+
+.s, .sa, .sb, .sc, .dl, .sd, .s2, .se, .sh, .si, .sx, .sr, .s1, .ss
+  color: #ed9d13
+
+.m, .mb, .mf, .mh, .mi, .il, .mo
+  color: #3677a9
+
+.ow
+  color: #6ab825
+  font-weight: 500
+
+.c, .ch, .cm, .c1
+  color: #999
+  font-style: italic
+
+.cs
+  color: #e50808
+  background-color: #520000
+  font-weight: 500
+
+.cp, .cpf
+  color: #cd2828
+  font-weight: 500
+
+.gd, .gr
+  color: #d22323
+
+.ge
+  font-style: italic
+
+.gh, .gu, .nd, .na, .ne
+  color: #ffa500
+  font-weight: 500
+
+.gi
+  color: #589819
+
+.go
+  color: #ccc
+
+.gp
+  color: #aaa
+
+.gs
+  font-weight: 500
+
+.gt
+  color: #d22323
+.w
+  color: #666
+
+.hljs
+  &-string
+    color: #6ab825
+  &-attr
+    color: #ed9d13
+  .p &-attr
+    color: var(--light)
+
+.pre
+  &_wrap
+    white-space: pre-wrap
+    white-space: -moz-pre-wrap
+    white-space: -pre-wrap
+    white-space: -o-pre-wrap
+    word-wrap: break-word
+
+  &_nolines.ln
+    display: none
+
+// crayon-like widget styles
+.panel
+  &_box
+    display: inline-flex
+    perspective: 300px
+    grid-gap: 1rem
+    transition: opacity 0.3s var(--easing)
+    background: var(--code-bg)
+    padding: 0.5rem 1.5rem
+    border-radius: 2rem
+    align-items: center
+    position: absolute
+    right: 0rem
+    top: -2.1rem
+    opacity: 0
+  &_icon
+    display: inline-flex
+    align-items: center
+    justify-content: center
+    cursor: pointer
+    padding: 0.1rem
+    transform-origin: 50% 50%
+    margin: 0
+    &.active
+      animation: pulse 0.1s linear
+    svg
+      fill: var(--text)
+      width: 1.5rem
+      height: 1.5rem
+  &_hide
+    // hide icon if not needed
+    display: none
+  &_from
+    position: absolute
+    color: var(--theme)
+    bottom: 0
+    font-size: 1.5rem
+    font-weight: 500
+    padding: 0.5rem 0
+    cursor: pointer
+    letter-spacing: 0.1px
+    z-index: 19
+  &_expanded &_from
+    display: none
+
+.shell
+  position: relative
+  // display: flex
+  // align-items: center
+  // gap: 0.5rem
+  &::before
+    content: "$"
+    position: relative
+    margin-right: 0.36rem
+
+.line
+  &-flex
+    display: flex
\ No newline at end of file
diff --git a/lolrmm.com/themes/compose/assets/sass/_utils.sass b/lolrmm.com/themes/compose/assets/sass/_utils.sass
new file mode 100644
index 00000000..9eff9249
--- /dev/null
+++ b/lolrmm.com/themes/compose/assets/sass/_utils.sass
@@ -0,0 +1,99 @@
+.wrap
+  max-width: 1240px
+  @media screen and (min-width: 1640px)
+    max-width: 1600px
+  &, &
+    width: 100%
+    padding: 0 25px
+    margin: 0 auto
+
+@for $i from 1 through 4
+  $size: $i * 1.5rem
+  $x-size: $size * 0.5
+  .pt-#{$i}
+    padding-top: $size
+
+  .pb-#{$i}
+    padding-bottom: $size
+
+  .mt-#{$i}
+    margin-top: $size
+
+  .mb-#{$i}
+    margin-bottom: $size
+
+%grid
+  display: grid
+  grid-template-columns: 1fr
+
+[class*='grid-']
+  grid-gap: 2rem
+
+.grid-2, .grid-3, .grid-4, .grid-auto, .grid-reverse
+  @extend %grid
+
+@media screen and (min-width: 42rem)
+  .grid-auto
+    grid-template-columns: 2fr 5fr
+
+  .grid-reverse
+    grid-template-columns: 3fr 1fr
+
+  .grid-2
+    grid-template-columns: repeat(2, 1fr)
+
+  .grid-3
+    grid-template-columns: repeat(auto-fit, minmax(15rem, 1fr))
+
+  .grid-4
+    grid-template-columns: repeat(auto-fit, minmax(12rem, 1fr))
+
+.active
+  color: var(--theme)
+
+.is
+  background: var(--theme)
+  color: var(--light)
+
+.toggle
+  svg
+    fill: var(--text)
+    display: inline-block
+    transform-origin: 50% 50%
+    transform: scale(1.2)
+    cursor: pointer
+    margin: 0
+
+.scrollable
+  width: 100%
+  overflow-x: hidden
+  max-width: calc(100vw - 48px)
+  @media screen and (min-width: 768px)
+    max-width: 100%
+  &:hover
+    overflow-x: auto
+
+.chart
+  display: grid
+  grid-gap: 1.5rem
+  max-width: 98vw !important
+  max-height: 98vw !important
+
+
+.link
+  display: inline-flex
+  align-items: center
+  width: 2.5rem
+  margin: 0 0.25rem
+  padding: 0 0.25rem
+  opacity: 0
+  transition: opacity 0.3s cubic-bezier(0.39, 0.575, 0.565, 1)
+  svg, img
+    width: 1.5rem
+    height: 1.5rem
+    fill: var(--theme)
+  &_owner:hover &
+    opacity: 0.9
+
+.copy
+  cursor: pointer
\ No newline at end of file
diff --git a/lolrmm.com/themes/compose/assets/sass/_variables.sass b/lolrmm.com/themes/compose/assets/sass/_variables.sass
new file mode 100644
index 00000000..0b297505
--- /dev/null
+++ b/lolrmm.com/themes/compose/assets/sass/_variables.sass
@@ -0,0 +1,51 @@
+html
+  --color-mode: "light"
+  --light: #fff
+  --dark:  rgb(28,28,30)
+  --haze: #f2f5f7
+  --bubble: rgb(36,36,38)
+  --accent: var(--haze)
+  --bg: var(--light)
+  --code-bg: var(--accent)
+  --overlay: var(--light)
+  --text: #111
+  --font: 'Metropolis', sans-serif
+  --border-color: #eee
+  --inline-color: darkgoldenrod
+  --theme: rgb(255,140,0)  /* changed to DarkOrange */
+  --ease: ease
+  --search-border-color: transparent
+  --next-icon-path: url(../images/icons/double-arrow.svg)
+  --never-icon-path: url(../images/sitting.svg)
+
+  @mixin darkmode
+    --color-mode: "dark"
+    --theme: rgb(0,191,255)  /* remains as Deep Sky Blue */
+    --bg: var(--dark)
+    --text: #eee
+    --accent: var(--bubble)
+    --overlay: var(--bubble)
+    --border-color: transparent
+    --search-bg: var(--accent)
+    --search-border-color: var(--accent)
+    *
+      box-shadow: none !important
+
+  &[data-mode="dark"]
+    @include darkmode
+    .color
+      &_choice
+        &::after
+          background-image: var(--moon-icon)
+
+  &.dark:not([data-mode="light"])
+    @media (prefers-color-scheme: dark)
+      @include darkmode
+
+%narrow
+  max-width: 750px
+  margin: 0 auto
+
+blockquote
+  + .highlight_wrap
+    margin-top: 2.25rem
diff --git a/lolrmm.com/themes/compose/assets/sass/main.sass b/lolrmm.com/themes/compose/assets/sass/main.sass
new file mode 100644
index 00000000..f08ecdf2
--- /dev/null
+++ b/lolrmm.com/themes/compose/assets/sass/main.sass
@@ -0,0 +1,16 @@
+{{ $iconsPath := partialCached "functions/getIconPath" . }}
+html
+  --info-icon: url('{{ absURL $iconsPath  }}info.svg')
+  --sun-icon: url('{{ absURL $iconsPath  }}sun.svg')
+  --moon-icon: url('{{ absURL $iconsPath  }}moon.svg')
+  --next-icon: url('{{ absURL $iconsPath  }}next.svg')
+@import "variables"
+@import "base"
+@import "nav"
+@import "components"
+@import "blog"
+@import "utils"
+@import "syntax"
+@import "fonts"
+@import "chart"
+@import "custom"
diff --git a/lolrmm.com/themes/compose/i18n/en.toml b/lolrmm.com/themes/compose/i18n/en.toml
new file mode 100644
index 00000000..51467493
--- /dev/null
+++ b/lolrmm.com/themes/compose/i18n/en.toml
@@ -0,0 +1,32 @@
+[copy]
+  other = "Copy"
+[copied]
+  other = "Copied"
+[docs_menu]
+  other = "Docs Menu"
+[no_matches]
+  other = "No matches found"
+[not_set]
+  other = "not set"
+[resize_snippet]
+  other = "Resize snippet height"
+[quick_links]
+  other = "Quick links"
+[search_field_placeholder]
+  other = "Search {{ .section }}"
+[search_results_label]
+  other = "Search Results"
+[short_search_query]
+  other = "Query is too short"
+[site]
+  other = "site"
+[site_menu]
+  other = "Site Menu"
+[toggle_line_numbers]
+  other = "Toggle line numbers"
+[toggle_line_wrap]
+  other = "Toggle line wrap"
+[to_top]
+  other = "Back to top"
+[type_to_search]
+  other = "Type to search"
\ No newline at end of file
diff --git a/lolrmm.com/themes/compose/i18n/tr.toml b/lolrmm.com/themes/compose/i18n/tr.toml
new file mode 100644
index 00000000..b05e68b4
--- /dev/null
+++ b/lolrmm.com/themes/compose/i18n/tr.toml
@@ -0,0 +1,32 @@
+[copy]
+  other = "Kopyala"
+[copied]
+  other = "kopyalandı"
+[docs_menu]
+  other = "Belgeleme menüsü"
+[no_matches]
+  other = "Eşleşme bulunamadı"
+[not_set]
+  other = "ayarlanmadı"
+[resize_snippet]
+  other = "Snippet yüksekliğini yeniden boyutlandır"
+[quick_links]
+  other = "Hızlı bağlantılar"
+[search_field_placeholder]
+  other = "Belgelerde arayın"
+[search_results_label]
+  other = "Arama sonuçları"
+[short_search_query]
+  other = "Sorgu çok kısa"
+[site]
+  other = "site"
+[site_menu]
+  other = "Site menüsü"
+[toggle_line_numbers]
+  other = "Satır numaralarını değiştir"
+[toggle_line_wrap]
+  other = "Satır kaydırmayı değiştir"
+[to_top]
+  other = "Retour au sommet"
+[type_to_search]
+  other = "Aramak için yazın"
diff --git a/lolrmm.com/themes/compose/images/screenshot.png b/lolrmm.com/themes/compose/images/screenshot.png
new file mode 100644
index 00000000..aabbc696
Binary files /dev/null and b/lolrmm.com/themes/compose/images/screenshot.png differ
diff --git a/lolrmm.com/themes/compose/images/tn.png b/lolrmm.com/themes/compose/images/tn.png
new file mode 100644
index 00000000..4e576a04
Binary files /dev/null and b/lolrmm.com/themes/compose/images/tn.png differ
diff --git a/lolrmm.com/themes/compose/layouts/404.html b/lolrmm.com/themes/compose/layouts/404.html
new file mode 100644
index 00000000..07d0af91
--- /dev/null
+++ b/lolrmm.com/themes/compose/layouts/404.html
@@ -0,0 +1,6 @@
+{{- define "main"}}
+<main>
+  <h1 id="title">Not found</h1>
+  <p>Bummer! This page doesn't exist. <a href='{{ absURL "" }}'>back home</a>.</p>
+</main>
+{{- end }}
diff --git a/lolrmm.com/themes/compose/layouts/_default/baseof.html b/lolrmm.com/themes/compose/layouts/_default/baseof.html
new file mode 100644
index 00000000..74464549
--- /dev/null
+++ b/lolrmm.com/themes/compose/layouts/_default/baseof.html
@@ -0,0 +1,40 @@
+<!doctype html>
+<html lang="{{ site.Language.Lang }}"{{ with site.Params.enableDarkMode }} class="dark"{{ end }}>
+<head>
+  {{- partial "head" . }}
+</head>
+<body class="page-{{ .Kind }}" id="pagetop">
+  <header class="nav_header">
+    {{- partial "nav" . }}
+  </header>
+  {{ if or (eq .Section site.Params.blogDir) (eq .Type "search" ) }}
+    {{- block "main" . }}{{ end }}
+  {{ else }}
+  <div class="main wrap pt-4">
+    {{ $docSections := site.Params.docSections }}
+    {{- with $docSections }}{{- else }}
+      {{- $docSections = "docs" }}
+    {{- end }}
+    {{ $uniqueHomepage := .IsHome }}
+    {{ if site.Params.uniqueHomepage }}
+      {{ if .IsHome }}
+        {{ $uniqueHomepage = true }}
+      {{ end }}
+    {{ else }}
+      {{ $uniqueHomepage = false }}
+    {{ end }}
+    {{- if and (in $docSections .Section) (ne $uniqueHomepage true) }}
+      {{- partial "document" . }}
+    {{- else }}
+      <div class="content">
+        {{- block "main" . }}{{ end }}
+      </div>
+    {{- end -}}
+  </div>
+  {{ end }}
+  {{- partialCached "footer" . -}}
+  {{- partialCached "sprites" . -}}
+  {{- partialCached "scripts/bundle" . -}}
+  {{- partial "scripts/other" . -}}
+</body>
+</html>
diff --git a/lolrmm.com/themes/compose/layouts/_default/index.json b/lolrmm.com/themes/compose/layouts/_default/index.json
new file mode 100644
index 00000000..7f155583
--- /dev/null
+++ b/lolrmm.com/themes/compose/layouts/_default/index.json
@@ -0,0 +1,22 @@
+{{- $.Scratch.Add "index" slice -}}
+{{- $searchableExtras := site.Params.otherSearchableFields }}
+{{- range site.Pages -}}
+  {{ $params := .Params }}
+  {{- if ne .Type "search" -}}
+    {{- $searchEntry := dict "title" .Title "body" .Plain "link" .Permalink "section" .Section }}
+    {{- range $index, $value := $searchableExtras }}
+      {{- $extraFieldValue := index $params $value }}
+      {{- $extraFieldValues := dict }}
+      {{- with $extraFieldValue }}
+        {{- $v := . }}
+        {{- if reflect.IsSlice . }}
+          {{- $v = delimit . "," }}
+        {{- end }}
+        {{- $extraFieldValues = dict (lower $value) $v }}
+      {{- end }}
+      {{- $searchEntry = merge $searchEntry $extraFieldValues }}
+    {{- end }}
+    {{- $.Scratch.Add "index" $searchEntry -}}
+  {{- end -}}
+{{- end -}}
+{{- jsonify (uniq ($.Scratch.Get "index")) -}}
\ No newline at end of file
diff --git a/lolrmm.com/themes/compose/layouts/_default/list.html b/lolrmm.com/themes/compose/layouts/_default/list.html
new file mode 100644
index 00000000..ddbfa62d
--- /dev/null
+++ b/lolrmm.com/themes/compose/layouts/_default/list.html
@@ -0,0 +1,14 @@
+{{- define "main" }}
+  {{- .Content }}
+  {{ if eq .Kind "taxonomy" }}
+  <ol>
+    {{ range .Data.Pages }}
+      <li>
+        <a href="{{ .Permalink }}">
+          {{ .Title }}
+        </a>
+      </li>
+    {{ end }}
+  </ol>
+  {{ end }}
+{{- end }}
diff --git a/lolrmm.com/themes/compose/layouts/_default/single.html b/lolrmm.com/themes/compose/layouts/_default/single.html
new file mode 100644
index 00000000..d3005301
--- /dev/null
+++ b/lolrmm.com/themes/compose/layouts/_default/single.html
@@ -0,0 +1,7 @@
+{{- define "main" }}
+<div class="content">
+	<h1>{{ .Title }}</h1>
+	{{ with .Params.description }}<div>{{ markdownify . }}</div>{{ end }}
+  {{- .Content }}
+</div>
+{{- end }}
diff --git a/lolrmm.com/themes/compose/layouts/_default/term.html b/lolrmm.com/themes/compose/layouts/_default/term.html
new file mode 100644
index 00000000..e81b9694
--- /dev/null
+++ b/lolrmm.com/themes/compose/layouts/_default/term.html
@@ -0,0 +1,42 @@
+{{ define "main" }}
+{{- $pages := .Data.Pages }}
+{{ .Data.Terms }}
+<div class = 'wrap pt-2 mt-2'>
+  {{- $paginator := .Paginate $pages -}}
+  {{- $size := $paginator.PageSize }}
+  {{- $scratch := newScratch }}
+  {{- range $index, $value := $paginator.Pages }}
+    {{ if isset .Params "image" }}
+      {{ $scratch.Set "image" .Params.image }}
+    {{ else }}
+      {{ $scratch.Set "image" "thumbnail.svg" }}
+    {{ end }}
+    {{ $image := $scratch.Get "image" }}
+    {{ $bg := (absURL (printf "images/%s" $image)) }}
+    {{- if in $image "https://" }}
+      {{- $bg = $image }}
+    {{- end }}
+  <article class = 'article mb-2'>
+    <a href = '{{ $value.Permalink }}' {{ if eq $index 0 }} class = 'grid-reverse' {{ end }}>
+      <div class = 'article_thumb' style='background-image: url({{ $bg }})'></div>
+      <div class = 'article_meta {{ if eq $index 0 }} center_y {{ end }}'>
+        <time class = 'post_date'>{{ dateFormat "January 02, 2006" $value.Date }}</time>
+        <h3 class = 'article_title'>{{ $value.Title }}</h3>
+        <div class = 'article_excerpt {{ if eq $index 0 }} visible {{ end }}'>
+        <p>{{ $value.Summary | truncate 100 }}</p>
+        </div>
+      </div>
+    </a>
+  </article>
+  {{- if and (eq $index 0) (gt $size 1)  }}<div class = 'grid-2 article_showcase'>{{ end }}
+  {{- if and (eq $index (add $size -1)) (gt $size 1) }}</div>{{ end }}
+  {{- end }}
+</div>
+<!-- <a href = '{{ absURL (printf "post/%s" "") }}' class = 'post_nav'>
+  <span class = 'post_next'>View Archive
+  <svg class="icon icon_scale">
+    <use xlink:href="#double-arrow"></use>
+  </svg>
+  </span>
+</a> -->
+{{ end }}
diff --git a/lolrmm.com/themes/compose/layouts/blog/list.html b/lolrmm.com/themes/compose/layouts/blog/list.html
new file mode 100644
index 00000000..ae377791
--- /dev/null
+++ b/lolrmm.com/themes/compose/layouts/blog/list.html
@@ -0,0 +1,41 @@
+{{ define "main" }}
+{{- $pages := where site.RegularPages "Section" site.Params.blogDir  }}
+<div class = 'wrap pt-2 mt-2'>
+  {{- $paginator := .Paginate $pages -}}
+  {{- $size := $paginator.PageSize }}
+  {{- $scratch := newScratch }}
+  {{- range $index, $value := $paginator.Pages }}
+    {{ if isset .Params "image" }}
+      {{ $scratch.Set "image" .Params.image }}
+    {{ else }}
+      {{ $scratch.Set "image" "thumbnail.svg" }}
+    {{ end }}
+    {{ $image := $scratch.Get "image" }}
+    {{ $bg := (absURL (printf "images/%s" $image)) }}
+    {{- if in $image "https://" }}
+      {{- $bg = $image }}
+    {{- end }}
+  <article class = 'article mb-2'>
+    <a href = '{{ $value.Permalink }}' {{ if eq $index 0 }} class = 'grid-reverse' {{ end }}>
+      <div class = 'article_thumb' style='background-image: url({{ $bg }})'></div>
+      <div class = 'article_meta {{ if eq $index 0 }} center_y {{ end }}'>
+        <time class = 'post_date'>{{ dateFormat "January 02, 2006" $value.Date }}</time>
+        <h3 class = 'article_title'>{{ $value.Title }}</h3>
+        <div class = 'article_excerpt {{ if eq $index 0 }} visible {{ end }}'>
+        <p>{{ $value.Summary | truncate 100 }}</p>
+        </div>
+      </div>
+    </a>
+  </article>
+  {{- if and (eq $index 0) (gt $size 1)  }}<div class = 'grid-2 article_showcase'>{{ end }}
+  {{- if and (eq $index (add $size -1)) (gt $size 1) }}</div>{{ end }}
+  {{- end }}
+</div>
+<!-- <a href = '{{ absURL (printf "post/%s" "") }}' class = 'post_nav'>
+  <span class = 'post_next'>View Archive
+  <svg class="icon icon_scale">
+    <use xlink:href="#double-arrow"></use>
+  </svg>
+  </span>
+</a> -->
+{{ end }}
diff --git a/lolrmm.com/themes/compose/layouts/blog/single.html b/lolrmm.com/themes/compose/layouts/blog/single.html
new file mode 100644
index 00000000..55df0ae6
--- /dev/null
+++ b/lolrmm.com/themes/compose/layouts/blog/single.html
@@ -0,0 +1,34 @@
+{{ define "main" }}
+  <div class="wrap mt post">
+    <div>
+      {{- $date := (dateFormat "02. January 2006" .Date) -}}
+      <p class="post_date">{{ $date }}</p>
+      <h1 class="post_title">{{ .Title }}</h1>
+      <div class="post_body">
+        <div class="post_inner">
+        {{ with .Params.image }}
+          {{- $image := absURL (printf "images/%s" .) }}
+          {{ if in . "https://" }}
+            {{- $image = . }}
+          {{ end }}
+          <img src="{{ $image }}" alt="{{ . }}" class="post_thumbnail">
+        {{ end }}
+          {{ .Content }}
+        </div>
+        <div class="post_extra mb-2">
+          {{ partialCached "share" . }}
+        </div>
+        <div>
+        {{ template "_internal/disqus.html" . }}
+        </div>
+      </div>
+    </div>
+    <!-- <a href="{{ $.Site.BaseURL }}" class="post_nav">
+      <span class="post_next">The Latest 
+        <svg class="icon icon_scale">
+          <use xlink:href="#double-arrow"></use>
+        </svg>
+      </span>
+    </a> -->
+  </div>
+{{ end }}
diff --git a/lolrmm.com/themes/compose/layouts/index.html b/lolrmm.com/themes/compose/layouts/index.html
new file mode 100644
index 00000000..b8d3c9dc
--- /dev/null
+++ b/lolrmm.com/themes/compose/layouts/index.html
@@ -0,0 +1,5 @@
+{{- define "main" }}
+<div class="content">
+  {{ .Content }}
+</div>
+{{- end }}
diff --git a/lolrmm.com/themes/compose/layouts/partials/document.html b/lolrmm.com/themes/compose/layouts/partials/document.html
new file mode 100644
index 00000000..b2c9ccee
--- /dev/null
+++ b/lolrmm.com/themes/compose/layouts/partials/document.html
@@ -0,0 +1,8 @@
+<div class="grid-auto">
+  {{- partial "sidebar" . }}
+  <main class="content">
+    <h1>{{ .Title }}</h1>
+    {{- .Content }}
+    {{ partial "pager" . }}
+  </main>
+</div>
diff --git a/lolrmm.com/themes/compose/layouts/partials/footer.html b/lolrmm.com/themes/compose/layouts/partials/footer.html
new file mode 100644
index 00000000..d8c1f21e
--- /dev/null
+++ b/lolrmm.com/themes/compose/layouts/partials/footer.html
@@ -0,0 +1,10 @@
+{{ if .Site.Params.enableCopyright | default true }}
+<footer class="pt-2 pb-2">
+  <div class="wrap">
+    {{- $author := site.Params.author }}
+    <p>&copy; <span class="year">{{ now.Year }}</span>{{ with $author }} <a href ="{{ .url }}" target="_blank" rel="noopener">{{ .name }}</a>{{ end }}</p>
+    <a href="#pagetop" id="toTop" title={{ T "to_top" }}></a>
+  </div>
+</footer>
+{{ end }}
+
diff --git a/lolrmm.com/themes/compose/layouts/partials/functions/getCodeConfig.html b/lolrmm.com/themes/compose/layouts/partials/functions/getCodeConfig.html
new file mode 100644
index 00000000..2c30dc89
--- /dev/null
+++ b/lolrmm.com/themes/compose/layouts/partials/functions/getCodeConfig.html
@@ -0,0 +1,16 @@
+<!-- will return an array holding 1) Whether to show line numbers or not 2) maximum number of lines per code block -->
+{{- $s := site.Params }}
+{{- $p := .Params }}
+{{- $maxCodeLines := default 100 $s.codeMaxLines }}
+{{- with $p.codeMaxLines }}
+  {{- $maxCodeLines = . }}
+{{- end }}
+{{- $showLineNumbers := default false $s.showLineNumbers }}
+{{ with $p.showLineNumbers }}
+  {{- $showLineNumbers = . }}
+{{ else }}
+  {{ if eq $p.showLineNumbers false }}
+    {{- $showLineNumbers = false }}
+  {{ end }}
+{{- end }}
+{{- return (jsonify (dict "show" $showLineNumbers "maximum" $maxCodeLines)) }}
\ No newline at end of file
diff --git a/lolrmm.com/themes/compose/layouts/partials/functions/getIconPath.html b/lolrmm.com/themes/compose/layouts/partials/functions/getIconPath.html
new file mode 100644
index 00000000..e0be3e75
--- /dev/null
+++ b/lolrmm.com/themes/compose/layouts/partials/functions/getIconPath.html
@@ -0,0 +1,6 @@
+{{ $sp := site.Params }}
+{{ $iconsPath := "icons/" }}
+{{ with $sp.iconsPath }}
+  {{ $iconsPath = . }}
+{{ end }}
+{{ return $iconsPath }}
\ No newline at end of file
diff --git a/lolrmm.com/themes/compose/layouts/partials/head.html b/lolrmm.com/themes/compose/layouts/partials/head.html
new file mode 100644
index 00000000..152425ea
--- /dev/null
+++ b/lolrmm.com/themes/compose/layouts/partials/head.html
@@ -0,0 +1,43 @@
+<meta charset="utf-8">
+<meta name="viewport" content="width=device-width, initial-scale=1">
+{{- hugo.Generator }}
+{{- $iconsPath := "favicons/" }}
+<link rel="apple-touch-icon" sizes="180x180" href='{{ absURL (printf "%sapple-touch-icon.png" $iconsPath) }}'>
+<link rel="icon" type="image/png" sizes="32x32" href='{{ absURL (printf "%sfavicon-32x32.png" $iconsPath) }}'>
+<link rel="icon" type="image/png" sizes="16x16" href='{{ absURL (printf "%sfavicon-16x16.png" $iconsPath) }}'>
+<link rel="manifest" href='{{ absURL (printf "%ssite.webmanifest" $iconsPath) }}'>
+<link rel="mask-icon" href='{{ absURL (printf "%ssafari-pinned-tab.svg" $iconsPath) }}'  color="#004750">
+<link rel="shortcut icon" href='{{ absURL (printf "%sfavicon.ico" $iconsPath) }}'>
+<meta name="msapplication-config" content='{{ absURL (printf "%sbrowserconfig.xml" $iconsPath) }}'>
+{{- $t := .Title }}
+{{- $s := site.Title }}
+{{- if in (lower $s) (lower $t) }}
+  {{- $t = false }}
+{{- end }}
+<title>{{ if and $t (ne (trim (lower $s) "") (trim (lower $t) "")) }}{{ $t }} | {{ end }}{{ $s }}</title>
+
+{{- partial "opengraph" . }}
+
+{{- $options := (dict "targetPath" "css/styles.css" "outputStyle" "compressed" "enableSourceMap" "true") -}}
+{{- $styles := resources.Get "sass/main.sass" | resources.ExecuteAsTemplate "main.sass" . | resources.ToCSS $options | resources.Fingerprint "sha512" }}
+<link rel="stylesheet" href="{{ $styles.Permalink }}" integrity="{{ $styles.Data.Integrity }}">
+
+{{- $sp := site.Params }}
+{{- with $sp.customCSS }}
+  {{- range . -}}
+  <link rel="stylesheet" href="{{ . }}">
+  {{- end }}
+{{- end }}
+
+{{ with $sp.metaThemeColor }}
+  <meta name="theme-color" content="{{.}}">
+{{ end }}
+
+{{ if .Description }}
+  <meta name="description" content="{{ .Description }}">
+{{ else if .IsPage }}
+  <meta name="description" content="{{ .Summary | plainify }}">
+{{ else if $sp.Description }}
+  <meta name="descripion" content="{{ $sp.Description }}">
+{{ end }}
+{{- partialCached "hooks/head" . }}
diff --git a/lolrmm.com/themes/compose/layouts/partials/hooks/head.html b/lolrmm.com/themes/compose/layouts/partials/hooks/head.html
new file mode 100644
index 00000000..6516af56
--- /dev/null
+++ b/lolrmm.com/themes/compose/layouts/partials/hooks/head.html
@@ -0,0 +1 @@
+<!-- custom styles, preload scripts, custom meta tags -->
\ No newline at end of file
diff --git a/lolrmm.com/themes/compose/layouts/partials/hooks/scripts.html b/lolrmm.com/themes/compose/layouts/partials/hooks/scripts.html
new file mode 100644
index 00000000..27ccab44
--- /dev/null
+++ b/lolrmm.com/themes/compose/layouts/partials/hooks/scripts.html
@@ -0,0 +1 @@
+<!-- custom scripts -->
\ No newline at end of file
diff --git a/lolrmm.com/themes/compose/layouts/partials/mode.html b/lolrmm.com/themes/compose/layouts/partials/mode.html
new file mode 100644
index 00000000..29af2159
--- /dev/null
+++ b/lolrmm.com/themes/compose/layouts/partials/mode.html
@@ -0,0 +1,4 @@
+<div class = 'color_mode'>
+  <label for = 'mode'></label>
+  <input type = 'checkbox' class = 'color_choice' id = 'mode' title="Toggle Dark Mode">
+</div>
diff --git a/lolrmm.com/themes/compose/layouts/partials/nav.html b/lolrmm.com/themes/compose/layouts/partials/nav.html
new file mode 100644
index 00000000..2d685db0
--- /dev/null
+++ b/lolrmm.com/themes/compose/layouts/partials/nav.html
@@ -0,0 +1,49 @@
+{{- $s := .Site }}
+{{- $sp := $s.Params }}
+<nav class="wrap nav menu">
+	<a href="{{ $s.BaseURL }}" class="nav_brand">
+		{{- $logos := $sp.logo }}
+		{{- $litPath := absURL ($logos.lightMode) }}
+		{{- $darkPath := absURL ($logos.darkMode) }}
+		<picture data-lit="{{ $litPath }}" data-dark="{{ $darkPath }}">
+			<img src="{{ $litPath }}" alt="{{ $s.Title }} Logo">
+		</picture>
+		<label class="nav_toggle toggle" title='{{ T "site_menu" }}' role="button">
+			{{ partial "sprite" (dict "icon" "harmburger") }}
+		</label>
+	</a>
+	<ul class="nav_body">
+		<li class="nav-item">
+			{{- partial "search" . }}
+		</li>
+		{{- $p := . }}
+		{{- range $s.Menus.main }}
+		<li class="nav-item">
+			{{- $active := or ($p.IsMenuCurrent "main" .) ($p.HasMenuCurrent "main" .) }}
+			{{- with .Page }}
+			{{- $active = or $active ( $.IsDescendant .)  }}
+			{{- end }}
+			{{- $url := absURL .URL }}
+			{{- if or (hasPrefix .URL "http") (hasPrefix .URL "www.") }}
+				{{- $url = .URL }}
+			{{- end }}
+			<a class="nav-link{{if $active }} active{{end}}" href="{{ $url }}"><span{{if $active }} class="active"{{end}}>{{ .Name }}</span></a>
+		</li>
+		{{- end }}
+		{{ $repo := $sp.source }}
+		<li class="nav-item nav_repo">
+			<a class="nav-link" href="{{ $repo.url }}" target="_blank">
+				{{ if $repo.iconLight }}
+					{{- $litPath := absURL ($repo.iconLight) }}
+					{{- $darkPath := absURL ($repo.iconDark) }}
+					<picture data-lit="{{ $litPath }}" data-dark="{{ $darkPath }}">
+						<img src="{{ $litPath }}" alt="{{ $repo.name }} Repo">
+					</picture>
+				{{ else }}
+					{{ $repo.name }}
+				{{ end }}
+			</a>
+		</li>
+		<li class="nav-item">{{ partial "mode" . }}</li>
+	</ul>
+</nav>
diff --git a/lolrmm.com/themes/compose/layouts/partials/opengraph.html b/lolrmm.com/themes/compose/layouts/partials/opengraph.html
new file mode 100644
index 00000000..24e93e94
--- /dev/null
+++ b/lolrmm.com/themes/compose/layouts/partials/opengraph.html
@@ -0,0 +1,4 @@
+{{- template "_internal/opengraph.html" . -}}
+{{- template "_internal/schema.html" . -}}
+{{- template "_internal/twitter_cards.html" . -}}
+{{- template "_internal/google_analytics.html" . -}}
diff --git a/lolrmm.com/themes/compose/layouts/partials/pager.html b/lolrmm.com/themes/compose/layouts/partials/pager.html
new file mode 100644
index 00000000..0fe75b63
--- /dev/null
+++ b/lolrmm.com/themes/compose/layouts/partials/pager.html
@@ -0,0 +1,22 @@
+<div class="pager{{ if .Next }}{{ else }} pager_lean{{ end }}">
+  {{- $searchURL := "/search/" }}
+  {{ with .NextInSection }}
+    {{ if and (ne .RelPermalink $searchURL) (.InSection .) }}
+    <div class="pager_item prev">
+      <a href="{{ .Permalink }}" class="pager_link button" title="{{ .Title }}" rel="prev">
+        <span class="pager_label">{{ .Title }}</span>
+      </a>
+    </div>
+    {{ end }}
+  {{ end }}
+
+  {{ with .PrevInSection  }}
+    {{ if and (ne .RelPermalink $searchURL) (.InSection .) }}
+    <div class="pager_item next">
+      <a href="{{ .Permalink }}" class="pager_link button" title="{{ .Title }}" rel="next">
+        <span class="pager_label">{{ .Title }}</span>
+      </a>
+    </div>
+    {{ end }}
+  {{ end }}
+</div>
\ No newline at end of file
diff --git a/lolrmm.com/themes/compose/layouts/partials/scripts/bundle.html b/lolrmm.com/themes/compose/layouts/partials/scripts/bundle.html
new file mode 100644
index 00000000..5e715b20
--- /dev/null
+++ b/lolrmm.com/themes/compose/layouts/partials/scripts/bundle.html
@@ -0,0 +1,35 @@
+{{- $variablesPath := "js/variables.js" }}
+{{- $variables := resources.Get $variablesPath | resources.ExecuteAsTemplate $variablesPath . }}
+
+{{- $funcPath := "js/functions.js" }}
+{{- $functions := resources.Get $funcPath | resources.ExecuteAsTemplate $funcPath . }}
+
+{{- $codePath := "js/code.js" }}
+{{- $code := resources.Get $codePath | resources.ExecuteAsTemplate $codePath . }}
+
+{{- $fusePath := "js/fuse.js" }}
+{{- $fuse := resources.Get $fusePath | resources.ExecuteAsTemplate $fusePath . }}
+
+{{- $searchPath := "js/search.js" }}
+{{- $search := resources.Get $searchPath | resources.ExecuteAsTemplate $searchPath . }}
+
+{{- $mainScriptPath := "js/index.js" }}
+{{- $main := resources.Get $mainScriptPath | resources.ExecuteAsTemplate $mainScriptPath . }}
+
+{{- $customScriptPath := "js/custom.js" }}
+{{ if (fileExists "../../assets/js/custom.js") }}
+  {{ $customScriptPath := "../../assets/js/custom.js" }}
+{{ end }}
+{{- $custom := resources.Get $customScriptPath | resources.ExecuteAsTemplate $customScriptPath . }}
+
+{{- $bundle := slice $variables $functions $code $main $fuse $search $custom | resources.Concat "js/bundle.js" | resources.Fingerprint "sha512" }}
+<script src="{{ $bundle.Permalink }}"></script>
+
+{{- partialCached "hooks/scripts" . -}}
+
+{{- $sp := .Site.Params }}
+{{- with $sp.customJS }}
+  {{- range . -}}
+    <script src="{{ . }}"></script>
+  {{- end }}
+{{- end -}}
diff --git a/lolrmm.com/themes/compose/layouts/partials/scripts/other.html b/lolrmm.com/themes/compose/layouts/partials/scripts/other.html
new file mode 100644
index 00000000..acc24c4c
--- /dev/null
+++ b/lolrmm.com/themes/compose/layouts/partials/scripts/other.html
@@ -0,0 +1,11 @@
+
+{{ if in .Content "mermaid" }}
+<script defer src={{  absURL "js/mermaid.min.js"  }}></script>
+<script>
+  document.addEventListener("DOMContentLoaded", function(event) {
+    mermaid.initialize({
+      flowchart: { useMaxWidth: true }
+    });
+  });
+</script>
+{{ end }}
\ No newline at end of file
diff --git a/lolrmm.com/themes/compose/layouts/partials/search.html b/lolrmm.com/themes/compose/layouts/partials/search.html
new file mode 100644
index 00000000..08906759
--- /dev/null
+++ b/lolrmm.com/themes/compose/layouts/partials/search.html
@@ -0,0 +1,17 @@
+{{ if .Site.Params.enableSearch | default true }}
+<div class="search">
+  <label for="find" class="search_label">
+    {{- partial "sprite" (dict "icon" "search") }}
+  </label>
+  {{ $placeholder := T "search_field_placeholder" (dict "section" .Section) }}
+  {{ if .Section }}
+  {{ else }}
+    {{ $placeholder =  printf "%s%s" $placeholder (T "site") }}
+  {{ end }}
+  <input type="search" class="search_field" placeholder='{{ $placeholder }}' id="find" autocomplete="off"  data-scope='{{ .Section }}'>
+  {{- if ne .Params.searchPage true }}
+  <div class="search_results results"></div>
+  {{- end }}
+</div>
+{{ end }}
+
diff --git a/lolrmm.com/themes/compose/layouts/partials/share.html b/lolrmm.com/themes/compose/layouts/partials/share.html
new file mode 100644
index 00000000..dbdf60fa
--- /dev/null
+++ b/lolrmm.com/themes/compose/layouts/partials/share.html
@@ -0,0 +1,7 @@
+{{- $s := T "share_story" }}
+{{- $lc := T "link_copied" }}
+<div class="copy" data-before="{{ $s }}" data-after="{{ $lc }}">
+  <svg class="icon">
+    <use xlink:href="#copy"></use>
+  </svg>
+</div>
\ No newline at end of file
diff --git a/lolrmm.com/themes/compose/layouts/partials/sidebar.html b/lolrmm.com/themes/compose/layouts/partials/sidebar.html
new file mode 100644
index 00000000..94d8cba9
--- /dev/null
+++ b/lolrmm.com/themes/compose/layouts/partials/sidebar.html
@@ -0,0 +1,29 @@
+<aside class="aside menu">
+  <div>
+    <label class="aside_toggle toggle" title='{{ T "docs_menu" }}' role="button">{{ T "docs_menu" }} {{ partial "sprite" (dict "icon" "carly") }}</label>
+  </div>
+  {{- template "tree" (dict "page" . "section" .FirstSection)  }}
+  {{- define "tree" }}
+  {{- $section := .section }}
+  {{- $page := .page }}
+  {{- $permalink := $page.RelPermalink }}
+  <section class="section aside_inner">
+    <h2 class="section_title{{ if eq $section.RelPermalink $permalink }} active{{ end }}"><a  href="{{ $section.Permalink }}" class="group">{{ $section.Title }}</a></h2>
+      {{- $pages := $section.Pages }}
+      {{- with $pages }}
+      <section class="" id="docs-{{ anchorize $section.Title }}">
+        {{- range . }}
+        {{- if .IsPage }}
+        <h3 class="section_link{{ if eq .RelPermalink $permalink }} active{{ end }}"><a id="docs-{{ anchorize .Title }}" href="{{ .Permalink }}">{{ .Title }}</a></h3>
+        {{- if ne (print .TableOfContents) ""}}
+          {{- .TableOfContents }}
+        {{- end }}
+        {{- else }}
+        {{- template "tree" (dict "page" $page "section" .) }}
+        {{- end }}
+        {{- end }}
+      </section>
+      {{- end }}
+  </section>
+  {{- end }}
+</aside>
diff --git a/lolrmm.com/themes/compose/layouts/partials/sprite.html b/lolrmm.com/themes/compose/layouts/partials/sprite.html
new file mode 100644
index 00000000..26fb2df4
--- /dev/null
+++ b/lolrmm.com/themes/compose/layouts/partials/sprite.html
@@ -0,0 +1,3 @@
+<svg class="icon icon_{{ .icon }}">
+  <use xlink:href="#{{ .icon }}"></use>
+</svg>
\ No newline at end of file
diff --git a/lolrmm.com/themes/compose/layouts/partials/sprites.html b/lolrmm.com/themes/compose/layouts/partials/sprites.html
new file mode 100644
index 00000000..2cc8da3c
--- /dev/null
+++ b/lolrmm.com/themes/compose/layouts/partials/sprites.html
@@ -0,0 +1,67 @@
+<svg width="0" height="0" class="hidden">
+  <symbol xmlns="http://www.w3.org/2000/svg" viewBox="0 0 492.004 492.004" id="next">
+    <path d="M484.14 226.886L306.46 49.202c-5.072-5.072-11.832-7.856-19.04-7.856-7.216 0-13.972 2.788-19.044 7.856l-16.132 16.136c-5.068 5.064-7.86 11.828-7.86 19.04 0 7.208 2.792 14.2 7.86 19.264L355.9 207.526H26.58C11.732 207.526 0 219.15 0 234.002v22.812c0 14.852 11.732 27.648 26.58 27.648h330.496L252.248 388.926c-5.068 5.072-7.86 11.652-7.86 18.864 0 7.204 2.792 13.88 7.86 18.948l16.132 16.084c5.072 5.072 11.828 7.836 19.044 7.836 7.208 0 13.968-2.8 19.04-7.872l177.68-177.68c5.084-5.088 7.88-11.88 7.86-19.1.016-7.244-2.776-14.04-7.864-19.12z"></path>
+  </symbol>
+  <symbol xmlns="http://www.w3.org/2000/svg" viewBox="0 0 511.999 511.999" id="search">
+    <path d="M508.874 478.708L360.142 329.976c28.21-34.827 45.191-79.103 45.191-127.309C405.333 90.917 314.416 0 202.666 0S0 90.917 0 202.667s90.917 202.667 202.667 202.667c48.206 0 92.482-16.982 127.309-45.191l148.732 148.732c4.167 4.165 10.919 4.165 15.086 0l15.081-15.082c4.165-4.166 4.165-10.92-.001-15.085zM202.667 362.667c-88.229 0-160-71.771-160-160s71.771-160 160-160 160 71.771 160 160-71.771 160-160 160z"></path>
+  </symbol>
+  <symbol xmlns="http://www.w3.org/2000/svg" viewBox="0 0 241 179" id="harmburger">
+    <path d="M1 10C1 4.477 5.477 0 11 0h220c5.523 0 10 4.477 10 10s-4.477 10-10 10H11C5.477 20 1 15.523 1 10zm0 80c0-5.523 4.477-10 10-10h220c5.523 0 10 4.477 10 10s-4.477 10-10 10H11c-5.523 0-10-4.477-10-10zm9 69c-5.523 0-10 4.477-10 10s4.477 10 10 10h220c5.523 0 10-4.477 10-10s-4.477-10-10-10H10z"></path>
+  </symbol>
+  <symbol xmlns="http://www.w3.org/2000/svg" viewBox="0 0 401.998 401.998" id="sort">
+    <path d="M73.092 164.452h255.813c4.949 0 9.233-1.807 12.848-5.424 3.613-3.616 5.427-7.898 5.427-12.847s-1.813-9.229-5.427-12.85L213.846 5.424C210.232 1.812 205.951 0 200.999 0s-9.233 1.812-12.85 5.424L60.242 133.331c-3.617 3.617-5.424 7.901-5.424 12.85 0 4.948 1.807 9.231 5.424 12.847 3.621 3.617 7.902 5.424 12.85 5.424zm255.813 73.097H73.092c-4.952 0-9.233 1.808-12.85 5.421-3.617 3.617-5.424 7.898-5.424 12.847s1.807 9.233 5.424 12.848L188.149 396.57c3.621 3.617 7.902 5.428 12.85 5.428s9.233-1.811 12.847-5.428l127.907-127.906c3.613-3.614 5.427-7.898 5.427-12.848 0-4.948-1.813-9.229-5.427-12.847-3.614-3.616-7.899-5.42-12.848-5.42z"></path>
+  </symbol>
+</svg>
+
+<svg width="0" height="0" class="hidden">
+  <symbol viewBox="0 0 512 512" xmlns="http://www.w3.org/2000/svg" id="facebook">
+    <path d="M437 0H75C33.648 0 0 33.648 0 75v362c0 41.352 33.648 75 75 75h151V331h-60v-90h60v-61c0-49.629 40.371-90 90-90h91v90h-91v61h91l-15 90h-76v181h121c41.352 0 75-33.648 75-75V75c0-41.352-33.648-75-75-75zm0 0"></path>
+  </symbol>
+  <symbol xmlns="http://www.w3.org/2000/svg" viewBox="0 0 18.001 18.001" id="twitter">
+    <path d="M15.891 4.013c.808-.496 1.343-1.173 1.605-2.034a8.68 8.68 0 0 1-2.351.861c-.703-.756-1.593-1.14-2.66-1.14-1.043 0-1.924.366-2.643 1.078a3.56 3.56 0 0 0-1.076 2.605c0 .309.039.585.117.819-3.076-.105-5.622-1.381-7.628-3.837-.34.601-.51 1.213-.51 1.846 0 1.301.549 2.332 1.645 3.089-.625-.053-1.176-.211-1.645-.47 0 .929.273 1.705.82 2.388a3.623 3.623 0 0 0 2.115 1.291c-.312.08-.641.118-.979.118-.312 0-.533-.026-.664-.083.23.757.664 1.371 1.291 1.841a3.652 3.652 0 0 0 2.152.743C4.148 14.173 2.625 14.69.902 14.69c-.422 0-.721-.006-.902-.038 1.697 1.102 3.586 1.649 5.676 1.649 2.139 0 4.029-.542 5.674-1.626 1.645-1.078 2.859-2.408 3.639-3.974a10.77 10.77 0 0 0 1.172-4.892v-.468a7.788 7.788 0 0 0 1.84-1.921 8.142 8.142 0 0 1-2.11.593z"
+      ></path>
+  </symbol>
+  <symbol aria-hidden="true" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512" id="mail">
+    <path  d="M502.3 190.8c3.9-3.1 9.7-.2 9.7 4.7V400c0 26.5-21.5 48-48 48H48c-26.5 0-48-21.5-48-48V195.6c0-5 5.7-7.8 9.7-4.7 22.4 17.4 52.1 39.5 154.1 113.6 21.1 15.4 56.7 47.8 92.2 47.6 35.7.3 72-32.8 92.3-47.6 102-74.1 131.6-96.3 154-113.7zM256 320c23.2.4 56.6-29.2 73.4-41.4 132.7-96.3 142.8-104.7 173.4-128.7 5.8-4.5 9.2-11.5 9.2-18.9v-19c0-26.5-21.5-48-48-48H48C21.5 64 0 85.5 0 112v19c0 7.4 3.4 14.3 9.2 18.9 30.6 23.9 40.7 32.4 173.4 128.7 16.8 12.2 50.2 41.8 73.4 41.4z"></path>
+  </symbol>
+  <symbol xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512" id="calendar">
+    <path d="M452 40h-24V0h-40v40H124V0H84v40H60C26.916 40 0 66.916 0 100v352c0 33.084 26.916 60 60 60h392c33.084 0 60-26.916 60-60V100c0-33.084-26.916-60-60-60zm20 412c0 11.028-8.972 20-20 20H60c-11.028 0-20-8.972-20-20V188h432v264zm0-304H40v-48c0-11.028 8.972-20 20-20h24v40h40V80h264v40h40V80h24c11.028 0 20 8.972 20 20v48z"></path>
+    <path d="M76 230h40v40H76zm80 0h40v40h-40zm80 0h40v40h-40zm80 0h40v40h-40zm80 0h40v40h-40zM76 310h40v40H76zm80 0h40v40h-40zm80 0h40v40h-40zm80 0h40v40h-40zM76 390h40v40H76zm80 0h40v40h-40zm80 0h40v40h-40zm80 0h40v40h-40zm80-80h40v40h-40z"></path>
+  </symbol>
+  <symbol xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512" id="github">
+    <path d="M255.968 5.329C114.624 5.329 0 120.401 0 262.353c0 113.536 73.344 209.856 175.104 243.872 12.8 2.368 17.472-5.568 17.472-12.384 0-6.112-.224-22.272-.352-43.712-71.2 15.52-86.24-34.464-86.24-34.464-11.616-29.696-28.416-37.6-28.416-37.6-23.264-15.936 1.728-15.616 1.728-15.616 25.696 1.824 39.2 26.496 39.2 26.496 22.848 39.264 59.936 27.936 74.528 21.344 2.304-16.608 8.928-27.936 16.256-34.368-56.832-6.496-116.608-28.544-116.608-127.008 0-28.064 9.984-51.008 26.368-68.992-2.656-6.496-11.424-32.64 2.496-68 0 0 21.504-6.912 70.4 26.336 20.416-5.696 42.304-8.544 64.096-8.64 21.728.128 43.648 2.944 64.096 8.672 48.864-33.248 70.336-26.336 70.336-26.336 13.952 35.392 5.184 61.504 2.56 68 16.416 17.984 26.304 40.928 26.304 68.992 0 98.72-59.84 120.448-116.864 126.816 9.184 7.936 17.376 23.616 17.376 47.584 0 34.368-.32 62.08-.32 70.496 0 6.88 4.608 14.88 17.6 12.352C438.72 472.145 512 375.857 512 262.353 512 120.401 397.376 5.329 255.968 5.329z"></path>
+  </symbol>
+  <symbol viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg" id="rss">
+    <circle cx="3.429" cy="20.571" r="3.429"></circle>
+    <path d="M11.429 24h4.57C15.999 15.179 8.821 8.001 0 8v4.572c6.302.001 11.429 5.126 11.429 11.428z"></path>
+    <path d="M24 24C24 10.766 13.234 0 0 0v4.571c10.714 0 19.43 8.714 19.43 19.429z"></path>
+  </symbol>
+  <symbol viewBox="0 0 512 512" xmlns="http://www.w3.org/2000/svg" id="linkedin">
+    <path d="M437 0H75C33.648 0 0 33.648 0 75v362c0 41.352 33.648 75 75 75h362c41.352 0 75-33.648 75-75V75c0-41.352-33.648-75-75-75zM181 406h-60V196h60zm0-240h-60v-60h60zm210 240h-60V286c0-16.54-13.46-30-30-30s-30 13.46-30 30v120h-60V196h60v11.309C286.719 202.422 296.93 196 316 196c40.691.043 75 36.547 75 79.688zm0 0"></path>
+  </symbol>
+  <symbol xmlns="http://www.w3.org/2000/svg" viewBox="0 0 612 612" id="arrow">
+    <path d="M604.501 440.509L325.398 134.956c-5.331-5.357-12.423-7.627-19.386-7.27-6.989-.357-14.056 1.913-19.387 7.27L7.499 440.509c-9.999 10.024-9.999 26.298 0 36.323s26.223 10.024 36.222 0l262.293-287.164L568.28 476.832c9.999 10.024 26.222 10.024 36.221 0 9.999-10.023 9.999-26.298 0-36.323z"></path>
+  </symbol>
+  <symbol aria-hidden="true" viewBox="0 0 24 24" id="carly">
+    <path fill="currentColor" d="M4 19h6v-2H4v2zM20 5H4v2h16V5zm-3 6H4v2h13.25c1.1 0 2 .9 2 2s-.9 2-2 2H15v-2l-3 3l3 3v-2h2c2.21 0 4-1.79 4-4s-1.79-4-4-4z"></path>
+  </symbol>
+  <symbol viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg" id="copy" fill="currentColor">
+    <path d="M23 2.75A2.75 2.75 0 0 0 20.25 0H8.75A2.75 2.75 0 0 0 6 2.75v13.5A2.75 2.75 0 0 0 8.75 19h11.5A2.75 2.75 0 0 0 23 16.25zM18.25 14.5h-7.5a.75.75 0 0 1 0-1.5h7.5a.75.75 0 0 1 0 1.5zm0-3h-7.5a.75.75 0 0 1 0-1.5h7.5a.75.75 0 0 1 0 1.5zm0-3h-7.5a.75.75 0 0 1 0-1.5h7.5a.75.75 0 0 1 0 1.5z"></path>
+    <path d="M8.75 20.5a4.255 4.255 0 0 1-4.25-4.25V2.75c0-.086.02-.166.025-.25H3.75A2.752 2.752 0 0 0 1 5.25v16A2.752 2.752 0 0 0 3.75 24h12a2.752 2.752 0 0 0 2.75-2.75v-.75z"></path>
+  </symbol>
+  <symbol xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512.001 512.001" id="closeme">
+    <path d="M284.286 256.002L506.143 34.144c7.811-7.811 7.811-20.475 0-28.285-7.811-7.81-20.475-7.811-28.285 0L256 227.717 34.143 5.859c-7.811-7.811-20.475-7.811-28.285 0-7.81 7.811-7.811 20.475 0 28.285l221.857 221.857L5.858 477.859c-7.811 7.811-7.811 20.475 0 28.285a19.938 19.938 0 0 0 14.143 5.857 19.94 19.94 0 0 0 14.143-5.857L256 284.287l221.857 221.857c3.905 3.905 9.024 5.857 14.143 5.857s10.237-1.952 14.143-5.857c7.811-7.811 7.811-20.475 0-28.285L284.286 256.002z"></path>
+  </symbol>
+  <symbol xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512" id="open-menu">
+    <path d="M492 236H20c-11.046 0-20 8.954-20 20s8.954 20 20 20h472c11.046 0 20-8.954 20-20s-8.954-20-20-20zm0-160H20C8.954 76 0 84.954 0 96s8.954 20 20 20h472c11.046 0 20-8.954 20-20s-8.954-20-20-20zm0 320H20c-11.046 0-20 8.954-20 20s8.954 20 20 20h472c11.046 0 20-8.954 20-20s-8.954-20-20-20z"></path>
+  </symbol>
+  <symbol xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" id="instagram">
+    <path d="M12 2.163c3.204 0 3.584.012 4.85.07 3.252.148 4.771 1.691 4.919 4.919.058 1.265.069 1.645.069 4.849 0 3.205-.012 3.584-.069 4.849-.149 3.225-1.664 4.771-4.919 4.919-1.266.058-1.644.07-4.85.07-3.204 0-3.584-.012-4.849-.07-3.26-.149-4.771-1.699-4.919-4.92-.058-1.265-.07-1.644-.07-4.849 0-3.204.013-3.583.07-4.849.149-3.227 1.664-4.771 4.919-4.919 1.266-.057 1.645-.069 4.849-.069zm0-2.163c-3.259 0-3.667.014-4.947.072-4.358.2-6.78 2.618-6.98 6.98-.059 1.281-.073 1.689-.073 4.948 0 3.259.014 3.668.072 4.948.2 4.358 2.618 6.78 6.98 6.98 1.281.058 1.689.072 4.948.072 3.259 0 3.668-.014 4.948-.072 4.354-.2 6.782-2.618 6.979-6.98.059-1.28.073-1.689.073-4.948 0-3.259-.014-3.667-.072-4.947-.196-4.354-2.617-6.78-6.979-6.98-1.281-.059-1.69-.073-4.949-.073zm0 5.838c-3.403 0-6.162 2.759-6.162 6.162s2.759 6.163 6.162 6.163 6.162-2.759 6.162-6.163c0-3.403-2.759-6.162-6.162-6.162zm0 10.162c-2.209 0-4-1.79-4-4 0-2.209 1.791-4 4-4s4 1.791 4 4c0 2.21-1.791 4-4 4zm6.406-11.845c-.796 0-1.441.645-1.441 1.44s.645 1.44 1.441 1.44c.795 0 1.439-.645 1.439-1.44s-.644-1.44-1.439-1.44z"/>
+  </symbol>
+  <symbol xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" id="youtube">
+    <path d="M19.615 3.184c-3.604-.246-11.631-.245-15.23 0-3.897.266-4.356 2.62-4.385 8.816.029 6.185.484 8.549 4.385 8.816 3.6.245 11.626.246 15.23 0 3.897-.266 4.356-2.62 4.385-8.816-.029-6.185-.484-8.549-4.385-8.816zm-10.615 12.816v-8l8 3.993-8 4.007z"/>
+  </symbol>
+  <symbol xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" id="stackoverflow">
+    <path d="M21 27v-8h3v11H0V19h3v8h18z"></path><path d="M17.1.2L15 1.8l7.9 10.6 2.1-1.6L17.1.2zm3.7 14.7L10.6 6.4l1.7-2 10.2 8.5-1.7 2zM7.2 12.3l12 5.6 1.1-2.4-12-5.6-1.1 2.4zm-1.8 6.8l13.56 1.96.17-2.38-13.26-2.55-.47 2.97zM19 25H5v-3h14v3z"></path>
+  </symbol>
+</svg>
diff --git a/lolrmm.com/themes/compose/layouts/search/single.html b/lolrmm.com/themes/compose/layouts/search/single.html
new file mode 100644
index 00000000..fcd22984
--- /dev/null
+++ b/lolrmm.com/themes/compose/layouts/search/single.html
@@ -0,0 +1,5 @@
+{{- define "main" }}
+<main id="results">
+  <div class="results wrap" id="searchpage"></div>
+</main>
+{{- end }}
\ No newline at end of file
diff --git a/lolrmm.com/themes/compose/layouts/shortcodes/block.html b/lolrmm.com/themes/compose/layouts/shortcodes/block.html
new file mode 100644
index 00000000..93038402
--- /dev/null
+++ b/lolrmm.com/themes/compose/layouts/shortcodes/block.html
@@ -0,0 +1,5 @@
+{{- $modifier := .Get 0 -}}
+{{- $bg := .Get 1 -}}
+<section class="{{ $modifier }}"  {{ with $bg }}style="background-image: url(/images/{{ . }})"{{ end }}>
+  {{- .Inner -}}
+</section>
diff --git a/lolrmm.com/themes/compose/layouts/shortcodes/button.html b/lolrmm.com/themes/compose/layouts/shortcodes/button.html
new file mode 100644
index 00000000..63da5426
--- /dev/null
+++ b/lolrmm.com/themes/compose/layouts/shortcodes/button.html
@@ -0,0 +1,4 @@
+{{- $link := .Get 0 -}}
+{{- $label := .Get 1 -}}
+{{- $modifier := .Get 2 -}}
+<a href="{{ $link }}" class="button{{ with $modifier }} {{ . }}{{ end }}">{{- $label -}}</a>
\ No newline at end of file
diff --git a/lolrmm.com/themes/compose/layouts/shortcodes/chart.html b/lolrmm.com/themes/compose/layouts/shortcodes/chart.html
new file mode 100644
index 00000000..dbbc8127
--- /dev/null
+++ b/lolrmm.com/themes/compose/layouts/shortcodes/chart.html
@@ -0,0 +1,130 @@
+{{- $datasetKey := .Get 0 }}
+{{- $charts := .Get 1 }}
+{{- $data := index $.Page.Params $datasetKey }}
+{{- $dataURL := $data.fileLink }}
+{{- $separator := "," }}
+{{- $dataFile := getCSV $separator $dataURL }}
+
+{{- $dataCompactData := dict -}}
+{{- $activeColumn := sub $data.baseChartOn 1 }}
+{{- with .Get 2 }}
+  {{- $activeColumn = sub (int .) 1 }}
+{{- end }}
+{{- range $dataFile -}}
+  {{- $value := trim (index . $activeColumn) " " -}}
+  {{- with index $dataCompactData $value -}}
+    {{- $dataCompactData = merge $dataCompactData (dict $value (add 1 .)) -}}
+  {{- else -}}
+    {{- $dataCompactData = merge $dataCompactData (dict $value 1) -}}
+  {{- end -}}
+{{- end -}}
+
+{{- $labels := slice }}
+{{- range $key, $value := $dataCompactData }}
+  {{- $labels = append $key $labels }}
+{{- end }}
+
+{{- if in $charts "table" }}
+<script src = '{{ absURL "js/w3.js" }}'></script>
+<div class="table_wrap">
+  {{- if not (in $charts "noFilter") }}
+  <p>
+    <input oninput="w3.filterHTML('#chartTable', '.row', this.value)" class="form_search search_field" placeholder="Filter Table Values">
+  </p>
+  {{- end }}
+  <table id="chartTable">
+    <thead>
+      {{- range $index, $title := $data.columnTitles }}
+      <th onclick="w3.sortHTML('#chartTable', '.row', 'td:nth-child({{ add $index 1 }})')">{{ $title }} {{ partial "sprite" (dict "icon" "sort") . }}</th>
+      {{- end }}
+    </thead>
+    {{- range $dataFile }}
+      {{- $entry := . }}
+	  {{- $entry_markdown := slice }}
+      {{- range $i := $entry }}
+	  	{{- $i_mark := $i | markdownify }}
+  		{{- $entry_markdown = append $i_mark $entry_markdown }}
+	  {{- end }}
+    <tr class="row">
+      {{- range $index, $_ := $data.columnTitles }}
+      <td>{{ index $entry_markdown $index }}</td>
+      {{- end }}
+    </tr>
+    {{- end }}
+  </table>
+</div>
+{{- end }}
+
+{{- $labels = split (delimit  $labels ",") "," }}
+{{- $dataTally := split (delimit $dataCompactData ",") ","  }}
+
+<script src='{{ absURL "js/chart.min.js" }}'></script>
+<script>
+  Chart.platform.disableCSSInjection = true;
+  function getCanvas(id){
+    return document.getElementById(id)
+  };
+  var dataTally = {{ $dataTally }}.map(value => parseInt(value));
+  var labels = {{ $labels }};
+  var data  = {
+    datasets: [{
+      data: dataTally,
+      backgroundColor: {{ $data.colors }},
+      label: {{ $data.title }}
+    }],
+
+    labels: labels
+  };
+  var options = {};
+</script>
+
+{{- if in $charts "pie" }}
+<div class="chart">
+  <canvas id="pie{{ $datasetKey }}" width="500" height="500"></canvas>
+</div>
+<script>
+  var ctx = getCanvas('pie{{ $datasetKey }}');
+  var myPieChart = new Chart(ctx, {
+    type: 'pie',
+    data: data,
+    options: options
+  });
+</script>
+{{- end }}
+
+{{- if in $charts "bar" }}
+<div class="chart">
+  <canvas id="bar{{ $datasetKey }}" width="500" height="500"></canvas>
+</div>
+<script>
+  var ctx3 = getCanvas('bar{{ $datasetKey }}');
+  var barChart = new Chart(ctx3, {
+    type: 'bar',
+    data: data,
+    options: {
+      "scales": {
+      "yAxes": [{
+        "ticks": {
+          "beginAtZero": true
+        }
+      }]
+    }
+    }
+  });
+</script>
+{{- end }}
+
+{{ if in $charts "doughnut" }}
+<div class="chart">
+  <canvas id="doughnut{{ $datasetKey }}" width="500" height="500"></canvas>
+</div>
+<script>
+  var ctx2 = getCanvas('doughnut{{ $datasetKey }}');
+  var doughnutChart = new Chart(ctx2, {
+    type: 'doughnut',
+    data: data,
+    options: options
+  });
+</script>
+{{- end }}
+
diff --git a/lolrmm.com/themes/compose/layouts/shortcodes/column.html b/lolrmm.com/themes/compose/layouts/shortcodes/column.html
new file mode 100644
index 00000000..ab2dfb2c
--- /dev/null
+++ b/lolrmm.com/themes/compose/layouts/shortcodes/column.html
@@ -0,0 +1,4 @@
+{{- $modifier := .Get 0 -}}
+<div {{- with $modifier }} class="{{ . }}"{{ end }}>
+ {{- .Inner | markdownify -}}
+</div>
diff --git a/lolrmm.com/themes/compose/layouts/shortcodes/details.html b/lolrmm.com/themes/compose/layouts/shortcodes/details.html
new file mode 100644
index 00000000..62e1dcbf
--- /dev/null
+++ b/lolrmm.com/themes/compose/layouts/shortcodes/details.html
@@ -0,0 +1,4 @@
+<details>
+  <summary>{{ (.Get 0) | markdownify }}</summary>
+  {{ .Inner | markdownify }}
+</details>
diff --git a/lolrmm.com/themes/compose/layouts/shortcodes/gallery.html b/lolrmm.com/themes/compose/layouts/shortcodes/gallery.html
new file mode 100644
index 00000000..b28c6234
--- /dev/null
+++ b/lolrmm.com/themes/compose/layouts/shortcodes/gallery.html
@@ -0,0 +1,9 @@
+{{- $images := split (replace (.Get 0) ", " ",") "," }}
+{{- $descriptions := split (replace (.Get 1) ":: " "::") "::" }}
+<div class="gallery">
+  {{ range $index, $image := $images }}
+  <figure class="gallery_item">
+    <img src="{{ absURL $image }} " class="gallery_image"{{ with $descriptions }}{{ with (index . $index) }} alt="{{ . }}"{{ end }}{{ end }}/>
+  </figure>
+  {{ end }}
+</div>
diff --git a/lolrmm.com/themes/compose/layouts/shortcodes/grid.html b/lolrmm.com/themes/compose/layouts/shortcodes/grid.html
new file mode 100644
index 00000000..34065442
--- /dev/null
+++ b/lolrmm.com/themes/compose/layouts/shortcodes/grid.html
@@ -0,0 +1,5 @@
+{{- $grids := .Get 0 }}
+{{- $modifiers := .Get 1 }}
+<div class="grid-{{ $grids }}{{ with $modifiers }} {{ . }}{{ end }}">
+  {{ .Inner }}
+</div>
\ No newline at end of file
diff --git a/lolrmm.com/themes/compose/layouts/shortcodes/icon.html b/lolrmm.com/themes/compose/layouts/shortcodes/icon.html
new file mode 100644
index 00000000..eac8ad62
--- /dev/null
+++ b/lolrmm.com/themes/compose/layouts/shortcodes/icon.html
@@ -0,0 +1,6 @@
+{{- $src := .Get 0 }}
+{{- $alt := .Get 1 }}
+{{- $modifier := .Get 2 -}}
+<figure {{ with $modifier }}class="icon_{{ . }}"{{ end }}>
+  <img src="/images/{{ $src }}" alt="{{ $alt }}" class="icon">
+</figure>
diff --git a/lolrmm.com/themes/compose/layouts/shortcodes/image.html b/lolrmm.com/themes/compose/layouts/shortcodes/image.html
new file mode 100644
index 00000000..168c47ff
--- /dev/null
+++ b/lolrmm.com/themes/compose/layouts/shortcodes/image.html
@@ -0,0 +1,4 @@
+{{- $src := .Get 0 }}
+{{- $alt := .Get 1 }}
+{{- $modifier := .Get 2 -}}
+<img src="{{ $src }}"{{ with $alt }} alt="{{ . }}"{{ end }}{{ with $modifier }} class="{{ . }}"{{ end }}>
diff --git a/lolrmm.com/themes/compose/layouts/shortcodes/mermaid.html b/lolrmm.com/themes/compose/layouts/shortcodes/mermaid.html
new file mode 100644
index 00000000..0312fc97
--- /dev/null
+++ b/lolrmm.com/themes/compose/layouts/shortcodes/mermaid.html
@@ -0,0 +1 @@
+<div class="mermaid">{{- .Inner -}}</div>
diff --git a/lolrmm.com/themes/compose/layouts/shortcodes/partial.html b/lolrmm.com/themes/compose/layouts/shortcodes/partial.html
new file mode 100644
index 00000000..f131b756
--- /dev/null
+++ b/lolrmm.com/themes/compose/layouts/shortcodes/partial.html
@@ -0,0 +1,2 @@
+{{- $partial := .Get 0 }}
+{{- partial $partial . }}
\ No newline at end of file
diff --git a/lolrmm.com/themes/compose/layouts/shortcodes/picture.html b/lolrmm.com/themes/compose/layouts/shortcodes/picture.html
new file mode 100644
index 00000000..bacaa885
--- /dev/null
+++ b/lolrmm.com/themes/compose/layouts/shortcodes/picture.html
@@ -0,0 +1,8 @@
+{{- $normal := .Get 0 }}
+{{- $dark := .Get 1 }}
+{{- $alt := .Get 2 }}
+{{- $litPath := absURL (printf "images/%s" $normal) }}
+{{- $darkPath := absURL (printf "images/%s" $dark) }}
+<picture class="nav_logo" data-lit="{{ $litPath }}" data-dark="{{ $darkPath }}">
+  <img src="{{ $litPath }}" alt="{{ $alt }}">
+</picture>
diff --git a/lolrmm.com/themes/compose/layouts/shortcodes/tip.html b/lolrmm.com/themes/compose/layouts/shortcodes/tip.html
new file mode 100644
index 00000000..3e334d9b
--- /dev/null
+++ b/lolrmm.com/themes/compose/layouts/shortcodes/tip.html
@@ -0,0 +1,4 @@
+{{- $type := .Get 0 }}
+<div class="tip{{ with $type }} tip_{{ . }}{{ end }}">
+  {{ markdownify .Inner }}
+</div>
diff --git a/lolrmm.com/themes/compose/layouts/shortcodes/youtube.html b/lolrmm.com/themes/compose/layouts/shortcodes/youtube.html
new file mode 100644
index 00000000..b87decce
--- /dev/null
+++ b/lolrmm.com/themes/compose/layouts/shortcodes/youtube.html
@@ -0,0 +1,8 @@
+{{- $youtubeHost := "https://www.youtube.com/watch?v=" }}
+{{- $url := .Get 0 }}
+{{- if in $url $youtubeHost }}
+  {{- $url = strings.TrimPrefix $youtubeHost $url }}
+{{- end }}
+<div class="video">
+  <iframe src="https://www.youtube.com/embed/{{ $url }}?controls=1&rel=0" loading="lazy"></iframe>
+</div>
diff --git a/lolrmm.com/themes/compose/static/favicons/android-chrome-192x192.png b/lolrmm.com/themes/compose/static/favicons/android-chrome-192x192.png
new file mode 100644
index 00000000..6bcc490f
Binary files /dev/null and b/lolrmm.com/themes/compose/static/favicons/android-chrome-192x192.png differ
diff --git a/lolrmm.com/themes/compose/static/favicons/android-chrome-512x512.png b/lolrmm.com/themes/compose/static/favicons/android-chrome-512x512.png
new file mode 100644
index 00000000..252ada60
Binary files /dev/null and b/lolrmm.com/themes/compose/static/favicons/android-chrome-512x512.png differ
diff --git a/lolrmm.com/themes/compose/static/favicons/apple-touch-icon.png b/lolrmm.com/themes/compose/static/favicons/apple-touch-icon.png
new file mode 100644
index 00000000..4692b4fb
Binary files /dev/null and b/lolrmm.com/themes/compose/static/favicons/apple-touch-icon.png differ
diff --git a/lolrmm.com/themes/compose/static/favicons/favicon-16x16.png b/lolrmm.com/themes/compose/static/favicons/favicon-16x16.png
new file mode 100644
index 00000000..cb40c7b3
Binary files /dev/null and b/lolrmm.com/themes/compose/static/favicons/favicon-16x16.png differ
diff --git a/lolrmm.com/themes/compose/static/favicons/favicon-32x32.png b/lolrmm.com/themes/compose/static/favicons/favicon-32x32.png
new file mode 100644
index 00000000..d774d520
Binary files /dev/null and b/lolrmm.com/themes/compose/static/favicons/favicon-32x32.png differ
diff --git a/lolrmm.com/themes/compose/static/favicons/favicon.ico b/lolrmm.com/themes/compose/static/favicons/favicon.ico
new file mode 100644
index 00000000..d8dbab5c
Binary files /dev/null and b/lolrmm.com/themes/compose/static/favicons/favicon.ico differ
diff --git a/lolrmm.com/themes/compose/static/favicons/site.webmanifest b/lolrmm.com/themes/compose/static/favicons/site.webmanifest
new file mode 100644
index 00000000..45dc8a20
--- /dev/null
+++ b/lolrmm.com/themes/compose/static/favicons/site.webmanifest
@@ -0,0 +1 @@
+{"name":"","short_name":"","icons":[{"src":"/android-chrome-192x192.png","sizes":"192x192","type":"image/png"},{"src":"/android-chrome-512x512.png","sizes":"512x512","type":"image/png"}],"theme_color":"#ffffff","background_color":"#ffffff","display":"standalone"}
\ No newline at end of file
diff --git a/lolrmm.com/themes/compose/static/fonts/Metropolis-Black.woff b/lolrmm.com/themes/compose/static/fonts/Metropolis-Black.woff
new file mode 100644
index 00000000..0b4022d4
Binary files /dev/null and b/lolrmm.com/themes/compose/static/fonts/Metropolis-Black.woff differ
diff --git a/lolrmm.com/themes/compose/static/fonts/Metropolis-Black.woff2 b/lolrmm.com/themes/compose/static/fonts/Metropolis-Black.woff2
new file mode 100644
index 00000000..9ad74d2d
Binary files /dev/null and b/lolrmm.com/themes/compose/static/fonts/Metropolis-Black.woff2 differ
diff --git a/lolrmm.com/themes/compose/static/fonts/Metropolis-BlackItalic.woff b/lolrmm.com/themes/compose/static/fonts/Metropolis-BlackItalic.woff
new file mode 100644
index 00000000..470b7e68
Binary files /dev/null and b/lolrmm.com/themes/compose/static/fonts/Metropolis-BlackItalic.woff differ
diff --git a/lolrmm.com/themes/compose/static/fonts/Metropolis-BlackItalic.woff2 b/lolrmm.com/themes/compose/static/fonts/Metropolis-BlackItalic.woff2
new file mode 100644
index 00000000..a269f3ac
Binary files /dev/null and b/lolrmm.com/themes/compose/static/fonts/Metropolis-BlackItalic.woff2 differ
diff --git a/lolrmm.com/themes/compose/static/fonts/Metropolis-Bold.woff b/lolrmm.com/themes/compose/static/fonts/Metropolis-Bold.woff
new file mode 100644
index 00000000..85383781
Binary files /dev/null and b/lolrmm.com/themes/compose/static/fonts/Metropolis-Bold.woff differ
diff --git a/lolrmm.com/themes/compose/static/fonts/Metropolis-Bold.woff2 b/lolrmm.com/themes/compose/static/fonts/Metropolis-Bold.woff2
new file mode 100644
index 00000000..9648b0cb
Binary files /dev/null and b/lolrmm.com/themes/compose/static/fonts/Metropolis-Bold.woff2 differ
diff --git a/lolrmm.com/themes/compose/static/fonts/Metropolis-BoldItalic.woff b/lolrmm.com/themes/compose/static/fonts/Metropolis-BoldItalic.woff
new file mode 100644
index 00000000..377c9910
Binary files /dev/null and b/lolrmm.com/themes/compose/static/fonts/Metropolis-BoldItalic.woff differ
diff --git a/lolrmm.com/themes/compose/static/fonts/Metropolis-BoldItalic.woff2 b/lolrmm.com/themes/compose/static/fonts/Metropolis-BoldItalic.woff2
new file mode 100644
index 00000000..84a031b3
Binary files /dev/null and b/lolrmm.com/themes/compose/static/fonts/Metropolis-BoldItalic.woff2 differ
diff --git a/lolrmm.com/themes/compose/static/fonts/Metropolis-ExtraBold.woff b/lolrmm.com/themes/compose/static/fonts/Metropolis-ExtraBold.woff
new file mode 100644
index 00000000..fc986833
Binary files /dev/null and b/lolrmm.com/themes/compose/static/fonts/Metropolis-ExtraBold.woff differ
diff --git a/lolrmm.com/themes/compose/static/fonts/Metropolis-ExtraBold.woff2 b/lolrmm.com/themes/compose/static/fonts/Metropolis-ExtraBold.woff2
new file mode 100644
index 00000000..8a96ad92
Binary files /dev/null and b/lolrmm.com/themes/compose/static/fonts/Metropolis-ExtraBold.woff2 differ
diff --git a/lolrmm.com/themes/compose/static/fonts/Metropolis-ExtraBoldItalic.woff b/lolrmm.com/themes/compose/static/fonts/Metropolis-ExtraBoldItalic.woff
new file mode 100644
index 00000000..7039b622
Binary files /dev/null and b/lolrmm.com/themes/compose/static/fonts/Metropolis-ExtraBoldItalic.woff differ
diff --git a/lolrmm.com/themes/compose/static/fonts/Metropolis-ExtraBoldItalic.woff2 b/lolrmm.com/themes/compose/static/fonts/Metropolis-ExtraBoldItalic.woff2
new file mode 100644
index 00000000..e0809288
Binary files /dev/null and b/lolrmm.com/themes/compose/static/fonts/Metropolis-ExtraBoldItalic.woff2 differ
diff --git a/lolrmm.com/themes/compose/static/fonts/Metropolis-ExtraLight.woff b/lolrmm.com/themes/compose/static/fonts/Metropolis-ExtraLight.woff
new file mode 100644
index 00000000..7e5c31eb
Binary files /dev/null and b/lolrmm.com/themes/compose/static/fonts/Metropolis-ExtraLight.woff differ
diff --git a/lolrmm.com/themes/compose/static/fonts/Metropolis-ExtraLight.woff2 b/lolrmm.com/themes/compose/static/fonts/Metropolis-ExtraLight.woff2
new file mode 100644
index 00000000..951cfc48
Binary files /dev/null and b/lolrmm.com/themes/compose/static/fonts/Metropolis-ExtraLight.woff2 differ
diff --git a/lolrmm.com/themes/compose/static/fonts/Metropolis-ExtraLightItalic.woff b/lolrmm.com/themes/compose/static/fonts/Metropolis-ExtraLightItalic.woff
new file mode 100644
index 00000000..da2929c4
Binary files /dev/null and b/lolrmm.com/themes/compose/static/fonts/Metropolis-ExtraLightItalic.woff differ
diff --git a/lolrmm.com/themes/compose/static/fonts/Metropolis-ExtraLightItalic.woff2 b/lolrmm.com/themes/compose/static/fonts/Metropolis-ExtraLightItalic.woff2
new file mode 100644
index 00000000..c6a665c7
Binary files /dev/null and b/lolrmm.com/themes/compose/static/fonts/Metropolis-ExtraLightItalic.woff2 differ
diff --git a/lolrmm.com/themes/compose/static/fonts/Metropolis-Light.woff b/lolrmm.com/themes/compose/static/fonts/Metropolis-Light.woff
new file mode 100644
index 00000000..f3a84ef3
Binary files /dev/null and b/lolrmm.com/themes/compose/static/fonts/Metropolis-Light.woff differ
diff --git a/lolrmm.com/themes/compose/static/fonts/Metropolis-Light.woff2 b/lolrmm.com/themes/compose/static/fonts/Metropolis-Light.woff2
new file mode 100644
index 00000000..f0ff6f34
Binary files /dev/null and b/lolrmm.com/themes/compose/static/fonts/Metropolis-Light.woff2 differ
diff --git a/lolrmm.com/themes/compose/static/fonts/Metropolis-LightItalic.woff b/lolrmm.com/themes/compose/static/fonts/Metropolis-LightItalic.woff
new file mode 100644
index 00000000..ee72f2c7
Binary files /dev/null and b/lolrmm.com/themes/compose/static/fonts/Metropolis-LightItalic.woff differ
diff --git a/lolrmm.com/themes/compose/static/fonts/Metropolis-LightItalic.woff2 b/lolrmm.com/themes/compose/static/fonts/Metropolis-LightItalic.woff2
new file mode 100644
index 00000000..3cbcc346
Binary files /dev/null and b/lolrmm.com/themes/compose/static/fonts/Metropolis-LightItalic.woff2 differ
diff --git a/lolrmm.com/themes/compose/static/fonts/Metropolis-Medium.woff b/lolrmm.com/themes/compose/static/fonts/Metropolis-Medium.woff
new file mode 100644
index 00000000..cd3c1ab0
Binary files /dev/null and b/lolrmm.com/themes/compose/static/fonts/Metropolis-Medium.woff differ
diff --git a/lolrmm.com/themes/compose/static/fonts/Metropolis-Medium.woff2 b/lolrmm.com/themes/compose/static/fonts/Metropolis-Medium.woff2
new file mode 100644
index 00000000..43578fef
Binary files /dev/null and b/lolrmm.com/themes/compose/static/fonts/Metropolis-Medium.woff2 differ
diff --git a/lolrmm.com/themes/compose/static/fonts/Metropolis-MediumItalic.woff b/lolrmm.com/themes/compose/static/fonts/Metropolis-MediumItalic.woff
new file mode 100644
index 00000000..814a9d5e
Binary files /dev/null and b/lolrmm.com/themes/compose/static/fonts/Metropolis-MediumItalic.woff differ
diff --git a/lolrmm.com/themes/compose/static/fonts/Metropolis-MediumItalic.woff2 b/lolrmm.com/themes/compose/static/fonts/Metropolis-MediumItalic.woff2
new file mode 100644
index 00000000..83f741c2
Binary files /dev/null and b/lolrmm.com/themes/compose/static/fonts/Metropolis-MediumItalic.woff2 differ
diff --git a/lolrmm.com/themes/compose/static/fonts/Metropolis-Regular.woff b/lolrmm.com/themes/compose/static/fonts/Metropolis-Regular.woff
new file mode 100644
index 00000000..6aa4dbaf
Binary files /dev/null and b/lolrmm.com/themes/compose/static/fonts/Metropolis-Regular.woff differ
diff --git a/lolrmm.com/themes/compose/static/fonts/Metropolis-Regular.woff2 b/lolrmm.com/themes/compose/static/fonts/Metropolis-Regular.woff2
new file mode 100644
index 00000000..f50bf342
Binary files /dev/null and b/lolrmm.com/themes/compose/static/fonts/Metropolis-Regular.woff2 differ
diff --git a/lolrmm.com/themes/compose/static/fonts/Metropolis-RegularItalic.woff b/lolrmm.com/themes/compose/static/fonts/Metropolis-RegularItalic.woff
new file mode 100644
index 00000000..019578ad
Binary files /dev/null and b/lolrmm.com/themes/compose/static/fonts/Metropolis-RegularItalic.woff differ
diff --git a/lolrmm.com/themes/compose/static/fonts/Metropolis-RegularItalic.woff2 b/lolrmm.com/themes/compose/static/fonts/Metropolis-RegularItalic.woff2
new file mode 100644
index 00000000..93de2588
Binary files /dev/null and b/lolrmm.com/themes/compose/static/fonts/Metropolis-RegularItalic.woff2 differ
diff --git a/lolrmm.com/themes/compose/static/fonts/Metropolis-SemiBold.woff b/lolrmm.com/themes/compose/static/fonts/Metropolis-SemiBold.woff
new file mode 100644
index 00000000..ca2edb08
Binary files /dev/null and b/lolrmm.com/themes/compose/static/fonts/Metropolis-SemiBold.woff differ
diff --git a/lolrmm.com/themes/compose/static/fonts/Metropolis-SemiBold.woff2 b/lolrmm.com/themes/compose/static/fonts/Metropolis-SemiBold.woff2
new file mode 100644
index 00000000..fad6dfde
Binary files /dev/null and b/lolrmm.com/themes/compose/static/fonts/Metropolis-SemiBold.woff2 differ
diff --git a/lolrmm.com/themes/compose/static/fonts/Metropolis-SemiBoldItalic.woff b/lolrmm.com/themes/compose/static/fonts/Metropolis-SemiBoldItalic.woff
new file mode 100644
index 00000000..3c6a03bc
Binary files /dev/null and b/lolrmm.com/themes/compose/static/fonts/Metropolis-SemiBoldItalic.woff differ
diff --git a/lolrmm.com/themes/compose/static/fonts/Metropolis-SemiBoldItalic.woff2 b/lolrmm.com/themes/compose/static/fonts/Metropolis-SemiBoldItalic.woff2
new file mode 100644
index 00000000..ad97ed0c
Binary files /dev/null and b/lolrmm.com/themes/compose/static/fonts/Metropolis-SemiBoldItalic.woff2 differ
diff --git a/lolrmm.com/themes/compose/static/fonts/Metropolis-Thin.woff b/lolrmm.com/themes/compose/static/fonts/Metropolis-Thin.woff
new file mode 100644
index 00000000..40341f44
Binary files /dev/null and b/lolrmm.com/themes/compose/static/fonts/Metropolis-Thin.woff differ
diff --git a/lolrmm.com/themes/compose/static/fonts/Metropolis-Thin.woff2 b/lolrmm.com/themes/compose/static/fonts/Metropolis-Thin.woff2
new file mode 100644
index 00000000..9ffe02ae
Binary files /dev/null and b/lolrmm.com/themes/compose/static/fonts/Metropolis-Thin.woff2 differ
diff --git a/lolrmm.com/themes/compose/static/fonts/Metropolis-ThinItalic.woff b/lolrmm.com/themes/compose/static/fonts/Metropolis-ThinItalic.woff
new file mode 100644
index 00000000..8943df9f
Binary files /dev/null and b/lolrmm.com/themes/compose/static/fonts/Metropolis-ThinItalic.woff differ
diff --git a/lolrmm.com/themes/compose/static/fonts/Metropolis-ThinItalic.woff2 b/lolrmm.com/themes/compose/static/fonts/Metropolis-ThinItalic.woff2
new file mode 100644
index 00000000..e4bdf05e
Binary files /dev/null and b/lolrmm.com/themes/compose/static/fonts/Metropolis-ThinItalic.woff2 differ
diff --git a/lolrmm.com/themes/compose/static/icons/carly.svg b/lolrmm.com/themes/compose/static/icons/carly.svg
new file mode 100644
index 00000000..26bab807
--- /dev/null
+++ b/lolrmm.com/themes/compose/static/icons/carly.svg
@@ -0,0 +1 @@
+<svg viewBox="0 0 24 24" aria-hidden="true"><path fill="currentColor" d="M4 19h6v-2H4v2zM20 5H4v2h16V5zm-3 6H4v2h13.25c1.1 0 2 .9 2 2s-.9 2-2 2H15v-2l-3 3l3 3v-2h2c2.21 0 4-1.79 4-4s-1.79-4-4-4z"></path></svg>
\ No newline at end of file
diff --git a/lolrmm.com/themes/compose/static/icons/check.svg b/lolrmm.com/themes/compose/static/icons/check.svg
new file mode 100644
index 00000000..d4ab455c
--- /dev/null
+++ b/lolrmm.com/themes/compose/static/icons/check.svg
@@ -0,0 +1 @@
+<svg viewBox="0 0 512 512" xmlns="http://www.w3.org/2000/svg" fill="#666"><path d="M99.941 293.748a21.78 21.78 0 0 1-7.175-16.153c0-11.938 9.823-21.765 21.764-21.765a21.772 21.772 0 0 1 15.737 6.733l85.958 83.825 164.42-194.504c18.463-21.833 51.574 6.326 33.213 28.125L234.276 392.324l-1.032 1.135c-8.327 8.55-22.218 8.74-30.773.412L99.941 293.748z"/></svg>
diff --git a/lolrmm.com/themes/compose/static/icons/copy.svg b/lolrmm.com/themes/compose/static/icons/copy.svg
new file mode 100644
index 00000000..d23ad91e
--- /dev/null
+++ b/lolrmm.com/themes/compose/static/icons/copy.svg
@@ -0,0 +1 @@
+<svg enable-background="new 0 0 512 512" viewBox="0 0 512 512" xmlns="http://www.w3.org/2000/svg"><path d="m366.905 108.016h-141.91c-11.048 0-20.003 8.955-20.003 20.003s8.955 20.003 20.003 20.003h141.91c11.048 0 20.003-8.955 20.003-20.003s-8.956-20.003-20.003-20.003z"/><path d="m366.905 188.027h-141.91c-11.048 0-20.003 8.955-20.003 20.003s8.955 20.003 20.003 20.003h141.91c11.047 0 20.003-8.955 20.003-20.003s-8.955-20.003-20.003-20.003z"/><path d="m286.004 268.039h-61.009c-11.048 0-20.003 8.955-20.003 20.003s8.955 20.003 20.003 20.003h61.009c11.048 0 20.003-8.955 20.003-20.003s-8.955-20.003-20.003-20.003z"/><path d="m448.028 272.039c11.048 0 20.003-8.955 20.003-20.003v-172.024c0-44.119-35.894-80.012-80.012-80.012h-184.027c-44.094 0-79.971 35.853-80.012 79.938-44.118 0-80.012 35.893-80.012 80.012v272.039c0 44.118 35.893 80.012 80.012 80.012h194.028c44.118 0 80.012-35.893 80.012-80.012v-.608c39.414-4.938 70.01-38.662 70.01-79.389 0-11.048-8.955-20.003-20.003-20.003s-20.003 8.955-20.003 20.003c0 22.054-17.942 40.001-39.996 40.006l-184.027.045h-.009c-10.685 0-20.73-4.16-28.285-11.715-7.558-7.556-11.721-17.604-11.721-28.291v-272.025c0-22.059 17.947-40.006 40.006-40.006h184.028c22.059 0 40.006 17.947 40.006 40.006v172.025c-.001 11.047 8.954 20.002 20.002 20.002zm-244.036 160.008h.02l154.002-.038c-.012 22.049-17.954 39.984-40.006 39.984h-194.027c-22.059 0-40.006-17.947-40.006-40.006v-272.039c0-22.059 17.947-40.006 40.006-40.006v232.094c0 21.375 8.325 41.471 23.441 56.583 15.113 15.11 35.2 23.428 56.57 23.428z"/></svg>
\ No newline at end of file
diff --git a/lolrmm.com/themes/compose/static/icons/expand.svg b/lolrmm.com/themes/compose/static/icons/expand.svg
new file mode 100644
index 00000000..14d85249
--- /dev/null
+++ b/lolrmm.com/themes/compose/static/icons/expand.svg
@@ -0,0 +1 @@
+<svg height="512pt" viewBox="0 0 512.016 512" width="512pt" xmlns="http://www.w3.org/2000/svg"><path d="m240 426.675781h-181.332031c-32.363281 0-58.667969-26.304687-58.667969-58.667969v-309.332031c0-32.363281 26.304688-58.6679685 58.667969-58.6679685h309.332031c32.363281 0 58.667969 26.3046875 58.667969 58.6679685v181.332031c0 8.832032-7.167969 16-16 16s-16-7.167968-16-16v-181.332031c0-14.699219-11.96875-26.667969-26.667969-26.667969h-309.332031c-14.699219 0-26.667969 11.96875-26.667969 26.667969v309.332031c0 14.699219 11.96875 26.667969 26.667969 26.667969h181.332031c8.832031 0 16 7.167969 16 16s-7.167969 16-16 16zm0 0"/><path d="m496 512.007812h-138.667969c-8.832031 0-16-7.167968-16-16 0-8.832031 7.167969-16 16-16h122.667969v-122.667968c0-8.832032 7.167969-16 16-16s16 7.167968 16 16v138.667968c0 8.832032-7.167969 16-16 16zm0 0"/><path d="m496 512.007812c-4.097656 0-8.191406-1.558593-11.308594-4.691406l-181.332031-181.335937c-6.25-6.25-6.25-16.382813 0-22.632813s16.382813-6.25 22.636719 0l181.332031 181.332032c6.25 6.25 6.25 16.382812 0 22.636718-3.136719 3.132813-7.230469 4.691406-11.328125 4.691406zm0 0"/></svg>
\ No newline at end of file
diff --git a/lolrmm.com/themes/compose/static/icons/info.svg b/lolrmm.com/themes/compose/static/icons/info.svg
new file mode 100644
index 00000000..535dc815
--- /dev/null
+++ b/lolrmm.com/themes/compose/static/icons/info.svg
@@ -0,0 +1 @@
+<svg fill="none" height="270" viewBox="0 0 60 270" width="60" xmlns="http://www.w3.org/2000/svg"><g fill="#fff"><path d="m0 120c0-16.569 13.4315-30 30-30s30 13.431 30 30v120c0 16.569-13.4315 30-30 30s-30-13.431-30-30z"/><path d="m60 30c0 16.5686-13.4314 30-30 30-16.5685 0-29.99999306-13.4314-29.99999306-30 0-16.5685 13.43149306-29.99998474 29.99999306-29.99998474 16.5686 0 30 13.43148474 30 29.99998474z"/></g></svg>
\ No newline at end of file
diff --git a/lolrmm.com/themes/compose/static/icons/link.svg b/lolrmm.com/themes/compose/static/icons/link.svg
new file mode 100644
index 00000000..e8aeefd1
--- /dev/null
+++ b/lolrmm.com/themes/compose/static/icons/link.svg
@@ -0,0 +1 @@
+<svg enable-background="new 0 0 64 64" height="512" viewBox="0 0 64 64" width="512" xmlns="http://www.w3.org/2000/svg"><g fill="#666"><path d="m19 40c1.104 0 2-.896 2-2s-.896-2-2-2c-3.86 0-7-3.14-7-7 0-1.873.728-3.628 2.059-4.95 1.313-1.322 3.068-2.05 4.941-2.05h10c3.86 0 7 3.14 7 7 0 .258-.015.509-.048.78-.174 1.574-.885 3.052-2.017 4.176-.532.54-1.137.974-1.797 1.289-.997.476-1.419 1.669-.944 2.666.476.996 1.669 1.419 2.667.943 1.08-.516 2.063-1.219 2.908-2.075 1.763-1.75 2.885-4.08 3.156-6.539.051-.413.075-.819.075-1.24 0-6.065-4.935-11-11-11h-10c-2.947 0-5.709 1.147-7.77 3.221-2.083 2.07-3.23 4.832-3.23 7.779 0 6.065 4.935 11 11 11z"/><path d="m45 28c-1.104 0-2 .896-2 2s.896 2 2 2c3.86 0 7 3.141 7 7 0 1.873-.728 3.628-2.059 4.95-1.313 1.322-3.068 2.05-4.941 2.05h-10c-3.86 0-7-3.141-7-7 0-.258.015-.509.048-.78.174-1.574.885-3.052 2.017-4.176.532-.54 1.136-.974 1.796-1.289.997-.476 1.419-1.67.944-2.667s-1.669-1.418-2.667-.944c-1.081.516-2.064 1.22-2.908 2.076-1.763 1.75-2.885 4.08-3.156 6.538-.05.415-.074.821-.074 1.242 0 6.065 4.935 11 11 11h10c2.946 0 5.709-1.147 7.77-3.221 2.083-2.07 3.23-4.833 3.23-7.779 0-6.065-4.935-11-11-11z"/></g></svg>
\ No newline at end of file
diff --git a/lolrmm.com/themes/compose/static/icons/moon.svg b/lolrmm.com/themes/compose/static/icons/moon.svg
new file mode 100644
index 00000000..cef26938
--- /dev/null
+++ b/lolrmm.com/themes/compose/static/icons/moon.svg
@@ -0,0 +1 @@
+<svg height="124" viewBox="-.5 -.5 112 124" width="112" xmlns="http://www.w3.org/2000/svg"><g fill="#fff" pointer-events="all"><path d="m54.06 11c-24.72 10.72-36.06 39.39-25.3 64.05 10.75 24.65 39.51 35.95 64.24 25.23-19.39-3.34-35.79-16.18-43.64-34.17-7.84-17.98-6.08-38.7 4.7-55.11z" transform="matrix(.90630779 -.42261826 .42261826 .90630779 -20.579796 29.170539)"/><path d="m45.5 31 8-2 2-8 2 8 8 2-8 2-2 8-2-8z"/><path d="m62 61 6-1.5 1.5-6 1.5 6 6 1.5-6 1.5-1.5 6-1.5-6z"/><path d="m77 41 8-2 2-8 2 8 8 2-8 2-2 8-2-8z"/></g></svg>
\ No newline at end of file
diff --git a/lolrmm.com/themes/compose/static/icons/next.svg b/lolrmm.com/themes/compose/static/icons/next.svg
new file mode 100644
index 00000000..de70acfc
--- /dev/null
+++ b/lolrmm.com/themes/compose/static/icons/next.svg
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
+	 viewBox="0 0 492.004 492.004" style="enable-background:new 0 0 492.004 492.004;" xml:space="preserve" fill="#eee">
+<g>
+	<g>
+		<path d="M484.14,226.886L306.46,49.202c-5.072-5.072-11.832-7.856-19.04-7.856c-7.216,0-13.972,2.788-19.044,7.856l-16.132,16.136
+			c-5.068,5.064-7.86,11.828-7.86,19.04c0,7.208,2.792,14.2,7.86,19.264L355.9,207.526H26.58C11.732,207.526,0,219.15,0,234.002
+			v22.812c0,14.852,11.732,27.648,26.58,27.648h330.496L252.248,388.926c-5.068,5.072-7.86,11.652-7.86,18.864
+			c0,7.204,2.792,13.88,7.86,18.948l16.132,16.084c5.072,5.072,11.828,7.836,19.044,7.836c7.208,0,13.968-2.8,19.04-7.872
+			l177.68-177.68c5.084-5.088,7.88-11.88,7.86-19.1C492.02,238.762,489.228,231.966,484.14,226.886z"/>
+	</g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+</svg>
diff --git a/lolrmm.com/themes/compose/static/icons/order.svg b/lolrmm.com/themes/compose/static/icons/order.svg
new file mode 100644
index 00000000..4993afd2
--- /dev/null
+++ b/lolrmm.com/themes/compose/static/icons/order.svg
@@ -0,0 +1 @@
+<svg enable-background="new 0 0 512 512" viewBox="0 0 512 512" xmlns="http://www.w3.org/2000/svg"><path d="m492 236h-347.738c-11.046 0-20 8.954-20 20s8.954 20 20 20h347.738c11.046 0 20-8.954 20-20s-8.954-20-20-20z"/><path d="m492 86h-347.738c-11.046 0-20 8.954-20 20s8.954 20 20 20h347.738c11.046 0 20-8.954 20-20s-8.954-20-20-20z"/><path d="m492 386h-347.738c-11.046 0-20 8.954-20 20s8.954 20 20 20h347.738c11.046 0 20-8.954 20-20s-8.954-20-20-20z"/><circle cx="27" cy="106" r="27"/><circle cx="27" cy="256" r="27"/><circle cx="27" cy="406" r="27"/></svg>
\ No newline at end of file
diff --git a/lolrmm.com/themes/compose/static/icons/sun.svg b/lolrmm.com/themes/compose/static/icons/sun.svg
new file mode 100644
index 00000000..96d8da6a
--- /dev/null
+++ b/lolrmm.com/themes/compose/static/icons/sun.svg
@@ -0,0 +1 @@
+<svg height="201" viewBox="-.5 -.5 201 201" width="201" xmlns="http://www.w3.org/2000/svg"><g fill="#000" pointer-events="all"><ellipse cx="100" cy="100" rx="50" ry="50"/><path d="m80 10 40 10-40 10z" transform="matrix(0 -1 1 0 80 120)"/><path d="m80 170 40 10-40 10z" transform="matrix(0 1 -1 0 280 80)"/><path d="m160 90 40 10-40 10z"/><path d="m0 90 40 10-40 10z" transform="matrix(-1 0 0 -1 40 200)"/><path d="m137 147 40 10-40 10z" transform="matrix(.70710678 .70710678 -.70710678 .70710678 157 -65.031529)"/><path d="m23 147 40 10-40 10z" transform="matrix(-.70710678 .70710678 -.70710678 -.70710678 184.421356 237.610173)"/><path d="m23 33 40 10-40 10z" transform="matrix(-.70710678 -.70710678 .70710678 -.70710678 43 103.811183)"/><path d="m137 33 40 10-40 10z" transform="matrix(.70710678 -.70710678 .70710678 .70710678 15.578644 123.610173)"/></g></svg>
\ No newline at end of file
diff --git a/lolrmm.com/themes/compose/static/images/github.svg b/lolrmm.com/themes/compose/static/images/github.svg
new file mode 100644
index 00000000..d9a232c7
--- /dev/null
+++ b/lolrmm.com/themes/compose/static/images/github.svg
@@ -0,0 +1 @@
+<svg enable-background="new 0 0 24 24" height="512" viewBox="0 0 24 24" width="512" xmlns="http://www.w3.org/2000/svg"><path d="m12 .5c-6.63 0-12 5.28-12 11.792 0 5.211 3.438 9.63 8.205 11.188.6.111.82-.254.82-.567 0-.28-.01-1.022-.015-2.005-3.338.711-4.042-1.582-4.042-1.582-.546-1.361-1.335-1.725-1.335-1.725-1.087-.731.084-.716.084-.716 1.205.082 1.838 1.215 1.838 1.215 1.07 1.803 2.809 1.282 3.495.981.108-.763.417-1.282.76-1.577-2.665-.295-5.466-1.309-5.466-5.827 0-1.287.465-2.339 1.235-3.164-.135-.298-.54-1.497.105-3.121 0 0 1.005-.316 3.3 1.209.96-.262 1.98-.392 3-.398 1.02.006 2.04.136 3 .398 2.28-1.525 3.285-1.209 3.285-1.209.645 1.624.24 2.823.12 3.121.765.825 1.23 1.877 1.23 3.164 0 4.53-2.805 5.527-5.475 5.817.42.354.81 1.077.81 2.182 0 1.578-.015 2.846-.015 3.229 0 .309.21.678.825.56 4.801-1.548 8.236-5.97 8.236-11.173 0-6.512-5.373-11.792-12-11.792z" fill="#212121"/></svg>
\ No newline at end of file
diff --git a/lolrmm.com/themes/compose/static/images/next.svg b/lolrmm.com/themes/compose/static/images/next.svg
new file mode 100644
index 00000000..de70acfc
--- /dev/null
+++ b/lolrmm.com/themes/compose/static/images/next.svg
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
+	 viewBox="0 0 492.004 492.004" style="enable-background:new 0 0 492.004 492.004;" xml:space="preserve" fill="#eee">
+<g>
+	<g>
+		<path d="M484.14,226.886L306.46,49.202c-5.072-5.072-11.832-7.856-19.04-7.856c-7.216,0-13.972,2.788-19.044,7.856l-16.132,16.136
+			c-5.068,5.064-7.86,11.828-7.86,19.04c0,7.208,2.792,14.2,7.86,19.264L355.9,207.526H26.58C11.732,207.526,0,219.15,0,234.002
+			v22.812c0,14.852,11.732,27.648,26.58,27.648h330.496L252.248,388.926c-5.068,5.072-7.86,11.652-7.86,18.864
+			c0,7.204,2.792,13.88,7.86,18.948l16.132,16.084c5.072,5.072,11.828,7.836,19.044,7.836c7.208,0,13.968-2.8,19.04-7.872
+			l177.68-177.68c5.084-5.088,7.88-11.88,7.86-19.1C492.02,238.762,489.228,231.966,484.14,226.886z"/>
+	</g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+</svg>
diff --git a/lolrmm.com/themes/compose/static/images/search.svg b/lolrmm.com/themes/compose/static/images/search.svg
new file mode 100644
index 00000000..09bf2cae
--- /dev/null
+++ b/lolrmm.com/themes/compose/static/images/search.svg
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!-- Generator: Adobe Illustrator 19.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
+<svg version="1.1" id="Capa_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
+	 viewBox="0 0 511.999 511.999" style="enable-background:new 0 0 511.999 511.999;" xml:space="preserve">
+<g>
+	<g>
+		<path d="M508.874,478.708L360.142,329.976c28.21-34.827,45.191-79.103,45.191-127.309c0-111.75-90.917-202.667-202.667-202.667
+			S0,90.917,0,202.667s90.917,202.667,202.667,202.667c48.206,0,92.482-16.982,127.309-45.191l148.732,148.732
+			c4.167,4.165,10.919,4.165,15.086,0l15.081-15.082C513.04,489.627,513.04,482.873,508.874,478.708z M202.667,362.667
+			c-88.229,0-160-71.771-160-160s71.771-160,160-160s160,71.771,160,160S290.896,362.667,202.667,362.667z"/>
+	</g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+</svg>
diff --git a/lolrmm.com/themes/compose/static/js/chart.min.js b/lolrmm.com/themes/compose/static/js/chart.min.js
new file mode 100644
index 00000000..7458f14f
--- /dev/null
+++ b/lolrmm.com/themes/compose/static/js/chart.min.js
@@ -0,0 +1,7 @@
+/*!
+ * Chart.js v2.9.4
+ * https://www.chartjs.org
+ * (c) 2020 Chart.js Contributors
+ * Released under the MIT License
+ */
+!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?module.exports=e(function(){try{return require("moment")}catch(t){}}()):"function"==typeof define&&define.amd?define(["require"],(function(t){return e(function(){try{return t("moment")}catch(t){}}())})):(t=t||self).Chart=e(t.moment)}(this,(function(t){"use strict";t=t&&t.hasOwnProperty("default")?t.default:t;var e={aliceblue:[240,248,255],antiquewhite:[250,235,215],aqua:[0,255,255],aquamarine:[127,255,212],azure:[240,255,255],beige:[245,245,220],bisque:[255,228,196],black:[0,0,0],blanchedalmond:[255,235,205],blue:[0,0,255],blueviolet:[138,43,226],brown:[165,42,42],burlywood:[222,184,135],cadetblue:[95,158,160],chartreuse:[127,255,0],chocolate:[210,105,30],coral:[255,127,80],cornflowerblue:[100,149,237],cornsilk:[255,248,220],crimson:[220,20,60],cyan:[0,255,255],darkblue:[0,0,139],darkcyan:[0,139,139],darkgoldenrod:[184,134,11],darkgray:[169,169,169],darkgreen:[0,100,0],darkgrey:[169,169,169],darkkhaki:[189,183,107],darkmagenta:[139,0,139],darkolivegreen:[85,107,47],darkorange:[255,140,0],darkorchid:[153,50,204],darkred:[139,0,0],darksalmon:[233,150,122],darkseagreen:[143,188,143],darkslateblue:[72,61,139],darkslategray:[47,79,79],darkslategrey:[47,79,79],darkturquoise:[0,206,209],darkviolet:[148,0,211],deeppink:[255,20,147],deepskyblue:[0,191,255],dimgray:[105,105,105],dimgrey:[105,105,105],dodgerblue:[30,144,255],firebrick:[178,34,34],floralwhite:[255,250,240],forestgreen:[34,139,34],fuchsia:[255,0,255],gainsboro:[220,220,220],ghostwhite:[248,248,255],gold:[255,215,0],goldenrod:[218,165,32],gray:[128,128,128],green:[0,128,0],greenyellow:[173,255,47],grey:[128,128,128],honeydew:[240,255,240],hotpink:[255,105,180],indianred:[205,92,92],indigo:[75,0,130],ivory:[255,255,240],khaki:[240,230,140],lavender:[230,230,250],lavenderblush:[255,240,245],lawngreen:[124,252,0],lemonchiffon:[255,250,205],lightblue:[173,216,230],lightcoral:[240,128,128],lightcyan:[224,255,255],lightgoldenrodyellow:[250,250,210],lightgray:[211,211,211],lightgreen:[144,238,144],lightgrey:[211,211,211],lightpink:[255,182,193],lightsalmon:[255,160,122],lightseagreen:[32,178,170],lightskyblue:[135,206,250],lightslategray:[119,136,153],lightslategrey:[119,136,153],lightsteelblue:[176,196,222],lightyellow:[255,255,224],lime:[0,255,0],limegreen:[50,205,50],linen:[250,240,230],magenta:[255,0,255],maroon:[128,0,0],mediumaquamarine:[102,205,170],mediumblue:[0,0,205],mediumorchid:[186,85,211],mediumpurple:[147,112,219],mediumseagreen:[60,179,113],mediumslateblue:[123,104,238],mediumspringgreen:[0,250,154],mediumturquoise:[72,209,204],mediumvioletred:[199,21,133],midnightblue:[25,25,112],mintcream:[245,255,250],mistyrose:[255,228,225],moccasin:[255,228,181],navajowhite:[255,222,173],navy:[0,0,128],oldlace:[253,245,230],olive:[128,128,0],olivedrab:[107,142,35],orange:[255,165,0],orangered:[255,69,0],orchid:[218,112,214],palegoldenrod:[238,232,170],palegreen:[152,251,152],paleturquoise:[175,238,238],palevioletred:[219,112,147],papayawhip:[255,239,213],peachpuff:[255,218,185],peru:[205,133,63],pink:[255,192,203],plum:[221,160,221],powderblue:[176,224,230],purple:[128,0,128],rebeccapurple:[102,51,153],red:[255,0,0],rosybrown:[188,143,143],royalblue:[65,105,225],saddlebrown:[139,69,19],salmon:[250,128,114],sandybrown:[244,164,96],seagreen:[46,139,87],seashell:[255,245,238],sienna:[160,82,45],silver:[192,192,192],skyblue:[135,206,235],slateblue:[106,90,205],slategray:[112,128,144],slategrey:[112,128,144],snow:[255,250,250],springgreen:[0,255,127],steelblue:[70,130,180],tan:[210,180,140],teal:[0,128,128],thistle:[216,191,216],tomato:[255,99,71],turquoise:[64,224,208],violet:[238,130,238],wheat:[245,222,179],white:[255,255,255],whitesmoke:[245,245,245],yellow:[255,255,0],yellowgreen:[154,205,50]},n=function(t,e){return t(e={exports:{}},e.exports),e.exports}((function(t){var n={};for(var i in e)e.hasOwnProperty(i)&&(n[e[i]]=i);var a=t.exports={rgb:{channels:3,labels:"rgb"},hsl:{channels:3,labels:"hsl"},hsv:{channels:3,labels:"hsv"},hwb:{channels:3,labels:"hwb"},cmyk:{channels:4,labels:"cmyk"},xyz:{channels:3,labels:"xyz"},lab:{channels:3,labels:"lab"},lch:{channels:3,labels:"lch"},hex:{channels:1,labels:["hex"]},keyword:{channels:1,labels:["keyword"]},ansi16:{channels:1,labels:["ansi16"]},ansi256:{channels:1,labels:["ansi256"]},hcg:{channels:3,labels:["h","c","g"]},apple:{channels:3,labels:["r16","g16","b16"]},gray:{channels:1,labels:["gray"]}};for(var r in a)if(a.hasOwnProperty(r)){if(!("channels"in a[r]))throw new Error("missing channels property: "+r);if(!("labels"in a[r]))throw new Error("missing channel labels property: "+r);if(a[r].labels.length!==a[r].channels)throw new Error("channel and label counts mismatch: "+r);var o=a[r].channels,s=a[r].labels;delete a[r].channels,delete a[r].labels,Object.defineProperty(a[r],"channels",{value:o}),Object.defineProperty(a[r],"labels",{value:s})}a.rgb.hsl=function(t){var e,n,i=t[0]/255,a=t[1]/255,r=t[2]/255,o=Math.min(i,a,r),s=Math.max(i,a,r),l=s-o;return s===o?e=0:i===s?e=(a-r)/l:a===s?e=2+(r-i)/l:r===s&&(e=4+(i-a)/l),(e=Math.min(60*e,360))<0&&(e+=360),n=(o+s)/2,[e,100*(s===o?0:n<=.5?l/(s+o):l/(2-s-o)),100*n]},a.rgb.hsv=function(t){var e,n,i,a,r,o=t[0]/255,s=t[1]/255,l=t[2]/255,u=Math.max(o,s,l),d=u-Math.min(o,s,l),h=function(t){return(u-t)/6/d+.5};return 0===d?a=r=0:(r=d/u,e=h(o),n=h(s),i=h(l),o===u?a=i-n:s===u?a=1/3+e-i:l===u&&(a=2/3+n-e),a<0?a+=1:a>1&&(a-=1)),[360*a,100*r,100*u]},a.rgb.hwb=function(t){var e=t[0],n=t[1],i=t[2];return[a.rgb.hsl(t)[0],100*(1/255*Math.min(e,Math.min(n,i))),100*(i=1-1/255*Math.max(e,Math.max(n,i)))]},a.rgb.cmyk=function(t){var e,n=t[0]/255,i=t[1]/255,a=t[2]/255;return[100*((1-n-(e=Math.min(1-n,1-i,1-a)))/(1-e)||0),100*((1-i-e)/(1-e)||0),100*((1-a-e)/(1-e)||0),100*e]},a.rgb.keyword=function(t){var i=n[t];if(i)return i;var a,r,o,s=1/0;for(var l in e)if(e.hasOwnProperty(l)){var u=e[l],d=(r=t,o=u,Math.pow(r[0]-o[0],2)+Math.pow(r[1]-o[1],2)+Math.pow(r[2]-o[2],2));d<s&&(s=d,a=l)}return a},a.keyword.rgb=function(t){return e[t]},a.rgb.xyz=function(t){var e=t[0]/255,n=t[1]/255,i=t[2]/255;return[100*(.4124*(e=e>.04045?Math.pow((e+.055)/1.055,2.4):e/12.92)+.3576*(n=n>.04045?Math.pow((n+.055)/1.055,2.4):n/12.92)+.1805*(i=i>.04045?Math.pow((i+.055)/1.055,2.4):i/12.92)),100*(.2126*e+.7152*n+.0722*i),100*(.0193*e+.1192*n+.9505*i)]},a.rgb.lab=function(t){var e=a.rgb.xyz(t),n=e[0],i=e[1],r=e[2];return i/=100,r/=108.883,n=(n/=95.047)>.008856?Math.pow(n,1/3):7.787*n+16/116,[116*(i=i>.008856?Math.pow(i,1/3):7.787*i+16/116)-16,500*(n-i),200*(i-(r=r>.008856?Math.pow(r,1/3):7.787*r+16/116))]},a.hsl.rgb=function(t){var e,n,i,a,r,o=t[0]/360,s=t[1]/100,l=t[2]/100;if(0===s)return[r=255*l,r,r];e=2*l-(n=l<.5?l*(1+s):l+s-l*s),a=[0,0,0];for(var u=0;u<3;u++)(i=o+1/3*-(u-1))<0&&i++,i>1&&i--,r=6*i<1?e+6*(n-e)*i:2*i<1?n:3*i<2?e+(n-e)*(2/3-i)*6:e,a[u]=255*r;return a},a.hsl.hsv=function(t){var e=t[0],n=t[1]/100,i=t[2]/100,a=n,r=Math.max(i,.01);return n*=(i*=2)<=1?i:2-i,a*=r<=1?r:2-r,[e,100*(0===i?2*a/(r+a):2*n/(i+n)),100*((i+n)/2)]},a.hsv.rgb=function(t){var e=t[0]/60,n=t[1]/100,i=t[2]/100,a=Math.floor(e)%6,r=e-Math.floor(e),o=255*i*(1-n),s=255*i*(1-n*r),l=255*i*(1-n*(1-r));switch(i*=255,a){case 0:return[i,l,o];case 1:return[s,i,o];case 2:return[o,i,l];case 3:return[o,s,i];case 4:return[l,o,i];case 5:return[i,o,s]}},a.hsv.hsl=function(t){var e,n,i,a=t[0],r=t[1]/100,o=t[2]/100,s=Math.max(o,.01);return i=(2-r)*o,n=r*s,[a,100*(n=(n/=(e=(2-r)*s)<=1?e:2-e)||0),100*(i/=2)]},a.hwb.rgb=function(t){var e,n,i,a,r,o,s,l=t[0]/360,u=t[1]/100,d=t[2]/100,h=u+d;switch(h>1&&(u/=h,d/=h),i=6*l-(e=Math.floor(6*l)),0!=(1&e)&&(i=1-i),a=u+i*((n=1-d)-u),e){default:case 6:case 0:r=n,o=a,s=u;break;case 1:r=a,o=n,s=u;break;case 2:r=u,o=n,s=a;break;case 3:r=u,o=a,s=n;break;case 4:r=a,o=u,s=n;break;case 5:r=n,o=u,s=a}return[255*r,255*o,255*s]},a.cmyk.rgb=function(t){var e=t[0]/100,n=t[1]/100,i=t[2]/100,a=t[3]/100;return[255*(1-Math.min(1,e*(1-a)+a)),255*(1-Math.min(1,n*(1-a)+a)),255*(1-Math.min(1,i*(1-a)+a))]},a.xyz.rgb=function(t){var e,n,i,a=t[0]/100,r=t[1]/100,o=t[2]/100;return n=-.9689*a+1.8758*r+.0415*o,i=.0557*a+-.204*r+1.057*o,e=(e=3.2406*a+-1.5372*r+-.4986*o)>.0031308?1.055*Math.pow(e,1/2.4)-.055:12.92*e,n=n>.0031308?1.055*Math.pow(n,1/2.4)-.055:12.92*n,i=i>.0031308?1.055*Math.pow(i,1/2.4)-.055:12.92*i,[255*(e=Math.min(Math.max(0,e),1)),255*(n=Math.min(Math.max(0,n),1)),255*(i=Math.min(Math.max(0,i),1))]},a.xyz.lab=function(t){var e=t[0],n=t[1],i=t[2];return n/=100,i/=108.883,e=(e/=95.047)>.008856?Math.pow(e,1/3):7.787*e+16/116,[116*(n=n>.008856?Math.pow(n,1/3):7.787*n+16/116)-16,500*(e-n),200*(n-(i=i>.008856?Math.pow(i,1/3):7.787*i+16/116))]},a.lab.xyz=function(t){var e,n,i,a=t[0];e=t[1]/500+(n=(a+16)/116),i=n-t[2]/200;var r=Math.pow(n,3),o=Math.pow(e,3),s=Math.pow(i,3);return n=r>.008856?r:(n-16/116)/7.787,e=o>.008856?o:(e-16/116)/7.787,i=s>.008856?s:(i-16/116)/7.787,[e*=95.047,n*=100,i*=108.883]},a.lab.lch=function(t){var e,n=t[0],i=t[1],a=t[2];return(e=360*Math.atan2(a,i)/2/Math.PI)<0&&(e+=360),[n,Math.sqrt(i*i+a*a),e]},a.lch.lab=function(t){var e,n=t[0],i=t[1];return e=t[2]/360*2*Math.PI,[n,i*Math.cos(e),i*Math.sin(e)]},a.rgb.ansi16=function(t){var e=t[0],n=t[1],i=t[2],r=1 in arguments?arguments[1]:a.rgb.hsv(t)[2];if(0===(r=Math.round(r/50)))return 30;var o=30+(Math.round(i/255)<<2|Math.round(n/255)<<1|Math.round(e/255));return 2===r&&(o+=60),o},a.hsv.ansi16=function(t){return a.rgb.ansi16(a.hsv.rgb(t),t[2])},a.rgb.ansi256=function(t){var e=t[0],n=t[1],i=t[2];return e===n&&n===i?e<8?16:e>248?231:Math.round((e-8)/247*24)+232:16+36*Math.round(e/255*5)+6*Math.round(n/255*5)+Math.round(i/255*5)},a.ansi16.rgb=function(t){var e=t%10;if(0===e||7===e)return t>50&&(e+=3.5),[e=e/10.5*255,e,e];var n=.5*(1+~~(t>50));return[(1&e)*n*255,(e>>1&1)*n*255,(e>>2&1)*n*255]},a.ansi256.rgb=function(t){if(t>=232){var e=10*(t-232)+8;return[e,e,e]}var n;return t-=16,[Math.floor(t/36)/5*255,Math.floor((n=t%36)/6)/5*255,n%6/5*255]},a.rgb.hex=function(t){var e=(((255&Math.round(t[0]))<<16)+((255&Math.round(t[1]))<<8)+(255&Math.round(t[2]))).toString(16).toUpperCase();return"000000".substring(e.length)+e},a.hex.rgb=function(t){var e=t.toString(16).match(/[a-f0-9]{6}|[a-f0-9]{3}/i);if(!e)return[0,0,0];var n=e[0];3===e[0].length&&(n=n.split("").map((function(t){return t+t})).join(""));var i=parseInt(n,16);return[i>>16&255,i>>8&255,255&i]},a.rgb.hcg=function(t){var e,n=t[0]/255,i=t[1]/255,a=t[2]/255,r=Math.max(Math.max(n,i),a),o=Math.min(Math.min(n,i),a),s=r-o;return e=s<=0?0:r===n?(i-a)/s%6:r===i?2+(a-n)/s:4+(n-i)/s+4,e/=6,[360*(e%=1),100*s,100*(s<1?o/(1-s):0)]},a.hsl.hcg=function(t){var e=t[1]/100,n=t[2]/100,i=1,a=0;return(i=n<.5?2*e*n:2*e*(1-n))<1&&(a=(n-.5*i)/(1-i)),[t[0],100*i,100*a]},a.hsv.hcg=function(t){var e=t[1]/100,n=t[2]/100,i=e*n,a=0;return i<1&&(a=(n-i)/(1-i)),[t[0],100*i,100*a]},a.hcg.rgb=function(t){var e=t[0]/360,n=t[1]/100,i=t[2]/100;if(0===n)return[255*i,255*i,255*i];var a,r=[0,0,0],o=e%1*6,s=o%1,l=1-s;switch(Math.floor(o)){case 0:r[0]=1,r[1]=s,r[2]=0;break;case 1:r[0]=l,r[1]=1,r[2]=0;break;case 2:r[0]=0,r[1]=1,r[2]=s;break;case 3:r[0]=0,r[1]=l,r[2]=1;break;case 4:r[0]=s,r[1]=0,r[2]=1;break;default:r[0]=1,r[1]=0,r[2]=l}return a=(1-n)*i,[255*(n*r[0]+a),255*(n*r[1]+a),255*(n*r[2]+a)]},a.hcg.hsv=function(t){var e=t[1]/100,n=e+t[2]/100*(1-e),i=0;return n>0&&(i=e/n),[t[0],100*i,100*n]},a.hcg.hsl=function(t){var e=t[1]/100,n=t[2]/100*(1-e)+.5*e,i=0;return n>0&&n<.5?i=e/(2*n):n>=.5&&n<1&&(i=e/(2*(1-n))),[t[0],100*i,100*n]},a.hcg.hwb=function(t){var e=t[1]/100,n=e+t[2]/100*(1-e);return[t[0],100*(n-e),100*(1-n)]},a.hwb.hcg=function(t){var e=t[1]/100,n=1-t[2]/100,i=n-e,a=0;return i<1&&(a=(n-i)/(1-i)),[t[0],100*i,100*a]},a.apple.rgb=function(t){return[t[0]/65535*255,t[1]/65535*255,t[2]/65535*255]},a.rgb.apple=function(t){return[t[0]/255*65535,t[1]/255*65535,t[2]/255*65535]},a.gray.rgb=function(t){return[t[0]/100*255,t[0]/100*255,t[0]/100*255]},a.gray.hsl=a.gray.hsv=function(t){return[0,0,t[0]]},a.gray.hwb=function(t){return[0,100,t[0]]},a.gray.cmyk=function(t){return[0,0,0,t[0]]},a.gray.lab=function(t){return[t[0],0,0]},a.gray.hex=function(t){var e=255&Math.round(t[0]/100*255),n=((e<<16)+(e<<8)+e).toString(16).toUpperCase();return"000000".substring(n.length)+n},a.rgb.gray=function(t){return[(t[0]+t[1]+t[2])/3/255*100]}}));n.rgb,n.hsl,n.hsv,n.hwb,n.cmyk,n.xyz,n.lab,n.lch,n.hex,n.keyword,n.ansi16,n.ansi256,n.hcg,n.apple,n.gray;function i(t){var e=function(){for(var t={},e=Object.keys(n),i=e.length,a=0;a<i;a++)t[e[a]]={distance:-1,parent:null};return t}(),i=[t];for(e[t].distance=0;i.length;)for(var a=i.pop(),r=Object.keys(n[a]),o=r.length,s=0;s<o;s++){var l=r[s],u=e[l];-1===u.distance&&(u.distance=e[a].distance+1,u.parent=a,i.unshift(l))}return e}function a(t,e){return function(n){return e(t(n))}}function r(t,e){for(var i=[e[t].parent,t],r=n[e[t].parent][t],o=e[t].parent;e[o].parent;)i.unshift(e[o].parent),r=a(n[e[o].parent][o],r),o=e[o].parent;return r.conversion=i,r}var o={};Object.keys(n).forEach((function(t){o[t]={},Object.defineProperty(o[t],"channels",{value:n[t].channels}),Object.defineProperty(o[t],"labels",{value:n[t].labels});var e=function(t){for(var e=i(t),n={},a=Object.keys(e),o=a.length,s=0;s<o;s++){var l=a[s];null!==e[l].parent&&(n[l]=r(l,e))}return n}(t);Object.keys(e).forEach((function(n){var i=e[n];o[t][n]=function(t){var e=function(e){if(null==e)return e;arguments.length>1&&(e=Array.prototype.slice.call(arguments));var n=t(e);if("object"==typeof n)for(var i=n.length,a=0;a<i;a++)n[a]=Math.round(n[a]);return n};return"conversion"in t&&(e.conversion=t.conversion),e}(i),o[t][n].raw=function(t){var e=function(e){return null==e?e:(arguments.length>1&&(e=Array.prototype.slice.call(arguments)),t(e))};return"conversion"in t&&(e.conversion=t.conversion),e}(i)}))}));var s=o,l={aliceblue:[240,248,255],antiquewhite:[250,235,215],aqua:[0,255,255],aquamarine:[127,255,212],azure:[240,255,255],beige:[245,245,220],bisque:[255,228,196],black:[0,0,0],blanchedalmond:[255,235,205],blue:[0,0,255],blueviolet:[138,43,226],brown:[165,42,42],burlywood:[222,184,135],cadetblue:[95,158,160],chartreuse:[127,255,0],chocolate:[210,105,30],coral:[255,127,80],cornflowerblue:[100,149,237],cornsilk:[255,248,220],crimson:[220,20,60],cyan:[0,255,255],darkblue:[0,0,139],darkcyan:[0,139,139],darkgoldenrod:[184,134,11],darkgray:[169,169,169],darkgreen:[0,100,0],darkgrey:[169,169,169],darkkhaki:[189,183,107],darkmagenta:[139,0,139],darkolivegreen:[85,107,47],darkorange:[255,140,0],darkorchid:[153,50,204],darkred:[139,0,0],darksalmon:[233,150,122],darkseagreen:[143,188,143],darkslateblue:[72,61,139],darkslategray:[47,79,79],darkslategrey:[47,79,79],darkturquoise:[0,206,209],darkviolet:[148,0,211],deeppink:[255,20,147],deepskyblue:[0,191,255],dimgray:[105,105,105],dimgrey:[105,105,105],dodgerblue:[30,144,255],firebrick:[178,34,34],floralwhite:[255,250,240],forestgreen:[34,139,34],fuchsia:[255,0,255],gainsboro:[220,220,220],ghostwhite:[248,248,255],gold:[255,215,0],goldenrod:[218,165,32],gray:[128,128,128],green:[0,128,0],greenyellow:[173,255,47],grey:[128,128,128],honeydew:[240,255,240],hotpink:[255,105,180],indianred:[205,92,92],indigo:[75,0,130],ivory:[255,255,240],khaki:[240,230,140],lavender:[230,230,250],lavenderblush:[255,240,245],lawngreen:[124,252,0],lemonchiffon:[255,250,205],lightblue:[173,216,230],lightcoral:[240,128,128],lightcyan:[224,255,255],lightgoldenrodyellow:[250,250,210],lightgray:[211,211,211],lightgreen:[144,238,144],lightgrey:[211,211,211],lightpink:[255,182,193],lightsalmon:[255,160,122],lightseagreen:[32,178,170],lightskyblue:[135,206,250],lightslategray:[119,136,153],lightslategrey:[119,136,153],lightsteelblue:[176,196,222],lightyellow:[255,255,224],lime:[0,255,0],limegreen:[50,205,50],linen:[250,240,230],magenta:[255,0,255],maroon:[128,0,0],mediumaquamarine:[102,205,170],mediumblue:[0,0,205],mediumorchid:[186,85,211],mediumpurple:[147,112,219],mediumseagreen:[60,179,113],mediumslateblue:[123,104,238],mediumspringgreen:[0,250,154],mediumturquoise:[72,209,204],mediumvioletred:[199,21,133],midnightblue:[25,25,112],mintcream:[245,255,250],mistyrose:[255,228,225],moccasin:[255,228,181],navajowhite:[255,222,173],navy:[0,0,128],oldlace:[253,245,230],olive:[128,128,0],olivedrab:[107,142,35],orange:[255,165,0],orangered:[255,69,0],orchid:[218,112,214],palegoldenrod:[238,232,170],palegreen:[152,251,152],paleturquoise:[175,238,238],palevioletred:[219,112,147],papayawhip:[255,239,213],peachpuff:[255,218,185],peru:[205,133,63],pink:[255,192,203],plum:[221,160,221],powderblue:[176,224,230],purple:[128,0,128],rebeccapurple:[102,51,153],red:[255,0,0],rosybrown:[188,143,143],royalblue:[65,105,225],saddlebrown:[139,69,19],salmon:[250,128,114],sandybrown:[244,164,96],seagreen:[46,139,87],seashell:[255,245,238],sienna:[160,82,45],silver:[192,192,192],skyblue:[135,206,235],slateblue:[106,90,205],slategray:[112,128,144],slategrey:[112,128,144],snow:[255,250,250],springgreen:[0,255,127],steelblue:[70,130,180],tan:[210,180,140],teal:[0,128,128],thistle:[216,191,216],tomato:[255,99,71],turquoise:[64,224,208],violet:[238,130,238],wheat:[245,222,179],white:[255,255,255],whitesmoke:[245,245,245],yellow:[255,255,0],yellowgreen:[154,205,50]},u={getRgba:d,getHsla:h,getRgb:function(t){var e=d(t);return e&&e.slice(0,3)},getHsl:function(t){var e=h(t);return e&&e.slice(0,3)},getHwb:c,getAlpha:function(t){var e=d(t);if(e)return e[3];if(e=h(t))return e[3];if(e=c(t))return e[3]},hexString:function(t,e){e=void 0!==e&&3===t.length?e:t[3];return"#"+v(t[0])+v(t[1])+v(t[2])+(e>=0&&e<1?v(Math.round(255*e)):"")},rgbString:function(t,e){if(e<1||t[3]&&t[3]<1)return f(t,e);return"rgb("+t[0]+", "+t[1]+", "+t[2]+")"},rgbaString:f,percentString:function(t,e){if(e<1||t[3]&&t[3]<1)return g(t,e);var n=Math.round(t[0]/255*100),i=Math.round(t[1]/255*100),a=Math.round(t[2]/255*100);return"rgb("+n+"%, "+i+"%, "+a+"%)"},percentaString:g,hslString:function(t,e){if(e<1||t[3]&&t[3]<1)return p(t,e);return"hsl("+t[0]+", "+t[1]+"%, "+t[2]+"%)"},hslaString:p,hwbString:function(t,e){void 0===e&&(e=void 0!==t[3]?t[3]:1);return"hwb("+t[0]+", "+t[1]+"%, "+t[2]+"%"+(void 0!==e&&1!==e?", "+e:"")+")"},keyword:function(t){return b[t.slice(0,3)]}};function d(t){if(t){var e=[0,0,0],n=1,i=t.match(/^#([a-fA-F0-9]{3,4})$/i),a="";if(i){a=(i=i[1])[3];for(var r=0;r<e.length;r++)e[r]=parseInt(i[r]+i[r],16);a&&(n=Math.round(parseInt(a+a,16)/255*100)/100)}else if(i=t.match(/^#([a-fA-F0-9]{6}([a-fA-F0-9]{2})?)$/i)){a=i[2],i=i[1];for(r=0;r<e.length;r++)e[r]=parseInt(i.slice(2*r,2*r+2),16);a&&(n=Math.round(parseInt(a,16)/255*100)/100)}else if(i=t.match(/^rgba?\(\s*([+-]?\d+)\s*,\s*([+-]?\d+)\s*,\s*([+-]?\d+)\s*(?:,\s*([+-]?[\d\.]+)\s*)?\)$/i)){for(r=0;r<e.length;r++)e[r]=parseInt(i[r+1]);n=parseFloat(i[4])}else if(i=t.match(/^rgba?\(\s*([+-]?[\d\.]+)\%\s*,\s*([+-]?[\d\.]+)\%\s*,\s*([+-]?[\d\.]+)\%\s*(?:,\s*([+-]?[\d\.]+)\s*)?\)$/i)){for(r=0;r<e.length;r++)e[r]=Math.round(2.55*parseFloat(i[r+1]));n=parseFloat(i[4])}else if(i=t.match(/(\w+)/)){if("transparent"==i[1])return[0,0,0,0];if(!(e=l[i[1]]))return}for(r=0;r<e.length;r++)e[r]=m(e[r],0,255);return n=n||0==n?m(n,0,1):1,e[3]=n,e}}function h(t){if(t){var e=t.match(/^hsla?\(\s*([+-]?\d+)(?:deg)?\s*,\s*([+-]?[\d\.]+)%\s*,\s*([+-]?[\d\.]+)%\s*(?:,\s*([+-]?[\d\.]+)\s*)?\)/);if(e){var n=parseFloat(e[4]);return[m(parseInt(e[1]),0,360),m(parseFloat(e[2]),0,100),m(parseFloat(e[3]),0,100),m(isNaN(n)?1:n,0,1)]}}}function c(t){if(t){var e=t.match(/^hwb\(\s*([+-]?\d+)(?:deg)?\s*,\s*([+-]?[\d\.]+)%\s*,\s*([+-]?[\d\.]+)%\s*(?:,\s*([+-]?[\d\.]+)\s*)?\)/);if(e){var n=parseFloat(e[4]);return[m(parseInt(e[1]),0,360),m(parseFloat(e[2]),0,100),m(parseFloat(e[3]),0,100),m(isNaN(n)?1:n,0,1)]}}}function f(t,e){return void 0===e&&(e=void 0!==t[3]?t[3]:1),"rgba("+t[0]+", "+t[1]+", "+t[2]+", "+e+")"}function g(t,e){return"rgba("+Math.round(t[0]/255*100)+"%, "+Math.round(t[1]/255*100)+"%, "+Math.round(t[2]/255*100)+"%, "+(e||t[3]||1)+")"}function p(t,e){return void 0===e&&(e=void 0!==t[3]?t[3]:1),"hsla("+t[0]+", "+t[1]+"%, "+t[2]+"%, "+e+")"}function m(t,e,n){return Math.min(Math.max(e,t),n)}function v(t){var e=t.toString(16).toUpperCase();return e.length<2?"0"+e:e}var b={};for(var x in l)b[l[x]]=x;var y=function(t){return t instanceof y?t:this instanceof y?(this.valid=!1,this.values={rgb:[0,0,0],hsl:[0,0,0],hsv:[0,0,0],hwb:[0,0,0],cmyk:[0,0,0,0],alpha:1},void("string"==typeof t?(e=u.getRgba(t))?this.setValues("rgb",e):(e=u.getHsla(t))?this.setValues("hsl",e):(e=u.getHwb(t))&&this.setValues("hwb",e):"object"==typeof t&&(void 0!==(e=t).r||void 0!==e.red?this.setValues("rgb",e):void 0!==e.l||void 0!==e.lightness?this.setValues("hsl",e):void 0!==e.v||void 0!==e.value?this.setValues("hsv",e):void 0!==e.w||void 0!==e.whiteness?this.setValues("hwb",e):void 0===e.c&&void 0===e.cyan||this.setValues("cmyk",e)))):new y(t);var e};y.prototype={isValid:function(){return this.valid},rgb:function(){return this.setSpace("rgb",arguments)},hsl:function(){return this.setSpace("hsl",arguments)},hsv:function(){return this.setSpace("hsv",arguments)},hwb:function(){return this.setSpace("hwb",arguments)},cmyk:function(){return this.setSpace("cmyk",arguments)},rgbArray:function(){return this.values.rgb},hslArray:function(){return this.values.hsl},hsvArray:function(){return this.values.hsv},hwbArray:function(){var t=this.values;return 1!==t.alpha?t.hwb.concat([t.alpha]):t.hwb},cmykArray:function(){return this.values.cmyk},rgbaArray:function(){var t=this.values;return t.rgb.concat([t.alpha])},hslaArray:function(){var t=this.values;return t.hsl.concat([t.alpha])},alpha:function(t){return void 0===t?this.values.alpha:(this.setValues("alpha",t),this)},red:function(t){return this.setChannel("rgb",0,t)},green:function(t){return this.setChannel("rgb",1,t)},blue:function(t){return this.setChannel("rgb",2,t)},hue:function(t){return t&&(t=(t%=360)<0?360+t:t),this.setChannel("hsl",0,t)},saturation:function(t){return this.setChannel("hsl",1,t)},lightness:function(t){return this.setChannel("hsl",2,t)},saturationv:function(t){return this.setChannel("hsv",1,t)},whiteness:function(t){return this.setChannel("hwb",1,t)},blackness:function(t){return this.setChannel("hwb",2,t)},value:function(t){return this.setChannel("hsv",2,t)},cyan:function(t){return this.setChannel("cmyk",0,t)},magenta:function(t){return this.setChannel("cmyk",1,t)},yellow:function(t){return this.setChannel("cmyk",2,t)},black:function(t){return this.setChannel("cmyk",3,t)},hexString:function(){return u.hexString(this.values.rgb)},rgbString:function(){return u.rgbString(this.values.rgb,this.values.alpha)},rgbaString:function(){return u.rgbaString(this.values.rgb,this.values.alpha)},percentString:function(){return u.percentString(this.values.rgb,this.values.alpha)},hslString:function(){return u.hslString(this.values.hsl,this.values.alpha)},hslaString:function(){return u.hslaString(this.values.hsl,this.values.alpha)},hwbString:function(){return u.hwbString(this.values.hwb,this.values.alpha)},keyword:function(){return u.keyword(this.values.rgb,this.values.alpha)},rgbNumber:function(){var t=this.values.rgb;return t[0]<<16|t[1]<<8|t[2]},luminosity:function(){for(var t=this.values.rgb,e=[],n=0;n<t.length;n++){var i=t[n]/255;e[n]=i<=.03928?i/12.92:Math.pow((i+.055)/1.055,2.4)}return.2126*e[0]+.7152*e[1]+.0722*e[2]},contrast:function(t){var e=this.luminosity(),n=t.luminosity();return e>n?(e+.05)/(n+.05):(n+.05)/(e+.05)},level:function(t){var e=this.contrast(t);return e>=7.1?"AAA":e>=4.5?"AA":""},dark:function(){var t=this.values.rgb;return(299*t[0]+587*t[1]+114*t[2])/1e3<128},light:function(){return!this.dark()},negate:function(){for(var t=[],e=0;e<3;e++)t[e]=255-this.values.rgb[e];return this.setValues("rgb",t),this},lighten:function(t){var e=this.values.hsl;return e[2]+=e[2]*t,this.setValues("hsl",e),this},darken:function(t){var e=this.values.hsl;return e[2]-=e[2]*t,this.setValues("hsl",e),this},saturate:function(t){var e=this.values.hsl;return e[1]+=e[1]*t,this.setValues("hsl",e),this},desaturate:function(t){var e=this.values.hsl;return e[1]-=e[1]*t,this.setValues("hsl",e),this},whiten:function(t){var e=this.values.hwb;return e[1]+=e[1]*t,this.setValues("hwb",e),this},blacken:function(t){var e=this.values.hwb;return e[2]+=e[2]*t,this.setValues("hwb",e),this},greyscale:function(){var t=this.values.rgb,e=.3*t[0]+.59*t[1]+.11*t[2];return this.setValues("rgb",[e,e,e]),this},clearer:function(t){var e=this.values.alpha;return this.setValues("alpha",e-e*t),this},opaquer:function(t){var e=this.values.alpha;return this.setValues("alpha",e+e*t),this},rotate:function(t){var e=this.values.hsl,n=(e[0]+t)%360;return e[0]=n<0?360+n:n,this.setValues("hsl",e),this},mix:function(t,e){var n=t,i=void 0===e?.5:e,a=2*i-1,r=this.alpha()-n.alpha(),o=((a*r==-1?a:(a+r)/(1+a*r))+1)/2,s=1-o;return this.rgb(o*this.red()+s*n.red(),o*this.green()+s*n.green(),o*this.blue()+s*n.blue()).alpha(this.alpha()*i+n.alpha()*(1-i))},toJSON:function(){return this.rgb()},clone:function(){var t,e,n=new y,i=this.values,a=n.values;for(var r in i)i.hasOwnProperty(r)&&(t=i[r],"[object Array]"===(e={}.toString.call(t))?a[r]=t.slice(0):"[object Number]"===e?a[r]=t:console.error("unexpected color value:",t));return n}},y.prototype.spaces={rgb:["red","green","blue"],hsl:["hue","saturation","lightness"],hsv:["hue","saturation","value"],hwb:["hue","whiteness","blackness"],cmyk:["cyan","magenta","yellow","black"]},y.prototype.maxes={rgb:[255,255,255],hsl:[360,100,100],hsv:[360,100,100],hwb:[360,100,100],cmyk:[100,100,100,100]},y.prototype.getValues=function(t){for(var e=this.values,n={},i=0;i<t.length;i++)n[t.charAt(i)]=e[t][i];return 1!==e.alpha&&(n.a=e.alpha),n},y.prototype.setValues=function(t,e){var n,i,a=this.values,r=this.spaces,o=this.maxes,l=1;if(this.valid=!0,"alpha"===t)l=e;else if(e.length)a[t]=e.slice(0,t.length),l=e[t.length];else if(void 0!==e[t.charAt(0)]){for(n=0;n<t.length;n++)a[t][n]=e[t.charAt(n)];l=e.a}else if(void 0!==e[r[t][0]]){var u=r[t];for(n=0;n<t.length;n++)a[t][n]=e[u[n]];l=e.alpha}if(a.alpha=Math.max(0,Math.min(1,void 0===l?a.alpha:l)),"alpha"===t)return!1;for(n=0;n<t.length;n++)i=Math.max(0,Math.min(o[t][n],a[t][n])),a[t][n]=Math.round(i);for(var d in r)d!==t&&(a[d]=s[t][d](a[t]));return!0},y.prototype.setSpace=function(t,e){var n=e[0];return void 0===n?this.getValues(t):("number"==typeof n&&(n=Array.prototype.slice.call(e)),this.setValues(t,n),this)},y.prototype.setChannel=function(t,e,n){var i=this.values[t];return void 0===n?i[e]:n===i[e]?this:(i[e]=n,this.setValues(t,i),this)},"undefined"!=typeof window&&(window.Color=y);var _=y;function k(t){return-1===["__proto__","prototype","constructor"].indexOf(t)}var w,M={noop:function(){},uid:(w=0,function(){return w++}),isNullOrUndef:function(t){return null==t},isArray:function(t){if(Array.isArray&&Array.isArray(t))return!0;var e=Object.prototype.toString.call(t);return"[object"===e.substr(0,7)&&"Array]"===e.substr(-6)},isObject:function(t){return null!==t&&"[object Object]"===Object.prototype.toString.call(t)},isFinite:function(t){return("number"==typeof t||t instanceof Number)&&isFinite(t)},valueOrDefault:function(t,e){return void 0===t?e:t},valueAtIndexOrDefault:function(t,e,n){return M.valueOrDefault(M.isArray(t)?t[e]:t,n)},callback:function(t,e,n){if(t&&"function"==typeof t.call)return t.apply(n,e)},each:function(t,e,n,i){var a,r,o;if(M.isArray(t))if(r=t.length,i)for(a=r-1;a>=0;a--)e.call(n,t[a],a);else for(a=0;a<r;a++)e.call(n,t[a],a);else if(M.isObject(t))for(r=(o=Object.keys(t)).length,a=0;a<r;a++)e.call(n,t[o[a]],o[a])},arrayEquals:function(t,e){var n,i,a,r;if(!t||!e||t.length!==e.length)return!1;for(n=0,i=t.length;n<i;++n)if(a=t[n],r=e[n],a instanceof Array&&r instanceof Array){if(!M.arrayEquals(a,r))return!1}else if(a!==r)return!1;return!0},clone:function(t){if(M.isArray(t))return t.map(M.clone);if(M.isObject(t)){for(var e=Object.create(t),n=Object.keys(t),i=n.length,a=0;a<i;++a)e[n[a]]=M.clone(t[n[a]]);return e}return t},_merger:function(t,e,n,i){if(k(t)){var a=e[t],r=n[t];M.isObject(a)&&M.isObject(r)?M.merge(a,r,i):e[t]=M.clone(r)}},_mergerIf:function(t,e,n){if(k(t)){var i=e[t],a=n[t];M.isObject(i)&&M.isObject(a)?M.mergeIf(i,a):e.hasOwnProperty(t)||(e[t]=M.clone(a))}},merge:function(t,e,n){var i,a,r,o,s,l=M.isArray(e)?e:[e],u=l.length;if(!M.isObject(t))return t;for(i=(n=n||{}).merger||M._merger,a=0;a<u;++a)if(e=l[a],M.isObject(e))for(s=0,o=(r=Object.keys(e)).length;s<o;++s)i(r[s],t,e,n);return t},mergeIf:function(t,e){return M.merge(t,e,{merger:M._mergerIf})},extend:Object.assign||function(t){return M.merge(t,[].slice.call(arguments,1),{merger:function(t,e,n){e[t]=n[t]}})},inherits:function(t){var e=this,n=t&&t.hasOwnProperty("constructor")?t.constructor:function(){return e.apply(this,arguments)},i=function(){this.constructor=n};return i.prototype=e.prototype,n.prototype=new i,n.extend=M.inherits,t&&M.extend(n.prototype,t),n.__super__=e.prototype,n},_deprecated:function(t,e,n,i){void 0!==e&&console.warn(t+': "'+n+'" is deprecated. Please use "'+i+'" instead')}},S=M;M.callCallback=M.callback,M.indexOf=function(t,e,n){return Array.prototype.indexOf.call(t,e,n)},M.getValueOrDefault=M.valueOrDefault,M.getValueAtIndexOrDefault=M.valueAtIndexOrDefault;var C={linear:function(t){return t},easeInQuad:function(t){return t*t},easeOutQuad:function(t){return-t*(t-2)},easeInOutQuad:function(t){return(t/=.5)<1?.5*t*t:-.5*(--t*(t-2)-1)},easeInCubic:function(t){return t*t*t},easeOutCubic:function(t){return(t-=1)*t*t+1},easeInOutCubic:function(t){return(t/=.5)<1?.5*t*t*t:.5*((t-=2)*t*t+2)},easeInQuart:function(t){return t*t*t*t},easeOutQuart:function(t){return-((t-=1)*t*t*t-1)},easeInOutQuart:function(t){return(t/=.5)<1?.5*t*t*t*t:-.5*((t-=2)*t*t*t-2)},easeInQuint:function(t){return t*t*t*t*t},easeOutQuint:function(t){return(t-=1)*t*t*t*t+1},easeInOutQuint:function(t){return(t/=.5)<1?.5*t*t*t*t*t:.5*((t-=2)*t*t*t*t+2)},easeInSine:function(t){return 1-Math.cos(t*(Math.PI/2))},easeOutSine:function(t){return Math.sin(t*(Math.PI/2))},easeInOutSine:function(t){return-.5*(Math.cos(Math.PI*t)-1)},easeInExpo:function(t){return 0===t?0:Math.pow(2,10*(t-1))},easeOutExpo:function(t){return 1===t?1:1-Math.pow(2,-10*t)},easeInOutExpo:function(t){return 0===t?0:1===t?1:(t/=.5)<1?.5*Math.pow(2,10*(t-1)):.5*(2-Math.pow(2,-10*--t))},easeInCirc:function(t){return t>=1?t:-(Math.sqrt(1-t*t)-1)},easeOutCirc:function(t){return Math.sqrt(1-(t-=1)*t)},easeInOutCirc:function(t){return(t/=.5)<1?-.5*(Math.sqrt(1-t*t)-1):.5*(Math.sqrt(1-(t-=2)*t)+1)},easeInElastic:function(t){var e=1.70158,n=0,i=1;return 0===t?0:1===t?1:(n||(n=.3),i<1?(i=1,e=n/4):e=n/(2*Math.PI)*Math.asin(1/i),-i*Math.pow(2,10*(t-=1))*Math.sin((t-e)*(2*Math.PI)/n))},easeOutElastic:function(t){var e=1.70158,n=0,i=1;return 0===t?0:1===t?1:(n||(n=.3),i<1?(i=1,e=n/4):e=n/(2*Math.PI)*Math.asin(1/i),i*Math.pow(2,-10*t)*Math.sin((t-e)*(2*Math.PI)/n)+1)},easeInOutElastic:function(t){var e=1.70158,n=0,i=1;return 0===t?0:2==(t/=.5)?1:(n||(n=.45),i<1?(i=1,e=n/4):e=n/(2*Math.PI)*Math.asin(1/i),t<1?i*Math.pow(2,10*(t-=1))*Math.sin((t-e)*(2*Math.PI)/n)*-.5:i*Math.pow(2,-10*(t-=1))*Math.sin((t-e)*(2*Math.PI)/n)*.5+1)},easeInBack:function(t){var e=1.70158;return t*t*((e+1)*t-e)},easeOutBack:function(t){var e=1.70158;return(t-=1)*t*((e+1)*t+e)+1},easeInOutBack:function(t){var e=1.70158;return(t/=.5)<1?t*t*((1+(e*=1.525))*t-e)*.5:.5*((t-=2)*t*((1+(e*=1.525))*t+e)+2)},easeInBounce:function(t){return 1-C.easeOutBounce(1-t)},easeOutBounce:function(t){return t<1/2.75?7.5625*t*t:t<2/2.75?7.5625*(t-=1.5/2.75)*t+.75:t<2.5/2.75?7.5625*(t-=2.25/2.75)*t+.9375:7.5625*(t-=2.625/2.75)*t+.984375},easeInOutBounce:function(t){return t<.5?.5*C.easeInBounce(2*t):.5*C.easeOutBounce(2*t-1)+.5}},P={effects:C};S.easingEffects=C;var A=Math.PI,D=A/180,T=2*A,I=A/2,F=A/4,O=2*A/3,L={clear:function(t){t.ctx.clearRect(0,0,t.width,t.height)},roundedRect:function(t,e,n,i,a,r){if(r){var o=Math.min(r,a/2,i/2),s=e+o,l=n+o,u=e+i-o,d=n+a-o;t.moveTo(e,l),s<u&&l<d?(t.arc(s,l,o,-A,-I),t.arc(u,l,o,-I,0),t.arc(u,d,o,0,I),t.arc(s,d,o,I,A)):s<u?(t.moveTo(s,n),t.arc(u,l,o,-I,I),t.arc(s,l,o,I,A+I)):l<d?(t.arc(s,l,o,-A,0),t.arc(s,d,o,0,A)):t.arc(s,l,o,-A,A),t.closePath(),t.moveTo(e,n)}else t.rect(e,n,i,a)},drawPoint:function(t,e,n,i,a,r){var o,s,l,u,d,h=(r||0)*D;if(e&&"object"==typeof e&&("[object HTMLImageElement]"===(o=e.toString())||"[object HTMLCanvasElement]"===o))return t.save(),t.translate(i,a),t.rotate(h),t.drawImage(e,-e.width/2,-e.height/2,e.width,e.height),void t.restore();if(!(isNaN(n)||n<=0)){switch(t.beginPath(),e){default:t.arc(i,a,n,0,T),t.closePath();break;case"triangle":t.moveTo(i+Math.sin(h)*n,a-Math.cos(h)*n),h+=O,t.lineTo(i+Math.sin(h)*n,a-Math.cos(h)*n),h+=O,t.lineTo(i+Math.sin(h)*n,a-Math.cos(h)*n),t.closePath();break;case"rectRounded":u=n-(d=.516*n),s=Math.cos(h+F)*u,l=Math.sin(h+F)*u,t.arc(i-s,a-l,d,h-A,h-I),t.arc(i+l,a-s,d,h-I,h),t.arc(i+s,a+l,d,h,h+I),t.arc(i-l,a+s,d,h+I,h+A),t.closePath();break;case"rect":if(!r){u=Math.SQRT1_2*n,t.rect(i-u,a-u,2*u,2*u);break}h+=F;case"rectRot":s=Math.cos(h)*n,l=Math.sin(h)*n,t.moveTo(i-s,a-l),t.lineTo(i+l,a-s),t.lineTo(i+s,a+l),t.lineTo(i-l,a+s),t.closePath();break;case"crossRot":h+=F;case"cross":s=Math.cos(h)*n,l=Math.sin(h)*n,t.moveTo(i-s,a-l),t.lineTo(i+s,a+l),t.moveTo(i+l,a-s),t.lineTo(i-l,a+s);break;case"star":s=Math.cos(h)*n,l=Math.sin(h)*n,t.moveTo(i-s,a-l),t.lineTo(i+s,a+l),t.moveTo(i+l,a-s),t.lineTo(i-l,a+s),h+=F,s=Math.cos(h)*n,l=Math.sin(h)*n,t.moveTo(i-s,a-l),t.lineTo(i+s,a+l),t.moveTo(i+l,a-s),t.lineTo(i-l,a+s);break;case"line":s=Math.cos(h)*n,l=Math.sin(h)*n,t.moveTo(i-s,a-l),t.lineTo(i+s,a+l);break;case"dash":t.moveTo(i,a),t.lineTo(i+Math.cos(h)*n,a+Math.sin(h)*n)}t.fill(),t.stroke()}},_isPointInArea:function(t,e){return t.x>e.left-1e-6&&t.x<e.right+1e-6&&t.y>e.top-1e-6&&t.y<e.bottom+1e-6},clipArea:function(t,e){t.save(),t.beginPath(),t.rect(e.left,e.top,e.right-e.left,e.bottom-e.top),t.clip()},unclipArea:function(t){t.restore()},lineTo:function(t,e,n,i){var a=n.steppedLine;if(a){if("middle"===a){var r=(e.x+n.x)/2;t.lineTo(r,i?n.y:e.y),t.lineTo(r,i?e.y:n.y)}else"after"===a&&!i||"after"!==a&&i?t.lineTo(e.x,n.y):t.lineTo(n.x,e.y);t.lineTo(n.x,n.y)}else n.tension?t.bezierCurveTo(i?e.controlPointPreviousX:e.controlPointNextX,i?e.controlPointPreviousY:e.controlPointNextY,i?n.controlPointNextX:n.controlPointPreviousX,i?n.controlPointNextY:n.controlPointPreviousY,n.x,n.y):t.lineTo(n.x,n.y)}},R=L;S.clear=L.clear,S.drawRoundedRectangle=function(t){t.beginPath(),L.roundedRect.apply(L,arguments)};var z={_set:function(t,e){return S.merge(this[t]||(this[t]={}),e)}};z._set("global",{defaultColor:"rgba(0,0,0,0.1)",defaultFontColor:"#666",defaultFontFamily:"'Helvetica Neue', 'Helvetica', 'Arial', sans-serif",defaultFontSize:12,defaultFontStyle:"normal",defaultLineHeight:1.2,showLines:!0});var N=z,B=S.valueOrDefault;var E={toLineHeight:function(t,e){var n=(""+t).match(/^(normal|(\d+(?:\.\d+)?)(px|em|%)?)$/);if(!n||"normal"===n[1])return 1.2*e;switch(t=+n[2],n[3]){case"px":return t;case"%":t/=100}return e*t},toPadding:function(t){var e,n,i,a;return S.isObject(t)?(e=+t.top||0,n=+t.right||0,i=+t.bottom||0,a=+t.left||0):e=n=i=a=+t||0,{top:e,right:n,bottom:i,left:a,height:e+i,width:a+n}},_parseFont:function(t){var e=N.global,n=B(t.fontSize,e.defaultFontSize),i={family:B(t.fontFamily,e.defaultFontFamily),lineHeight:S.options.toLineHeight(B(t.lineHeight,e.defaultLineHeight),n),size:n,style:B(t.fontStyle,e.defaultFontStyle),weight:null,string:""};return i.string=function(t){return!t||S.isNullOrUndef(t.size)||S.isNullOrUndef(t.family)?null:(t.style?t.style+" ":"")+(t.weight?t.weight+" ":"")+t.size+"px "+t.family}(i),i},resolve:function(t,e,n,i){var a,r,o,s=!0;for(a=0,r=t.length;a<r;++a)if(void 0!==(o=t[a])&&(void 0!==e&&"function"==typeof o&&(o=o(e),s=!1),void 0!==n&&S.isArray(o)&&(o=o[n],s=!1),void 0!==o))return i&&!s&&(i.cacheable=!1),o}},W={_factorize:function(t){var e,n=[],i=Math.sqrt(t);for(e=1;e<i;e++)t%e==0&&(n.push(e),n.push(t/e));return i===(0|i)&&n.push(i),n.sort((function(t,e){return t-e})).pop(),n},log10:Math.log10||function(t){var e=Math.log(t)*Math.LOG10E,n=Math.round(e);return t===Math.pow(10,n)?n:e}},V=W;S.log10=W.log10;var H=S,j=P,q=R,U=E,Y=V,G={getRtlAdapter:function(t,e,n){return t?function(t,e){return{x:function(n){return t+t+e-n},setWidth:function(t){e=t},textAlign:function(t){return"center"===t?t:"right"===t?"left":"right"},xPlus:function(t,e){return t-e},leftForLtr:function(t,e){return t-e}}}(e,n):{x:function(t){return t},setWidth:function(t){},textAlign:function(t){return t},xPlus:function(t,e){return t+e},leftForLtr:function(t,e){return t}}},overrideTextDirection:function(t,e){var n,i;"ltr"!==e&&"rtl"!==e||(i=[(n=t.canvas.style).getPropertyValue("direction"),n.getPropertyPriority("direction")],n.setProperty("direction",e,"important"),t.prevTextDirection=i)},restoreTextDirection:function(t){var e=t.prevTextDirection;void 0!==e&&(delete t.prevTextDirection,t.canvas.style.setProperty("direction",e[0],e[1]))}};H.easing=j,H.canvas=q,H.options=U,H.math=Y,H.rtl=G;var X=function(t){H.extend(this,t),this.initialize.apply(this,arguments)};H.extend(X.prototype,{_type:void 0,initialize:function(){this.hidden=!1},pivot:function(){var t=this;return t._view||(t._view=H.extend({},t._model)),t._start={},t},transition:function(t){var e=this,n=e._model,i=e._start,a=e._view;return n&&1!==t?(a||(a=e._view={}),i||(i=e._start={}),function(t,e,n,i){var a,r,o,s,l,u,d,h,c,f=Object.keys(n);for(a=0,r=f.length;a<r;++a)if(u=n[o=f[a]],e.hasOwnProperty(o)||(e[o]=u),(s=e[o])!==u&&"_"!==o[0]){if(t.hasOwnProperty(o)||(t[o]=s),(d=typeof u)===typeof(l=t[o]))if("string"===d){if((h=_(l)).valid&&(c=_(u)).valid){e[o]=c.mix(h,i).rgbString();continue}}else if(H.isFinite(l)&&H.isFinite(u)){e[o]=l+(u-l)*i;continue}e[o]=u}}(i,a,n,t),e):(e._view=H.extend({},n),e._start=null,e)},tooltipPosition:function(){return{x:this._model.x,y:this._model.y}},hasValue:function(){return H.isNumber(this._model.x)&&H.isNumber(this._model.y)}}),X.extend=H.inherits;var K=X,Z=K.extend({chart:null,currentStep:0,numSteps:60,easing:"",render:null,onAnimationProgress:null,onAnimationComplete:null}),$=Z;Object.defineProperty(Z.prototype,"animationObject",{get:function(){return this}}),Object.defineProperty(Z.prototype,"chartInstance",{get:function(){return this.chart},set:function(t){this.chart=t}}),N._set("global",{animation:{duration:1e3,easing:"easeOutQuart",onProgress:H.noop,onComplete:H.noop}});var J={animations:[],request:null,addAnimation:function(t,e,n,i){var a,r,o=this.animations;for(e.chart=t,e.startTime=Date.now(),e.duration=n,i||(t.animating=!0),a=0,r=o.length;a<r;++a)if(o[a].chart===t)return void(o[a]=e);o.push(e),1===o.length&&this.requestAnimationFrame()},cancelAnimation:function(t){var e=H.findIndex(this.animations,(function(e){return e.chart===t}));-1!==e&&(this.animations.splice(e,1),t.animating=!1)},requestAnimationFrame:function(){var t=this;null===t.request&&(t.request=H.requestAnimFrame.call(window,(function(){t.request=null,t.startDigest()})))},startDigest:function(){this.advance(),this.animations.length>0&&this.requestAnimationFrame()},advance:function(){for(var t,e,n,i,a=this.animations,r=0;r<a.length;)e=(t=a[r]).chart,n=t.numSteps,i=Math.floor((Date.now()-t.startTime)/t.duration*n)+1,t.currentStep=Math.min(i,n),H.callback(t.render,[e,t],e),H.callback(t.onAnimationProgress,[t],e),t.currentStep>=n?(H.callback(t.onAnimationComplete,[t],e),e.animating=!1,a.splice(r,1)):++r}},Q=H.options.resolve,tt=["push","pop","shift","splice","unshift"];function et(t,e){var n=t._chartjs;if(n){var i=n.listeners,a=i.indexOf(e);-1!==a&&i.splice(a,1),i.length>0||(tt.forEach((function(e){delete t[e]})),delete t._chartjs)}}var nt=function(t,e){this.initialize(t,e)};H.extend(nt.prototype,{datasetElementType:null,dataElementType:null,_datasetElementOptions:["backgroundColor","borderCapStyle","borderColor","borderDash","borderDashOffset","borderJoinStyle","borderWidth"],_dataElementOptions:["backgroundColor","borderColor","borderWidth","pointStyle"],initialize:function(t,e){var n=this;n.chart=t,n.index=e,n.linkScales(),n.addElements(),n._type=n.getMeta().type},updateIndex:function(t){this.index=t},linkScales:function(){var t=this.getMeta(),e=this.chart,n=e.scales,i=this.getDataset(),a=e.options.scales;null!==t.xAxisID&&t.xAxisID in n&&!i.xAxisID||(t.xAxisID=i.xAxisID||a.xAxes[0].id),null!==t.yAxisID&&t.yAxisID in n&&!i.yAxisID||(t.yAxisID=i.yAxisID||a.yAxes[0].id)},getDataset:function(){return this.chart.data.datasets[this.index]},getMeta:function(){return this.chart.getDatasetMeta(this.index)},getScaleForId:function(t){return this.chart.scales[t]},_getValueScaleId:function(){return this.getMeta().yAxisID},_getIndexScaleId:function(){return this.getMeta().xAxisID},_getValueScale:function(){return this.getScaleForId(this._getValueScaleId())},_getIndexScale:function(){return this.getScaleForId(this._getIndexScaleId())},reset:function(){this._update(!0)},destroy:function(){this._data&&et(this._data,this)},createMetaDataset:function(){var t=this.datasetElementType;return t&&new t({_chart:this.chart,_datasetIndex:this.index})},createMetaData:function(t){var e=this.dataElementType;return e&&new e({_chart:this.chart,_datasetIndex:this.index,_index:t})},addElements:function(){var t,e,n=this.getMeta(),i=this.getDataset().data||[],a=n.data;for(t=0,e=i.length;t<e;++t)a[t]=a[t]||this.createMetaData(t);n.dataset=n.dataset||this.createMetaDataset()},addElementAndReset:function(t){var e=this.createMetaData(t);this.getMeta().data.splice(t,0,e),this.updateElement(e,t,!0)},buildOrUpdateElements:function(){var t,e,n=this,i=n.getDataset(),a=i.data||(i.data=[]);n._data!==a&&(n._data&&et(n._data,n),a&&Object.isExtensible(a)&&(e=n,(t=a)._chartjs?t._chartjs.listeners.push(e):(Object.defineProperty(t,"_chartjs",{configurable:!0,enumerable:!1,value:{listeners:[e]}}),tt.forEach((function(e){var n="onData"+e.charAt(0).toUpperCase()+e.slice(1),i=t[e];Object.defineProperty(t,e,{configurable:!0,enumerable:!1,value:function(){var e=Array.prototype.slice.call(arguments),a=i.apply(this,e);return H.each(t._chartjs.listeners,(function(t){"function"==typeof t[n]&&t[n].apply(t,e)})),a}})})))),n._data=a),n.resyncElements()},_configure:function(){this._config=H.merge(Object.create(null),[this.chart.options.datasets[this._type],this.getDataset()],{merger:function(t,e,n){"_meta"!==t&&"data"!==t&&H._merger(t,e,n)}})},_update:function(t){this._configure(),this._cachedDataOpts=null,this.update(t)},update:H.noop,transition:function(t){for(var e=this.getMeta(),n=e.data||[],i=n.length,a=0;a<i;++a)n[a].transition(t);e.dataset&&e.dataset.transition(t)},draw:function(){var t=this.getMeta(),e=t.data||[],n=e.length,i=0;for(t.dataset&&t.dataset.draw();i<n;++i)e[i].draw()},getStyle:function(t){var e,n=this.getMeta(),i=n.dataset;return this._configure(),i&&void 0===t?e=this._resolveDatasetElementOptions(i||{}):(t=t||0,e=this._resolveDataElementOptions(n.data[t]||{},t)),!1!==e.fill&&null!==e.fill||(e.backgroundColor=e.borderColor),e},_resolveDatasetElementOptions:function(t,e){var n,i,a,r,o=this,s=o.chart,l=o._config,u=t.custom||{},d=s.options.elements[o.datasetElementType.prototype._type]||{},h=o._datasetElementOptions,c={},f={chart:s,dataset:o.getDataset(),datasetIndex:o.index,hover:e};for(n=0,i=h.length;n<i;++n)a=h[n],r=e?"hover"+a.charAt(0).toUpperCase()+a.slice(1):a,c[a]=Q([u[r],l[r],d[r]],f);return c},_resolveDataElementOptions:function(t,e){var n=this,i=t&&t.custom,a=n._cachedDataOpts;if(a&&!i)return a;var r,o,s,l,u=n.chart,d=n._config,h=u.options.elements[n.dataElementType.prototype._type]||{},c=n._dataElementOptions,f={},g={chart:u,dataIndex:e,dataset:n.getDataset(),datasetIndex:n.index},p={cacheable:!i};if(i=i||{},H.isArray(c))for(o=0,s=c.length;o<s;++o)f[l=c[o]]=Q([i[l],d[l],h[l]],g,e,p);else for(o=0,s=(r=Object.keys(c)).length;o<s;++o)f[l=r[o]]=Q([i[l],d[c[l]],d[l],h[l]],g,e,p);return p.cacheable&&(n._cachedDataOpts=Object.freeze(f)),f},removeHoverStyle:function(t){H.merge(t._model,t.$previousStyle||{}),delete t.$previousStyle},setHoverStyle:function(t){var e=this.chart.data.datasets[t._datasetIndex],n=t._index,i=t.custom||{},a=t._model,r=H.getHoverColor;t.$previousStyle={backgroundColor:a.backgroundColor,borderColor:a.borderColor,borderWidth:a.borderWidth},a.backgroundColor=Q([i.hoverBackgroundColor,e.hoverBackgroundColor,r(a.backgroundColor)],void 0,n),a.borderColor=Q([i.hoverBorderColor,e.hoverBorderColor,r(a.borderColor)],void 0,n),a.borderWidth=Q([i.hoverBorderWidth,e.hoverBorderWidth,a.borderWidth],void 0,n)},_removeDatasetHoverStyle:function(){var t=this.getMeta().dataset;t&&this.removeHoverStyle(t)},_setDatasetHoverStyle:function(){var t,e,n,i,a,r,o=this.getMeta().dataset,s={};if(o){for(r=o._model,a=this._resolveDatasetElementOptions(o,!0),t=0,e=(i=Object.keys(a)).length;t<e;++t)s[n=i[t]]=r[n],r[n]=a[n];o.$previousStyle=s}},resyncElements:function(){var t=this.getMeta(),e=this.getDataset().data,n=t.data.length,i=e.length;i<n?t.data.splice(i,n-i):i>n&&this.insertElements(n,i-n)},insertElements:function(t,e){for(var n=0;n<e;++n)this.addElementAndReset(t+n)},onDataPush:function(){var t=arguments.length;this.insertElements(this.getDataset().data.length-t,t)},onDataPop:function(){this.getMeta().data.pop()},onDataShift:function(){this.getMeta().data.shift()},onDataSplice:function(t,e){this.getMeta().data.splice(t,e),this.insertElements(t,arguments.length-2)},onDataUnshift:function(){this.insertElements(0,arguments.length)}}),nt.extend=H.inherits;var it=nt,at=2*Math.PI;function rt(t,e){var n=e.startAngle,i=e.endAngle,a=e.pixelMargin,r=a/e.outerRadius,o=e.x,s=e.y;t.beginPath(),t.arc(o,s,e.outerRadius,n-r,i+r),e.innerRadius>a?(r=a/e.innerRadius,t.arc(o,s,e.innerRadius-a,i+r,n-r,!0)):t.arc(o,s,a,i+Math.PI/2,n-Math.PI/2),t.closePath(),t.clip()}function ot(t,e,n){var i="inner"===e.borderAlign;i?(t.lineWidth=2*e.borderWidth,t.lineJoin="round"):(t.lineWidth=e.borderWidth,t.lineJoin="bevel"),n.fullCircles&&function(t,e,n,i){var a,r=n.endAngle;for(i&&(n.endAngle=n.startAngle+at,rt(t,n),n.endAngle=r,n.endAngle===n.startAngle&&n.fullCircles&&(n.endAngle+=at,n.fullCircles--)),t.beginPath(),t.arc(n.x,n.y,n.innerRadius,n.startAngle+at,n.startAngle,!0),a=0;a<n.fullCircles;++a)t.stroke();for(t.beginPath(),t.arc(n.x,n.y,e.outerRadius,n.startAngle,n.startAngle+at),a=0;a<n.fullCircles;++a)t.stroke()}(t,e,n,i),i&&rt(t,n),t.beginPath(),t.arc(n.x,n.y,e.outerRadius,n.startAngle,n.endAngle),t.arc(n.x,n.y,n.innerRadius,n.endAngle,n.startAngle,!0),t.closePath(),t.stroke()}N._set("global",{elements:{arc:{backgroundColor:N.global.defaultColor,borderColor:"#fff",borderWidth:2,borderAlign:"center"}}});var st=K.extend({_type:"arc",inLabelRange:function(t){var e=this._view;return!!e&&Math.pow(t-e.x,2)<Math.pow(e.radius+e.hoverRadius,2)},inRange:function(t,e){var n=this._view;if(n){for(var i=H.getAngleFromPoint(n,{x:t,y:e}),a=i.angle,r=i.distance,o=n.startAngle,s=n.endAngle;s<o;)s+=at;for(;a>s;)a-=at;for(;a<o;)a+=at;var l=a>=o&&a<=s,u=r>=n.innerRadius&&r<=n.outerRadius;return l&&u}return!1},getCenterPoint:function(){var t=this._view,e=(t.startAngle+t.endAngle)/2,n=(t.innerRadius+t.outerRadius)/2;return{x:t.x+Math.cos(e)*n,y:t.y+Math.sin(e)*n}},getArea:function(){var t=this._view;return Math.PI*((t.endAngle-t.startAngle)/(2*Math.PI))*(Math.pow(t.outerRadius,2)-Math.pow(t.innerRadius,2))},tooltipPosition:function(){var t=this._view,e=t.startAngle+(t.endAngle-t.startAngle)/2,n=(t.outerRadius-t.innerRadius)/2+t.innerRadius;return{x:t.x+Math.cos(e)*n,y:t.y+Math.sin(e)*n}},draw:function(){var t,e=this._chart.ctx,n=this._view,i="inner"===n.borderAlign?.33:0,a={x:n.x,y:n.y,innerRadius:n.innerRadius,outerRadius:Math.max(n.outerRadius-i,0),pixelMargin:i,startAngle:n.startAngle,endAngle:n.endAngle,fullCircles:Math.floor(n.circumference/at)};if(e.save(),e.fillStyle=n.backgroundColor,e.strokeStyle=n.borderColor,a.fullCircles){for(a.endAngle=a.startAngle+at,e.beginPath(),e.arc(a.x,a.y,a.outerRadius,a.startAngle,a.endAngle),e.arc(a.x,a.y,a.innerRadius,a.endAngle,a.startAngle,!0),e.closePath(),t=0;t<a.fullCircles;++t)e.fill();a.endAngle=a.startAngle+n.circumference%at}e.beginPath(),e.arc(a.x,a.y,a.outerRadius,a.startAngle,a.endAngle),e.arc(a.x,a.y,a.innerRadius,a.endAngle,a.startAngle,!0),e.closePath(),e.fill(),n.borderWidth&&ot(e,n,a),e.restore()}}),lt=H.valueOrDefault,ut=N.global.defaultColor;N._set("global",{elements:{line:{tension:.4,backgroundColor:ut,borderWidth:3,borderColor:ut,borderCapStyle:"butt",borderDash:[],borderDashOffset:0,borderJoinStyle:"miter",capBezierPoints:!0,fill:!0}}});var dt=K.extend({_type:"line",draw:function(){var t,e,n,i=this,a=i._view,r=i._chart.ctx,o=a.spanGaps,s=i._children.slice(),l=N.global,u=l.elements.line,d=-1,h=i._loop;if(s.length){if(i._loop){for(t=0;t<s.length;++t)if(e=H.previousItem(s,t),!s[t]._view.skip&&e._view.skip){s=s.slice(t).concat(s.slice(0,t)),h=o;break}h&&s.push(s[0])}for(r.save(),r.lineCap=a.borderCapStyle||u.borderCapStyle,r.setLineDash&&r.setLineDash(a.borderDash||u.borderDash),r.lineDashOffset=lt(a.borderDashOffset,u.borderDashOffset),r.lineJoin=a.borderJoinStyle||u.borderJoinStyle,r.lineWidth=lt(a.borderWidth,u.borderWidth),r.strokeStyle=a.borderColor||l.defaultColor,r.beginPath(),(n=s[0]._view).skip||(r.moveTo(n.x,n.y),d=0),t=1;t<s.length;++t)n=s[t]._view,e=-1===d?H.previousItem(s,t):s[d],n.skip||(d!==t-1&&!o||-1===d?r.moveTo(n.x,n.y):H.canvas.lineTo(r,e._view,n),d=t);h&&r.closePath(),r.stroke(),r.restore()}}}),ht=H.valueOrDefault,ct=N.global.defaultColor;function ft(t){var e=this._view;return!!e&&Math.abs(t-e.x)<e.radius+e.hitRadius}N._set("global",{elements:{point:{radius:3,pointStyle:"circle",backgroundColor:ct,borderColor:ct,borderWidth:1,hitRadius:1,hoverRadius:4,hoverBorderWidth:1}}});var gt=K.extend({_type:"point",inRange:function(t,e){var n=this._view;return!!n&&Math.pow(t-n.x,2)+Math.pow(e-n.y,2)<Math.pow(n.hitRadius+n.radius,2)},inLabelRange:ft,inXRange:ft,inYRange:function(t){var e=this._view;return!!e&&Math.abs(t-e.y)<e.radius+e.hitRadius},getCenterPoint:function(){var t=this._view;return{x:t.x,y:t.y}},getArea:function(){return Math.PI*Math.pow(this._view.radius,2)},tooltipPosition:function(){var t=this._view;return{x:t.x,y:t.y,padding:t.radius+t.borderWidth}},draw:function(t){var e=this._view,n=this._chart.ctx,i=e.pointStyle,a=e.rotation,r=e.radius,o=e.x,s=e.y,l=N.global,u=l.defaultColor;e.skip||(void 0===t||H.canvas._isPointInArea(e,t))&&(n.strokeStyle=e.borderColor||u,n.lineWidth=ht(e.borderWidth,l.elements.point.borderWidth),n.fillStyle=e.backgroundColor||u,H.canvas.drawPoint(n,i,r,o,s,a))}}),pt=N.global.defaultColor;function mt(t){return t&&void 0!==t.width}function vt(t){var e,n,i,a,r;return mt(t)?(r=t.width/2,e=t.x-r,n=t.x+r,i=Math.min(t.y,t.base),a=Math.max(t.y,t.base)):(r=t.height/2,e=Math.min(t.x,t.base),n=Math.max(t.x,t.base),i=t.y-r,a=t.y+r),{left:e,top:i,right:n,bottom:a}}function bt(t,e,n){return t===e?n:t===n?e:t}function xt(t,e,n){var i,a,r,o,s=t.borderWidth,l=function(t){var e=t.borderSkipped,n={};return e?(t.horizontal?t.base>t.x&&(e=bt(e,"left","right")):t.base<t.y&&(e=bt(e,"bottom","top")),n[e]=!0,n):n}(t);return H.isObject(s)?(i=+s.top||0,a=+s.right||0,r=+s.bottom||0,o=+s.left||0):i=a=r=o=+s||0,{t:l.top||i<0?0:i>n?n:i,r:l.right||a<0?0:a>e?e:a,b:l.bottom||r<0?0:r>n?n:r,l:l.left||o<0?0:o>e?e:o}}function yt(t,e,n){var i=null===e,a=null===n,r=!(!t||i&&a)&&vt(t);return r&&(i||e>=r.left&&e<=r.right)&&(a||n>=r.top&&n<=r.bottom)}N._set("global",{elements:{rectangle:{backgroundColor:pt,borderColor:pt,borderSkipped:"bottom",borderWidth:0}}});var _t=K.extend({_type:"rectangle",draw:function(){var t=this._chart.ctx,e=this._view,n=function(t){var e=vt(t),n=e.right-e.left,i=e.bottom-e.top,a=xt(t,n/2,i/2);return{outer:{x:e.left,y:e.top,w:n,h:i},inner:{x:e.left+a.l,y:e.top+a.t,w:n-a.l-a.r,h:i-a.t-a.b}}}(e),i=n.outer,a=n.inner;t.fillStyle=e.backgroundColor,t.fillRect(i.x,i.y,i.w,i.h),i.w===a.w&&i.h===a.h||(t.save(),t.beginPath(),t.rect(i.x,i.y,i.w,i.h),t.clip(),t.fillStyle=e.borderColor,t.rect(a.x,a.y,a.w,a.h),t.fill("evenodd"),t.restore())},height:function(){var t=this._view;return t.base-t.y},inRange:function(t,e){return yt(this._view,t,e)},inLabelRange:function(t,e){var n=this._view;return mt(n)?yt(n,t,null):yt(n,null,e)},inXRange:function(t){return yt(this._view,t,null)},inYRange:function(t){return yt(this._view,null,t)},getCenterPoint:function(){var t,e,n=this._view;return mt(n)?(t=n.x,e=(n.y+n.base)/2):(t=(n.x+n.base)/2,e=n.y),{x:t,y:e}},getArea:function(){var t=this._view;return mt(t)?t.width*Math.abs(t.y-t.base):t.height*Math.abs(t.x-t.base)},tooltipPosition:function(){var t=this._view;return{x:t.x,y:t.y}}}),kt={},wt=st,Mt=dt,St=gt,Ct=_t;kt.Arc=wt,kt.Line=Mt,kt.Point=St,kt.Rectangle=Ct;var Pt=H._deprecated,At=H.valueOrDefault;function Dt(t,e,n){var i,a,r=n.barThickness,o=e.stackCount,s=e.pixels[t],l=H.isNullOrUndef(r)?function(t,e){var n,i,a,r,o=t._length;for(a=1,r=e.length;a<r;++a)o=Math.min(o,Math.abs(e[a]-e[a-1]));for(a=0,r=t.getTicks().length;a<r;++a)i=t.getPixelForTick(a),o=a>0?Math.min(o,Math.abs(i-n)):o,n=i;return o}(e.scale,e.pixels):-1;return H.isNullOrUndef(r)?(i=l*n.categoryPercentage,a=n.barPercentage):(i=r*o,a=1),{chunk:i/o,ratio:a,start:s-i/2}}N._set("bar",{hover:{mode:"label"},scales:{xAxes:[{type:"category",offset:!0,gridLines:{offsetGridLines:!0}}],yAxes:[{type:"linear"}]}}),N._set("global",{datasets:{bar:{categoryPercentage:.8,barPercentage:.9}}});var Tt=it.extend({dataElementType:kt.Rectangle,_dataElementOptions:["backgroundColor","borderColor","borderSkipped","borderWidth","barPercentage","barThickness","categoryPercentage","maxBarThickness","minBarLength"],initialize:function(){var t,e,n=this;it.prototype.initialize.apply(n,arguments),(t=n.getMeta()).stack=n.getDataset().stack,t.bar=!0,e=n._getIndexScale().options,Pt("bar chart",e.barPercentage,"scales.[x/y]Axes.barPercentage","dataset.barPercentage"),Pt("bar chart",e.barThickness,"scales.[x/y]Axes.barThickness","dataset.barThickness"),Pt("bar chart",e.categoryPercentage,"scales.[x/y]Axes.categoryPercentage","dataset.categoryPercentage"),Pt("bar chart",n._getValueScale().options.minBarLength,"scales.[x/y]Axes.minBarLength","dataset.minBarLength"),Pt("bar chart",e.maxBarThickness,"scales.[x/y]Axes.maxBarThickness","dataset.maxBarThickness")},update:function(t){var e,n,i=this.getMeta().data;for(this._ruler=this.getRuler(),e=0,n=i.length;e<n;++e)this.updateElement(i[e],e,t)},updateElement:function(t,e,n){var i=this,a=i.getMeta(),r=i.getDataset(),o=i._resolveDataElementOptions(t,e);t._xScale=i.getScaleForId(a.xAxisID),t._yScale=i.getScaleForId(a.yAxisID),t._datasetIndex=i.index,t._index=e,t._model={backgroundColor:o.backgroundColor,borderColor:o.borderColor,borderSkipped:o.borderSkipped,borderWidth:o.borderWidth,datasetLabel:r.label,label:i.chart.data.labels[e]},H.isArray(r.data[e])&&(t._model.borderSkipped=null),i._updateElementGeometry(t,e,n,o),t.pivot()},_updateElementGeometry:function(t,e,n,i){var a=this,r=t._model,o=a._getValueScale(),s=o.getBasePixel(),l=o.isHorizontal(),u=a._ruler||a.getRuler(),d=a.calculateBarValuePixels(a.index,e,i),h=a.calculateBarIndexPixels(a.index,e,u,i);r.horizontal=l,r.base=n?s:d.base,r.x=l?n?s:d.head:h.center,r.y=l?h.center:n?s:d.head,r.height=l?h.size:void 0,r.width=l?void 0:h.size},_getStacks:function(t){var e,n,i=this._getIndexScale(),a=i._getMatchingVisibleMetas(this._type),r=i.options.stacked,o=a.length,s=[];for(e=0;e<o&&(n=a[e],(!1===r||-1===s.indexOf(n.stack)||void 0===r&&void 0===n.stack)&&s.push(n.stack),n.index!==t);++e);return s},getStackCount:function(){return this._getStacks().length},getStackIndex:function(t,e){var n=this._getStacks(t),i=void 0!==e?n.indexOf(e):-1;return-1===i?n.length-1:i},getRuler:function(){var t,e,n=this._getIndexScale(),i=[];for(t=0,e=this.getMeta().data.length;t<e;++t)i.push(n.getPixelForValue(null,t,this.index));return{pixels:i,start:n._startPixel,end:n._endPixel,stackCount:this.getStackCount(),scale:n}},calculateBarValuePixels:function(t,e,n){var i,a,r,o,s,l,u,d=this.chart,h=this._getValueScale(),c=h.isHorizontal(),f=d.data.datasets,g=h._getMatchingVisibleMetas(this._type),p=h._parseValue(f[t].data[e]),m=n.minBarLength,v=h.options.stacked,b=this.getMeta().stack,x=void 0===p.start?0:p.max>=0&&p.min>=0?p.min:p.max,y=void 0===p.start?p.end:p.max>=0&&p.min>=0?p.max-p.min:p.min-p.max,_=g.length;if(v||void 0===v&&void 0!==b)for(i=0;i<_&&(a=g[i]).index!==t;++i)a.stack===b&&(r=void 0===(u=h._parseValue(f[a.index].data[e])).start?u.end:u.min>=0&&u.max>=0?u.max:u.min,(p.min<0&&r<0||p.max>=0&&r>0)&&(x+=r));return o=h.getPixelForValue(x),l=(s=h.getPixelForValue(x+y))-o,void 0!==m&&Math.abs(l)<m&&(l=m,s=y>=0&&!c||y<0&&c?o-m:o+m),{size:l,base:o,head:s,center:s+l/2}},calculateBarIndexPixels:function(t,e,n,i){var a="flex"===i.barThickness?function(t,e,n){var i,a=e.pixels,r=a[t],o=t>0?a[t-1]:null,s=t<a.length-1?a[t+1]:null,l=n.categoryPercentage;return null===o&&(o=r-(null===s?e.end-e.start:s-r)),null===s&&(s=r+r-o),i=r-(r-Math.min(o,s))/2*l,{chunk:Math.abs(s-o)/2*l/e.stackCount,ratio:n.barPercentage,start:i}}(e,n,i):Dt(e,n,i),r=this.getStackIndex(t,this.getMeta().stack),o=a.start+a.chunk*r+a.chunk/2,s=Math.min(At(i.maxBarThickness,1/0),a.chunk*a.ratio);return{base:o-s/2,head:o+s/2,center:o,size:s}},draw:function(){var t=this.chart,e=this._getValueScale(),n=this.getMeta().data,i=this.getDataset(),a=n.length,r=0;for(H.canvas.clipArea(t.ctx,t.chartArea);r<a;++r){var o=e._parseValue(i.data[r]);isNaN(o.min)||isNaN(o.max)||n[r].draw()}H.canvas.unclipArea(t.ctx)},_resolveDataElementOptions:function(){var t=this,e=H.extend({},it.prototype._resolveDataElementOptions.apply(t,arguments)),n=t._getIndexScale().options,i=t._getValueScale().options;return e.barPercentage=At(n.barPercentage,e.barPercentage),e.barThickness=At(n.barThickness,e.barThickness),e.categoryPercentage=At(n.categoryPercentage,e.categoryPercentage),e.maxBarThickness=At(n.maxBarThickness,e.maxBarThickness),e.minBarLength=At(i.minBarLength,e.minBarLength),e}}),It=H.valueOrDefault,Ft=H.options.resolve;N._set("bubble",{hover:{mode:"single"},scales:{xAxes:[{type:"linear",position:"bottom",id:"x-axis-0"}],yAxes:[{type:"linear",position:"left",id:"y-axis-0"}]},tooltips:{callbacks:{title:function(){return""},label:function(t,e){var n=e.datasets[t.datasetIndex].label||"",i=e.datasets[t.datasetIndex].data[t.index];return n+": ("+t.xLabel+", "+t.yLabel+", "+i.r+")"}}}});var Ot=it.extend({dataElementType:kt.Point,_dataElementOptions:["backgroundColor","borderColor","borderWidth","hoverBackgroundColor","hoverBorderColor","hoverBorderWidth","hoverRadius","hitRadius","pointStyle","rotation"],update:function(t){var e=this,n=e.getMeta().data;H.each(n,(function(n,i){e.updateElement(n,i,t)}))},updateElement:function(t,e,n){var i=this,a=i.getMeta(),r=t.custom||{},o=i.getScaleForId(a.xAxisID),s=i.getScaleForId(a.yAxisID),l=i._resolveDataElementOptions(t,e),u=i.getDataset().data[e],d=i.index,h=n?o.getPixelForDecimal(.5):o.getPixelForValue("object"==typeof u?u:NaN,e,d),c=n?s.getBasePixel():s.getPixelForValue(u,e,d);t._xScale=o,t._yScale=s,t._options=l,t._datasetIndex=d,t._index=e,t._model={backgroundColor:l.backgroundColor,borderColor:l.borderColor,borderWidth:l.borderWidth,hitRadius:l.hitRadius,pointStyle:l.pointStyle,rotation:l.rotation,radius:n?0:l.radius,skip:r.skip||isNaN(h)||isNaN(c),x:h,y:c},t.pivot()},setHoverStyle:function(t){var e=t._model,n=t._options,i=H.getHoverColor;t.$previousStyle={backgroundColor:e.backgroundColor,borderColor:e.borderColor,borderWidth:e.borderWidth,radius:e.radius},e.backgroundColor=It(n.hoverBackgroundColor,i(n.backgroundColor)),e.borderColor=It(n.hoverBorderColor,i(n.borderColor)),e.borderWidth=It(n.hoverBorderWidth,n.borderWidth),e.radius=n.radius+n.hoverRadius},_resolveDataElementOptions:function(t,e){var n=this,i=n.chart,a=n.getDataset(),r=t.custom||{},o=a.data[e]||{},s=it.prototype._resolveDataElementOptions.apply(n,arguments),l={chart:i,dataIndex:e,dataset:a,datasetIndex:n.index};return n._cachedDataOpts===s&&(s=H.extend({},s)),s.radius=Ft([r.radius,o.r,n._config.radius,i.options.elements.point.radius],l,e),s}}),Lt=H.valueOrDefault,Rt=Math.PI,zt=2*Rt,Nt=Rt/2;N._set("doughnut",{animation:{animateRotate:!0,animateScale:!1},hover:{mode:"single"},legendCallback:function(t){var e,n,i,a=document.createElement("ul"),r=t.data,o=r.datasets,s=r.labels;if(a.setAttribute("class",t.id+"-legend"),o.length)for(e=0,n=o[0].data.length;e<n;++e)(i=a.appendChild(document.createElement("li"))).appendChild(document.createElement("span")).style.backgroundColor=o[0].backgroundColor[e],s[e]&&i.appendChild(document.createTextNode(s[e]));return a.outerHTML},legend:{labels:{generateLabels:function(t){var e=t.data;return e.labels.length&&e.datasets.length?e.labels.map((function(n,i){var a=t.getDatasetMeta(0),r=a.controller.getStyle(i);return{text:n,fillStyle:r.backgroundColor,strokeStyle:r.borderColor,lineWidth:r.borderWidth,hidden:isNaN(e.datasets[0].data[i])||a.data[i].hidden,index:i}})):[]}},onClick:function(t,e){var n,i,a,r=e.index,o=this.chart;for(n=0,i=(o.data.datasets||[]).length;n<i;++n)(a=o.getDatasetMeta(n)).data[r]&&(a.data[r].hidden=!a.data[r].hidden);o.update()}},cutoutPercentage:50,rotation:-Nt,circumference:zt,tooltips:{callbacks:{title:function(){return""},label:function(t,e){var n=e.labels[t.index],i=": "+e.datasets[t.datasetIndex].data[t.index];return H.isArray(n)?(n=n.slice())[0]+=i:n+=i,n}}}});var Bt=it.extend({dataElementType:kt.Arc,linkScales:H.noop,_dataElementOptions:["backgroundColor","borderColor","borderWidth","borderAlign","hoverBackgroundColor","hoverBorderColor","hoverBorderWidth"],getRingIndex:function(t){for(var e=0,n=0;n<t;++n)this.chart.isDatasetVisible(n)&&++e;return e},update:function(t){var e,n,i,a,r=this,o=r.chart,s=o.chartArea,l=o.options,u=1,d=1,h=0,c=0,f=r.getMeta(),g=f.data,p=l.cutoutPercentage/100||0,m=l.circumference,v=r._getRingWeight(r.index);if(m<zt){var b=l.rotation%zt,x=(b+=b>=Rt?-zt:b<-Rt?zt:0)+m,y=Math.cos(b),_=Math.sin(b),k=Math.cos(x),w=Math.sin(x),M=b<=0&&x>=0||x>=zt,S=b<=Nt&&x>=Nt||x>=zt+Nt,C=b<=-Nt&&x>=-Nt||x>=Rt+Nt,P=b===-Rt||x>=Rt?-1:Math.min(y,y*p,k,k*p),A=C?-1:Math.min(_,_*p,w,w*p),D=M?1:Math.max(y,y*p,k,k*p),T=S?1:Math.max(_,_*p,w,w*p);u=(D-P)/2,d=(T-A)/2,h=-(D+P)/2,c=-(T+A)/2}for(i=0,a=g.length;i<a;++i)g[i]._options=r._resolveDataElementOptions(g[i],i);for(o.borderWidth=r.getMaxBorderWidth(),e=(s.right-s.left-o.borderWidth)/u,n=(s.bottom-s.top-o.borderWidth)/d,o.outerRadius=Math.max(Math.min(e,n)/2,0),o.innerRadius=Math.max(o.outerRadius*p,0),o.radiusLength=(o.outerRadius-o.innerRadius)/(r._getVisibleDatasetWeightTotal()||1),o.offsetX=h*o.outerRadius,o.offsetY=c*o.outerRadius,f.total=r.calculateTotal(),r.outerRadius=o.outerRadius-o.radiusLength*r._getRingWeightOffset(r.index),r.innerRadius=Math.max(r.outerRadius-o.radiusLength*v,0),i=0,a=g.length;i<a;++i)r.updateElement(g[i],i,t)},updateElement:function(t,e,n){var i=this,a=i.chart,r=a.chartArea,o=a.options,s=o.animation,l=(r.left+r.right)/2,u=(r.top+r.bottom)/2,d=o.rotation,h=o.rotation,c=i.getDataset(),f=n&&s.animateRotate?0:t.hidden?0:i.calculateCircumference(c.data[e])*(o.circumference/zt),g=n&&s.animateScale?0:i.innerRadius,p=n&&s.animateScale?0:i.outerRadius,m=t._options||{};H.extend(t,{_datasetIndex:i.index,_index:e,_model:{backgroundColor:m.backgroundColor,borderColor:m.borderColor,borderWidth:m.borderWidth,borderAlign:m.borderAlign,x:l+a.offsetX,y:u+a.offsetY,startAngle:d,endAngle:h,circumference:f,outerRadius:p,innerRadius:g,label:H.valueAtIndexOrDefault(c.label,e,a.data.labels[e])}});var v=t._model;n&&s.animateRotate||(v.startAngle=0===e?o.rotation:i.getMeta().data[e-1]._model.endAngle,v.endAngle=v.startAngle+v.circumference),t.pivot()},calculateTotal:function(){var t,e=this.getDataset(),n=this.getMeta(),i=0;return H.each(n.data,(function(n,a){t=e.data[a],isNaN(t)||n.hidden||(i+=Math.abs(t))})),i},calculateCircumference:function(t){var e=this.getMeta().total;return e>0&&!isNaN(t)?zt*(Math.abs(t)/e):0},getMaxBorderWidth:function(t){var e,n,i,a,r,o,s,l,u=0,d=this.chart;if(!t)for(e=0,n=d.data.datasets.length;e<n;++e)if(d.isDatasetVisible(e)){t=(i=d.getDatasetMeta(e)).data,e!==this.index&&(r=i.controller);break}if(!t)return 0;for(e=0,n=t.length;e<n;++e)a=t[e],r?(r._configure(),o=r._resolveDataElementOptions(a,e)):o=a._options,"inner"!==o.borderAlign&&(s=o.borderWidth,u=(l=o.hoverBorderWidth)>(u=s>u?s:u)?l:u);return u},setHoverStyle:function(t){var e=t._model,n=t._options,i=H.getHoverColor;t.$previousStyle={backgroundColor:e.backgroundColor,borderColor:e.borderColor,borderWidth:e.borderWidth},e.backgroundColor=Lt(n.hoverBackgroundColor,i(n.backgroundColor)),e.borderColor=Lt(n.hoverBorderColor,i(n.borderColor)),e.borderWidth=Lt(n.hoverBorderWidth,n.borderWidth)},_getRingWeightOffset:function(t){for(var e=0,n=0;n<t;++n)this.chart.isDatasetVisible(n)&&(e+=this._getRingWeight(n));return e},_getRingWeight:function(t){return Math.max(Lt(this.chart.data.datasets[t].weight,1),0)},_getVisibleDatasetWeightTotal:function(){return this._getRingWeightOffset(this.chart.data.datasets.length)}});N._set("horizontalBar",{hover:{mode:"index",axis:"y"},scales:{xAxes:[{type:"linear",position:"bottom"}],yAxes:[{type:"category",position:"left",offset:!0,gridLines:{offsetGridLines:!0}}]},elements:{rectangle:{borderSkipped:"left"}},tooltips:{mode:"index",axis:"y"}}),N._set("global",{datasets:{horizontalBar:{categoryPercentage:.8,barPercentage:.9}}});var Et=Tt.extend({_getValueScaleId:function(){return this.getMeta().xAxisID},_getIndexScaleId:function(){return this.getMeta().yAxisID}}),Wt=H.valueOrDefault,Vt=H.options.resolve,Ht=H.canvas._isPointInArea;function jt(t,e){var n=t&&t.options.ticks||{},i=n.reverse,a=void 0===n.min?e:0,r=void 0===n.max?e:0;return{start:i?r:a,end:i?a:r}}function qt(t,e,n){var i=n/2,a=jt(t,i),r=jt(e,i);return{top:r.end,right:a.end,bottom:r.start,left:a.start}}function Ut(t){var e,n,i,a;return H.isObject(t)?(e=t.top,n=t.right,i=t.bottom,a=t.left):e=n=i=a=t,{top:e,right:n,bottom:i,left:a}}N._set("line",{showLines:!0,spanGaps:!1,hover:{mode:"label"},scales:{xAxes:[{type:"category",id:"x-axis-0"}],yAxes:[{type:"linear",id:"y-axis-0"}]}});var Yt=it.extend({datasetElementType:kt.Line,dataElementType:kt.Point,_datasetElementOptions:["backgroundColor","borderCapStyle","borderColor","borderDash","borderDashOffset","borderJoinStyle","borderWidth","cubicInterpolationMode","fill"],_dataElementOptions:{backgroundColor:"pointBackgroundColor",borderColor:"pointBorderColor",borderWidth:"pointBorderWidth",hitRadius:"pointHitRadius",hoverBackgroundColor:"pointHoverBackgroundColor",hoverBorderColor:"pointHoverBorderColor",hoverBorderWidth:"pointHoverBorderWidth",hoverRadius:"pointHoverRadius",pointStyle:"pointStyle",radius:"pointRadius",rotation:"pointRotation"},update:function(t){var e,n,i=this,a=i.getMeta(),r=a.dataset,o=a.data||[],s=i.chart.options,l=i._config,u=i._showLine=Wt(l.showLine,s.showLines);for(i._xScale=i.getScaleForId(a.xAxisID),i._yScale=i.getScaleForId(a.yAxisID),u&&(void 0!==l.tension&&void 0===l.lineTension&&(l.lineTension=l.tension),r._scale=i._yScale,r._datasetIndex=i.index,r._children=o,r._model=i._resolveDatasetElementOptions(r),r.pivot()),e=0,n=o.length;e<n;++e)i.updateElement(o[e],e,t);for(u&&0!==r._model.tension&&i.updateBezierControlPoints(),e=0,n=o.length;e<n;++e)o[e].pivot()},updateElement:function(t,e,n){var i,a,r=this,o=r.getMeta(),s=t.custom||{},l=r.getDataset(),u=r.index,d=l.data[e],h=r._xScale,c=r._yScale,f=o.dataset._model,g=r._resolveDataElementOptions(t,e);i=h.getPixelForValue("object"==typeof d?d:NaN,e,u),a=n?c.getBasePixel():r.calculatePointY(d,e,u),t._xScale=h,t._yScale=c,t._options=g,t._datasetIndex=u,t._index=e,t._model={x:i,y:a,skip:s.skip||isNaN(i)||isNaN(a),radius:g.radius,pointStyle:g.pointStyle,rotation:g.rotation,backgroundColor:g.backgroundColor,borderColor:g.borderColor,borderWidth:g.borderWidth,tension:Wt(s.tension,f?f.tension:0),steppedLine:!!f&&f.steppedLine,hitRadius:g.hitRadius}},_resolveDatasetElementOptions:function(t){var e=this,n=e._config,i=t.custom||{},a=e.chart.options,r=a.elements.line,o=it.prototype._resolveDatasetElementOptions.apply(e,arguments);return o.spanGaps=Wt(n.spanGaps,a.spanGaps),o.tension=Wt(n.lineTension,r.tension),o.steppedLine=Vt([i.steppedLine,n.steppedLine,r.stepped]),o.clip=Ut(Wt(n.clip,qt(e._xScale,e._yScale,o.borderWidth))),o},calculatePointY:function(t,e,n){var i,a,r,o,s,l,u,d=this.chart,h=this._yScale,c=0,f=0;if(h.options.stacked){for(s=+h.getRightValue(t),u=(l=d._getSortedVisibleDatasetMetas()).length,i=0;i<u&&(r=l[i]).index!==n;++i)a=d.data.datasets[r.index],"line"===r.type&&r.yAxisID===h.id&&((o=+h.getRightValue(a.data[e]))<0?f+=o||0:c+=o||0);return s<0?h.getPixelForValue(f+s):h.getPixelForValue(c+s)}return h.getPixelForValue(t)},updateBezierControlPoints:function(){var t,e,n,i,a=this.chart,r=this.getMeta(),o=r.dataset._model,s=a.chartArea,l=r.data||[];function u(t,e,n){return Math.max(Math.min(t,n),e)}if(o.spanGaps&&(l=l.filter((function(t){return!t._model.skip}))),"monotone"===o.cubicInterpolationMode)H.splineCurveMonotone(l);else for(t=0,e=l.length;t<e;++t)n=l[t]._model,i=H.splineCurve(H.previousItem(l,t)._model,n,H.nextItem(l,t)._model,o.tension),n.controlPointPreviousX=i.previous.x,n.controlPointPreviousY=i.previous.y,n.controlPointNextX=i.next.x,n.controlPointNextY=i.next.y;if(a.options.elements.line.capBezierPoints)for(t=0,e=l.length;t<e;++t)n=l[t]._model,Ht(n,s)&&(t>0&&Ht(l[t-1]._model,s)&&(n.controlPointPreviousX=u(n.controlPointPreviousX,s.left,s.right),n.controlPointPreviousY=u(n.controlPointPreviousY,s.top,s.bottom)),t<l.length-1&&Ht(l[t+1]._model,s)&&(n.controlPointNextX=u(n.controlPointNextX,s.left,s.right),n.controlPointNextY=u(n.controlPointNextY,s.top,s.bottom)))},draw:function(){var t,e=this.chart,n=this.getMeta(),i=n.data||[],a=e.chartArea,r=e.canvas,o=0,s=i.length;for(this._showLine&&(t=n.dataset._model.clip,H.canvas.clipArea(e.ctx,{left:!1===t.left?0:a.left-t.left,right:!1===t.right?r.width:a.right+t.right,top:!1===t.top?0:a.top-t.top,bottom:!1===t.bottom?r.height:a.bottom+t.bottom}),n.dataset.draw(),H.canvas.unclipArea(e.ctx));o<s;++o)i[o].draw(a)},setHoverStyle:function(t){var e=t._model,n=t._options,i=H.getHoverColor;t.$previousStyle={backgroundColor:e.backgroundColor,borderColor:e.borderColor,borderWidth:e.borderWidth,radius:e.radius},e.backgroundColor=Wt(n.hoverBackgroundColor,i(n.backgroundColor)),e.borderColor=Wt(n.hoverBorderColor,i(n.borderColor)),e.borderWidth=Wt(n.hoverBorderWidth,n.borderWidth),e.radius=Wt(n.hoverRadius,n.radius)}}),Gt=H.options.resolve;N._set("polarArea",{scale:{type:"radialLinear",angleLines:{display:!1},gridLines:{circular:!0},pointLabels:{display:!1},ticks:{beginAtZero:!0}},animation:{animateRotate:!0,animateScale:!0},startAngle:-.5*Math.PI,legendCallback:function(t){var e,n,i,a=document.createElement("ul"),r=t.data,o=r.datasets,s=r.labels;if(a.setAttribute("class",t.id+"-legend"),o.length)for(e=0,n=o[0].data.length;e<n;++e)(i=a.appendChild(document.createElement("li"))).appendChild(document.createElement("span")).style.backgroundColor=o[0].backgroundColor[e],s[e]&&i.appendChild(document.createTextNode(s[e]));return a.outerHTML},legend:{labels:{generateLabels:function(t){var e=t.data;return e.labels.length&&e.datasets.length?e.labels.map((function(n,i){var a=t.getDatasetMeta(0),r=a.controller.getStyle(i);return{text:n,fillStyle:r.backgroundColor,strokeStyle:r.borderColor,lineWidth:r.borderWidth,hidden:isNaN(e.datasets[0].data[i])||a.data[i].hidden,index:i}})):[]}},onClick:function(t,e){var n,i,a,r=e.index,o=this.chart;for(n=0,i=(o.data.datasets||[]).length;n<i;++n)(a=o.getDatasetMeta(n)).data[r].hidden=!a.data[r].hidden;o.update()}},tooltips:{callbacks:{title:function(){return""},label:function(t,e){return e.labels[t.index]+": "+t.yLabel}}}});var Xt=it.extend({dataElementType:kt.Arc,linkScales:H.noop,_dataElementOptions:["backgroundColor","borderColor","borderWidth","borderAlign","hoverBackgroundColor","hoverBorderColor","hoverBorderWidth"],_getIndexScaleId:function(){return this.chart.scale.id},_getValueScaleId:function(){return this.chart.scale.id},update:function(t){var e,n,i,a=this,r=a.getDataset(),o=a.getMeta(),s=a.chart.options.startAngle||0,l=a._starts=[],u=a._angles=[],d=o.data;for(a._updateRadius(),o.count=a.countVisibleElements(),e=0,n=r.data.length;e<n;e++)l[e]=s,i=a._computeAngle(e),u[e]=i,s+=i;for(e=0,n=d.length;e<n;++e)d[e]._options=a._resolveDataElementOptions(d[e],e),a.updateElement(d[e],e,t)},_updateRadius:function(){var t=this,e=t.chart,n=e.chartArea,i=e.options,a=Math.min(n.right-n.left,n.bottom-n.top);e.outerRadius=Math.max(a/2,0),e.innerRadius=Math.max(i.cutoutPercentage?e.outerRadius/100*i.cutoutPercentage:1,0),e.radiusLength=(e.outerRadius-e.innerRadius)/e.getVisibleDatasetCount(),t.outerRadius=e.outerRadius-e.radiusLength*t.index,t.innerRadius=t.outerRadius-e.radiusLength},updateElement:function(t,e,n){var i=this,a=i.chart,r=i.getDataset(),o=a.options,s=o.animation,l=a.scale,u=a.data.labels,d=l.xCenter,h=l.yCenter,c=o.startAngle,f=t.hidden?0:l.getDistanceFromCenterForValue(r.data[e]),g=i._starts[e],p=g+(t.hidden?0:i._angles[e]),m=s.animateScale?0:l.getDistanceFromCenterForValue(r.data[e]),v=t._options||{};H.extend(t,{_datasetIndex:i.index,_index:e,_scale:l,_model:{backgroundColor:v.backgroundColor,borderColor:v.borderColor,borderWidth:v.borderWidth,borderAlign:v.borderAlign,x:d,y:h,innerRadius:0,outerRadius:n?m:f,startAngle:n&&s.animateRotate?c:g,endAngle:n&&s.animateRotate?c:p,label:H.valueAtIndexOrDefault(u,e,u[e])}}),t.pivot()},countVisibleElements:function(){var t=this.getDataset(),e=this.getMeta(),n=0;return H.each(e.data,(function(e,i){isNaN(t.data[i])||e.hidden||n++})),n},setHoverStyle:function(t){var e=t._model,n=t._options,i=H.getHoverColor,a=H.valueOrDefault;t.$previousStyle={backgroundColor:e.backgroundColor,borderColor:e.borderColor,borderWidth:e.borderWidth},e.backgroundColor=a(n.hoverBackgroundColor,i(n.backgroundColor)),e.borderColor=a(n.hoverBorderColor,i(n.borderColor)),e.borderWidth=a(n.hoverBorderWidth,n.borderWidth)},_computeAngle:function(t){var e=this,n=this.getMeta().count,i=e.getDataset(),a=e.getMeta();if(isNaN(i.data[t])||a.data[t].hidden)return 0;var r={chart:e.chart,dataIndex:t,dataset:i,datasetIndex:e.index};return Gt([e.chart.options.elements.arc.angle,2*Math.PI/n],r,t)}});N._set("pie",H.clone(N.doughnut)),N._set("pie",{cutoutPercentage:0});var Kt=Bt,Zt=H.valueOrDefault;N._set("radar",{spanGaps:!1,scale:{type:"radialLinear"},elements:{line:{fill:"start",tension:0}}});var $t=it.extend({datasetElementType:kt.Line,dataElementType:kt.Point,linkScales:H.noop,_datasetElementOptions:["backgroundColor","borderWidth","borderColor","borderCapStyle","borderDash","borderDashOffset","borderJoinStyle","fill"],_dataElementOptions:{backgroundColor:"pointBackgroundColor",borderColor:"pointBorderColor",borderWidth:"pointBorderWidth",hitRadius:"pointHitRadius",hoverBackgroundColor:"pointHoverBackgroundColor",hoverBorderColor:"pointHoverBorderColor",hoverBorderWidth:"pointHoverBorderWidth",hoverRadius:"pointHoverRadius",pointStyle:"pointStyle",radius:"pointRadius",rotation:"pointRotation"},_getIndexScaleId:function(){return this.chart.scale.id},_getValueScaleId:function(){return this.chart.scale.id},update:function(t){var e,n,i=this,a=i.getMeta(),r=a.dataset,o=a.data||[],s=i.chart.scale,l=i._config;for(void 0!==l.tension&&void 0===l.lineTension&&(l.lineTension=l.tension),r._scale=s,r._datasetIndex=i.index,r._children=o,r._loop=!0,r._model=i._resolveDatasetElementOptions(r),r.pivot(),e=0,n=o.length;e<n;++e)i.updateElement(o[e],e,t);for(i.updateBezierControlPoints(),e=0,n=o.length;e<n;++e)o[e].pivot()},updateElement:function(t,e,n){var i=this,a=t.custom||{},r=i.getDataset(),o=i.chart.scale,s=o.getPointPositionForValue(e,r.data[e]),l=i._resolveDataElementOptions(t,e),u=i.getMeta().dataset._model,d=n?o.xCenter:s.x,h=n?o.yCenter:s.y;t._scale=o,t._options=l,t._datasetIndex=i.index,t._index=e,t._model={x:d,y:h,skip:a.skip||isNaN(d)||isNaN(h),radius:l.radius,pointStyle:l.pointStyle,rotation:l.rotation,backgroundColor:l.backgroundColor,borderColor:l.borderColor,borderWidth:l.borderWidth,tension:Zt(a.tension,u?u.tension:0),hitRadius:l.hitRadius}},_resolveDatasetElementOptions:function(){var t=this,e=t._config,n=t.chart.options,i=it.prototype._resolveDatasetElementOptions.apply(t,arguments);return i.spanGaps=Zt(e.spanGaps,n.spanGaps),i.tension=Zt(e.lineTension,n.elements.line.tension),i},updateBezierControlPoints:function(){var t,e,n,i,a=this.getMeta(),r=this.chart.chartArea,o=a.data||[];function s(t,e,n){return Math.max(Math.min(t,n),e)}for(a.dataset._model.spanGaps&&(o=o.filter((function(t){return!t._model.skip}))),t=0,e=o.length;t<e;++t)n=o[t]._model,i=H.splineCurve(H.previousItem(o,t,!0)._model,n,H.nextItem(o,t,!0)._model,n.tension),n.controlPointPreviousX=s(i.previous.x,r.left,r.right),n.controlPointPreviousY=s(i.previous.y,r.top,r.bottom),n.controlPointNextX=s(i.next.x,r.left,r.right),n.controlPointNextY=s(i.next.y,r.top,r.bottom)},setHoverStyle:function(t){var e=t._model,n=t._options,i=H.getHoverColor;t.$previousStyle={backgroundColor:e.backgroundColor,borderColor:e.borderColor,borderWidth:e.borderWidth,radius:e.radius},e.backgroundColor=Zt(n.hoverBackgroundColor,i(n.backgroundColor)),e.borderColor=Zt(n.hoverBorderColor,i(n.borderColor)),e.borderWidth=Zt(n.hoverBorderWidth,n.borderWidth),e.radius=Zt(n.hoverRadius,n.radius)}});N._set("scatter",{hover:{mode:"single"},scales:{xAxes:[{id:"x-axis-1",type:"linear",position:"bottom"}],yAxes:[{id:"y-axis-1",type:"linear",position:"left"}]},tooltips:{callbacks:{title:function(){return""},label:function(t){return"("+t.xLabel+", "+t.yLabel+")"}}}}),N._set("global",{datasets:{scatter:{showLine:!1}}});var Jt={bar:Tt,bubble:Ot,doughnut:Bt,horizontalBar:Et,line:Yt,polarArea:Xt,pie:Kt,radar:$t,scatter:Yt};function Qt(t,e){return t.native?{x:t.x,y:t.y}:H.getRelativePosition(t,e)}function te(t,e){var n,i,a,r,o,s,l=t._getSortedVisibleDatasetMetas();for(i=0,r=l.length;i<r;++i)for(a=0,o=(n=l[i].data).length;a<o;++a)(s=n[a])._view.skip||e(s)}function ee(t,e){var n=[];return te(t,(function(t){t.inRange(e.x,e.y)&&n.push(t)})),n}function ne(t,e,n,i){var a=Number.POSITIVE_INFINITY,r=[];return te(t,(function(t){if(!n||t.inRange(e.x,e.y)){var o=t.getCenterPoint(),s=i(e,o);s<a?(r=[t],a=s):s===a&&r.push(t)}})),r}function ie(t){var e=-1!==t.indexOf("x"),n=-1!==t.indexOf("y");return function(t,i){var a=e?Math.abs(t.x-i.x):0,r=n?Math.abs(t.y-i.y):0;return Math.sqrt(Math.pow(a,2)+Math.pow(r,2))}}function ae(t,e,n){var i=Qt(e,t);n.axis=n.axis||"x";var a=ie(n.axis),r=n.intersect?ee(t,i):ne(t,i,!1,a),o=[];return r.length?(t._getSortedVisibleDatasetMetas().forEach((function(t){var e=t.data[r[0]._index];e&&!e._view.skip&&o.push(e)})),o):[]}var re={modes:{single:function(t,e){var n=Qt(e,t),i=[];return te(t,(function(t){if(t.inRange(n.x,n.y))return i.push(t),i})),i.slice(0,1)},label:ae,index:ae,dataset:function(t,e,n){var i=Qt(e,t);n.axis=n.axis||"xy";var a=ie(n.axis),r=n.intersect?ee(t,i):ne(t,i,!1,a);return r.length>0&&(r=t.getDatasetMeta(r[0]._datasetIndex).data),r},"x-axis":function(t,e){return ae(t,e,{intersect:!1})},point:function(t,e){return ee(t,Qt(e,t))},nearest:function(t,e,n){var i=Qt(e,t);n.axis=n.axis||"xy";var a=ie(n.axis);return ne(t,i,n.intersect,a)},x:function(t,e,n){var i=Qt(e,t),a=[],r=!1;return te(t,(function(t){t.inXRange(i.x)&&a.push(t),t.inRange(i.x,i.y)&&(r=!0)})),n.intersect&&!r&&(a=[]),a},y:function(t,e,n){var i=Qt(e,t),a=[],r=!1;return te(t,(function(t){t.inYRange(i.y)&&a.push(t),t.inRange(i.x,i.y)&&(r=!0)})),n.intersect&&!r&&(a=[]),a}}},oe=H.extend;function se(t,e){return H.where(t,(function(t){return t.pos===e}))}function le(t,e){return t.sort((function(t,n){var i=e?n:t,a=e?t:n;return i.weight===a.weight?i.index-a.index:i.weight-a.weight}))}function ue(t,e,n,i){return Math.max(t[n],e[n])+Math.max(t[i],e[i])}function de(t,e,n){var i,a,r=n.box,o=t.maxPadding;if(n.size&&(t[n.pos]-=n.size),n.size=n.horizontal?r.height:r.width,t[n.pos]+=n.size,r.getPadding){var s=r.getPadding();o.top=Math.max(o.top,s.top),o.left=Math.max(o.left,s.left),o.bottom=Math.max(o.bottom,s.bottom),o.right=Math.max(o.right,s.right)}if(i=e.outerWidth-ue(o,t,"left","right"),a=e.outerHeight-ue(o,t,"top","bottom"),i!==t.w||a!==t.h){t.w=i,t.h=a;var l=n.horizontal?[i,t.w]:[a,t.h];return!(l[0]===l[1]||isNaN(l[0])&&isNaN(l[1]))}}function he(t,e){var n=e.maxPadding;function i(t){var i={left:0,top:0,right:0,bottom:0};return t.forEach((function(t){i[t]=Math.max(e[t],n[t])})),i}return i(t?["left","right"]:["top","bottom"])}function ce(t,e,n){var i,a,r,o,s,l,u=[];for(i=0,a=t.length;i<a;++i)(o=(r=t[i]).box).update(r.width||e.w,r.height||e.h,he(r.horizontal,e)),de(e,n,r)&&(l=!0,u.length&&(s=!0)),o.fullWidth||u.push(r);return s&&ce(u,e,n)||l}function fe(t,e,n){var i,a,r,o,s=n.padding,l=e.x,u=e.y;for(i=0,a=t.length;i<a;++i)o=(r=t[i]).box,r.horizontal?(o.left=o.fullWidth?s.left:e.left,o.right=o.fullWidth?n.outerWidth-s.right:e.left+e.w,o.top=u,o.bottom=u+o.height,o.width=o.right-o.left,u=o.bottom):(o.left=l,o.right=l+o.width,o.top=e.top,o.bottom=e.top+e.h,o.height=o.bottom-o.top,l=o.right);e.x=l,e.y=u}N._set("global",{layout:{padding:{top:0,right:0,bottom:0,left:0}}});var ge,pe={defaults:{},addBox:function(t,e){t.boxes||(t.boxes=[]),e.fullWidth=e.fullWidth||!1,e.position=e.position||"top",e.weight=e.weight||0,e._layers=e._layers||function(){return[{z:0,draw:function(){e.draw.apply(e,arguments)}}]},t.boxes.push(e)},removeBox:function(t,e){var n=t.boxes?t.boxes.indexOf(e):-1;-1!==n&&t.boxes.splice(n,1)},configure:function(t,e,n){for(var i,a=["fullWidth","position","weight"],r=a.length,o=0;o<r;++o)i=a[o],n.hasOwnProperty(i)&&(e[i]=n[i])},update:function(t,e,n){if(t){var i=t.options.layout||{},a=H.options.toPadding(i.padding),r=e-a.width,o=n-a.height,s=function(t){var e=function(t){var e,n,i,a=[];for(e=0,n=(t||[]).length;e<n;++e)i=t[e],a.push({index:e,box:i,pos:i.position,horizontal:i.isHorizontal(),weight:i.weight});return a}(t),n=le(se(e,"left"),!0),i=le(se(e,"right")),a=le(se(e,"top"),!0),r=le(se(e,"bottom"));return{leftAndTop:n.concat(a),rightAndBottom:i.concat(r),chartArea:se(e,"chartArea"),vertical:n.concat(i),horizontal:a.concat(r)}}(t.boxes),l=s.vertical,u=s.horizontal,d=Object.freeze({outerWidth:e,outerHeight:n,padding:a,availableWidth:r,vBoxMaxWidth:r/2/l.length,hBoxMaxHeight:o/2}),h=oe({maxPadding:oe({},a),w:r,h:o,x:a.left,y:a.top},a);!function(t,e){var n,i,a;for(n=0,i=t.length;n<i;++n)(a=t[n]).width=a.horizontal?a.box.fullWidth&&e.availableWidth:e.vBoxMaxWidth,a.height=a.horizontal&&e.hBoxMaxHeight}(l.concat(u),d),ce(l,h,d),ce(u,h,d)&&ce(l,h,d),function(t){var e=t.maxPadding;function n(n){var i=Math.max(e[n]-t[n],0);return t[n]+=i,i}t.y+=n("top"),t.x+=n("left"),n("right"),n("bottom")}(h),fe(s.leftAndTop,h,d),h.x+=h.w,h.y+=h.h,fe(s.rightAndBottom,h,d),t.chartArea={left:h.left,top:h.top,right:h.left+h.w,bottom:h.top+h.h},H.each(s.chartArea,(function(e){var n=e.box;oe(n,t.chartArea),n.update(h.w,h.h)}))}}},me=(ge=Object.freeze({__proto__:null,default:"@keyframes chartjs-render-animation{from{opacity:.99}to{opacity:1}}.chartjs-render-monitor{animation:chartjs-render-animation 1ms}.chartjs-size-monitor,.chartjs-size-monitor-expand,.chartjs-size-monitor-shrink{position:absolute;direction:ltr;left:0;top:0;right:0;bottom:0;overflow:hidden;pointer-events:none;visibility:hidden;z-index:-1}.chartjs-size-monitor-expand>div{position:absolute;width:1000000px;height:1000000px;left:0;top:0}.chartjs-size-monitor-shrink>div{position:absolute;width:200%;height:200%;left:0;top:0}"}))&&ge.default||ge,ve="$chartjs",be="chartjs-size-monitor",xe="chartjs-render-monitor",ye="chartjs-render-animation",_e=["animationstart","webkitAnimationStart"],ke={touchstart:"mousedown",touchmove:"mousemove",touchend:"mouseup",pointerenter:"mouseenter",pointerdown:"mousedown",pointermove:"mousemove",pointerup:"mouseup",pointerleave:"mouseout",pointerout:"mouseout"};function we(t,e){var n=H.getStyle(t,e),i=n&&n.match(/^(\d+)(\.\d+)?px$/);return i?Number(i[1]):void 0}var Me=!!function(){var t=!1;try{var e=Object.defineProperty({},"passive",{get:function(){t=!0}});window.addEventListener("e",null,e)}catch(t){}return t}()&&{passive:!0};function Se(t,e,n){t.addEventListener(e,n,Me)}function Ce(t,e,n){t.removeEventListener(e,n,Me)}function Pe(t,e,n,i,a){return{type:t,chart:e,native:a||null,x:void 0!==n?n:null,y:void 0!==i?i:null}}function Ae(t){var e=document.createElement("div");return e.className=t||"",e}function De(t,e,n){var i,a,r,o,s=t[ve]||(t[ve]={}),l=s.resizer=function(t){var e=Ae(be),n=Ae(be+"-expand"),i=Ae(be+"-shrink");n.appendChild(Ae()),i.appendChild(Ae()),e.appendChild(n),e.appendChild(i),e._reset=function(){n.scrollLeft=1e6,n.scrollTop=1e6,i.scrollLeft=1e6,i.scrollTop=1e6};var a=function(){e._reset(),t()};return Se(n,"scroll",a.bind(n,"expand")),Se(i,"scroll",a.bind(i,"shrink")),e}((i=function(){if(s.resizer){var i=n.options.maintainAspectRatio&&t.parentNode,a=i?i.clientWidth:0;e(Pe("resize",n)),i&&i.clientWidth<a&&n.canvas&&e(Pe("resize",n))}},r=!1,o=[],function(){o=Array.prototype.slice.call(arguments),a=a||this,r||(r=!0,H.requestAnimFrame.call(window,(function(){r=!1,i.apply(a,o)})))}));!function(t,e){var n=t[ve]||(t[ve]={}),i=n.renderProxy=function(t){t.animationName===ye&&e()};H.each(_e,(function(e){Se(t,e,i)})),n.reflow=!!t.offsetParent,t.classList.add(xe)}(t,(function(){if(s.resizer){var e=t.parentNode;e&&e!==l.parentNode&&e.insertBefore(l,e.firstChild),l._reset()}}))}function Te(t){var e=t[ve]||{},n=e.resizer;delete e.resizer,function(t){var e=t[ve]||{},n=e.renderProxy;n&&(H.each(_e,(function(e){Ce(t,e,n)})),delete e.renderProxy),t.classList.remove(xe)}(t),n&&n.parentNode&&n.parentNode.removeChild(n)}var Ie={disableCSSInjection:!1,_enabled:"undefined"!=typeof window&&"undefined"!=typeof document,_ensureLoaded:function(t){if(!this.disableCSSInjection){var e=t.getRootNode?t.getRootNode():document;!function(t,e){var n=t[ve]||(t[ve]={});if(!n.containsStyles){n.containsStyles=!0,e="/* Chart.js */\n"+e;var i=document.createElement("style");i.setAttribute("type","text/css"),i.appendChild(document.createTextNode(e)),t.appendChild(i)}}(e.host?e:document.head,me)}},acquireContext:function(t,e){"string"==typeof t?t=document.getElementById(t):t.length&&(t=t[0]),t&&t.canvas&&(t=t.canvas);var n=t&&t.getContext&&t.getContext("2d");return n&&n.canvas===t?(this._ensureLoaded(t),function(t,e){var n=t.style,i=t.getAttribute("height"),a=t.getAttribute("width");if(t[ve]={initial:{height:i,width:a,style:{display:n.display,height:n.height,width:n.width}}},n.display=n.display||"block",null===a||""===a){var r=we(t,"width");void 0!==r&&(t.width=r)}if(null===i||""===i)if(""===t.style.height)t.height=t.width/(e.options.aspectRatio||2);else{var o=we(t,"height");void 0!==r&&(t.height=o)}}(t,e),n):null},releaseContext:function(t){var e=t.canvas;if(e[ve]){var n=e[ve].initial;["height","width"].forEach((function(t){var i=n[t];H.isNullOrUndef(i)?e.removeAttribute(t):e.setAttribute(t,i)})),H.each(n.style||{},(function(t,n){e.style[n]=t})),e.width=e.width,delete e[ve]}},addEventListener:function(t,e,n){var i=t.canvas;if("resize"!==e){var a=n[ve]||(n[ve]={});Se(i,e,(a.proxies||(a.proxies={}))[t.id+"_"+e]=function(e){n(function(t,e){var n=ke[t.type]||t.type,i=H.getRelativePosition(t,e);return Pe(n,e,i.x,i.y,t)}(e,t))})}else De(i,n,t)},removeEventListener:function(t,e,n){var i=t.canvas;if("resize"!==e){var a=((n[ve]||{}).proxies||{})[t.id+"_"+e];a&&Ce(i,e,a)}else Te(i)}};H.addEvent=Se,H.removeEvent=Ce;var Fe=Ie._enabled?Ie:{acquireContext:function(t){return t&&t.canvas&&(t=t.canvas),t&&t.getContext("2d")||null}},Oe=H.extend({initialize:function(){},acquireContext:function(){},releaseContext:function(){},addEventListener:function(){},removeEventListener:function(){}},Fe);N._set("global",{plugins:{}});var Le={_plugins:[],_cacheId:0,register:function(t){var e=this._plugins;[].concat(t).forEach((function(t){-1===e.indexOf(t)&&e.push(t)})),this._cacheId++},unregister:function(t){var e=this._plugins;[].concat(t).forEach((function(t){var n=e.indexOf(t);-1!==n&&e.splice(n,1)})),this._cacheId++},clear:function(){this._plugins=[],this._cacheId++},count:function(){return this._plugins.length},getAll:function(){return this._plugins},notify:function(t,e,n){var i,a,r,o,s,l=this.descriptors(t),u=l.length;for(i=0;i<u;++i)if("function"==typeof(s=(r=(a=l[i]).plugin)[e])&&((o=[t].concat(n||[])).push(a.options),!1===s.apply(r,o)))return!1;return!0},descriptors:function(t){var e=t.$plugins||(t.$plugins={});if(e.id===this._cacheId)return e.descriptors;var n=[],i=[],a=t&&t.config||{},r=a.options&&a.options.plugins||{};return this._plugins.concat(a.plugins||[]).forEach((function(t){if(-1===n.indexOf(t)){var e=t.id,a=r[e];!1!==a&&(!0===a&&(a=H.clone(N.global.plugins[e])),n.push(t),i.push({plugin:t,options:a||{}}))}})),e.descriptors=i,e.id=this._cacheId,i},_invalidate:function(t){delete t.$plugins}},Re={constructors:{},defaults:{},registerScaleType:function(t,e,n){this.constructors[t]=e,this.defaults[t]=H.clone(n)},getScaleConstructor:function(t){return this.constructors.hasOwnProperty(t)?this.constructors[t]:void 0},getScaleDefaults:function(t){return this.defaults.hasOwnProperty(t)?H.merge(Object.create(null),[N.scale,this.defaults[t]]):{}},updateScaleDefaults:function(t,e){this.defaults.hasOwnProperty(t)&&(this.defaults[t]=H.extend(this.defaults[t],e))},addScalesToLayout:function(t){H.each(t.scales,(function(e){e.fullWidth=e.options.fullWidth,e.position=e.options.position,e.weight=e.options.weight,pe.addBox(t,e)}))}},ze=H.valueOrDefault,Ne=H.rtl.getRtlAdapter;N._set("global",{tooltips:{enabled:!0,custom:null,mode:"nearest",position:"average",intersect:!0,backgroundColor:"rgba(0,0,0,0.8)",titleFontStyle:"bold",titleSpacing:2,titleMarginBottom:6,titleFontColor:"#fff",titleAlign:"left",bodySpacing:2,bodyFontColor:"#fff",bodyAlign:"left",footerFontStyle:"bold",footerSpacing:2,footerMarginTop:6,footerFontColor:"#fff",footerAlign:"left",yPadding:6,xPadding:6,caretPadding:2,caretSize:5,cornerRadius:6,multiKeyBackground:"#fff",displayColors:!0,borderColor:"rgba(0,0,0,0)",borderWidth:0,callbacks:{beforeTitle:H.noop,title:function(t,e){var n="",i=e.labels,a=i?i.length:0;if(t.length>0){var r=t[0];r.label?n=r.label:r.xLabel?n=r.xLabel:a>0&&r.index<a&&(n=i[r.index])}return n},afterTitle:H.noop,beforeBody:H.noop,beforeLabel:H.noop,label:function(t,e){var n=e.datasets[t.datasetIndex].label||"";return n&&(n+=": "),H.isNullOrUndef(t.value)?n+=t.yLabel:n+=t.value,n},labelColor:function(t,e){var n=e.getDatasetMeta(t.datasetIndex).data[t.index]._view;return{borderColor:n.borderColor,backgroundColor:n.backgroundColor}},labelTextColor:function(){return this._options.bodyFontColor},afterLabel:H.noop,afterBody:H.noop,beforeFooter:H.noop,footer:H.noop,afterFooter:H.noop}}});var Be={average:function(t){if(!t.length)return!1;var e,n,i=0,a=0,r=0;for(e=0,n=t.length;e<n;++e){var o=t[e];if(o&&o.hasValue()){var s=o.tooltipPosition();i+=s.x,a+=s.y,++r}}return{x:i/r,y:a/r}},nearest:function(t,e){var n,i,a,r=e.x,o=e.y,s=Number.POSITIVE_INFINITY;for(n=0,i=t.length;n<i;++n){var l=t[n];if(l&&l.hasValue()){var u=l.getCenterPoint(),d=H.distanceBetweenPoints(e,u);d<s&&(s=d,a=l)}}if(a){var h=a.tooltipPosition();r=h.x,o=h.y}return{x:r,y:o}}};function Ee(t,e){return e&&(H.isArray(e)?Array.prototype.push.apply(t,e):t.push(e)),t}function We(t){return("string"==typeof t||t instanceof String)&&t.indexOf("\n")>-1?t.split("\n"):t}function Ve(t){var e=N.global;return{xPadding:t.xPadding,yPadding:t.yPadding,xAlign:t.xAlign,yAlign:t.yAlign,rtl:t.rtl,textDirection:t.textDirection,bodyFontColor:t.bodyFontColor,_bodyFontFamily:ze(t.bodyFontFamily,e.defaultFontFamily),_bodyFontStyle:ze(t.bodyFontStyle,e.defaultFontStyle),_bodyAlign:t.bodyAlign,bodyFontSize:ze(t.bodyFontSize,e.defaultFontSize),bodySpacing:t.bodySpacing,titleFontColor:t.titleFontColor,_titleFontFamily:ze(t.titleFontFamily,e.defaultFontFamily),_titleFontStyle:ze(t.titleFontStyle,e.defaultFontStyle),titleFontSize:ze(t.titleFontSize,e.defaultFontSize),_titleAlign:t.titleAlign,titleSpacing:t.titleSpacing,titleMarginBottom:t.titleMarginBottom,footerFontColor:t.footerFontColor,_footerFontFamily:ze(t.footerFontFamily,e.defaultFontFamily),_footerFontStyle:ze(t.footerFontStyle,e.defaultFontStyle),footerFontSize:ze(t.footerFontSize,e.defaultFontSize),_footerAlign:t.footerAlign,footerSpacing:t.footerSpacing,footerMarginTop:t.footerMarginTop,caretSize:t.caretSize,cornerRadius:t.cornerRadius,backgroundColor:t.backgroundColor,opacity:0,legendColorBackground:t.multiKeyBackground,displayColors:t.displayColors,borderColor:t.borderColor,borderWidth:t.borderWidth}}function He(t,e){return"center"===e?t.x+t.width/2:"right"===e?t.x+t.width-t.xPadding:t.x+t.xPadding}function je(t){return Ee([],We(t))}var qe=K.extend({initialize:function(){this._model=Ve(this._options),this._lastActive=[]},getTitle:function(){var t=this,e=t._options,n=e.callbacks,i=n.beforeTitle.apply(t,arguments),a=n.title.apply(t,arguments),r=n.afterTitle.apply(t,arguments),o=[];return o=Ee(o,We(i)),o=Ee(o,We(a)),o=Ee(o,We(r))},getBeforeBody:function(){return je(this._options.callbacks.beforeBody.apply(this,arguments))},getBody:function(t,e){var n=this,i=n._options.callbacks,a=[];return H.each(t,(function(t){var r={before:[],lines:[],after:[]};Ee(r.before,We(i.beforeLabel.call(n,t,e))),Ee(r.lines,i.label.call(n,t,e)),Ee(r.after,We(i.afterLabel.call(n,t,e))),a.push(r)})),a},getAfterBody:function(){return je(this._options.callbacks.afterBody.apply(this,arguments))},getFooter:function(){var t=this,e=t._options.callbacks,n=e.beforeFooter.apply(t,arguments),i=e.footer.apply(t,arguments),a=e.afterFooter.apply(t,arguments),r=[];return r=Ee(r,We(n)),r=Ee(r,We(i)),r=Ee(r,We(a))},update:function(t){var e,n,i,a,r,o,s,l,u,d,h=this,c=h._options,f=h._model,g=h._model=Ve(c),p=h._active,m=h._data,v={xAlign:f.xAlign,yAlign:f.yAlign},b={x:f.x,y:f.y},x={width:f.width,height:f.height},y={x:f.caretX,y:f.caretY};if(p.length){g.opacity=1;var _=[],k=[];y=Be[c.position].call(h,p,h._eventPosition);var w=[];for(e=0,n=p.length;e<n;++e)w.push((i=p[e],a=void 0,r=void 0,o=void 0,s=void 0,l=void 0,u=void 0,d=void 0,a=i._xScale,r=i._yScale||i._scale,o=i._index,s=i._datasetIndex,l=i._chart.getDatasetMeta(s).controller,u=l._getIndexScale(),d=l._getValueScale(),{xLabel:a?a.getLabelForIndex(o,s):"",yLabel:r?r.getLabelForIndex(o,s):"",label:u?""+u.getLabelForIndex(o,s):"",value:d?""+d.getLabelForIndex(o,s):"",index:o,datasetIndex:s,x:i._model.x,y:i._model.y}));c.filter&&(w=w.filter((function(t){return c.filter(t,m)}))),c.itemSort&&(w=w.sort((function(t,e){return c.itemSort(t,e,m)}))),H.each(w,(function(t){_.push(c.callbacks.labelColor.call(h,t,h._chart)),k.push(c.callbacks.labelTextColor.call(h,t,h._chart))})),g.title=h.getTitle(w,m),g.beforeBody=h.getBeforeBody(w,m),g.body=h.getBody(w,m),g.afterBody=h.getAfterBody(w,m),g.footer=h.getFooter(w,m),g.x=y.x,g.y=y.y,g.caretPadding=c.caretPadding,g.labelColors=_,g.labelTextColors=k,g.dataPoints=w,x=function(t,e){var n=t._chart.ctx,i=2*e.yPadding,a=0,r=e.body,o=r.reduce((function(t,e){return t+e.before.length+e.lines.length+e.after.length}),0);o+=e.beforeBody.length+e.afterBody.length;var s=e.title.length,l=e.footer.length,u=e.titleFontSize,d=e.bodyFontSize,h=e.footerFontSize;i+=s*u,i+=s?(s-1)*e.titleSpacing:0,i+=s?e.titleMarginBottom:0,i+=o*d,i+=o?(o-1)*e.bodySpacing:0,i+=l?e.footerMarginTop:0,i+=l*h,i+=l?(l-1)*e.footerSpacing:0;var c=0,f=function(t){a=Math.max(a,n.measureText(t).width+c)};return n.font=H.fontString(u,e._titleFontStyle,e._titleFontFamily),H.each(e.title,f),n.font=H.fontString(d,e._bodyFontStyle,e._bodyFontFamily),H.each(e.beforeBody.concat(e.afterBody),f),c=e.displayColors?d+2:0,H.each(r,(function(t){H.each(t.before,f),H.each(t.lines,f),H.each(t.after,f)})),c=0,n.font=H.fontString(h,e._footerFontStyle,e._footerFontFamily),H.each(e.footer,f),{width:a+=2*e.xPadding,height:i}}(this,g),b=function(t,e,n,i){var a=t.x,r=t.y,o=t.caretSize,s=t.caretPadding,l=t.cornerRadius,u=n.xAlign,d=n.yAlign,h=o+s,c=l+s;return"right"===u?a-=e.width:"center"===u&&((a-=e.width/2)+e.width>i.width&&(a=i.width-e.width),a<0&&(a=0)),"top"===d?r+=h:r-="bottom"===d?e.height+h:e.height/2,"center"===d?"left"===u?a+=h:"right"===u&&(a-=h):"left"===u?a-=c:"right"===u&&(a+=c),{x:a,y:r}}(g,x,v=function(t,e){var n,i,a,r,o,s=t._model,l=t._chart,u=t._chart.chartArea,d="center",h="center";s.y<e.height?h="top":s.y>l.height-e.height&&(h="bottom");var c=(u.left+u.right)/2,f=(u.top+u.bottom)/2;"center"===h?(n=function(t){return t<=c},i=function(t){return t>c}):(n=function(t){return t<=e.width/2},i=function(t){return t>=l.width-e.width/2}),a=function(t){return t+e.width+s.caretSize+s.caretPadding>l.width},r=function(t){return t-e.width-s.caretSize-s.caretPadding<0},o=function(t){return t<=f?"top":"bottom"},n(s.x)?(d="left",a(s.x)&&(d="center",h=o(s.y))):i(s.x)&&(d="right",r(s.x)&&(d="center",h=o(s.y)));var g=t._options;return{xAlign:g.xAlign?g.xAlign:d,yAlign:g.yAlign?g.yAlign:h}}(this,x),h._chart)}else g.opacity=0;return g.xAlign=v.xAlign,g.yAlign=v.yAlign,g.x=b.x,g.y=b.y,g.width=x.width,g.height=x.height,g.caretX=y.x,g.caretY=y.y,h._model=g,t&&c.custom&&c.custom.call(h,g),h},drawCaret:function(t,e){var n=this._chart.ctx,i=this._view,a=this.getCaretPosition(t,e,i);n.lineTo(a.x1,a.y1),n.lineTo(a.x2,a.y2),n.lineTo(a.x3,a.y3)},getCaretPosition:function(t,e,n){var i,a,r,o,s,l,u=n.caretSize,d=n.cornerRadius,h=n.xAlign,c=n.yAlign,f=t.x,g=t.y,p=e.width,m=e.height;if("center"===c)s=g+m/2,"left"===h?(a=(i=f)-u,r=i,o=s+u,l=s-u):(a=(i=f+p)+u,r=i,o=s-u,l=s+u);else if("left"===h?(i=(a=f+d+u)-u,r=a+u):"right"===h?(i=(a=f+p-d-u)-u,r=a+u):(i=(a=n.caretX)-u,r=a+u),"top"===c)s=(o=g)-u,l=o;else{s=(o=g+m)+u,l=o;var v=r;r=i,i=v}return{x1:i,x2:a,x3:r,y1:o,y2:s,y3:l}},drawTitle:function(t,e,n){var i,a,r,o=e.title,s=o.length;if(s){var l=Ne(e.rtl,e.x,e.width);for(t.x=He(e,e._titleAlign),n.textAlign=l.textAlign(e._titleAlign),n.textBaseline="middle",i=e.titleFontSize,a=e.titleSpacing,n.fillStyle=e.titleFontColor,n.font=H.fontString(i,e._titleFontStyle,e._titleFontFamily),r=0;r<s;++r)n.fillText(o[r],l.x(t.x),t.y+i/2),t.y+=i+a,r+1===s&&(t.y+=e.titleMarginBottom-a)}},drawBody:function(t,e,n){var i,a,r,o,s,l,u,d,h=e.bodyFontSize,c=e.bodySpacing,f=e._bodyAlign,g=e.body,p=e.displayColors,m=0,v=p?He(e,"left"):0,b=Ne(e.rtl,e.x,e.width),x=function(e){n.fillText(e,b.x(t.x+m),t.y+h/2),t.y+=h+c},y=b.textAlign(f);for(n.textAlign=f,n.textBaseline="middle",n.font=H.fontString(h,e._bodyFontStyle,e._bodyFontFamily),t.x=He(e,y),n.fillStyle=e.bodyFontColor,H.each(e.beforeBody,x),m=p&&"right"!==y?"center"===f?h/2+1:h+2:0,s=0,u=g.length;s<u;++s){for(i=g[s],a=e.labelTextColors[s],r=e.labelColors[s],n.fillStyle=a,H.each(i.before,x),l=0,d=(o=i.lines).length;l<d;++l){if(p){var _=b.x(v);n.fillStyle=e.legendColorBackground,n.fillRect(b.leftForLtr(_,h),t.y,h,h),n.lineWidth=1,n.strokeStyle=r.borderColor,n.strokeRect(b.leftForLtr(_,h),t.y,h,h),n.fillStyle=r.backgroundColor,n.fillRect(b.leftForLtr(b.xPlus(_,1),h-2),t.y+1,h-2,h-2),n.fillStyle=a}x(o[l])}H.each(i.after,x)}m=0,H.each(e.afterBody,x),t.y-=c},drawFooter:function(t,e,n){var i,a,r=e.footer,o=r.length;if(o){var s=Ne(e.rtl,e.x,e.width);for(t.x=He(e,e._footerAlign),t.y+=e.footerMarginTop,n.textAlign=s.textAlign(e._footerAlign),n.textBaseline="middle",i=e.footerFontSize,n.fillStyle=e.footerFontColor,n.font=H.fontString(i,e._footerFontStyle,e._footerFontFamily),a=0;a<o;++a)n.fillText(r[a],s.x(t.x),t.y+i/2),t.y+=i+e.footerSpacing}},drawBackground:function(t,e,n,i){n.fillStyle=e.backgroundColor,n.strokeStyle=e.borderColor,n.lineWidth=e.borderWidth;var a=e.xAlign,r=e.yAlign,o=t.x,s=t.y,l=i.width,u=i.height,d=e.cornerRadius;n.beginPath(),n.moveTo(o+d,s),"top"===r&&this.drawCaret(t,i),n.lineTo(o+l-d,s),n.quadraticCurveTo(o+l,s,o+l,s+d),"center"===r&&"right"===a&&this.drawCaret(t,i),n.lineTo(o+l,s+u-d),n.quadraticCurveTo(o+l,s+u,o+l-d,s+u),"bottom"===r&&this.drawCaret(t,i),n.lineTo(o+d,s+u),n.quadraticCurveTo(o,s+u,o,s+u-d),"center"===r&&"left"===a&&this.drawCaret(t,i),n.lineTo(o,s+d),n.quadraticCurveTo(o,s,o+d,s),n.closePath(),n.fill(),e.borderWidth>0&&n.stroke()},draw:function(){var t=this._chart.ctx,e=this._view;if(0!==e.opacity){var n={width:e.width,height:e.height},i={x:e.x,y:e.y},a=Math.abs(e.opacity<.001)?0:e.opacity,r=e.title.length||e.beforeBody.length||e.body.length||e.afterBody.length||e.footer.length;this._options.enabled&&r&&(t.save(),t.globalAlpha=a,this.drawBackground(i,e,t,n),i.y+=e.yPadding,H.rtl.overrideTextDirection(t,e.textDirection),this.drawTitle(i,e,t),this.drawBody(i,e,t),this.drawFooter(i,e,t),H.rtl.restoreTextDirection(t,e.textDirection),t.restore())}},handleEvent:function(t){var e,n=this,i=n._options;return n._lastActive=n._lastActive||[],"mouseout"===t.type?n._active=[]:(n._active=n._chart.getElementsAtEventForMode(t,i.mode,i),i.reverse&&n._active.reverse()),(e=!H.arrayEquals(n._active,n._lastActive))&&(n._lastActive=n._active,(i.enabled||i.custom)&&(n._eventPosition={x:t.x,y:t.y},n.update(!0),n.pivot())),e}}),Ue=Be,Ye=qe;Ye.positioners=Ue;var Ge=H.valueOrDefault;function Xe(){return H.merge(Object.create(null),[].slice.call(arguments),{merger:function(t,e,n,i){if("xAxes"===t||"yAxes"===t){var a,r,o,s=n[t].length;for(e[t]||(e[t]=[]),a=0;a<s;++a)o=n[t][a],r=Ge(o.type,"xAxes"===t?"category":"linear"),a>=e[t].length&&e[t].push({}),!e[t][a].type||o.type&&o.type!==e[t][a].type?H.merge(e[t][a],[Re.getScaleDefaults(r),o]):H.merge(e[t][a],o)}else H._merger(t,e,n,i)}})}function Ke(){return H.merge(Object.create(null),[].slice.call(arguments),{merger:function(t,e,n,i){var a=e[t]||Object.create(null),r=n[t];"scales"===t?e[t]=Xe(a,r):"scale"===t?e[t]=H.merge(a,[Re.getScaleDefaults(r.type),r]):H._merger(t,e,n,i)}})}function Ze(t){var e=t.options;H.each(t.scales,(function(e){pe.removeBox(t,e)})),e=Ke(N.global,N[t.config.type],e),t.options=t.config.options=e,t.ensureScalesHaveIDs(),t.buildOrUpdateScales(),t.tooltip._options=e.tooltips,t.tooltip.initialize()}function $e(t,e,n){var i,a=function(t){return t.id===i};do{i=e+n++}while(H.findIndex(t,a)>=0);return i}function Je(t){return"top"===t||"bottom"===t}function Qe(t,e){return function(n,i){return n[t]===i[t]?n[e]-i[e]:n[t]-i[t]}}N._set("global",{elements:{},events:["mousemove","mouseout","click","touchstart","touchmove"],hover:{onHover:null,mode:"nearest",intersect:!0,animationDuration:400},onClick:null,maintainAspectRatio:!0,responsive:!0,responsiveAnimationDuration:0});var tn=function(t,e){return this.construct(t,e),this};H.extend(tn.prototype,{construct:function(t,e){var n=this;e=function(t){var e=(t=t||Object.create(null)).data=t.data||{};return e.datasets=e.datasets||[],e.labels=e.labels||[],t.options=Ke(N.global,N[t.type],t.options||{}),t}(e);var i=Oe.acquireContext(t,e),a=i&&i.canvas,r=a&&a.height,o=a&&a.width;n.id=H.uid(),n.ctx=i,n.canvas=a,n.config=e,n.width=o,n.height=r,n.aspectRatio=r?o/r:null,n.options=e.options,n._bufferedRender=!1,n._layers=[],n.chart=n,n.controller=n,tn.instances[n.id]=n,Object.defineProperty(n,"data",{get:function(){return n.config.data},set:function(t){n.config.data=t}}),i&&a?(n.initialize(),n.update()):console.error("Failed to create chart: can't acquire context from the given item")},initialize:function(){var t=this;return Le.notify(t,"beforeInit"),H.retinaScale(t,t.options.devicePixelRatio),t.bindEvents(),t.options.responsive&&t.resize(!0),t.initToolTip(),Le.notify(t,"afterInit"),t},clear:function(){return H.canvas.clear(this),this},stop:function(){return J.cancelAnimation(this),this},resize:function(t){var e=this,n=e.options,i=e.canvas,a=n.maintainAspectRatio&&e.aspectRatio||null,r=Math.max(0,Math.floor(H.getMaximumWidth(i))),o=Math.max(0,Math.floor(a?r/a:H.getMaximumHeight(i)));if((e.width!==r||e.height!==o)&&(i.width=e.width=r,i.height=e.height=o,i.style.width=r+"px",i.style.height=o+"px",H.retinaScale(e,n.devicePixelRatio),!t)){var s={width:r,height:o};Le.notify(e,"resize",[s]),n.onResize&&n.onResize(e,s),e.stop(),e.update({duration:n.responsiveAnimationDuration})}},ensureScalesHaveIDs:function(){var t=this.options,e=t.scales||{},n=t.scale;H.each(e.xAxes,(function(t,n){t.id||(t.id=$e(e.xAxes,"x-axis-",n))})),H.each(e.yAxes,(function(t,n){t.id||(t.id=$e(e.yAxes,"y-axis-",n))})),n&&(n.id=n.id||"scale")},buildOrUpdateScales:function(){var t=this,e=t.options,n=t.scales||{},i=[],a=Object.keys(n).reduce((function(t,e){return t[e]=!1,t}),{});e.scales&&(i=i.concat((e.scales.xAxes||[]).map((function(t){return{options:t,dtype:"category",dposition:"bottom"}})),(e.scales.yAxes||[]).map((function(t){return{options:t,dtype:"linear",dposition:"left"}})))),e.scale&&i.push({options:e.scale,dtype:"radialLinear",isDefault:!0,dposition:"chartArea"}),H.each(i,(function(e){var i=e.options,r=i.id,o=Ge(i.type,e.dtype);Je(i.position)!==Je(e.dposition)&&(i.position=e.dposition),a[r]=!0;var s=null;if(r in n&&n[r].type===o)(s=n[r]).options=i,s.ctx=t.ctx,s.chart=t;else{var l=Re.getScaleConstructor(o);if(!l)return;s=new l({id:r,type:o,options:i,ctx:t.ctx,chart:t}),n[s.id]=s}s.mergeTicksOptions(),e.isDefault&&(t.scale=s)})),H.each(a,(function(t,e){t||delete n[e]})),t.scales=n,Re.addScalesToLayout(this)},buildOrUpdateControllers:function(){var t,e,n=this,i=[],a=n.data.datasets;for(t=0,e=a.length;t<e;t++){var r=a[t],o=n.getDatasetMeta(t),s=r.type||n.config.type;if(o.type&&o.type!==s&&(n.destroyDatasetMeta(t),o=n.getDatasetMeta(t)),o.type=s,o.order=r.order||0,o.index=t,o.controller)o.controller.updateIndex(t),o.controller.linkScales();else{var l=Jt[o.type];if(void 0===l)throw new Error('"'+o.type+'" is not a chart type.');o.controller=new l(n,t),i.push(o.controller)}}return i},resetElements:function(){var t=this;H.each(t.data.datasets,(function(e,n){t.getDatasetMeta(n).controller.reset()}),t)},reset:function(){this.resetElements(),this.tooltip.initialize()},update:function(t){var e,n,i=this;if(t&&"object"==typeof t||(t={duration:t,lazy:arguments[1]}),Ze(i),Le._invalidate(i),!1!==Le.notify(i,"beforeUpdate")){i.tooltip._data=i.data;var a=i.buildOrUpdateControllers();for(e=0,n=i.data.datasets.length;e<n;e++)i.getDatasetMeta(e).controller.buildOrUpdateElements();i.updateLayout(),i.options.animation&&i.options.animation.duration&&H.each(a,(function(t){t.reset()})),i.updateDatasets(),i.tooltip.initialize(),i.lastActive=[],Le.notify(i,"afterUpdate"),i._layers.sort(Qe("z","_idx")),i._bufferedRender?i._bufferedRequest={duration:t.duration,easing:t.easing,lazy:t.lazy}:i.render(t)}},updateLayout:function(){var t=this;!1!==Le.notify(t,"beforeLayout")&&(pe.update(this,this.width,this.height),t._layers=[],H.each(t.boxes,(function(e){e._configure&&e._configure(),t._layers.push.apply(t._layers,e._layers())}),t),t._layers.forEach((function(t,e){t._idx=e})),Le.notify(t,"afterScaleUpdate"),Le.notify(t,"afterLayout"))},updateDatasets:function(){if(!1!==Le.notify(this,"beforeDatasetsUpdate")){for(var t=0,e=this.data.datasets.length;t<e;++t)this.updateDataset(t);Le.notify(this,"afterDatasetsUpdate")}},updateDataset:function(t){var e=this.getDatasetMeta(t),n={meta:e,index:t};!1!==Le.notify(this,"beforeDatasetUpdate",[n])&&(e.controller._update(),Le.notify(this,"afterDatasetUpdate",[n]))},render:function(t){var e=this;t&&"object"==typeof t||(t={duration:t,lazy:arguments[1]});var n=e.options.animation,i=Ge(t.duration,n&&n.duration),a=t.lazy;if(!1!==Le.notify(e,"beforeRender")){var r=function(t){Le.notify(e,"afterRender"),H.callback(n&&n.onComplete,[t],e)};if(n&&i){var o=new $({numSteps:i/16.66,easing:t.easing||n.easing,render:function(t,e){var n=H.easing.effects[e.easing],i=e.currentStep,a=i/e.numSteps;t.draw(n(a),a,i)},onAnimationProgress:n.onProgress,onAnimationComplete:r});J.addAnimation(e,o,i,a)}else e.draw(),r(new $({numSteps:0,chart:e}));return e}},draw:function(t){var e,n,i=this;if(i.clear(),H.isNullOrUndef(t)&&(t=1),i.transition(t),!(i.width<=0||i.height<=0)&&!1!==Le.notify(i,"beforeDraw",[t])){for(n=i._layers,e=0;e<n.length&&n[e].z<=0;++e)n[e].draw(i.chartArea);for(i.drawDatasets(t);e<n.length;++e)n[e].draw(i.chartArea);i._drawTooltip(t),Le.notify(i,"afterDraw",[t])}},transition:function(t){for(var e=0,n=(this.data.datasets||[]).length;e<n;++e)this.isDatasetVisible(e)&&this.getDatasetMeta(e).controller.transition(t);this.tooltip.transition(t)},_getSortedDatasetMetas:function(t){var e,n,i=[];for(e=0,n=(this.data.datasets||[]).length;e<n;++e)t&&!this.isDatasetVisible(e)||i.push(this.getDatasetMeta(e));return i.sort(Qe("order","index")),i},_getSortedVisibleDatasetMetas:function(){return this._getSortedDatasetMetas(!0)},drawDatasets:function(t){var e,n;if(!1!==Le.notify(this,"beforeDatasetsDraw",[t])){for(n=(e=this._getSortedVisibleDatasetMetas()).length-1;n>=0;--n)this.drawDataset(e[n],t);Le.notify(this,"afterDatasetsDraw",[t])}},drawDataset:function(t,e){var n={meta:t,index:t.index,easingValue:e};!1!==Le.notify(this,"beforeDatasetDraw",[n])&&(t.controller.draw(e),Le.notify(this,"afterDatasetDraw",[n]))},_drawTooltip:function(t){var e=this.tooltip,n={tooltip:e,easingValue:t};!1!==Le.notify(this,"beforeTooltipDraw",[n])&&(e.draw(),Le.notify(this,"afterTooltipDraw",[n]))},getElementAtEvent:function(t){return re.modes.single(this,t)},getElementsAtEvent:function(t){return re.modes.label(this,t,{intersect:!0})},getElementsAtXAxis:function(t){return re.modes["x-axis"](this,t,{intersect:!0})},getElementsAtEventForMode:function(t,e,n){var i=re.modes[e];return"function"==typeof i?i(this,t,n):[]},getDatasetAtEvent:function(t){return re.modes.dataset(this,t,{intersect:!0})},getDatasetMeta:function(t){var e=this.data.datasets[t];e._meta||(e._meta={});var n=e._meta[this.id];return n||(n=e._meta[this.id]={type:null,data:[],dataset:null,controller:null,hidden:null,xAxisID:null,yAxisID:null,order:e.order||0,index:t}),n},getVisibleDatasetCount:function(){for(var t=0,e=0,n=this.data.datasets.length;e<n;++e)this.isDatasetVisible(e)&&t++;return t},isDatasetVisible:function(t){var e=this.getDatasetMeta(t);return"boolean"==typeof e.hidden?!e.hidden:!this.data.datasets[t].hidden},generateLegend:function(){return this.options.legendCallback(this)},destroyDatasetMeta:function(t){var e=this.id,n=this.data.datasets[t],i=n._meta&&n._meta[e];i&&(i.controller.destroy(),delete n._meta[e])},destroy:function(){var t,e,n=this,i=n.canvas;for(n.stop(),t=0,e=n.data.datasets.length;t<e;++t)n.destroyDatasetMeta(t);i&&(n.unbindEvents(),H.canvas.clear(n),Oe.releaseContext(n.ctx),n.canvas=null,n.ctx=null),Le.notify(n,"destroy"),delete tn.instances[n.id]},toBase64Image:function(){return this.canvas.toDataURL.apply(this.canvas,arguments)},initToolTip:function(){var t=this;t.tooltip=new Ye({_chart:t,_chartInstance:t,_data:t.data,_options:t.options.tooltips},t)},bindEvents:function(){var t=this,e=t._listeners={},n=function(){t.eventHandler.apply(t,arguments)};H.each(t.options.events,(function(i){Oe.addEventListener(t,i,n),e[i]=n})),t.options.responsive&&(n=function(){t.resize()},Oe.addEventListener(t,"resize",n),e.resize=n)},unbindEvents:function(){var t=this,e=t._listeners;e&&(delete t._listeners,H.each(e,(function(e,n){Oe.removeEventListener(t,n,e)})))},updateHoverStyle:function(t,e,n){var i,a,r,o=n?"set":"remove";for(a=0,r=t.length;a<r;++a)(i=t[a])&&this.getDatasetMeta(i._datasetIndex).controller[o+"HoverStyle"](i);"dataset"===e&&this.getDatasetMeta(t[0]._datasetIndex).controller["_"+o+"DatasetHoverStyle"]()},eventHandler:function(t){var e=this,n=e.tooltip;if(!1!==Le.notify(e,"beforeEvent",[t])){e._bufferedRender=!0,e._bufferedRequest=null;var i=e.handleEvent(t);n&&(i=n._start?n.handleEvent(t):i|n.handleEvent(t)),Le.notify(e,"afterEvent",[t]);var a=e._bufferedRequest;return a?e.render(a):i&&!e.animating&&(e.stop(),e.render({duration:e.options.hover.animationDuration,lazy:!0})),e._bufferedRender=!1,e._bufferedRequest=null,e}},handleEvent:function(t){var e,n=this,i=n.options||{},a=i.hover;return n.lastActive=n.lastActive||[],"mouseout"===t.type?n.active=[]:n.active=n.getElementsAtEventForMode(t,a.mode,a),H.callback(i.onHover||i.hover.onHover,[t.native,n.active],n),"mouseup"!==t.type&&"click"!==t.type||i.onClick&&i.onClick.call(n,t.native,n.active),n.lastActive.length&&n.updateHoverStyle(n.lastActive,a.mode,!1),n.active.length&&a.mode&&n.updateHoverStyle(n.active,a.mode,!0),e=!H.arrayEquals(n.active,n.lastActive),n.lastActive=n.active,e}}),tn.instances={};var en=tn;tn.Controller=tn,tn.types={},H.configMerge=Ke,H.scaleMerge=Xe;function nn(){throw new Error("This method is not implemented: either no adapter can be found or an incomplete integration was provided.")}function an(t){this.options=t||{}}H.extend(an.prototype,{formats:nn,parse:nn,format:nn,add:nn,diff:nn,startOf:nn,endOf:nn,_create:function(t){return t}}),an.override=function(t){H.extend(an.prototype,t)};var rn={_date:an},on={formatters:{values:function(t){return H.isArray(t)?t:""+t},linear:function(t,e,n){var i=n.length>3?n[2]-n[1]:n[1]-n[0];Math.abs(i)>1&&t!==Math.floor(t)&&(i=t-Math.floor(t));var a=H.log10(Math.abs(i)),r="";if(0!==t)if(Math.max(Math.abs(n[0]),Math.abs(n[n.length-1]))<1e-4){var o=H.log10(Math.abs(t)),s=Math.floor(o)-Math.floor(a);s=Math.max(Math.min(s,20),0),r=t.toExponential(s)}else{var l=-1*Math.floor(a);l=Math.max(Math.min(l,20),0),r=t.toFixed(l)}else r="0";return r},logarithmic:function(t,e,n){var i=t/Math.pow(10,Math.floor(H.log10(t)));return 0===t?"0":1===i||2===i||5===i||0===e||e===n.length-1?t.toExponential():""}}},sn=H.isArray,ln=H.isNullOrUndef,un=H.valueOrDefault,dn=H.valueAtIndexOrDefault;function hn(t,e,n){var i,a=t.getTicks().length,r=Math.min(e,a-1),o=t.getPixelForTick(r),s=t._startPixel,l=t._endPixel;if(!(n&&(i=1===a?Math.max(o-s,l-o):0===e?(t.getPixelForTick(1)-o)/2:(o-t.getPixelForTick(r-1))/2,(o+=r<e?i:-i)<s-1e-6||o>l+1e-6)))return o}function cn(t,e,n,i){var a,r,o,s,l,u,d,h,c,f,g,p,m,v=n.length,b=[],x=[],y=[],_=0,k=0;for(a=0;a<v;++a){if(s=n[a].label,l=n[a].major?e.major:e.minor,t.font=u=l.string,d=i[u]=i[u]||{data:{},gc:[]},h=l.lineHeight,c=f=0,ln(s)||sn(s)){if(sn(s))for(r=0,o=s.length;r<o;++r)g=s[r],ln(g)||sn(g)||(c=H.measureText(t,d.data,d.gc,c,g),f+=h)}else c=H.measureText(t,d.data,d.gc,c,s),f=h;b.push(c),x.push(f),y.push(h/2),_=Math.max(c,_),k=Math.max(f,k)}function w(t){return{width:b[t]||0,height:x[t]||0,offset:y[t]||0}}return function(t,e){H.each(t,(function(t){var n,i=t.gc,a=i.length/2;if(a>e){for(n=0;n<a;++n)delete t.data[i[n]];i.splice(0,a)}}))}(i,v),p=b.indexOf(_),m=x.indexOf(k),{first:w(0),last:w(v-1),widest:w(p),highest:w(m)}}function fn(t){return t.drawTicks?t.tickMarkLength:0}function gn(t){var e,n;return t.display?(e=H.options._parseFont(t),n=H.options.toPadding(t.padding),e.lineHeight+n.height):0}function pn(t,e){return H.extend(H.options._parseFont({fontFamily:un(e.fontFamily,t.fontFamily),fontSize:un(e.fontSize,t.fontSize),fontStyle:un(e.fontStyle,t.fontStyle),lineHeight:un(e.lineHeight,t.lineHeight)}),{color:H.options.resolve([e.fontColor,t.fontColor,N.global.defaultFontColor])})}function mn(t){var e=pn(t,t.minor);return{minor:e,major:t.major.enabled?pn(t,t.major):e}}function vn(t){var e,n,i,a=[];for(n=0,i=t.length;n<i;++n)void 0!==(e=t[n])._index&&a.push(e);return a}function bn(t,e,n,i){var a,r,o,s,l=un(n,0),u=Math.min(un(i,t.length),t.length),d=0;for(e=Math.ceil(e),i&&(e=(a=i-n)/Math.floor(a/e)),s=l;s<0;)d++,s=Math.round(l+d*e);for(r=Math.max(l,0);r<u;r++)o=t[r],r===s?(o._index=r,d++,s=Math.round(l+d*e)):delete o.label}N._set("scale",{display:!0,position:"left",offset:!1,gridLines:{display:!0,color:"rgba(0,0,0,0.1)",lineWidth:1,drawBorder:!0,drawOnChartArea:!0,drawTicks:!0,tickMarkLength:10,zeroLineWidth:1,zeroLineColor:"rgba(0,0,0,0.25)",zeroLineBorderDash:[],zeroLineBorderDashOffset:0,offsetGridLines:!1,borderDash:[],borderDashOffset:0},scaleLabel:{display:!1,labelString:"",padding:{top:4,bottom:4}},ticks:{beginAtZero:!1,minRotation:0,maxRotation:50,mirror:!1,padding:0,reverse:!1,display:!0,autoSkip:!0,autoSkipPadding:0,labelOffset:0,callback:on.formatters.values,minor:{},major:{}}});var xn=K.extend({zeroLineIndex:0,getPadding:function(){return{left:this.paddingLeft||0,top:this.paddingTop||0,right:this.paddingRight||0,bottom:this.paddingBottom||0}},getTicks:function(){return this._ticks},_getLabels:function(){var t=this.chart.data;return this.options.labels||(this.isHorizontal()?t.xLabels:t.yLabels)||t.labels||[]},mergeTicksOptions:function(){},beforeUpdate:function(){H.callback(this.options.beforeUpdate,[this])},update:function(t,e,n){var i,a,r,o,s,l=this,u=l.options.ticks,d=u.sampleSize;if(l.beforeUpdate(),l.maxWidth=t,l.maxHeight=e,l.margins=H.extend({left:0,right:0,top:0,bottom:0},n),l._ticks=null,l.ticks=null,l._labelSizes=null,l._maxLabelLines=0,l.longestLabelWidth=0,l.longestTextCache=l.longestTextCache||{},l._gridLineItems=null,l._labelItems=null,l.beforeSetDimensions(),l.setDimensions(),l.afterSetDimensions(),l.beforeDataLimits(),l.determineDataLimits(),l.afterDataLimits(),l.beforeBuildTicks(),o=l.buildTicks()||[],(!(o=l.afterBuildTicks(o)||o)||!o.length)&&l.ticks)for(o=[],i=0,a=l.ticks.length;i<a;++i)o.push({value:l.ticks[i],major:!1});return l._ticks=o,s=d<o.length,r=l._convertTicksToLabels(s?function(t,e){for(var n=[],i=t.length/e,a=0,r=t.length;a<r;a+=i)n.push(t[Math.floor(a)]);return n}(o,d):o),l._configure(),l.beforeCalculateTickRotation(),l.calculateTickRotation(),l.afterCalculateTickRotation(),l.beforeFit(),l.fit(),l.afterFit(),l._ticksToDraw=u.display&&(u.autoSkip||"auto"===u.source)?l._autoSkip(o):o,s&&(r=l._convertTicksToLabels(l._ticksToDraw)),l.ticks=r,l.afterUpdate(),l.minSize},_configure:function(){var t,e,n=this,i=n.options.ticks.reverse;n.isHorizontal()?(t=n.left,e=n.right):(t=n.top,e=n.bottom,i=!i),n._startPixel=t,n._endPixel=e,n._reversePixels=i,n._length=e-t},afterUpdate:function(){H.callback(this.options.afterUpdate,[this])},beforeSetDimensions:function(){H.callback(this.options.beforeSetDimensions,[this])},setDimensions:function(){var t=this;t.isHorizontal()?(t.width=t.maxWidth,t.left=0,t.right=t.width):(t.height=t.maxHeight,t.top=0,t.bottom=t.height),t.paddingLeft=0,t.paddingTop=0,t.paddingRight=0,t.paddingBottom=0},afterSetDimensions:function(){H.callback(this.options.afterSetDimensions,[this])},beforeDataLimits:function(){H.callback(this.options.beforeDataLimits,[this])},determineDataLimits:H.noop,afterDataLimits:function(){H.callback(this.options.afterDataLimits,[this])},beforeBuildTicks:function(){H.callback(this.options.beforeBuildTicks,[this])},buildTicks:H.noop,afterBuildTicks:function(t){var e=this;return sn(t)&&t.length?H.callback(e.options.afterBuildTicks,[e,t]):(e.ticks=H.callback(e.options.afterBuildTicks,[e,e.ticks])||e.ticks,t)},beforeTickToLabelConversion:function(){H.callback(this.options.beforeTickToLabelConversion,[this])},convertTicksToLabels:function(){var t=this.options.ticks;this.ticks=this.ticks.map(t.userCallback||t.callback,this)},afterTickToLabelConversion:function(){H.callback(this.options.afterTickToLabelConversion,[this])},beforeCalculateTickRotation:function(){H.callback(this.options.beforeCalculateTickRotation,[this])},calculateTickRotation:function(){var t,e,n,i,a,r,o,s=this,l=s.options,u=l.ticks,d=s.getTicks().length,h=u.minRotation||0,c=u.maxRotation,f=h;!s._isVisible()||!u.display||h>=c||d<=1||!s.isHorizontal()?s.labelRotation=h:(e=(t=s._getLabelSizes()).widest.width,n=t.highest.height-t.highest.offset,i=Math.min(s.maxWidth,s.chart.width-e),e+6>(a=l.offset?s.maxWidth/d:i/(d-1))&&(a=i/(d-(l.offset?.5:1)),r=s.maxHeight-fn(l.gridLines)-u.padding-gn(l.scaleLabel),o=Math.sqrt(e*e+n*n),f=H.toDegrees(Math.min(Math.asin(Math.min((t.highest.height+6)/a,1)),Math.asin(Math.min(r/o,1))-Math.asin(n/o))),f=Math.max(h,Math.min(c,f))),s.labelRotation=f)},afterCalculateTickRotation:function(){H.callback(this.options.afterCalculateTickRotation,[this])},beforeFit:function(){H.callback(this.options.beforeFit,[this])},fit:function(){var t=this,e=t.minSize={width:0,height:0},n=t.chart,i=t.options,a=i.ticks,r=i.scaleLabel,o=i.gridLines,s=t._isVisible(),l="bottom"===i.position,u=t.isHorizontal();if(u?e.width=t.maxWidth:s&&(e.width=fn(o)+gn(r)),u?s&&(e.height=fn(o)+gn(r)):e.height=t.maxHeight,a.display&&s){var d=mn(a),h=t._getLabelSizes(),c=h.first,f=h.last,g=h.widest,p=h.highest,m=.4*d.minor.lineHeight,v=a.padding;if(u){var b=0!==t.labelRotation,x=H.toRadians(t.labelRotation),y=Math.cos(x),_=Math.sin(x),k=_*g.width+y*(p.height-(b?p.offset:0))+(b?0:m);e.height=Math.min(t.maxHeight,e.height+k+v);var w,M,S=t.getPixelForTick(0)-t.left,C=t.right-t.getPixelForTick(t.getTicks().length-1);b?(w=l?y*c.width+_*c.offset:_*(c.height-c.offset),M=l?_*(f.height-f.offset):y*f.width+_*f.offset):(w=c.width/2,M=f.width/2),t.paddingLeft=Math.max((w-S)*t.width/(t.width-S),0)+3,t.paddingRight=Math.max((M-C)*t.width/(t.width-C),0)+3}else{var P=a.mirror?0:g.width+v+m;e.width=Math.min(t.maxWidth,e.width+P),t.paddingTop=c.height/2,t.paddingBottom=f.height/2}}t.handleMargins(),u?(t.width=t._length=n.width-t.margins.left-t.margins.right,t.height=e.height):(t.width=e.width,t.height=t._length=n.height-t.margins.top-t.margins.bottom)},handleMargins:function(){var t=this;t.margins&&(t.margins.left=Math.max(t.paddingLeft,t.margins.left),t.margins.top=Math.max(t.paddingTop,t.margins.top),t.margins.right=Math.max(t.paddingRight,t.margins.right),t.margins.bottom=Math.max(t.paddingBottom,t.margins.bottom))},afterFit:function(){H.callback(this.options.afterFit,[this])},isHorizontal:function(){var t=this.options.position;return"top"===t||"bottom"===t},isFullWidth:function(){return this.options.fullWidth},getRightValue:function(t){if(ln(t))return NaN;if(("number"==typeof t||t instanceof Number)&&!isFinite(t))return NaN;if(t)if(this.isHorizontal()){if(void 0!==t.x)return this.getRightValue(t.x)}else if(void 0!==t.y)return this.getRightValue(t.y);return t},_convertTicksToLabels:function(t){var e,n,i,a=this;for(a.ticks=t.map((function(t){return t.value})),a.beforeTickToLabelConversion(),e=a.convertTicksToLabels(t)||a.ticks,a.afterTickToLabelConversion(),n=0,i=t.length;n<i;++n)t[n].label=e[n];return e},_getLabelSizes:function(){var t=this,e=t._labelSizes;return e||(t._labelSizes=e=cn(t.ctx,mn(t.options.ticks),t.getTicks(),t.longestTextCache),t.longestLabelWidth=e.widest.width),e},_parseValue:function(t){var e,n,i,a;return sn(t)?(e=+this.getRightValue(t[0]),n=+this.getRightValue(t[1]),i=Math.min(e,n),a=Math.max(e,n)):(e=void 0,n=t=+this.getRightValue(t),i=t,a=t),{min:i,max:a,start:e,end:n}},_getScaleLabel:function(t){var e=this._parseValue(t);return void 0!==e.start?"["+e.start+", "+e.end+"]":+this.getRightValue(t)},getLabelForIndex:H.noop,getPixelForValue:H.noop,getValueForPixel:H.noop,getPixelForTick:function(t){var e=this.options.offset,n=this._ticks.length,i=1/Math.max(n-(e?0:1),1);return t<0||t>n-1?null:this.getPixelForDecimal(t*i+(e?i/2:0))},getPixelForDecimal:function(t){return this._reversePixels&&(t=1-t),this._startPixel+t*this._length},getDecimalForPixel:function(t){var e=(t-this._startPixel)/this._length;return this._reversePixels?1-e:e},getBasePixel:function(){return this.getPixelForValue(this.getBaseValue())},getBaseValue:function(){var t=this.min,e=this.max;return this.beginAtZero?0:t<0&&e<0?e:t>0&&e>0?t:0},_autoSkip:function(t){var e,n,i,a,r=this.options.ticks,o=this._length,s=r.maxTicksLimit||o/this._tickSize()+1,l=r.major.enabled?function(t){var e,n,i=[];for(e=0,n=t.length;e<n;e++)t[e].major&&i.push(e);return i}(t):[],u=l.length,d=l[0],h=l[u-1];if(u>s)return function(t,e,n){var i,a,r=0,o=e[0];for(n=Math.ceil(n),i=0;i<t.length;i++)a=t[i],i===o?(a._index=i,o=e[++r*n]):delete a.label}(t,l,u/s),vn(t);if(i=function(t,e,n,i){var a,r,o,s,l=function(t){var e,n,i=t.length;if(i<2)return!1;for(n=t[0],e=1;e<i;++e)if(t[e]-t[e-1]!==n)return!1;return n}(t),u=(e.length-1)/i;if(!l)return Math.max(u,1);for(o=0,s=(a=H.math._factorize(l)).length-1;o<s;o++)if((r=a[o])>u)return r;return Math.max(u,1)}(l,t,0,s),u>0){for(e=0,n=u-1;e<n;e++)bn(t,i,l[e],l[e+1]);return a=u>1?(h-d)/(u-1):null,bn(t,i,H.isNullOrUndef(a)?0:d-a,d),bn(t,i,h,H.isNullOrUndef(a)?t.length:h+a),vn(t)}return bn(t,i),vn(t)},_tickSize:function(){var t=this.options.ticks,e=H.toRadians(this.labelRotation),n=Math.abs(Math.cos(e)),i=Math.abs(Math.sin(e)),a=this._getLabelSizes(),r=t.autoSkipPadding||0,o=a?a.widest.width+r:0,s=a?a.highest.height+r:0;return this.isHorizontal()?s*n>o*i?o/n:s/i:s*i<o*n?s/n:o/i},_isVisible:function(){var t,e,n,i=this.chart,a=this.options.display;if("auto"!==a)return!!a;for(t=0,e=i.data.datasets.length;t<e;++t)if(i.isDatasetVisible(t)&&((n=i.getDatasetMeta(t)).xAxisID===this.id||n.yAxisID===this.id))return!0;return!1},_computeGridLineItems:function(t){var e,n,i,a,r,o,s,l,u,d,h,c,f,g,p,m,v,b=this,x=b.chart,y=b.options,_=y.gridLines,k=y.position,w=_.offsetGridLines,M=b.isHorizontal(),S=b._ticksToDraw,C=S.length+(w?1:0),P=fn(_),A=[],D=_.drawBorder?dn(_.lineWidth,0,0):0,T=D/2,I=H._alignPixel,F=function(t){return I(x,t,D)};for("top"===k?(e=F(b.bottom),s=b.bottom-P,u=e-T,h=F(t.top)+T,f=t.bottom):"bottom"===k?(e=F(b.top),h=t.top,f=F(t.bottom)-T,s=e+T,u=b.top+P):"left"===k?(e=F(b.right),o=b.right-P,l=e-T,d=F(t.left)+T,c=t.right):(e=F(b.left),d=t.left,c=F(t.right)-T,o=e+T,l=b.left+P),n=0;n<C;++n)i=S[n]||{},ln(i.label)&&n<S.length||(n===b.zeroLineIndex&&y.offset===w?(g=_.zeroLineWidth,p=_.zeroLineColor,m=_.zeroLineBorderDash||[],v=_.zeroLineBorderDashOffset||0):(g=dn(_.lineWidth,n,1),p=dn(_.color,n,"rgba(0,0,0,0.1)"),m=_.borderDash||[],v=_.borderDashOffset||0),void 0!==(a=hn(b,i._index||n,w))&&(r=I(x,a,g),M?o=l=d=c=r:s=u=h=f=r,A.push({tx1:o,ty1:s,tx2:l,ty2:u,x1:d,y1:h,x2:c,y2:f,width:g,color:p,borderDash:m,borderDashOffset:v})));return A.ticksLength=C,A.borderValue=e,A},_computeLabelItems:function(){var t,e,n,i,a,r,o,s,l,u,d,h,c=this,f=c.options,g=f.ticks,p=f.position,m=g.mirror,v=c.isHorizontal(),b=c._ticksToDraw,x=mn(g),y=g.padding,_=fn(f.gridLines),k=-H.toRadians(c.labelRotation),w=[];for("top"===p?(r=c.bottom-_-y,o=k?"left":"center"):"bottom"===p?(r=c.top+_+y,o=k?"right":"center"):"left"===p?(a=c.right-(m?0:_)-y,o=m?"left":"right"):(a=c.left+(m?0:_)+y,o=m?"right":"left"),t=0,e=b.length;t<e;++t)i=(n=b[t]).label,ln(i)||(s=c.getPixelForTick(n._index||t)+g.labelOffset,u=(l=n.major?x.major:x.minor).lineHeight,d=sn(i)?i.length:1,v?(a=s,h="top"===p?((k?1:.5)-d)*u:(k?0:.5)*u):(r=s,h=(1-d)*u/2),w.push({x:a,y:r,rotation:k,label:i,font:l,textOffset:h,textAlign:o}));return w},_drawGrid:function(t){var e=this,n=e.options.gridLines;if(n.display){var i,a,r,o,s,l=e.ctx,u=e.chart,d=H._alignPixel,h=n.drawBorder?dn(n.lineWidth,0,0):0,c=e._gridLineItems||(e._gridLineItems=e._computeGridLineItems(t));for(r=0,o=c.length;r<o;++r)i=(s=c[r]).width,a=s.color,i&&a&&(l.save(),l.lineWidth=i,l.strokeStyle=a,l.setLineDash&&(l.setLineDash(s.borderDash),l.lineDashOffset=s.borderDashOffset),l.beginPath(),n.drawTicks&&(l.moveTo(s.tx1,s.ty1),l.lineTo(s.tx2,s.ty2)),n.drawOnChartArea&&(l.moveTo(s.x1,s.y1),l.lineTo(s.x2,s.y2)),l.stroke(),l.restore());if(h){var f,g,p,m,v=h,b=dn(n.lineWidth,c.ticksLength-1,1),x=c.borderValue;e.isHorizontal()?(f=d(u,e.left,v)-v/2,g=d(u,e.right,b)+b/2,p=m=x):(p=d(u,e.top,v)-v/2,m=d(u,e.bottom,b)+b/2,f=g=x),l.lineWidth=h,l.strokeStyle=dn(n.color,0),l.beginPath(),l.moveTo(f,p),l.lineTo(g,m),l.stroke()}}},_drawLabels:function(){var t=this;if(t.options.ticks.display){var e,n,i,a,r,o,s,l,u=t.ctx,d=t._labelItems||(t._labelItems=t._computeLabelItems());for(e=0,i=d.length;e<i;++e){if(o=(r=d[e]).font,u.save(),u.translate(r.x,r.y),u.rotate(r.rotation),u.font=o.string,u.fillStyle=o.color,u.textBaseline="middle",u.textAlign=r.textAlign,s=r.label,l=r.textOffset,sn(s))for(n=0,a=s.length;n<a;++n)u.fillText(""+s[n],0,l),l+=o.lineHeight;else u.fillText(s,0,l);u.restore()}}},_drawTitle:function(){var t=this,e=t.ctx,n=t.options,i=n.scaleLabel;if(i.display){var a,r,o=un(i.fontColor,N.global.defaultFontColor),s=H.options._parseFont(i),l=H.options.toPadding(i.padding),u=s.lineHeight/2,d=n.position,h=0;if(t.isHorizontal())a=t.left+t.width/2,r="bottom"===d?t.bottom-u-l.bottom:t.top+u+l.top;else{var c="left"===d;a=c?t.left+u+l.top:t.right-u-l.top,r=t.top+t.height/2,h=c?-.5*Math.PI:.5*Math.PI}e.save(),e.translate(a,r),e.rotate(h),e.textAlign="center",e.textBaseline="middle",e.fillStyle=o,e.font=s.string,e.fillText(i.labelString,0,0),e.restore()}},draw:function(t){this._isVisible()&&(this._drawGrid(t),this._drawTitle(),this._drawLabels())},_layers:function(){var t=this,e=t.options,n=e.ticks&&e.ticks.z||0,i=e.gridLines&&e.gridLines.z||0;return t._isVisible()&&n!==i&&t.draw===t._draw?[{z:i,draw:function(){t._drawGrid.apply(t,arguments),t._drawTitle.apply(t,arguments)}},{z:n,draw:function(){t._drawLabels.apply(t,arguments)}}]:[{z:n,draw:function(){t.draw.apply(t,arguments)}}]},_getMatchingVisibleMetas:function(t){var e=this,n=e.isHorizontal();return e.chart._getSortedVisibleDatasetMetas().filter((function(i){return(!t||i.type===t)&&(n?i.xAxisID===e.id:i.yAxisID===e.id)}))}});xn.prototype._draw=xn.prototype.draw;var yn=xn,_n=H.isNullOrUndef,kn=yn.extend({determineDataLimits:function(){var t,e=this,n=e._getLabels(),i=e.options.ticks,a=i.min,r=i.max,o=0,s=n.length-1;void 0!==a&&(t=n.indexOf(a))>=0&&(o=t),void 0!==r&&(t=n.indexOf(r))>=0&&(s=t),e.minIndex=o,e.maxIndex=s,e.min=n[o],e.max=n[s]},buildTicks:function(){var t=this._getLabels(),e=this.minIndex,n=this.maxIndex;this.ticks=0===e&&n===t.length-1?t:t.slice(e,n+1)},getLabelForIndex:function(t,e){var n=this.chart;return n.getDatasetMeta(e).controller._getValueScaleId()===this.id?this.getRightValue(n.data.datasets[e].data[t]):this._getLabels()[t]},_configure:function(){var t=this,e=t.options.offset,n=t.ticks;yn.prototype._configure.call(t),t.isHorizontal()||(t._reversePixels=!t._reversePixels),n&&(t._startValue=t.minIndex-(e?.5:0),t._valueRange=Math.max(n.length-(e?0:1),1))},getPixelForValue:function(t,e,n){var i,a,r,o=this;return _n(e)||_n(n)||(t=o.chart.data.datasets[n].data[e]),_n(t)||(i=o.isHorizontal()?t.x:t.y),(void 0!==i||void 0!==t&&isNaN(e))&&(a=o._getLabels(),t=H.valueOrDefault(i,t),e=-1!==(r=a.indexOf(t))?r:e,isNaN(e)&&(e=t)),o.getPixelForDecimal((e-o._startValue)/o._valueRange)},getPixelForTick:function(t){var e=this.ticks;return t<0||t>e.length-1?null:this.getPixelForValue(e[t],t+this.minIndex)},getValueForPixel:function(t){var e=Math.round(this._startValue+this.getDecimalForPixel(t)*this._valueRange);return Math.min(Math.max(e,0),this.ticks.length-1)},getBasePixel:function(){return this.bottom}}),wn={position:"bottom"};kn._defaults=wn;var Mn=H.noop,Sn=H.isNullOrUndef;var Cn=yn.extend({getRightValue:function(t){return"string"==typeof t?+t:yn.prototype.getRightValue.call(this,t)},handleTickRangeOptions:function(){var t=this,e=t.options.ticks;if(e.beginAtZero){var n=H.sign(t.min),i=H.sign(t.max);n<0&&i<0?t.max=0:n>0&&i>0&&(t.min=0)}var a=void 0!==e.min||void 0!==e.suggestedMin,r=void 0!==e.max||void 0!==e.suggestedMax;void 0!==e.min?t.min=e.min:void 0!==e.suggestedMin&&(null===t.min?t.min=e.suggestedMin:t.min=Math.min(t.min,e.suggestedMin)),void 0!==e.max?t.max=e.max:void 0!==e.suggestedMax&&(null===t.max?t.max=e.suggestedMax:t.max=Math.max(t.max,e.suggestedMax)),a!==r&&t.min>=t.max&&(a?t.max=t.min+1:t.min=t.max-1),t.min===t.max&&(t.max++,e.beginAtZero||t.min--)},getTickLimit:function(){var t,e=this.options.ticks,n=e.stepSize,i=e.maxTicksLimit;return n?t=Math.ceil(this.max/n)-Math.floor(this.min/n)+1:(t=this._computeTickLimit(),i=i||11),i&&(t=Math.min(i,t)),t},_computeTickLimit:function(){return Number.POSITIVE_INFINITY},handleDirectionalChanges:Mn,buildTicks:function(){var t=this,e=t.options.ticks,n=t.getTickLimit(),i={maxTicks:n=Math.max(2,n),min:e.min,max:e.max,precision:e.precision,stepSize:H.valueOrDefault(e.fixedStepSize,e.stepSize)},a=t.ticks=function(t,e){var n,i,a,r,o=[],s=t.stepSize,l=s||1,u=t.maxTicks-1,d=t.min,h=t.max,c=t.precision,f=e.min,g=e.max,p=H.niceNum((g-f)/u/l)*l;if(p<1e-14&&Sn(d)&&Sn(h))return[f,g];(r=Math.ceil(g/p)-Math.floor(f/p))>u&&(p=H.niceNum(r*p/u/l)*l),s||Sn(c)?n=Math.pow(10,H._decimalPlaces(p)):(n=Math.pow(10,c),p=Math.ceil(p*n)/n),i=Math.floor(f/p)*p,a=Math.ceil(g/p)*p,s&&(!Sn(d)&&H.almostWhole(d/p,p/1e3)&&(i=d),!Sn(h)&&H.almostWhole(h/p,p/1e3)&&(a=h)),r=(a-i)/p,r=H.almostEquals(r,Math.round(r),p/1e3)?Math.round(r):Math.ceil(r),i=Math.round(i*n)/n,a=Math.round(a*n)/n,o.push(Sn(d)?i:d);for(var m=1;m<r;++m)o.push(Math.round((i+m*p)*n)/n);return o.push(Sn(h)?a:h),o}(i,t);t.handleDirectionalChanges(),t.max=H.max(a),t.min=H.min(a),e.reverse?(a.reverse(),t.start=t.max,t.end=t.min):(t.start=t.min,t.end=t.max)},convertTicksToLabels:function(){var t=this;t.ticksAsNumbers=t.ticks.slice(),t.zeroLineIndex=t.ticks.indexOf(0),yn.prototype.convertTicksToLabels.call(t)},_configure:function(){var t,e=this,n=e.getTicks(),i=e.min,a=e.max;yn.prototype._configure.call(e),e.options.offset&&n.length&&(i-=t=(a-i)/Math.max(n.length-1,1)/2,a+=t),e._startValue=i,e._endValue=a,e._valueRange=a-i}}),Pn={position:"left",ticks:{callback:on.formatters.linear}};function An(t,e,n,i){var a,r,o=t.options,s=function(t,e,n){var i=[n.type,void 0===e&&void 0===n.stack?n.index:"",n.stack].join(".");return void 0===t[i]&&(t[i]={pos:[],neg:[]}),t[i]}(e,o.stacked,n),l=s.pos,u=s.neg,d=i.length;for(a=0;a<d;++a)r=t._parseValue(i[a]),isNaN(r.min)||isNaN(r.max)||n.data[a].hidden||(l[a]=l[a]||0,u[a]=u[a]||0,o.relativePoints?l[a]=100:r.min<0||r.max<0?u[a]+=r.min:l[a]+=r.max)}function Dn(t,e,n){var i,a,r=n.length;for(i=0;i<r;++i)a=t._parseValue(n[i]),isNaN(a.min)||isNaN(a.max)||e.data[i].hidden||(t.min=Math.min(t.min,a.min),t.max=Math.max(t.max,a.max))}var Tn=Cn.extend({determineDataLimits:function(){var t,e,n,i,a=this,r=a.options,o=a.chart.data.datasets,s=a._getMatchingVisibleMetas(),l=r.stacked,u={},d=s.length;if(a.min=Number.POSITIVE_INFINITY,a.max=Number.NEGATIVE_INFINITY,void 0===l)for(t=0;!l&&t<d;++t)l=void 0!==(e=s[t]).stack;for(t=0;t<d;++t)n=o[(e=s[t]).index].data,l?An(a,u,e,n):Dn(a,e,n);H.each(u,(function(t){i=t.pos.concat(t.neg),a.min=Math.min(a.min,H.min(i)),a.max=Math.max(a.max,H.max(i))})),a.min=H.isFinite(a.min)&&!isNaN(a.min)?a.min:0,a.max=H.isFinite(a.max)&&!isNaN(a.max)?a.max:1,a.handleTickRangeOptions()},_computeTickLimit:function(){var t;return this.isHorizontal()?Math.ceil(this.width/40):(t=H.options._parseFont(this.options.ticks),Math.ceil(this.height/t.lineHeight))},handleDirectionalChanges:function(){this.isHorizontal()||this.ticks.reverse()},getLabelForIndex:function(t,e){return this._getScaleLabel(this.chart.data.datasets[e].data[t])},getPixelForValue:function(t){return this.getPixelForDecimal((+this.getRightValue(t)-this._startValue)/this._valueRange)},getValueForPixel:function(t){return this._startValue+this.getDecimalForPixel(t)*this._valueRange},getPixelForTick:function(t){var e=this.ticksAsNumbers;return t<0||t>e.length-1?null:this.getPixelForValue(e[t])}}),In=Pn;Tn._defaults=In;var Fn=H.valueOrDefault,On=H.math.log10;var Ln={position:"left",ticks:{callback:on.formatters.logarithmic}};function Rn(t,e){return H.isFinite(t)&&t>=0?t:e}var zn=yn.extend({determineDataLimits:function(){var t,e,n,i,a,r,o=this,s=o.options,l=o.chart,u=l.data.datasets,d=o.isHorizontal();function h(t){return d?t.xAxisID===o.id:t.yAxisID===o.id}o.min=Number.POSITIVE_INFINITY,o.max=Number.NEGATIVE_INFINITY,o.minNotZero=Number.POSITIVE_INFINITY;var c=s.stacked;if(void 0===c)for(t=0;t<u.length;t++)if(e=l.getDatasetMeta(t),l.isDatasetVisible(t)&&h(e)&&void 0!==e.stack){c=!0;break}if(s.stacked||c){var f={};for(t=0;t<u.length;t++){var g=[(e=l.getDatasetMeta(t)).type,void 0===s.stacked&&void 0===e.stack?t:"",e.stack].join(".");if(l.isDatasetVisible(t)&&h(e))for(void 0===f[g]&&(f[g]=[]),a=0,r=(i=u[t].data).length;a<r;a++){var p=f[g];n=o._parseValue(i[a]),isNaN(n.min)||isNaN(n.max)||e.data[a].hidden||n.min<0||n.max<0||(p[a]=p[a]||0,p[a]+=n.max)}}H.each(f,(function(t){if(t.length>0){var e=H.min(t),n=H.max(t);o.min=Math.min(o.min,e),o.max=Math.max(o.max,n)}}))}else for(t=0;t<u.length;t++)if(e=l.getDatasetMeta(t),l.isDatasetVisible(t)&&h(e))for(a=0,r=(i=u[t].data).length;a<r;a++)n=o._parseValue(i[a]),isNaN(n.min)||isNaN(n.max)||e.data[a].hidden||n.min<0||n.max<0||(o.min=Math.min(n.min,o.min),o.max=Math.max(n.max,o.max),0!==n.min&&(o.minNotZero=Math.min(n.min,o.minNotZero)));o.min=H.isFinite(o.min)?o.min:null,o.max=H.isFinite(o.max)?o.max:null,o.minNotZero=H.isFinite(o.minNotZero)?o.minNotZero:null,this.handleTickRangeOptions()},handleTickRangeOptions:function(){var t=this,e=t.options.ticks;t.min=Rn(e.min,t.min),t.max=Rn(e.max,t.max),t.min===t.max&&(0!==t.min&&null!==t.min?(t.min=Math.pow(10,Math.floor(On(t.min))-1),t.max=Math.pow(10,Math.floor(On(t.max))+1)):(t.min=1,t.max=10)),null===t.min&&(t.min=Math.pow(10,Math.floor(On(t.max))-1)),null===t.max&&(t.max=0!==t.min?Math.pow(10,Math.floor(On(t.min))+1):10),null===t.minNotZero&&(t.min>0?t.minNotZero=t.min:t.max<1?t.minNotZero=Math.pow(10,Math.floor(On(t.max))):t.minNotZero=1)},buildTicks:function(){var t=this,e=t.options.ticks,n=!t.isHorizontal(),i={min:Rn(e.min),max:Rn(e.max)},a=t.ticks=function(t,e){var n,i,a=[],r=Fn(t.min,Math.pow(10,Math.floor(On(e.min)))),o=Math.floor(On(e.max)),s=Math.ceil(e.max/Math.pow(10,o));0===r?(n=Math.floor(On(e.minNotZero)),i=Math.floor(e.minNotZero/Math.pow(10,n)),a.push(r),r=i*Math.pow(10,n)):(n=Math.floor(On(r)),i=Math.floor(r/Math.pow(10,n)));var l=n<0?Math.pow(10,Math.abs(n)):1;do{a.push(r),10===++i&&(i=1,l=++n>=0?1:l),r=Math.round(i*Math.pow(10,n)*l)/l}while(n<o||n===o&&i<s);var u=Fn(t.max,r);return a.push(u),a}(i,t);t.max=H.max(a),t.min=H.min(a),e.reverse?(n=!n,t.start=t.max,t.end=t.min):(t.start=t.min,t.end=t.max),n&&a.reverse()},convertTicksToLabels:function(){this.tickValues=this.ticks.slice(),yn.prototype.convertTicksToLabels.call(this)},getLabelForIndex:function(t,e){return this._getScaleLabel(this.chart.data.datasets[e].data[t])},getPixelForTick:function(t){var e=this.tickValues;return t<0||t>e.length-1?null:this.getPixelForValue(e[t])},_getFirstTickValue:function(t){var e=Math.floor(On(t));return Math.floor(t/Math.pow(10,e))*Math.pow(10,e)},_configure:function(){var t=this,e=t.min,n=0;yn.prototype._configure.call(t),0===e&&(e=t._getFirstTickValue(t.minNotZero),n=Fn(t.options.ticks.fontSize,N.global.defaultFontSize)/t._length),t._startValue=On(e),t._valueOffset=n,t._valueRange=(On(t.max)-On(e))/(1-n)},getPixelForValue:function(t){var e=this,n=0;return(t=+e.getRightValue(t))>e.min&&t>0&&(n=(On(t)-e._startValue)/e._valueRange+e._valueOffset),e.getPixelForDecimal(n)},getValueForPixel:function(t){var e=this,n=e.getDecimalForPixel(t);return 0===n&&0===e.min?0:Math.pow(10,e._startValue+(n-e._valueOffset)*e._valueRange)}}),Nn=Ln;zn._defaults=Nn;var Bn=H.valueOrDefault,En=H.valueAtIndexOrDefault,Wn=H.options.resolve,Vn={display:!0,animate:!0,position:"chartArea",angleLines:{display:!0,color:"rgba(0,0,0,0.1)",lineWidth:1,borderDash:[],borderDashOffset:0},gridLines:{circular:!1},ticks:{showLabelBackdrop:!0,backdropColor:"rgba(255,255,255,0.75)",backdropPaddingY:2,backdropPaddingX:2,callback:on.formatters.linear},pointLabels:{display:!0,fontSize:10,callback:function(t){return t}}};function Hn(t){var e=t.ticks;return e.display&&t.display?Bn(e.fontSize,N.global.defaultFontSize)+2*e.backdropPaddingY:0}function jn(t,e,n,i,a){return t===i||t===a?{start:e-n/2,end:e+n/2}:t<i||t>a?{start:e-n,end:e}:{start:e,end:e+n}}function qn(t){return 0===t||180===t?"center":t<180?"left":"right"}function Un(t,e,n,i){var a,r,o=n.y+i/2;if(H.isArray(e))for(a=0,r=e.length;a<r;++a)t.fillText(e[a],n.x,o),o+=i;else t.fillText(e,n.x,o)}function Yn(t,e,n){90===t||270===t?n.y-=e.h/2:(t>270||t<90)&&(n.y-=e.h)}function Gn(t){return H.isNumber(t)?t:0}var Xn=Cn.extend({setDimensions:function(){var t=this;t.width=t.maxWidth,t.height=t.maxHeight,t.paddingTop=Hn(t.options)/2,t.xCenter=Math.floor(t.width/2),t.yCenter=Math.floor((t.height-t.paddingTop)/2),t.drawingArea=Math.min(t.height-t.paddingTop,t.width)/2},determineDataLimits:function(){var t=this,e=t.chart,n=Number.POSITIVE_INFINITY,i=Number.NEGATIVE_INFINITY;H.each(e.data.datasets,(function(a,r){if(e.isDatasetVisible(r)){var o=e.getDatasetMeta(r);H.each(a.data,(function(e,a){var r=+t.getRightValue(e);isNaN(r)||o.data[a].hidden||(n=Math.min(r,n),i=Math.max(r,i))}))}})),t.min=n===Number.POSITIVE_INFINITY?0:n,t.max=i===Number.NEGATIVE_INFINITY?0:i,t.handleTickRangeOptions()},_computeTickLimit:function(){return Math.ceil(this.drawingArea/Hn(this.options))},convertTicksToLabels:function(){var t=this;Cn.prototype.convertTicksToLabels.call(t),t.pointLabels=t.chart.data.labels.map((function(){var e=H.callback(t.options.pointLabels.callback,arguments,t);return e||0===e?e:""}))},getLabelForIndex:function(t,e){return+this.getRightValue(this.chart.data.datasets[e].data[t])},fit:function(){var t=this.options;t.display&&t.pointLabels.display?function(t){var e,n,i,a=H.options._parseFont(t.options.pointLabels),r={l:0,r:t.width,t:0,b:t.height-t.paddingTop},o={};t.ctx.font=a.string,t._pointLabelSizes=[];var s,l,u,d=t.chart.data.labels.length;for(e=0;e<d;e++){i=t.getPointPosition(e,t.drawingArea+5),s=t.ctx,l=a.lineHeight,u=t.pointLabels[e],n=H.isArray(u)?{w:H.longestText(s,s.font,u),h:u.length*l}:{w:s.measureText(u).width,h:l},t._pointLabelSizes[e]=n;var h=t.getIndexAngle(e),c=H.toDegrees(h)%360,f=jn(c,i.x,n.w,0,180),g=jn(c,i.y,n.h,90,270);f.start<r.l&&(r.l=f.start,o.l=h),f.end>r.r&&(r.r=f.end,o.r=h),g.start<r.t&&(r.t=g.start,o.t=h),g.end>r.b&&(r.b=g.end,o.b=h)}t.setReductions(t.drawingArea,r,o)}(this):this.setCenterPoint(0,0,0,0)},setReductions:function(t,e,n){var i=this,a=e.l/Math.sin(n.l),r=Math.max(e.r-i.width,0)/Math.sin(n.r),o=-e.t/Math.cos(n.t),s=-Math.max(e.b-(i.height-i.paddingTop),0)/Math.cos(n.b);a=Gn(a),r=Gn(r),o=Gn(o),s=Gn(s),i.drawingArea=Math.min(Math.floor(t-(a+r)/2),Math.floor(t-(o+s)/2)),i.setCenterPoint(a,r,o,s)},setCenterPoint:function(t,e,n,i){var a=this,r=a.width-e-a.drawingArea,o=t+a.drawingArea,s=n+a.drawingArea,l=a.height-a.paddingTop-i-a.drawingArea;a.xCenter=Math.floor((o+r)/2+a.left),a.yCenter=Math.floor((s+l)/2+a.top+a.paddingTop)},getIndexAngle:function(t){var e=this.chart,n=(t*(360/e.data.labels.length)+((e.options||{}).startAngle||0))%360;return(n<0?n+360:n)*Math.PI*2/360},getDistanceFromCenterForValue:function(t){var e=this;if(H.isNullOrUndef(t))return NaN;var n=e.drawingArea/(e.max-e.min);return e.options.ticks.reverse?(e.max-t)*n:(t-e.min)*n},getPointPosition:function(t,e){var n=this.getIndexAngle(t)-Math.PI/2;return{x:Math.cos(n)*e+this.xCenter,y:Math.sin(n)*e+this.yCenter}},getPointPositionForValue:function(t,e){return this.getPointPosition(t,this.getDistanceFromCenterForValue(e))},getBasePosition:function(t){var e=this.min,n=this.max;return this.getPointPositionForValue(t||0,this.beginAtZero?0:e<0&&n<0?n:e>0&&n>0?e:0)},_drawGrid:function(){var t,e,n,i=this,a=i.ctx,r=i.options,o=r.gridLines,s=r.angleLines,l=Bn(s.lineWidth,o.lineWidth),u=Bn(s.color,o.color);if(r.pointLabels.display&&function(t){var e=t.ctx,n=t.options,i=n.pointLabels,a=Hn(n),r=t.getDistanceFromCenterForValue(n.ticks.reverse?t.min:t.max),o=H.options._parseFont(i);e.save(),e.font=o.string,e.textBaseline="middle";for(var s=t.chart.data.labels.length-1;s>=0;s--){var l=0===s?a/2:0,u=t.getPointPosition(s,r+l+5),d=En(i.fontColor,s,N.global.defaultFontColor);e.fillStyle=d;var h=t.getIndexAngle(s),c=H.toDegrees(h);e.textAlign=qn(c),Yn(c,t._pointLabelSizes[s],u),Un(e,t.pointLabels[s],u,o.lineHeight)}e.restore()}(i),o.display&&H.each(i.ticks,(function(t,n){0!==n&&(e=i.getDistanceFromCenterForValue(i.ticksAsNumbers[n]),function(t,e,n,i){var a,r=t.ctx,o=e.circular,s=t.chart.data.labels.length,l=En(e.color,i-1),u=En(e.lineWidth,i-1);if((o||s)&&l&&u){if(r.save(),r.strokeStyle=l,r.lineWidth=u,r.setLineDash&&(r.setLineDash(e.borderDash||[]),r.lineDashOffset=e.borderDashOffset||0),r.beginPath(),o)r.arc(t.xCenter,t.yCenter,n,0,2*Math.PI);else{a=t.getPointPosition(0,n),r.moveTo(a.x,a.y);for(var d=1;d<s;d++)a=t.getPointPosition(d,n),r.lineTo(a.x,a.y)}r.closePath(),r.stroke(),r.restore()}}(i,o,e,n))})),s.display&&l&&u){for(a.save(),a.lineWidth=l,a.strokeStyle=u,a.setLineDash&&(a.setLineDash(Wn([s.borderDash,o.borderDash,[]])),a.lineDashOffset=Wn([s.borderDashOffset,o.borderDashOffset,0])),t=i.chart.data.labels.length-1;t>=0;t--)e=i.getDistanceFromCenterForValue(r.ticks.reverse?i.min:i.max),n=i.getPointPosition(t,e),a.beginPath(),a.moveTo(i.xCenter,i.yCenter),a.lineTo(n.x,n.y),a.stroke();a.restore()}},_drawLabels:function(){var t=this,e=t.ctx,n=t.options.ticks;if(n.display){var i,a,r=t.getIndexAngle(0),o=H.options._parseFont(n),s=Bn(n.fontColor,N.global.defaultFontColor);e.save(),e.font=o.string,e.translate(t.xCenter,t.yCenter),e.rotate(r),e.textAlign="center",e.textBaseline="middle",H.each(t.ticks,(function(r,l){(0!==l||n.reverse)&&(i=t.getDistanceFromCenterForValue(t.ticksAsNumbers[l]),n.showLabelBackdrop&&(a=e.measureText(r).width,e.fillStyle=n.backdropColor,e.fillRect(-a/2-n.backdropPaddingX,-i-o.size/2-n.backdropPaddingY,a+2*n.backdropPaddingX,o.size+2*n.backdropPaddingY)),e.fillStyle=s,e.fillText(r,0,-i))})),e.restore()}},_drawTitle:H.noop}),Kn=Vn;Xn._defaults=Kn;var Zn=H._deprecated,$n=H.options.resolve,Jn=H.valueOrDefault,Qn=Number.MIN_SAFE_INTEGER||-9007199254740991,ti=Number.MAX_SAFE_INTEGER||9007199254740991,ei={millisecond:{common:!0,size:1,steps:1e3},second:{common:!0,size:1e3,steps:60},minute:{common:!0,size:6e4,steps:60},hour:{common:!0,size:36e5,steps:24},day:{common:!0,size:864e5,steps:30},week:{common:!1,size:6048e5,steps:4},month:{common:!0,size:2628e6,steps:12},quarter:{common:!1,size:7884e6,steps:4},year:{common:!0,size:3154e7}},ni=Object.keys(ei);function ii(t,e){return t-e}function ai(t){return H.valueOrDefault(t.time.min,t.ticks.min)}function ri(t){return H.valueOrDefault(t.time.max,t.ticks.max)}function oi(t,e,n,i){var a=function(t,e,n){for(var i,a,r,o=0,s=t.length-1;o>=0&&o<=s;){if(a=t[(i=o+s>>1)-1]||null,r=t[i],!a)return{lo:null,hi:r};if(r[e]<n)o=i+1;else{if(!(a[e]>n))return{lo:a,hi:r};s=i-1}}return{lo:r,hi:null}}(t,e,n),r=a.lo?a.hi?a.lo:t[t.length-2]:t[0],o=a.lo?a.hi?a.hi:t[t.length-1]:t[1],s=o[e]-r[e],l=s?(n-r[e])/s:0,u=(o[i]-r[i])*l;return r[i]+u}function si(t,e){var n=t._adapter,i=t.options.time,a=i.parser,r=a||i.format,o=e;return"function"==typeof a&&(o=a(o)),H.isFinite(o)||(o="string"==typeof r?n.parse(o,r):n.parse(o)),null!==o?+o:(a||"function"!=typeof r||(o=r(e),H.isFinite(o)||(o=n.parse(o))),o)}function li(t,e){if(H.isNullOrUndef(e))return null;var n=t.options.time,i=si(t,t.getRightValue(e));return null===i?i:(n.round&&(i=+t._adapter.startOf(i,n.round)),i)}function ui(t,e,n,i){var a,r,o,s=ni.length;for(a=ni.indexOf(t);a<s-1;++a)if(o=(r=ei[ni[a]]).steps?r.steps:ti,r.common&&Math.ceil((n-e)/(o*r.size))<=i)return ni[a];return ni[s-1]}function di(t,e,n){var i,a,r=[],o={},s=e.length;for(i=0;i<s;++i)o[a=e[i]]=i,r.push({value:a,major:!1});return 0!==s&&n?function(t,e,n,i){var a,r,o=t._adapter,s=+o.startOf(e[0].value,i),l=e[e.length-1].value;for(a=s;a<=l;a=+o.add(a,1,i))(r=n[a])>=0&&(e[r].major=!0);return e}(t,r,o,n):r}var hi=yn.extend({initialize:function(){this.mergeTicksOptions(),yn.prototype.initialize.call(this)},update:function(){var t=this,e=t.options,n=e.time||(e.time={}),i=t._adapter=new rn._date(e.adapters.date);return Zn("time scale",n.format,"time.format","time.parser"),Zn("time scale",n.min,"time.min","ticks.min"),Zn("time scale",n.max,"time.max","ticks.max"),H.mergeIf(n.displayFormats,i.formats()),yn.prototype.update.apply(t,arguments)},getRightValue:function(t){return t&&void 0!==t.t&&(t=t.t),yn.prototype.getRightValue.call(this,t)},determineDataLimits:function(){var t,e,n,i,a,r,o,s=this,l=s.chart,u=s._adapter,d=s.options,h=d.time.unit||"day",c=ti,f=Qn,g=[],p=[],m=[],v=s._getLabels();for(t=0,n=v.length;t<n;++t)m.push(li(s,v[t]));for(t=0,n=(l.data.datasets||[]).length;t<n;++t)if(l.isDatasetVisible(t))if(a=l.data.datasets[t].data,H.isObject(a[0]))for(p[t]=[],e=0,i=a.length;e<i;++e)r=li(s,a[e]),g.push(r),p[t][e]=r;else p[t]=m.slice(0),o||(g=g.concat(m),o=!0);else p[t]=[];m.length&&(c=Math.min(c,m[0]),f=Math.max(f,m[m.length-1])),g.length&&(g=n>1?function(t){var e,n,i,a={},r=[];for(e=0,n=t.length;e<n;++e)a[i=t[e]]||(a[i]=!0,r.push(i));return r}(g).sort(ii):g.sort(ii),c=Math.min(c,g[0]),f=Math.max(f,g[g.length-1])),c=li(s,ai(d))||c,f=li(s,ri(d))||f,c=c===ti?+u.startOf(Date.now(),h):c,f=f===Qn?+u.endOf(Date.now(),h)+1:f,s.min=Math.min(c,f),s.max=Math.max(c+1,f),s._table=[],s._timestamps={data:g,datasets:p,labels:m}},buildTicks:function(){var t,e,n,i=this,a=i.min,r=i.max,o=i.options,s=o.ticks,l=o.time,u=i._timestamps,d=[],h=i.getLabelCapacity(a),c=s.source,f=o.distribution;for(u="data"===c||"auto"===c&&"series"===f?u.data:"labels"===c?u.labels:function(t,e,n,i){var a,r=t._adapter,o=t.options,s=o.time,l=s.unit||ui(s.minUnit,e,n,i),u=$n([s.stepSize,s.unitStepSize,1]),d="week"===l&&s.isoWeekday,h=e,c=[];if(d&&(h=+r.startOf(h,"isoWeek",d)),h=+r.startOf(h,d?"day":l),r.diff(n,e,l)>1e5*u)throw e+" and "+n+" are too far apart with stepSize of "+u+" "+l;for(a=h;a<n;a=+r.add(a,u,l))c.push(a);return a!==n&&"ticks"!==o.bounds||c.push(a),c}(i,a,r,h),"ticks"===o.bounds&&u.length&&(a=u[0],r=u[u.length-1]),a=li(i,ai(o))||a,r=li(i,ri(o))||r,t=0,e=u.length;t<e;++t)(n=u[t])>=a&&n<=r&&d.push(n);return i.min=a,i.max=r,i._unit=l.unit||(s.autoSkip?ui(l.minUnit,i.min,i.max,h):function(t,e,n,i,a){var r,o;for(r=ni.length-1;r>=ni.indexOf(n);r--)if(o=ni[r],ei[o].common&&t._adapter.diff(a,i,o)>=e-1)return o;return ni[n?ni.indexOf(n):0]}(i,d.length,l.minUnit,i.min,i.max)),i._majorUnit=s.major.enabled&&"year"!==i._unit?function(t){for(var e=ni.indexOf(t)+1,n=ni.length;e<n;++e)if(ei[ni[e]].common)return ni[e]}(i._unit):void 0,i._table=function(t,e,n,i){if("linear"===i||!t.length)return[{time:e,pos:0},{time:n,pos:1}];var a,r,o,s,l,u=[],d=[e];for(a=0,r=t.length;a<r;++a)(s=t[a])>e&&s<n&&d.push(s);for(d.push(n),a=0,r=d.length;a<r;++a)l=d[a+1],o=d[a-1],s=d[a],void 0!==o&&void 0!==l&&Math.round((l+o)/2)===s||u.push({time:s,pos:a/(r-1)});return u}(i._timestamps.data,a,r,f),i._offsets=function(t,e,n,i,a){var r,o,s=0,l=0;return a.offset&&e.length&&(r=oi(t,"time",e[0],"pos"),s=1===e.length?1-r:(oi(t,"time",e[1],"pos")-r)/2,o=oi(t,"time",e[e.length-1],"pos"),l=1===e.length?o:(o-oi(t,"time",e[e.length-2],"pos"))/2),{start:s,end:l,factor:1/(s+1+l)}}(i._table,d,0,0,o),s.reverse&&d.reverse(),di(i,d,i._majorUnit)},getLabelForIndex:function(t,e){var n=this,i=n._adapter,a=n.chart.data,r=n.options.time,o=a.labels&&t<a.labels.length?a.labels[t]:"",s=a.datasets[e].data[t];return H.isObject(s)&&(o=n.getRightValue(s)),r.tooltipFormat?i.format(si(n,o),r.tooltipFormat):"string"==typeof o?o:i.format(si(n,o),r.displayFormats.datetime)},tickFormatFunction:function(t,e,n,i){var a=this._adapter,r=this.options,o=r.time.displayFormats,s=o[this._unit],l=this._majorUnit,u=o[l],d=n[e],h=r.ticks,c=l&&u&&d&&d.major,f=a.format(t,i||(c?u:s)),g=c?h.major:h.minor,p=$n([g.callback,g.userCallback,h.callback,h.userCallback]);return p?p(f,e,n):f},convertTicksToLabels:function(t){var e,n,i=[];for(e=0,n=t.length;e<n;++e)i.push(this.tickFormatFunction(t[e].value,e,t));return i},getPixelForOffset:function(t){var e=this._offsets,n=oi(this._table,"time",t,"pos");return this.getPixelForDecimal((e.start+n)*e.factor)},getPixelForValue:function(t,e,n){var i=null;if(void 0!==e&&void 0!==n&&(i=this._timestamps.datasets[n][e]),null===i&&(i=li(this,t)),null!==i)return this.getPixelForOffset(i)},getPixelForTick:function(t){var e=this.getTicks();return t>=0&&t<e.length?this.getPixelForOffset(e[t].value):null},getValueForPixel:function(t){var e=this._offsets,n=this.getDecimalForPixel(t)/e.factor-e.end,i=oi(this._table,"pos",n,"time");return this._adapter._create(i)},_getLabelSize:function(t){var e=this.options.ticks,n=this.ctx.measureText(t).width,i=H.toRadians(this.isHorizontal()?e.maxRotation:e.minRotation),a=Math.cos(i),r=Math.sin(i),o=Jn(e.fontSize,N.global.defaultFontSize);return{w:n*a+o*r,h:n*r+o*a}},getLabelWidth:function(t){return this._getLabelSize(t).w},getLabelCapacity:function(t){var e=this,n=e.options.time,i=n.displayFormats,a=i[n.unit]||i.millisecond,r=e.tickFormatFunction(t,0,di(e,[t],e._majorUnit),a),o=e._getLabelSize(r),s=Math.floor(e.isHorizontal()?e.width/o.w:e.height/o.h);return e.options.offset&&s--,s>0?s:1}}),ci={position:"bottom",distribution:"linear",bounds:"data",adapters:{},time:{parser:!1,unit:!1,round:!1,displayFormat:!1,isoWeekday:!1,minUnit:"millisecond",displayFormats:{}},ticks:{autoSkip:!1,source:"auto",major:{enabled:!1}}};hi._defaults=ci;var fi={category:kn,linear:Tn,logarithmic:zn,radialLinear:Xn,time:hi},gi={datetime:"MMM D, YYYY, h:mm:ss a",millisecond:"h:mm:ss.SSS a",second:"h:mm:ss a",minute:"h:mm a",hour:"hA",day:"MMM D",week:"ll",month:"MMM YYYY",quarter:"[Q]Q - YYYY",year:"YYYY"};rn._date.override("function"==typeof t?{_id:"moment",formats:function(){return gi},parse:function(e,n){return"string"==typeof e&&"string"==typeof n?e=t(e,n):e instanceof t||(e=t(e)),e.isValid()?e.valueOf():null},format:function(e,n){return t(e).format(n)},add:function(e,n,i){return t(e).add(n,i).valueOf()},diff:function(e,n,i){return t(e).diff(t(n),i)},startOf:function(e,n,i){return e=t(e),"isoWeek"===n?e.isoWeekday(i).valueOf():e.startOf(n).valueOf()},endOf:function(e,n){return t(e).endOf(n).valueOf()},_create:function(e){return t(e)}}:{}),N._set("global",{plugins:{filler:{propagate:!0}}});var pi={dataset:function(t){var e=t.fill,n=t.chart,i=n.getDatasetMeta(e),a=i&&n.isDatasetVisible(e)&&i.dataset._children||[],r=a.length||0;return r?function(t,e){return e<r&&a[e]._view||null}:null},boundary:function(t){var e=t.boundary,n=e?e.x:null,i=e?e.y:null;return H.isArray(e)?function(t,n){return e[n]}:function(t){return{x:null===n?t.x:n,y:null===i?t.y:i}}}};function mi(t,e,n){var i,a=t._model||{},r=a.fill;if(void 0===r&&(r=!!a.backgroundColor),!1===r||null===r)return!1;if(!0===r)return"origin";if(i=parseFloat(r,10),isFinite(i)&&Math.floor(i)===i)return"-"!==r[0]&&"+"!==r[0]||(i=e+i),!(i===e||i<0||i>=n)&&i;switch(r){case"bottom":return"start";case"top":return"end";case"zero":return"origin";case"origin":case"start":case"end":return r;default:return!1}}function vi(t){return(t.el._scale||{}).getPointPositionForValue?function(t){var e,n,i,a,r,o=t.el._scale,s=o.options,l=o.chart.data.labels.length,u=t.fill,d=[];if(!l)return null;for(e=s.ticks.reverse?o.max:o.min,n=s.ticks.reverse?o.min:o.max,i=o.getPointPositionForValue(0,e),a=0;a<l;++a)r="start"===u||"end"===u?o.getPointPositionForValue(a,"start"===u?e:n):o.getBasePosition(a),s.gridLines.circular&&(r.cx=i.x,r.cy=i.y,r.angle=o.getIndexAngle(a)-Math.PI/2),d.push(r);return d}(t):function(t){var e,n=t.el._model||{},i=t.el._scale||{},a=t.fill,r=null;if(isFinite(a))return null;if("start"===a?r=void 0===n.scaleBottom?i.bottom:n.scaleBottom:"end"===a?r=void 0===n.scaleTop?i.top:n.scaleTop:void 0!==n.scaleZero?r=n.scaleZero:i.getBasePixel&&(r=i.getBasePixel()),null!=r){if(void 0!==r.x&&void 0!==r.y)return r;if(H.isFinite(r))return{x:(e=i.isHorizontal())?r:null,y:e?null:r}}return null}(t)}function bi(t,e,n){var i,a=t[e].fill,r=[e];if(!n)return a;for(;!1!==a&&-1===r.indexOf(a);){if(!isFinite(a))return a;if(!(i=t[a]))return!1;if(i.visible)return a;r.push(a),a=i.fill}return!1}function xi(t){var e=t.fill,n="dataset";return!1===e?null:(isFinite(e)||(n="boundary"),pi[n](t))}function yi(t){return t&&!t.skip}function _i(t,e,n,i,a){var r,o,s,l;if(i&&a){for(t.moveTo(e[0].x,e[0].y),r=1;r<i;++r)H.canvas.lineTo(t,e[r-1],e[r]);if(void 0===n[0].angle)for(t.lineTo(n[a-1].x,n[a-1].y),r=a-1;r>0;--r)H.canvas.lineTo(t,n[r],n[r-1],!0);else for(o=n[0].cx,s=n[0].cy,l=Math.sqrt(Math.pow(n[0].x-o,2)+Math.pow(n[0].y-s,2)),r=a-1;r>0;--r)t.arc(o,s,l,n[r].angle,n[r-1].angle,!0)}}function ki(t,e,n,i,a,r){var o,s,l,u,d,h,c,f,g=e.length,p=i.spanGaps,m=[],v=[],b=0,x=0;for(t.beginPath(),o=0,s=g;o<s;++o)d=n(u=e[l=o%g]._view,l,i),h=yi(u),c=yi(d),r&&void 0===f&&h&&(s=g+(f=o+1)),h&&c?(b=m.push(u),x=v.push(d)):b&&x&&(p?(h&&m.push(u),c&&v.push(d)):(_i(t,m,v,b,x),b=x=0,m=[],v=[]));_i(t,m,v,b,x),t.closePath(),t.fillStyle=a,t.fill()}var wi={id:"filler",afterDatasetsUpdate:function(t,e){var n,i,a,r,o=(t.data.datasets||[]).length,s=e.propagate,l=[];for(i=0;i<o;++i)r=null,(a=(n=t.getDatasetMeta(i)).dataset)&&a._model&&a instanceof kt.Line&&(r={visible:t.isDatasetVisible(i),fill:mi(a,i,o),chart:t,el:a}),n.$filler=r,l.push(r);for(i=0;i<o;++i)(r=l[i])&&(r.fill=bi(l,i,s),r.boundary=vi(r),r.mapper=xi(r))},beforeDatasetsDraw:function(t){var e,n,i,a,r,o,s,l=t._getSortedVisibleDatasetMetas(),u=t.ctx;for(n=l.length-1;n>=0;--n)(e=l[n].$filler)&&e.visible&&(a=(i=e.el)._view,r=i._children||[],o=e.mapper,s=a.backgroundColor||N.global.defaultColor,o&&s&&r.length&&(H.canvas.clipArea(u,t.chartArea),ki(u,r,o,a,s,i._loop),H.canvas.unclipArea(u)))}},Mi=H.rtl.getRtlAdapter,Si=H.noop,Ci=H.valueOrDefault;function Pi(t,e){return t.usePointStyle&&t.boxWidth>e?e:t.boxWidth}N._set("global",{legend:{display:!0,position:"top",align:"center",fullWidth:!0,reverse:!1,weight:1e3,onClick:function(t,e){var n=e.datasetIndex,i=this.chart,a=i.getDatasetMeta(n);a.hidden=null===a.hidden?!i.data.datasets[n].hidden:null,i.update()},onHover:null,onLeave:null,labels:{boxWidth:40,padding:10,generateLabels:function(t){var e=t.data.datasets,n=t.options.legend||{},i=n.labels&&n.labels.usePointStyle;return t._getSortedDatasetMetas().map((function(n){var a=n.controller.getStyle(i?0:void 0);return{text:e[n.index].label,fillStyle:a.backgroundColor,hidden:!t.isDatasetVisible(n.index),lineCap:a.borderCapStyle,lineDash:a.borderDash,lineDashOffset:a.borderDashOffset,lineJoin:a.borderJoinStyle,lineWidth:a.borderWidth,strokeStyle:a.borderColor,pointStyle:a.pointStyle,rotation:a.rotation,datasetIndex:n.index}}),this)}}},legendCallback:function(t){var e,n,i,a=document.createElement("ul"),r=t.data.datasets;for(a.setAttribute("class",t.id+"-legend"),e=0,n=r.length;e<n;e++)(i=a.appendChild(document.createElement("li"))).appendChild(document.createElement("span")).style.backgroundColor=r[e].backgroundColor,r[e].label&&i.appendChild(document.createTextNode(r[e].label));return a.outerHTML}});var Ai=K.extend({initialize:function(t){H.extend(this,t),this.legendHitBoxes=[],this._hoveredItem=null,this.doughnutMode=!1},beforeUpdate:Si,update:function(t,e,n){var i=this;return i.beforeUpdate(),i.maxWidth=t,i.maxHeight=e,i.margins=n,i.beforeSetDimensions(),i.setDimensions(),i.afterSetDimensions(),i.beforeBuildLabels(),i.buildLabels(),i.afterBuildLabels(),i.beforeFit(),i.fit(),i.afterFit(),i.afterUpdate(),i.minSize},afterUpdate:Si,beforeSetDimensions:Si,setDimensions:function(){var t=this;t.isHorizontal()?(t.width=t.maxWidth,t.left=0,t.right=t.width):(t.height=t.maxHeight,t.top=0,t.bottom=t.height),t.paddingLeft=0,t.paddingTop=0,t.paddingRight=0,t.paddingBottom=0,t.minSize={width:0,height:0}},afterSetDimensions:Si,beforeBuildLabels:Si,buildLabels:function(){var t=this,e=t.options.labels||{},n=H.callback(e.generateLabels,[t.chart],t)||[];e.filter&&(n=n.filter((function(n){return e.filter(n,t.chart.data)}))),t.options.reverse&&n.reverse(),t.legendItems=n},afterBuildLabels:Si,beforeFit:Si,fit:function(){var t=this,e=t.options,n=e.labels,i=e.display,a=t.ctx,r=H.options._parseFont(n),o=r.size,s=t.legendHitBoxes=[],l=t.minSize,u=t.isHorizontal();if(u?(l.width=t.maxWidth,l.height=i?10:0):(l.width=i?10:0,l.height=t.maxHeight),i){if(a.font=r.string,u){var d=t.lineWidths=[0],h=0;a.textAlign="left",a.textBaseline="middle",H.each(t.legendItems,(function(t,e){var i=Pi(n,o)+o/2+a.measureText(t.text).width;(0===e||d[d.length-1]+i+2*n.padding>l.width)&&(h+=o+n.padding,d[d.length-(e>0?0:1)]=0),s[e]={left:0,top:0,width:i,height:o},d[d.length-1]+=i+n.padding})),l.height+=h}else{var c=n.padding,f=t.columnWidths=[],g=t.columnHeights=[],p=n.padding,m=0,v=0;H.each(t.legendItems,(function(t,e){var i=Pi(n,o)+o/2+a.measureText(t.text).width;e>0&&v+o+2*c>l.height&&(p+=m+n.padding,f.push(m),g.push(v),m=0,v=0),m=Math.max(m,i),v+=o+c,s[e]={left:0,top:0,width:i,height:o}})),p+=m,f.push(m),g.push(v),l.width+=p}t.width=l.width,t.height=l.height}else t.width=l.width=t.height=l.height=0},afterFit:Si,isHorizontal:function(){return"top"===this.options.position||"bottom"===this.options.position},draw:function(){var t=this,e=t.options,n=e.labels,i=N.global,a=i.defaultColor,r=i.elements.line,o=t.height,s=t.columnHeights,l=t.width,u=t.lineWidths;if(e.display){var d,h=Mi(e.rtl,t.left,t.minSize.width),c=t.ctx,f=Ci(n.fontColor,i.defaultFontColor),g=H.options._parseFont(n),p=g.size;c.textAlign=h.textAlign("left"),c.textBaseline="middle",c.lineWidth=.5,c.strokeStyle=f,c.fillStyle=f,c.font=g.string;var m=Pi(n,p),v=t.legendHitBoxes,b=function(t,i){switch(e.align){case"start":return n.padding;case"end":return t-i;default:return(t-i+n.padding)/2}},x=t.isHorizontal();d=x?{x:t.left+b(l,u[0]),y:t.top+n.padding,line:0}:{x:t.left+n.padding,y:t.top+b(o,s[0]),line:0},H.rtl.overrideTextDirection(t.ctx,e.textDirection);var y=p+n.padding;H.each(t.legendItems,(function(e,i){var f=c.measureText(e.text).width,g=m+p/2+f,_=d.x,k=d.y;h.setWidth(t.minSize.width),x?i>0&&_+g+n.padding>t.left+t.minSize.width&&(k=d.y+=y,d.line++,_=d.x=t.left+b(l,u[d.line])):i>0&&k+y>t.top+t.minSize.height&&(_=d.x=_+t.columnWidths[d.line]+n.padding,d.line++,k=d.y=t.top+b(o,s[d.line]));var w=h.x(_);!function(t,e,i){if(!(isNaN(m)||m<=0)){c.save();var o=Ci(i.lineWidth,r.borderWidth);if(c.fillStyle=Ci(i.fillStyle,a),c.lineCap=Ci(i.lineCap,r.borderCapStyle),c.lineDashOffset=Ci(i.lineDashOffset,r.borderDashOffset),c.lineJoin=Ci(i.lineJoin,r.borderJoinStyle),c.lineWidth=o,c.strokeStyle=Ci(i.strokeStyle,a),c.setLineDash&&c.setLineDash(Ci(i.lineDash,r.borderDash)),n&&n.usePointStyle){var s=m*Math.SQRT2/2,l=h.xPlus(t,m/2),u=e+p/2;H.canvas.drawPoint(c,i.pointStyle,s,l,u,i.rotation)}else c.fillRect(h.leftForLtr(t,m),e,m,p),0!==o&&c.strokeRect(h.leftForLtr(t,m),e,m,p);c.restore()}}(w,k,e),v[i].left=h.leftForLtr(w,v[i].width),v[i].top=k,function(t,e,n,i){var a=p/2,r=h.xPlus(t,m+a),o=e+a;c.fillText(n.text,r,o),n.hidden&&(c.beginPath(),c.lineWidth=2,c.moveTo(r,o),c.lineTo(h.xPlus(r,i),o),c.stroke())}(w,k,e,f),x?d.x+=g+n.padding:d.y+=y})),H.rtl.restoreTextDirection(t.ctx,e.textDirection)}},_getLegendItemAt:function(t,e){var n,i,a,r=this;if(t>=r.left&&t<=r.right&&e>=r.top&&e<=r.bottom)for(a=r.legendHitBoxes,n=0;n<a.length;++n)if(t>=(i=a[n]).left&&t<=i.left+i.width&&e>=i.top&&e<=i.top+i.height)return r.legendItems[n];return null},handleEvent:function(t){var e,n=this,i=n.options,a="mouseup"===t.type?"click":t.type;if("mousemove"===a){if(!i.onHover&&!i.onLeave)return}else{if("click"!==a)return;if(!i.onClick)return}e=n._getLegendItemAt(t.x,t.y),"click"===a?e&&i.onClick&&i.onClick.call(n,t.native,e):(i.onLeave&&e!==n._hoveredItem&&(n._hoveredItem&&i.onLeave.call(n,t.native,n._hoveredItem),n._hoveredItem=e),i.onHover&&e&&i.onHover.call(n,t.native,e))}});function Di(t,e){var n=new Ai({ctx:t.ctx,options:e,chart:t});pe.configure(t,n,e),pe.addBox(t,n),t.legend=n}var Ti={id:"legend",_element:Ai,beforeInit:function(t){var e=t.options.legend;e&&Di(t,e)},beforeUpdate:function(t){var e=t.options.legend,n=t.legend;e?(H.mergeIf(e,N.global.legend),n?(pe.configure(t,n,e),n.options=e):Di(t,e)):n&&(pe.removeBox(t,n),delete t.legend)},afterEvent:function(t,e){var n=t.legend;n&&n.handleEvent(e)}},Ii=H.noop;N._set("global",{title:{display:!1,fontStyle:"bold",fullWidth:!0,padding:10,position:"top",text:"",weight:2e3}});var Fi=K.extend({initialize:function(t){H.extend(this,t),this.legendHitBoxes=[]},beforeUpdate:Ii,update:function(t,e,n){var i=this;return i.beforeUpdate(),i.maxWidth=t,i.maxHeight=e,i.margins=n,i.beforeSetDimensions(),i.setDimensions(),i.afterSetDimensions(),i.beforeBuildLabels(),i.buildLabels(),i.afterBuildLabels(),i.beforeFit(),i.fit(),i.afterFit(),i.afterUpdate(),i.minSize},afterUpdate:Ii,beforeSetDimensions:Ii,setDimensions:function(){var t=this;t.isHorizontal()?(t.width=t.maxWidth,t.left=0,t.right=t.width):(t.height=t.maxHeight,t.top=0,t.bottom=t.height),t.paddingLeft=0,t.paddingTop=0,t.paddingRight=0,t.paddingBottom=0,t.minSize={width:0,height:0}},afterSetDimensions:Ii,beforeBuildLabels:Ii,buildLabels:Ii,afterBuildLabels:Ii,beforeFit:Ii,fit:function(){var t,e=this,n=e.options,i=e.minSize={},a=e.isHorizontal();n.display?(t=(H.isArray(n.text)?n.text.length:1)*H.options._parseFont(n).lineHeight+2*n.padding,e.width=i.width=a?e.maxWidth:t,e.height=i.height=a?t:e.maxHeight):e.width=i.width=e.height=i.height=0},afterFit:Ii,isHorizontal:function(){var t=this.options.position;return"top"===t||"bottom"===t},draw:function(){var t=this,e=t.ctx,n=t.options;if(n.display){var i,a,r,o=H.options._parseFont(n),s=o.lineHeight,l=s/2+n.padding,u=0,d=t.top,h=t.left,c=t.bottom,f=t.right;e.fillStyle=H.valueOrDefault(n.fontColor,N.global.defaultFontColor),e.font=o.string,t.isHorizontal()?(a=h+(f-h)/2,r=d+l,i=f-h):(a="left"===n.position?h+l:f-l,r=d+(c-d)/2,i=c-d,u=Math.PI*("left"===n.position?-.5:.5)),e.save(),e.translate(a,r),e.rotate(u),e.textAlign="center",e.textBaseline="middle";var g=n.text;if(H.isArray(g))for(var p=0,m=0;m<g.length;++m)e.fillText(g[m],0,p,i),p+=s;else e.fillText(g,0,0,i);e.restore()}}});function Oi(t,e){var n=new Fi({ctx:t.ctx,options:e,chart:t});pe.configure(t,n,e),pe.addBox(t,n),t.titleBlock=n}var Li={},Ri=wi,zi=Ti,Ni={id:"title",_element:Fi,beforeInit:function(t){var e=t.options.title;e&&Oi(t,e)},beforeUpdate:function(t){var e=t.options.title,n=t.titleBlock;e?(H.mergeIf(e,N.global.title),n?(pe.configure(t,n,e),n.options=e):Oi(t,e)):n&&(pe.removeBox(t,n),delete t.titleBlock)}};for(var Bi in Li.filler=Ri,Li.legend=zi,Li.title=Ni,en.helpers=H,function(){function t(t,e,n){var i;return"string"==typeof t?(i=parseInt(t,10),-1!==t.indexOf("%")&&(i=i/100*e.parentNode[n])):i=t,i}function e(t){return null!=t&&"none"!==t}function n(n,i,a){var r=document.defaultView,o=H._getParentNode(n),s=r.getComputedStyle(n)[i],l=r.getComputedStyle(o)[i],u=e(s),d=e(l),h=Number.POSITIVE_INFINITY;return u||d?Math.min(u?t(s,n,a):h,d?t(l,o,a):h):"none"}H.where=function(t,e){if(H.isArray(t)&&Array.prototype.filter)return t.filter(e);var n=[];return H.each(t,(function(t){e(t)&&n.push(t)})),n},H.findIndex=Array.prototype.findIndex?function(t,e,n){return t.findIndex(e,n)}:function(t,e,n){n=void 0===n?t:n;for(var i=0,a=t.length;i<a;++i)if(e.call(n,t[i],i,t))return i;return-1},H.findNextWhere=function(t,e,n){H.isNullOrUndef(n)&&(n=-1);for(var i=n+1;i<t.length;i++){var a=t[i];if(e(a))return a}},H.findPreviousWhere=function(t,e,n){H.isNullOrUndef(n)&&(n=t.length);for(var i=n-1;i>=0;i--){var a=t[i];if(e(a))return a}},H.isNumber=function(t){return!isNaN(parseFloat(t))&&isFinite(t)},H.almostEquals=function(t,e,n){return Math.abs(t-e)<n},H.almostWhole=function(t,e){var n=Math.round(t);return n-e<=t&&n+e>=t},H.max=function(t){return t.reduce((function(t,e){return isNaN(e)?t:Math.max(t,e)}),Number.NEGATIVE_INFINITY)},H.min=function(t){return t.reduce((function(t,e){return isNaN(e)?t:Math.min(t,e)}),Number.POSITIVE_INFINITY)},H.sign=Math.sign?function(t){return Math.sign(t)}:function(t){return 0===(t=+t)||isNaN(t)?t:t>0?1:-1},H.toRadians=function(t){return t*(Math.PI/180)},H.toDegrees=function(t){return t*(180/Math.PI)},H._decimalPlaces=function(t){if(H.isFinite(t)){for(var e=1,n=0;Math.round(t*e)/e!==t;)e*=10,n++;return n}},H.getAngleFromPoint=function(t,e){var n=e.x-t.x,i=e.y-t.y,a=Math.sqrt(n*n+i*i),r=Math.atan2(i,n);return r<-.5*Math.PI&&(r+=2*Math.PI),{angle:r,distance:a}},H.distanceBetweenPoints=function(t,e){return Math.sqrt(Math.pow(e.x-t.x,2)+Math.pow(e.y-t.y,2))},H.aliasPixel=function(t){return t%2==0?0:.5},H._alignPixel=function(t,e,n){var i=t.currentDevicePixelRatio,a=n/2;return Math.round((e-a)*i)/i+a},H.splineCurve=function(t,e,n,i){var a=t.skip?e:t,r=e,o=n.skip?e:n,s=Math.sqrt(Math.pow(r.x-a.x,2)+Math.pow(r.y-a.y,2)),l=Math.sqrt(Math.pow(o.x-r.x,2)+Math.pow(o.y-r.y,2)),u=s/(s+l),d=l/(s+l),h=i*(u=isNaN(u)?0:u),c=i*(d=isNaN(d)?0:d);return{previous:{x:r.x-h*(o.x-a.x),y:r.y-h*(o.y-a.y)},next:{x:r.x+c*(o.x-a.x),y:r.y+c*(o.y-a.y)}}},H.EPSILON=Number.EPSILON||1e-14,H.splineCurveMonotone=function(t){var e,n,i,a,r,o,s,l,u,d=(t||[]).map((function(t){return{model:t._model,deltaK:0,mK:0}})),h=d.length;for(e=0;e<h;++e)if(!(i=d[e]).model.skip){if(n=e>0?d[e-1]:null,(a=e<h-1?d[e+1]:null)&&!a.model.skip){var c=a.model.x-i.model.x;i.deltaK=0!==c?(a.model.y-i.model.y)/c:0}!n||n.model.skip?i.mK=i.deltaK:!a||a.model.skip?i.mK=n.deltaK:this.sign(n.deltaK)!==this.sign(i.deltaK)?i.mK=0:i.mK=(n.deltaK+i.deltaK)/2}for(e=0;e<h-1;++e)i=d[e],a=d[e+1],i.model.skip||a.model.skip||(H.almostEquals(i.deltaK,0,this.EPSILON)?i.mK=a.mK=0:(r=i.mK/i.deltaK,o=a.mK/i.deltaK,(l=Math.pow(r,2)+Math.pow(o,2))<=9||(s=3/Math.sqrt(l),i.mK=r*s*i.deltaK,a.mK=o*s*i.deltaK)));for(e=0;e<h;++e)(i=d[e]).model.skip||(n=e>0?d[e-1]:null,a=e<h-1?d[e+1]:null,n&&!n.model.skip&&(u=(i.model.x-n.model.x)/3,i.model.controlPointPreviousX=i.model.x-u,i.model.controlPointPreviousY=i.model.y-u*i.mK),a&&!a.model.skip&&(u=(a.model.x-i.model.x)/3,i.model.controlPointNextX=i.model.x+u,i.model.controlPointNextY=i.model.y+u*i.mK))},H.nextItem=function(t,e,n){return n?e>=t.length-1?t[0]:t[e+1]:e>=t.length-1?t[t.length-1]:t[e+1]},H.previousItem=function(t,e,n){return n?e<=0?t[t.length-1]:t[e-1]:e<=0?t[0]:t[e-1]},H.niceNum=function(t,e){var n=Math.floor(H.log10(t)),i=t/Math.pow(10,n);return(e?i<1.5?1:i<3?2:i<7?5:10:i<=1?1:i<=2?2:i<=5?5:10)*Math.pow(10,n)},H.requestAnimFrame="undefined"==typeof window?function(t){t()}:window.requestAnimationFrame||window.webkitRequestAnimationFrame||window.mozRequestAnimationFrame||window.oRequestAnimationFrame||window.msRequestAnimationFrame||function(t){return window.setTimeout(t,1e3/60)},H.getRelativePosition=function(t,e){var n,i,a=t.originalEvent||t,r=t.target||t.srcElement,o=r.getBoundingClientRect(),s=a.touches;s&&s.length>0?(n=s[0].clientX,i=s[0].clientY):(n=a.clientX,i=a.clientY);var l=parseFloat(H.getStyle(r,"padding-left")),u=parseFloat(H.getStyle(r,"padding-top")),d=parseFloat(H.getStyle(r,"padding-right")),h=parseFloat(H.getStyle(r,"padding-bottom")),c=o.right-o.left-l-d,f=o.bottom-o.top-u-h;return{x:n=Math.round((n-o.left-l)/c*r.width/e.currentDevicePixelRatio),y:i=Math.round((i-o.top-u)/f*r.height/e.currentDevicePixelRatio)}},H.getConstraintWidth=function(t){return n(t,"max-width","clientWidth")},H.getConstraintHeight=function(t){return n(t,"max-height","clientHeight")},H._calculatePadding=function(t,e,n){return(e=H.getStyle(t,e)).indexOf("%")>-1?n*parseInt(e,10)/100:parseInt(e,10)},H._getParentNode=function(t){var e=t.parentNode;return e&&"[object ShadowRoot]"===e.toString()&&(e=e.host),e},H.getMaximumWidth=function(t){var e=H._getParentNode(t);if(!e)return t.clientWidth;var n=e.clientWidth,i=n-H._calculatePadding(e,"padding-left",n)-H._calculatePadding(e,"padding-right",n),a=H.getConstraintWidth(t);return isNaN(a)?i:Math.min(i,a)},H.getMaximumHeight=function(t){var e=H._getParentNode(t);if(!e)return t.clientHeight;var n=e.clientHeight,i=n-H._calculatePadding(e,"padding-top",n)-H._calculatePadding(e,"padding-bottom",n),a=H.getConstraintHeight(t);return isNaN(a)?i:Math.min(i,a)},H.getStyle=function(t,e){return t.currentStyle?t.currentStyle[e]:document.defaultView.getComputedStyle(t,null).getPropertyValue(e)},H.retinaScale=function(t,e){var n=t.currentDevicePixelRatio=e||"undefined"!=typeof window&&window.devicePixelRatio||1;if(1!==n){var i=t.canvas,a=t.height,r=t.width;i.height=a*n,i.width=r*n,t.ctx.scale(n,n),i.style.height||i.style.width||(i.style.height=a+"px",i.style.width=r+"px")}},H.fontString=function(t,e,n){return e+" "+t+"px "+n},H.longestText=function(t,e,n,i){var a=(i=i||{}).data=i.data||{},r=i.garbageCollect=i.garbageCollect||[];i.font!==e&&(a=i.data={},r=i.garbageCollect=[],i.font=e),t.font=e;var o,s,l,u,d,h=0,c=n.length;for(o=0;o<c;o++)if(null!=(u=n[o])&&!0!==H.isArray(u))h=H.measureText(t,a,r,h,u);else if(H.isArray(u))for(s=0,l=u.length;s<l;s++)null==(d=u[s])||H.isArray(d)||(h=H.measureText(t,a,r,h,d));var f=r.length/2;if(f>n.length){for(o=0;o<f;o++)delete a[r[o]];r.splice(0,f)}return h},H.measureText=function(t,e,n,i,a){var r=e[a];return r||(r=e[a]=t.measureText(a).width,n.push(a)),r>i&&(i=r),i},H.numberOfLabelLines=function(t){var e=1;return H.each(t,(function(t){H.isArray(t)&&t.length>e&&(e=t.length)})),e},H.color=_?function(t){return t instanceof CanvasGradient&&(t=N.global.defaultColor),_(t)}:function(t){return console.error("Color.js not found!"),t},H.getHoverColor=function(t){return t instanceof CanvasPattern||t instanceof CanvasGradient?t:H.color(t).saturate(.5).darken(.1).rgbString()}}(),en._adapters=rn,en.Animation=$,en.animationService=J,en.controllers=Jt,en.DatasetController=it,en.defaults=N,en.Element=K,en.elements=kt,en.Interaction=re,en.layouts=pe,en.platform=Oe,en.plugins=Le,en.Scale=yn,en.scaleService=Re,en.Ticks=on,en.Tooltip=Ye,en.helpers.each(fi,(function(t,e){en.scaleService.registerScaleType(e,t,t._defaults)})),Li)Li.hasOwnProperty(Bi)&&en.plugins.register(Li[Bi]);en.platform.initialize();var Ei=en;return"undefined"!=typeof window&&(window.Chart=en),en.Chart=en,en.Legend=Li.legend._element,en.Title=Li.title._element,en.pluginService=en.plugins,en.PluginBase=en.Element.extend({}),en.canvasHelpers=en.helpers.canvas,en.layoutService=en.layouts,en.LinearScaleBase=Cn,en.helpers.each(["Bar","Bubble","Doughnut","Line","PolarArea","Radar","Scatter"],(function(t){en[t]=function(e,n){return new en(e,en.helpers.merge(n||{},{type:t.charAt(0).toLowerCase()+t.slice(1)}))}})),Ei}));
\ No newline at end of file
diff --git a/lolrmm.com/themes/compose/static/js/mermaid.min.js b/lolrmm.com/themes/compose/static/js/mermaid.min.js
new file mode 100644
index 00000000..51c35aa8
--- /dev/null
+++ b/lolrmm.com/themes/compose/static/js/mermaid.min.js
@@ -0,0 +1,31 @@
+!function(t,e){"object"==typeof exports&&"object"==typeof module?module.exports=e():"function"==typeof define&&define.amd?define([],e):"object"==typeof exports?exports.mermaid=e():t.mermaid=e()}("undefined"!=typeof self?self:this,(function(){return function(t){var e={};function n(r){if(e[r])return e[r].exports;var i=e[r]={i:r,l:!1,exports:{}};return t[r].call(i.exports,i,i.exports,n),i.l=!0,i.exports}return n.m=t,n.c=e,n.d=function(t,e,r){n.o(t,e)||Object.defineProperty(t,e,{enumerable:!0,get:r})},n.r=function(t){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(t,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(t,"__esModule",{value:!0})},n.t=function(t,e){if(1&e&&(t=n(t)),8&e)return t;if(4&e&&"object"==typeof t&&t&&t.__esModule)return t;var r=Object.create(null);if(n.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:t}),2&e&&"string"!=typeof t)for(var i in t)n.d(r,i,function(e){return t[e]}.bind(null,i));return r},n.n=function(t){var e=t&&t.__esModule?function(){return t.default}:function(){return t};return n.d(e,"a",e),e},n.o=function(t,e){return Object.prototype.hasOwnProperty.call(t,e)},n.p="",n(n.s=384)}([function(t,e,n){"use strict";n.r(e);var r=function(t,e){return t<e?-1:t>e?1:t>=e?0:NaN},i=function(t){var e;return 1===t.length&&(e=t,t=function(t,n){return r(e(t),n)}),{left:function(e,n,r,i){for(null==r&&(r=0),null==i&&(i=e.length);r<i;){var a=r+i>>>1;t(e[a],n)<0?r=a+1:i=a}return r},right:function(e,n,r,i){for(null==r&&(r=0),null==i&&(i=e.length);r<i;){var a=r+i>>>1;t(e[a],n)>0?i=a:r=a+1}return r}}};var a=i(r),o=a.right,s=a.left,c=o,u=function(t,e){null==e&&(e=l);for(var n=0,r=t.length-1,i=t[0],a=new Array(r<0?0:r);n<r;)a[n]=e(i,i=t[++n]);return a};function l(t,e){return[t,e]}var h=function(t,e,n){var r,i,a,o,s=t.length,c=e.length,u=new Array(s*c);for(null==n&&(n=l),r=a=0;r<s;++r)for(o=t[r],i=0;i<c;++i,++a)u[a]=n(o,e[i]);return u},f=function(t,e){return e<t?-1:e>t?1:e>=t?0:NaN},d=function(t){return null===t?NaN:+t},p=function(t,e){var n,r,i=t.length,a=0,o=-1,s=0,c=0;if(null==e)for(;++o<i;)isNaN(n=d(t[o]))||(c+=(r=n-s)*(n-(s+=r/++a)));else for(;++o<i;)isNaN(n=d(e(t[o],o,t)))||(c+=(r=n-s)*(n-(s+=r/++a)));if(a>1)return c/(a-1)},y=function(t,e){var n=p(t,e);return n?Math.sqrt(n):n},g=function(t,e){var n,r,i,a=t.length,o=-1;if(null==e){for(;++o<a;)if(null!=(n=t[o])&&n>=n)for(r=i=n;++o<a;)null!=(n=t[o])&&(r>n&&(r=n),i<n&&(i=n))}else for(;++o<a;)if(null!=(n=e(t[o],o,t))&&n>=n)for(r=i=n;++o<a;)null!=(n=e(t[o],o,t))&&(r>n&&(r=n),i<n&&(i=n));return[r,i]},v=Array.prototype,m=v.slice,b=v.map,_=function(t){return function(){return t}},x=function(t){return t},k=function(t,e,n){t=+t,e=+e,n=(i=arguments.length)<2?(e=t,t=0,1):i<3?1:+n;for(var r=-1,i=0|Math.max(0,Math.ceil((e-t)/n)),a=new Array(i);++r<i;)a[r]=t+r*n;return a},w=Math.sqrt(50),E=Math.sqrt(10),T=Math.sqrt(2),C=function(t,e,n){var r,i,a,o,s=-1;if(n=+n,(t=+t)===(e=+e)&&n>0)return[t];if((r=e<t)&&(i=t,t=e,e=i),0===(o=S(t,e,n))||!isFinite(o))return[];if(o>0)for(t=Math.ceil(t/o),e=Math.floor(e/o),a=new Array(i=Math.ceil(e-t+1));++s<i;)a[s]=(t+s)*o;else for(t=Math.floor(t*o),e=Math.ceil(e*o),a=new Array(i=Math.ceil(t-e+1));++s<i;)a[s]=(t-s)/o;return r&&a.reverse(),a};function S(t,e,n){var r=(e-t)/Math.max(0,n),i=Math.floor(Math.log(r)/Math.LN10),a=r/Math.pow(10,i);return i>=0?(a>=w?10:a>=E?5:a>=T?2:1)*Math.pow(10,i):-Math.pow(10,-i)/(a>=w?10:a>=E?5:a>=T?2:1)}function A(t,e,n){var r=Math.abs(e-t)/Math.max(0,n),i=Math.pow(10,Math.floor(Math.log(r)/Math.LN10)),a=r/i;return a>=w?i*=10:a>=E?i*=5:a>=T&&(i*=2),e<t?-i:i}var M=function(t){return Math.ceil(Math.log(t.length)/Math.LN2)+1},O=function(){var t=x,e=g,n=M;function r(r){var i,a,o=r.length,s=new Array(o);for(i=0;i<o;++i)s[i]=t(r[i],i,r);var u=e(s),l=u[0],h=u[1],f=n(s,l,h);Array.isArray(f)||(f=A(l,h,f),f=k(Math.ceil(l/f)*f,h,f));for(var d=f.length;f[0]<=l;)f.shift(),--d;for(;f[d-1]>h;)f.pop(),--d;var p,y=new Array(d+1);for(i=0;i<=d;++i)(p=y[i]=[]).x0=i>0?f[i-1]:l,p.x1=i<d?f[i]:h;for(i=0;i<o;++i)l<=(a=s[i])&&a<=h&&y[c(f,a,0,d)].push(r[i]);return y}return r.value=function(e){return arguments.length?(t="function"==typeof e?e:_(e),r):t},r.domain=function(t){return arguments.length?(e="function"==typeof t?t:_([t[0],t[1]]),r):e},r.thresholds=function(t){return arguments.length?(n="function"==typeof t?t:Array.isArray(t)?_(m.call(t)):_(t),r):n},r},N=function(t,e,n){if(null==n&&(n=d),r=t.length){if((e=+e)<=0||r<2)return+n(t[0],0,t);if(e>=1)return+n(t[r-1],r-1,t);var r,i=(r-1)*e,a=Math.floor(i),o=+n(t[a],a,t);return o+(+n(t[a+1],a+1,t)-o)*(i-a)}},D=function(t,e,n){return t=b.call(t,d).sort(r),Math.ceil((n-e)/(2*(N(t,.75)-N(t,.25))*Math.pow(t.length,-1/3)))},B=function(t,e,n){return Math.ceil((n-e)/(3.5*y(t)*Math.pow(t.length,-1/3)))},L=function(t,e){var n,r,i=t.length,a=-1;if(null==e){for(;++a<i;)if(null!=(n=t[a])&&n>=n)for(r=n;++a<i;)null!=(n=t[a])&&n>r&&(r=n)}else for(;++a<i;)if(null!=(n=e(t[a],a,t))&&n>=n)for(r=n;++a<i;)null!=(n=e(t[a],a,t))&&n>r&&(r=n);return r},I=function(t,e){var n,r=t.length,i=r,a=-1,o=0;if(null==e)for(;++a<r;)isNaN(n=d(t[a]))?--i:o+=n;else for(;++a<r;)isNaN(n=d(e(t[a],a,t)))?--i:o+=n;if(i)return o/i},R=function(t,e){var n,i=t.length,a=-1,o=[];if(null==e)for(;++a<i;)isNaN(n=d(t[a]))||o.push(n);else for(;++a<i;)isNaN(n=d(e(t[a],a,t)))||o.push(n);return N(o.sort(r),.5)},F=function(t){for(var e,n,r,i=t.length,a=-1,o=0;++a<i;)o+=t[a].length;for(n=new Array(o);--i>=0;)for(e=(r=t[i]).length;--e>=0;)n[--o]=r[e];return n},P=function(t,e){var n,r,i=t.length,a=-1;if(null==e){for(;++a<i;)if(null!=(n=t[a])&&n>=n)for(r=n;++a<i;)null!=(n=t[a])&&r>n&&(r=n)}else for(;++a<i;)if(null!=(n=e(t[a],a,t))&&n>=n)for(r=n;++a<i;)null!=(n=e(t[a],a,t))&&r>n&&(r=n);return r},j=function(t,e){for(var n=e.length,r=new Array(n);n--;)r[n]=t[e[n]];return r},Y=function(t,e){if(n=t.length){var n,i,a=0,o=0,s=t[o];for(null==e&&(e=r);++a<n;)(e(i=t[a],s)<0||0!==e(s,s))&&(s=i,o=a);return 0===e(s,s)?o:void 0}},z=function(t,e,n){for(var r,i,a=(null==n?t.length:n)-(e=null==e?0:+e);a;)i=Math.random()*a--|0,r=t[a+e],t[a+e]=t[i+e],t[i+e]=r;return t},U=function(t,e){var n,r=t.length,i=-1,a=0;if(null==e)for(;++i<r;)(n=+t[i])&&(a+=n);else for(;++i<r;)(n=+e(t[i],i,t))&&(a+=n);return a},$=function(t){if(!(i=t.length))return[];for(var e=-1,n=P(t,W),r=new Array(n);++e<n;)for(var i,a=-1,o=r[e]=new Array(i);++a<i;)o[a]=t[a][e];return r};function W(t){return t.length}var V=function(){return $(arguments)},q=Array.prototype.slice,H=function(t){return t};function G(t){return"translate("+(t+.5)+",0)"}function X(t){return"translate(0,"+(t+.5)+")"}function Z(t){return function(e){return+t(e)}}function Q(t){var e=Math.max(0,t.bandwidth()-1)/2;return t.round()&&(e=Math.round(e)),function(n){return+t(n)+e}}function K(){return!this.__axis}function J(t,e){var n=[],r=null,i=null,a=6,o=6,s=3,c=1===t||4===t?-1:1,u=4===t||2===t?"x":"y",l=1===t||3===t?G:X;function h(h){var f=null==r?e.ticks?e.ticks.apply(e,n):e.domain():r,d=null==i?e.tickFormat?e.tickFormat.apply(e,n):H:i,p=Math.max(a,0)+s,y=e.range(),g=+y[0]+.5,v=+y[y.length-1]+.5,m=(e.bandwidth?Q:Z)(e.copy()),b=h.selection?h.selection():h,_=b.selectAll(".domain").data([null]),x=b.selectAll(".tick").data(f,e).order(),k=x.exit(),w=x.enter().append("g").attr("class","tick"),E=x.select("line"),T=x.select("text");_=_.merge(_.enter().insert("path",".tick").attr("class","domain").attr("stroke","currentColor")),x=x.merge(w),E=E.merge(w.append("line").attr("stroke","currentColor").attr(u+"2",c*a)),T=T.merge(w.append("text").attr("fill","currentColor").attr(u,c*p).attr("dy",1===t?"0em":3===t?"0.71em":"0.32em")),h!==b&&(_=_.transition(h),x=x.transition(h),E=E.transition(h),T=T.transition(h),k=k.transition(h).attr("opacity",1e-6).attr("transform",(function(t){return isFinite(t=m(t))?l(t):this.getAttribute("transform")})),w.attr("opacity",1e-6).attr("transform",(function(t){var e=this.parentNode.__axis;return l(e&&isFinite(e=e(t))?e:m(t))}))),k.remove(),_.attr("d",4===t||2==t?o?"M"+c*o+","+g+"H0.5V"+v+"H"+c*o:"M0.5,"+g+"V"+v:o?"M"+g+","+c*o+"V0.5H"+v+"V"+c*o:"M"+g+",0.5H"+v),x.attr("opacity",1).attr("transform",(function(t){return l(m(t))})),E.attr(u+"2",c*a),T.attr(u,c*p).text(d),b.filter(K).attr("fill","none").attr("font-size",10).attr("font-family","sans-serif").attr("text-anchor",2===t?"start":4===t?"end":"middle"),b.each((function(){this.__axis=m}))}return h.scale=function(t){return arguments.length?(e=t,h):e},h.ticks=function(){return n=q.call(arguments),h},h.tickArguments=function(t){return arguments.length?(n=null==t?[]:q.call(t),h):n.slice()},h.tickValues=function(t){return arguments.length?(r=null==t?null:q.call(t),h):r&&r.slice()},h.tickFormat=function(t){return arguments.length?(i=t,h):i},h.tickSize=function(t){return arguments.length?(a=o=+t,h):a},h.tickSizeInner=function(t){return arguments.length?(a=+t,h):a},h.tickSizeOuter=function(t){return arguments.length?(o=+t,h):o},h.tickPadding=function(t){return arguments.length?(s=+t,h):s},h}function tt(t){return J(1,t)}function et(t){return J(2,t)}function nt(t){return J(3,t)}function rt(t){return J(4,t)}var it={value:function(){}};function at(){for(var t,e=0,n=arguments.length,r={};e<n;++e){if(!(t=arguments[e]+"")||t in r||/[\s.]/.test(t))throw new Error("illegal type: "+t);r[t]=[]}return new ot(r)}function ot(t){this._=t}function st(t,e){return t.trim().split(/^|\s+/).map((function(t){var n="",r=t.indexOf(".");if(r>=0&&(n=t.slice(r+1),t=t.slice(0,r)),t&&!e.hasOwnProperty(t))throw new Error("unknown type: "+t);return{type:t,name:n}}))}function ct(t,e){for(var n,r=0,i=t.length;r<i;++r)if((n=t[r]).name===e)return n.value}function ut(t,e,n){for(var r=0,i=t.length;r<i;++r)if(t[r].name===e){t[r]=it,t=t.slice(0,r).concat(t.slice(r+1));break}return null!=n&&t.push({name:e,value:n}),t}ot.prototype=at.prototype={constructor:ot,on:function(t,e){var n,r=this._,i=st(t+"",r),a=-1,o=i.length;if(!(arguments.length<2)){if(null!=e&&"function"!=typeof e)throw new Error("invalid callback: "+e);for(;++a<o;)if(n=(t=i[a]).type)r[n]=ut(r[n],t.name,e);else if(null==e)for(n in r)r[n]=ut(r[n],t.name,null);return this}for(;++a<o;)if((n=(t=i[a]).type)&&(n=ct(r[n],t.name)))return n},copy:function(){var t={},e=this._;for(var n in e)t[n]=e[n].slice();return new ot(t)},call:function(t,e){if((n=arguments.length-2)>0)for(var n,r,i=new Array(n),a=0;a<n;++a)i[a]=arguments[a+2];if(!this._.hasOwnProperty(t))throw new Error("unknown type: "+t);for(a=0,n=(r=this._[t]).length;a<n;++a)r[a].value.apply(e,i)},apply:function(t,e,n){if(!this._.hasOwnProperty(t))throw new Error("unknown type: "+t);for(var r=this._[t],i=0,a=r.length;i<a;++i)r[i].value.apply(e,n)}};var lt=at;function ht(){}var ft=function(t){return null==t?ht:function(){return this.querySelector(t)}};function dt(){return[]}var pt=function(t){return null==t?dt:function(){return this.querySelectorAll(t)}},yt=function(t){return function(){return this.matches(t)}},gt=function(t){return new Array(t.length)};function vt(t,e){this.ownerDocument=t.ownerDocument,this.namespaceURI=t.namespaceURI,this._next=null,this._parent=t,this.__data__=e}vt.prototype={constructor:vt,appendChild:function(t){return this._parent.insertBefore(t,this._next)},insertBefore:function(t,e){return this._parent.insertBefore(t,e)},querySelector:function(t){return this._parent.querySelector(t)},querySelectorAll:function(t){return this._parent.querySelectorAll(t)}};function mt(t,e,n,r,i,a){for(var o,s=0,c=e.length,u=a.length;s<u;++s)(o=e[s])?(o.__data__=a[s],r[s]=o):n[s]=new vt(t,a[s]);for(;s<c;++s)(o=e[s])&&(i[s]=o)}function bt(t,e,n,r,i,a,o){var s,c,u,l={},h=e.length,f=a.length,d=new Array(h);for(s=0;s<h;++s)(c=e[s])&&(d[s]=u="$"+o.call(c,c.__data__,s,e),u in l?i[s]=c:l[u]=c);for(s=0;s<f;++s)(c=l[u="$"+o.call(t,a[s],s,a)])?(r[s]=c,c.__data__=a[s],l[u]=null):n[s]=new vt(t,a[s]);for(s=0;s<h;++s)(c=e[s])&&l[d[s]]===c&&(i[s]=c)}function _t(t,e){return t<e?-1:t>e?1:t>=e?0:NaN}var xt="http://www.w3.org/1999/xhtml",kt={svg:"http://www.w3.org/2000/svg",xhtml:xt,xlink:"http://www.w3.org/1999/xlink",xml:"http://www.w3.org/XML/1998/namespace",xmlns:"http://www.w3.org/2000/xmlns/"},wt=function(t){var e=t+="",n=e.indexOf(":");return n>=0&&"xmlns"!==(e=t.slice(0,n))&&(t=t.slice(n+1)),kt.hasOwnProperty(e)?{space:kt[e],local:t}:t};function Et(t){return function(){this.removeAttribute(t)}}function Tt(t){return function(){this.removeAttributeNS(t.space,t.local)}}function Ct(t,e){return function(){this.setAttribute(t,e)}}function St(t,e){return function(){this.setAttributeNS(t.space,t.local,e)}}function At(t,e){return function(){var n=e.apply(this,arguments);null==n?this.removeAttribute(t):this.setAttribute(t,n)}}function Mt(t,e){return function(){var n=e.apply(this,arguments);null==n?this.removeAttributeNS(t.space,t.local):this.setAttributeNS(t.space,t.local,n)}}var Ot=function(t){return t.ownerDocument&&t.ownerDocument.defaultView||t.document&&t||t.defaultView};function Nt(t){return function(){this.style.removeProperty(t)}}function Dt(t,e,n){return function(){this.style.setProperty(t,e,n)}}function Bt(t,e,n){return function(){var r=e.apply(this,arguments);null==r?this.style.removeProperty(t):this.style.setProperty(t,r,n)}}function Lt(t,e){return t.style.getPropertyValue(e)||Ot(t).getComputedStyle(t,null).getPropertyValue(e)}function It(t){return function(){delete this[t]}}function Rt(t,e){return function(){this[t]=e}}function Ft(t,e){return function(){var n=e.apply(this,arguments);null==n?delete this[t]:this[t]=n}}function Pt(t){return t.trim().split(/^|\s+/)}function jt(t){return t.classList||new Yt(t)}function Yt(t){this._node=t,this._names=Pt(t.getAttribute("class")||"")}function zt(t,e){for(var n=jt(t),r=-1,i=e.length;++r<i;)n.add(e[r])}function Ut(t,e){for(var n=jt(t),r=-1,i=e.length;++r<i;)n.remove(e[r])}function $t(t){return function(){zt(this,t)}}function Wt(t){return function(){Ut(this,t)}}function Vt(t,e){return function(){(e.apply(this,arguments)?zt:Ut)(this,t)}}Yt.prototype={add:function(t){this._names.indexOf(t)<0&&(this._names.push(t),this._node.setAttribute("class",this._names.join(" ")))},remove:function(t){var e=this._names.indexOf(t);e>=0&&(this._names.splice(e,1),this._node.setAttribute("class",this._names.join(" ")))},contains:function(t){return this._names.indexOf(t)>=0}};function qt(){this.textContent=""}function Ht(t){return function(){this.textContent=t}}function Gt(t){return function(){var e=t.apply(this,arguments);this.textContent=null==e?"":e}}function Xt(){this.innerHTML=""}function Zt(t){return function(){this.innerHTML=t}}function Qt(t){return function(){var e=t.apply(this,arguments);this.innerHTML=null==e?"":e}}function Kt(){this.nextSibling&&this.parentNode.appendChild(this)}function Jt(){this.previousSibling&&this.parentNode.insertBefore(this,this.parentNode.firstChild)}function te(t){return function(){var e=this.ownerDocument,n=this.namespaceURI;return n===xt&&e.documentElement.namespaceURI===xt?e.createElement(t):e.createElementNS(n,t)}}function ee(t){return function(){return this.ownerDocument.createElementNS(t.space,t.local)}}var ne=function(t){var e=wt(t);return(e.local?ee:te)(e)};function re(){return null}function ie(){var t=this.parentNode;t&&t.removeChild(this)}function ae(){var t=this.cloneNode(!1),e=this.parentNode;return e?e.insertBefore(t,this.nextSibling):t}function oe(){var t=this.cloneNode(!0),e=this.parentNode;return e?e.insertBefore(t,this.nextSibling):t}var se={},ce=null;"undefined"!=typeof document&&("onmouseenter"in document.documentElement||(se={mouseenter:"mouseover",mouseleave:"mouseout"}));function ue(t,e,n){return t=le(t,e,n),function(e){var n=e.relatedTarget;n&&(n===this||8&n.compareDocumentPosition(this))||t.call(this,e)}}function le(t,e,n){return function(r){var i=ce;ce=r;try{t.call(this,this.__data__,e,n)}finally{ce=i}}}function he(t){return t.trim().split(/^|\s+/).map((function(t){var e="",n=t.indexOf(".");return n>=0&&(e=t.slice(n+1),t=t.slice(0,n)),{type:t,name:e}}))}function fe(t){return function(){var e=this.__on;if(e){for(var n,r=0,i=-1,a=e.length;r<a;++r)n=e[r],t.type&&n.type!==t.type||n.name!==t.name?e[++i]=n:this.removeEventListener(n.type,n.listener,n.capture);++i?e.length=i:delete this.__on}}}function de(t,e,n){var r=se.hasOwnProperty(t.type)?ue:le;return function(i,a,o){var s,c=this.__on,u=r(e,a,o);if(c)for(var l=0,h=c.length;l<h;++l)if((s=c[l]).type===t.type&&s.name===t.name)return this.removeEventListener(s.type,s.listener,s.capture),this.addEventListener(s.type,s.listener=u,s.capture=n),void(s.value=e);this.addEventListener(t.type,u,n),s={type:t.type,name:t.name,value:e,listener:u,capture:n},c?c.push(s):this.__on=[s]}}function pe(t,e,n,r){var i=ce;t.sourceEvent=ce,ce=t;try{return e.apply(n,r)}finally{ce=i}}function ye(t,e,n){var r=Ot(t),i=r.CustomEvent;"function"==typeof i?i=new i(e,n):(i=r.document.createEvent("Event"),n?(i.initEvent(e,n.bubbles,n.cancelable),i.detail=n.detail):i.initEvent(e,!1,!1)),t.dispatchEvent(i)}function ge(t,e){return function(){return ye(this,t,e)}}function ve(t,e){return function(){return ye(this,t,e.apply(this,arguments))}}var me=[null];function be(t,e){this._groups=t,this._parents=e}function _e(){return new be([[document.documentElement]],me)}be.prototype=_e.prototype={constructor:be,select:function(t){"function"!=typeof t&&(t=ft(t));for(var e=this._groups,n=e.length,r=new Array(n),i=0;i<n;++i)for(var a,o,s=e[i],c=s.length,u=r[i]=new Array(c),l=0;l<c;++l)(a=s[l])&&(o=t.call(a,a.__data__,l,s))&&("__data__"in a&&(o.__data__=a.__data__),u[l]=o);return new be(r,this._parents)},selectAll:function(t){"function"!=typeof t&&(t=pt(t));for(var e=this._groups,n=e.length,r=[],i=[],a=0;a<n;++a)for(var o,s=e[a],c=s.length,u=0;u<c;++u)(o=s[u])&&(r.push(t.call(o,o.__data__,u,s)),i.push(o));return new be(r,i)},filter:function(t){"function"!=typeof t&&(t=yt(t));for(var e=this._groups,n=e.length,r=new Array(n),i=0;i<n;++i)for(var a,o=e[i],s=o.length,c=r[i]=[],u=0;u<s;++u)(a=o[u])&&t.call(a,a.__data__,u,o)&&c.push(a);return new be(r,this._parents)},data:function(t,e){if(!t)return p=new Array(this.size()),l=-1,this.each((function(t){p[++l]=t})),p;var n,r=e?bt:mt,i=this._parents,a=this._groups;"function"!=typeof t&&(n=t,t=function(){return n});for(var o=a.length,s=new Array(o),c=new Array(o),u=new Array(o),l=0;l<o;++l){var h=i[l],f=a[l],d=f.length,p=t.call(h,h&&h.__data__,l,i),y=p.length,g=c[l]=new Array(y),v=s[l]=new Array(y);r(h,f,g,v,u[l]=new Array(d),p,e);for(var m,b,_=0,x=0;_<y;++_)if(m=g[_]){for(_>=x&&(x=_+1);!(b=v[x])&&++x<y;);m._next=b||null}}return(s=new be(s,i))._enter=c,s._exit=u,s},enter:function(){return new be(this._enter||this._groups.map(gt),this._parents)},exit:function(){return new be(this._exit||this._groups.map(gt),this._parents)},join:function(t,e,n){var r=this.enter(),i=this,a=this.exit();return r="function"==typeof t?t(r):r.append(t+""),null!=e&&(i=e(i)),null==n?a.remove():n(a),r&&i?r.merge(i).order():i},merge:function(t){for(var e=this._groups,n=t._groups,r=e.length,i=n.length,a=Math.min(r,i),o=new Array(r),s=0;s<a;++s)for(var c,u=e[s],l=n[s],h=u.length,f=o[s]=new Array(h),d=0;d<h;++d)(c=u[d]||l[d])&&(f[d]=c);for(;s<r;++s)o[s]=e[s];return new be(o,this._parents)},order:function(){for(var t=this._groups,e=-1,n=t.length;++e<n;)for(var r,i=t[e],a=i.length-1,o=i[a];--a>=0;)(r=i[a])&&(o&&4^r.compareDocumentPosition(o)&&o.parentNode.insertBefore(r,o),o=r);return this},sort:function(t){function e(e,n){return e&&n?t(e.__data__,n.__data__):!e-!n}t||(t=_t);for(var n=this._groups,r=n.length,i=new Array(r),a=0;a<r;++a){for(var o,s=n[a],c=s.length,u=i[a]=new Array(c),l=0;l<c;++l)(o=s[l])&&(u[l]=o);u.sort(e)}return new be(i,this._parents).order()},call:function(){var t=arguments[0];return arguments[0]=this,t.apply(null,arguments),this},nodes:function(){var t=new Array(this.size()),e=-1;return this.each((function(){t[++e]=this})),t},node:function(){for(var t=this._groups,e=0,n=t.length;e<n;++e)for(var r=t[e],i=0,a=r.length;i<a;++i){var o=r[i];if(o)return o}return null},size:function(){var t=0;return this.each((function(){++t})),t},empty:function(){return!this.node()},each:function(t){for(var e=this._groups,n=0,r=e.length;n<r;++n)for(var i,a=e[n],o=0,s=a.length;o<s;++o)(i=a[o])&&t.call(i,i.__data__,o,a);return this},attr:function(t,e){var n=wt(t);if(arguments.length<2){var r=this.node();return n.local?r.getAttributeNS(n.space,n.local):r.getAttribute(n)}return this.each((null==e?n.local?Tt:Et:"function"==typeof e?n.local?Mt:At:n.local?St:Ct)(n,e))},style:function(t,e,n){return arguments.length>1?this.each((null==e?Nt:"function"==typeof e?Bt:Dt)(t,e,null==n?"":n)):Lt(this.node(),t)},property:function(t,e){return arguments.length>1?this.each((null==e?It:"function"==typeof e?Ft:Rt)(t,e)):this.node()[t]},classed:function(t,e){var n=Pt(t+"");if(arguments.length<2){for(var r=jt(this.node()),i=-1,a=n.length;++i<a;)if(!r.contains(n[i]))return!1;return!0}return this.each(("function"==typeof e?Vt:e?$t:Wt)(n,e))},text:function(t){return arguments.length?this.each(null==t?qt:("function"==typeof t?Gt:Ht)(t)):this.node().textContent},html:function(t){return arguments.length?this.each(null==t?Xt:("function"==typeof t?Qt:Zt)(t)):this.node().innerHTML},raise:function(){return this.each(Kt)},lower:function(){return this.each(Jt)},append:function(t){var e="function"==typeof t?t:ne(t);return this.select((function(){return this.appendChild(e.apply(this,arguments))}))},insert:function(t,e){var n="function"==typeof t?t:ne(t),r=null==e?re:"function"==typeof e?e:ft(e);return this.select((function(){return this.insertBefore(n.apply(this,arguments),r.apply(this,arguments)||null)}))},remove:function(){return this.each(ie)},clone:function(t){return this.select(t?oe:ae)},datum:function(t){return arguments.length?this.property("__data__",t):this.node().__data__},on:function(t,e,n){var r,i,a=he(t+""),o=a.length;if(!(arguments.length<2)){for(s=e?de:fe,null==n&&(n=!1),r=0;r<o;++r)this.each(s(a[r],e,n));return this}var s=this.node().__on;if(s)for(var c,u=0,l=s.length;u<l;++u)for(r=0,c=s[u];r<o;++r)if((i=a[r]).type===c.type&&i.name===c.name)return c.value},dispatch:function(t,e){return this.each(("function"==typeof e?ve:ge)(t,e))}};var xe=_e,ke=function(t){return"string"==typeof t?new be([[document.querySelector(t)]],[document.documentElement]):new be([[t]],me)};function we(){ce.stopImmediatePropagation()}var Ee=function(){ce.preventDefault(),ce.stopImmediatePropagation()},Te=function(t){var e=t.document.documentElement,n=ke(t).on("dragstart.drag",Ee,!0);"onselectstart"in e?n.on("selectstart.drag",Ee,!0):(e.__noselect=e.style.MozUserSelect,e.style.MozUserSelect="none")};function Ce(t,e){var n=t.document.documentElement,r=ke(t).on("dragstart.drag",null);e&&(r.on("click.drag",Ee,!0),setTimeout((function(){r.on("click.drag",null)}),0)),"onselectstart"in n?r.on("selectstart.drag",null):(n.style.MozUserSelect=n.__noselect,delete n.__noselect)}var Se=function(t,e,n){t.prototype=e.prototype=n,n.constructor=t};function Ae(t,e){var n=Object.create(t.prototype);for(var r in e)n[r]=e[r];return n}function Me(){}var Oe="\\s*([+-]?\\d+)\\s*",Ne="\\s*([+-]?\\d*\\.?\\d+(?:[eE][+-]?\\d+)?)\\s*",De="\\s*([+-]?\\d*\\.?\\d+(?:[eE][+-]?\\d+)?)%\\s*",Be=/^#([0-9a-f]{3,8})$/,Le=new RegExp("^rgb\\("+[Oe,Oe,Oe]+"\\)$"),Ie=new RegExp("^rgb\\("+[De,De,De]+"\\)$"),Re=new RegExp("^rgba\\("+[Oe,Oe,Oe,Ne]+"\\)$"),Fe=new RegExp("^rgba\\("+[De,De,De,Ne]+"\\)$"),Pe=new RegExp("^hsl\\("+[Ne,De,De]+"\\)$"),je=new RegExp("^hsla\\("+[Ne,De,De,Ne]+"\\)$"),Ye={aliceblue:15792383,antiquewhite:16444375,aqua:65535,aquamarine:8388564,azure:15794175,beige:16119260,bisque:16770244,black:0,blanchedalmond:16772045,blue:255,blueviolet:9055202,brown:10824234,burlywood:14596231,cadetblue:6266528,chartreuse:8388352,chocolate:13789470,coral:16744272,cornflowerblue:6591981,cornsilk:16775388,crimson:14423100,cyan:65535,darkblue:139,darkcyan:35723,darkgoldenrod:12092939,darkgray:11119017,darkgreen:25600,darkgrey:11119017,darkkhaki:12433259,darkmagenta:9109643,darkolivegreen:5597999,darkorange:16747520,darkorchid:10040012,darkred:9109504,darksalmon:15308410,darkseagreen:9419919,darkslateblue:4734347,darkslategray:3100495,darkslategrey:3100495,darkturquoise:52945,darkviolet:9699539,deeppink:16716947,deepskyblue:49151,dimgray:6908265,dimgrey:6908265,dodgerblue:2003199,firebrick:11674146,floralwhite:16775920,forestgreen:2263842,fuchsia:16711935,gainsboro:14474460,ghostwhite:16316671,gold:16766720,goldenrod:14329120,gray:8421504,green:32768,greenyellow:11403055,grey:8421504,honeydew:15794160,hotpink:16738740,indianred:13458524,indigo:4915330,ivory:16777200,khaki:15787660,lavender:15132410,lavenderblush:16773365,lawngreen:8190976,lemonchiffon:16775885,lightblue:11393254,lightcoral:15761536,lightcyan:14745599,lightgoldenrodyellow:16448210,lightgray:13882323,lightgreen:9498256,lightgrey:13882323,lightpink:16758465,lightsalmon:16752762,lightseagreen:2142890,lightskyblue:8900346,lightslategray:7833753,lightslategrey:7833753,lightsteelblue:11584734,lightyellow:16777184,lime:65280,limegreen:3329330,linen:16445670,magenta:16711935,maroon:8388608,mediumaquamarine:6737322,mediumblue:205,mediumorchid:12211667,mediumpurple:9662683,mediumseagreen:3978097,mediumslateblue:8087790,mediumspringgreen:64154,mediumturquoise:4772300,mediumvioletred:13047173,midnightblue:1644912,mintcream:16121850,mistyrose:16770273,moccasin:16770229,navajowhite:16768685,navy:128,oldlace:16643558,olive:8421376,olivedrab:7048739,orange:16753920,orangered:16729344,orchid:14315734,palegoldenrod:15657130,palegreen:10025880,paleturquoise:11529966,palevioletred:14381203,papayawhip:16773077,peachpuff:16767673,peru:13468991,pink:16761035,plum:14524637,powderblue:11591910,purple:8388736,rebeccapurple:6697881,red:16711680,rosybrown:12357519,royalblue:4286945,saddlebrown:9127187,salmon:16416882,sandybrown:16032864,seagreen:3050327,seashell:16774638,sienna:10506797,silver:12632256,skyblue:8900331,slateblue:6970061,slategray:7372944,slategrey:7372944,snow:16775930,springgreen:65407,steelblue:4620980,tan:13808780,teal:32896,thistle:14204888,tomato:16737095,turquoise:4251856,violet:15631086,wheat:16113331,white:16777215,whitesmoke:16119285,yellow:16776960,yellowgreen:10145074};function ze(){return this.rgb().formatHex()}function Ue(){return this.rgb().formatRgb()}function $e(t){var e,n;return t=(t+"").trim().toLowerCase(),(e=Be.exec(t))?(n=e[1].length,e=parseInt(e[1],16),6===n?We(e):3===n?new Ge(e>>8&15|e>>4&240,e>>4&15|240&e,(15&e)<<4|15&e,1):8===n?new Ge(e>>24&255,e>>16&255,e>>8&255,(255&e)/255):4===n?new Ge(e>>12&15|e>>8&240,e>>8&15|e>>4&240,e>>4&15|240&e,((15&e)<<4|15&e)/255):null):(e=Le.exec(t))?new Ge(e[1],e[2],e[3],1):(e=Ie.exec(t))?new Ge(255*e[1]/100,255*e[2]/100,255*e[3]/100,1):(e=Re.exec(t))?Ve(e[1],e[2],e[3],e[4]):(e=Fe.exec(t))?Ve(255*e[1]/100,255*e[2]/100,255*e[3]/100,e[4]):(e=Pe.exec(t))?Ke(e[1],e[2]/100,e[3]/100,1):(e=je.exec(t))?Ke(e[1],e[2]/100,e[3]/100,e[4]):Ye.hasOwnProperty(t)?We(Ye[t]):"transparent"===t?new Ge(NaN,NaN,NaN,0):null}function We(t){return new Ge(t>>16&255,t>>8&255,255&t,1)}function Ve(t,e,n,r){return r<=0&&(t=e=n=NaN),new Ge(t,e,n,r)}function qe(t){return t instanceof Me||(t=$e(t)),t?new Ge((t=t.rgb()).r,t.g,t.b,t.opacity):new Ge}function He(t,e,n,r){return 1===arguments.length?qe(t):new Ge(t,e,n,null==r?1:r)}function Ge(t,e,n,r){this.r=+t,this.g=+e,this.b=+n,this.opacity=+r}function Xe(){return"#"+Qe(this.r)+Qe(this.g)+Qe(this.b)}function Ze(){var t=this.opacity;return(1===(t=isNaN(t)?1:Math.max(0,Math.min(1,t)))?"rgb(":"rgba(")+Math.max(0,Math.min(255,Math.round(this.r)||0))+", "+Math.max(0,Math.min(255,Math.round(this.g)||0))+", "+Math.max(0,Math.min(255,Math.round(this.b)||0))+(1===t?")":", "+t+")")}function Qe(t){return((t=Math.max(0,Math.min(255,Math.round(t)||0)))<16?"0":"")+t.toString(16)}function Ke(t,e,n,r){return r<=0?t=e=n=NaN:n<=0||n>=1?t=e=NaN:e<=0&&(t=NaN),new en(t,e,n,r)}function Je(t){if(t instanceof en)return new en(t.h,t.s,t.l,t.opacity);if(t instanceof Me||(t=$e(t)),!t)return new en;if(t instanceof en)return t;var e=(t=t.rgb()).r/255,n=t.g/255,r=t.b/255,i=Math.min(e,n,r),a=Math.max(e,n,r),o=NaN,s=a-i,c=(a+i)/2;return s?(o=e===a?(n-r)/s+6*(n<r):n===a?(r-e)/s+2:(e-n)/s+4,s/=c<.5?a+i:2-a-i,o*=60):s=c>0&&c<1?0:o,new en(o,s,c,t.opacity)}function tn(t,e,n,r){return 1===arguments.length?Je(t):new en(t,e,n,null==r?1:r)}function en(t,e,n,r){this.h=+t,this.s=+e,this.l=+n,this.opacity=+r}function nn(t,e,n){return 255*(t<60?e+(n-e)*t/60:t<180?n:t<240?e+(n-e)*(240-t)/60:e)}function rn(t,e,n,r,i){var a=t*t,o=a*t;return((1-3*t+3*a-o)*e+(4-6*a+3*o)*n+(1+3*t+3*a-3*o)*r+o*i)/6}Se(Me,$e,{copy:function(t){return Object.assign(new this.constructor,this,t)},displayable:function(){return this.rgb().displayable()},hex:ze,formatHex:ze,formatHsl:function(){return Je(this).formatHsl()},formatRgb:Ue,toString:Ue}),Se(Ge,He,Ae(Me,{brighter:function(t){return t=null==t?1/.7:Math.pow(1/.7,t),new Ge(this.r*t,this.g*t,this.b*t,this.opacity)},darker:function(t){return t=null==t?.7:Math.pow(.7,t),new Ge(this.r*t,this.g*t,this.b*t,this.opacity)},rgb:function(){return this},displayable:function(){return-.5<=this.r&&this.r<255.5&&-.5<=this.g&&this.g<255.5&&-.5<=this.b&&this.b<255.5&&0<=this.opacity&&this.opacity<=1},hex:Xe,formatHex:Xe,formatRgb:Ze,toString:Ze})),Se(en,tn,Ae(Me,{brighter:function(t){return t=null==t?1/.7:Math.pow(1/.7,t),new en(this.h,this.s,this.l*t,this.opacity)},darker:function(t){return t=null==t?.7:Math.pow(.7,t),new en(this.h,this.s,this.l*t,this.opacity)},rgb:function(){var t=this.h%360+360*(this.h<0),e=isNaN(t)||isNaN(this.s)?0:this.s,n=this.l,r=n+(n<.5?n:1-n)*e,i=2*n-r;return new Ge(nn(t>=240?t-240:t+120,i,r),nn(t,i,r),nn(t<120?t+240:t-120,i,r),this.opacity)},displayable:function(){return(0<=this.s&&this.s<=1||isNaN(this.s))&&0<=this.l&&this.l<=1&&0<=this.opacity&&this.opacity<=1},formatHsl:function(){var t=this.opacity;return(1===(t=isNaN(t)?1:Math.max(0,Math.min(1,t)))?"hsl(":"hsla(")+(this.h||0)+", "+100*(this.s||0)+"%, "+100*(this.l||0)+"%"+(1===t?")":", "+t+")")}}));var an=function(t){var e=t.length-1;return function(n){var r=n<=0?n=0:n>=1?(n=1,e-1):Math.floor(n*e),i=t[r],a=t[r+1],o=r>0?t[r-1]:2*i-a,s=r<e-1?t[r+2]:2*a-i;return rn((n-r/e)*e,o,i,a,s)}},on=function(t){var e=t.length;return function(n){var r=Math.floor(((n%=1)<0?++n:n)*e),i=t[(r+e-1)%e],a=t[r%e],o=t[(r+1)%e],s=t[(r+2)%e];return rn((n-r/e)*e,i,a,o,s)}},sn=function(t){return function(){return t}};function cn(t,e){return function(n){return t+n*e}}function un(t,e){var n=e-t;return n?cn(t,n>180||n<-180?n-360*Math.round(n/360):n):sn(isNaN(t)?e:t)}function ln(t){return 1==(t=+t)?hn:function(e,n){return n-e?function(t,e,n){return t=Math.pow(t,n),e=Math.pow(e,n)-t,n=1/n,function(r){return Math.pow(t+r*e,n)}}(e,n,t):sn(isNaN(e)?n:e)}}function hn(t,e){var n=e-t;return n?cn(t,n):sn(isNaN(t)?e:t)}var fn=function t(e){var n=ln(e);function r(t,e){var r=n((t=He(t)).r,(e=He(e)).r),i=n(t.g,e.g),a=n(t.b,e.b),o=hn(t.opacity,e.opacity);return function(e){return t.r=r(e),t.g=i(e),t.b=a(e),t.opacity=o(e),t+""}}return r.gamma=t,r}(1);function dn(t){return function(e){var n,r,i=e.length,a=new Array(i),o=new Array(i),s=new Array(i);for(n=0;n<i;++n)r=He(e[n]),a[n]=r.r||0,o[n]=r.g||0,s[n]=r.b||0;return a=t(a),o=t(o),s=t(s),r.opacity=1,function(t){return r.r=a(t),r.g=o(t),r.b=s(t),r+""}}}var pn=dn(an),yn=dn(on),gn=function(t,e){e||(e=[]);var n,r=t?Math.min(e.length,t.length):0,i=e.slice();return function(a){for(n=0;n<r;++n)i[n]=t[n]*(1-a)+e[n]*a;return i}};function vn(t){return ArrayBuffer.isView(t)&&!(t instanceof DataView)}var mn=function(t,e){return(vn(e)?gn:bn)(t,e)};function bn(t,e){var n,r=e?e.length:0,i=t?Math.min(r,t.length):0,a=new Array(i),o=new Array(r);for(n=0;n<i;++n)a[n]=An(t[n],e[n]);for(;n<r;++n)o[n]=e[n];return function(t){for(n=0;n<i;++n)o[n]=a[n](t);return o}}var _n=function(t,e){var n=new Date;return t=+t,e=+e,function(r){return n.setTime(t*(1-r)+e*r),n}},xn=function(t,e){return t=+t,e=+e,function(n){return t*(1-n)+e*n}},kn=function(t,e){var n,r={},i={};for(n in null!==t&&"object"==typeof t||(t={}),null!==e&&"object"==typeof e||(e={}),e)n in t?r[n]=An(t[n],e[n]):i[n]=e[n];return function(t){for(n in r)i[n]=r[n](t);return i}},wn=/[-+]?(?:\d+\.?\d*|\.?\d+)(?:[eE][-+]?\d+)?/g,En=new RegExp(wn.source,"g");var Tn,Cn,Sn=function(t,e){var n,r,i,a=wn.lastIndex=En.lastIndex=0,o=-1,s=[],c=[];for(t+="",e+="";(n=wn.exec(t))&&(r=En.exec(e));)(i=r.index)>a&&(i=e.slice(a,i),s[o]?s[o]+=i:s[++o]=i),(n=n[0])===(r=r[0])?s[o]?s[o]+=r:s[++o]=r:(s[++o]=null,c.push({i:o,x:xn(n,r)})),a=En.lastIndex;return a<e.length&&(i=e.slice(a),s[o]?s[o]+=i:s[++o]=i),s.length<2?c[0]?function(t){return function(e){return t(e)+""}}(c[0].x):function(t){return function(){return t}}(e):(e=c.length,function(t){for(var n,r=0;r<e;++r)s[(n=c[r]).i]=n.x(t);return s.join("")})},An=function(t,e){var n,r=typeof e;return null==e||"boolean"===r?sn(e):("number"===r?xn:"string"===r?(n=$e(e))?(e=n,fn):Sn:e instanceof $e?fn:e instanceof Date?_n:vn(e)?gn:Array.isArray(e)?bn:"function"!=typeof e.valueOf&&"function"!=typeof e.toString||isNaN(e)?kn:xn)(t,e)},Mn=function(){for(var t,e=ce;t=e.sourceEvent;)e=t;return e},On=function(t,e){var n=t.ownerSVGElement||t;if(n.createSVGPoint){var r=n.createSVGPoint();return r.x=e.clientX,r.y=e.clientY,[(r=r.matrixTransform(t.getScreenCTM().inverse())).x,r.y]}var i=t.getBoundingClientRect();return[e.clientX-i.left-t.clientLeft,e.clientY-i.top-t.clientTop]},Nn=function(t,e,n){arguments.length<3&&(n=e,e=Mn().changedTouches);for(var r,i=0,a=e?e.length:0;i<a;++i)if((r=e[i]).identifier===n)return On(t,r);return null},Dn=function(t){var e=Mn();return e.changedTouches&&(e=e.changedTouches[0]),On(t,e)},Bn=0,Ln=0,In=0,Rn=0,Fn=0,Pn=0,jn="object"==typeof performance&&performance.now?performance:Date,Yn="object"==typeof window&&window.requestAnimationFrame?window.requestAnimationFrame.bind(window):function(t){setTimeout(t,17)};function zn(){return Fn||(Yn(Un),Fn=jn.now()+Pn)}function Un(){Fn=0}function $n(){this._call=this._time=this._next=null}function Wn(t,e,n){var r=new $n;return r.restart(t,e,n),r}function Vn(){zn(),++Bn;for(var t,e=Tn;e;)(t=Fn-e._time)>=0&&e._call.call(null,t),e=e._next;--Bn}function qn(){Fn=(Rn=jn.now())+Pn,Bn=Ln=0;try{Vn()}finally{Bn=0,function(){var t,e,n=Tn,r=1/0;for(;n;)n._call?(r>n._time&&(r=n._time),t=n,n=n._next):(e=n._next,n._next=null,n=t?t._next=e:Tn=e);Cn=t,Gn(r)}(),Fn=0}}function Hn(){var t=jn.now(),e=t-Rn;e>1e3&&(Pn-=e,Rn=t)}function Gn(t){Bn||(Ln&&(Ln=clearTimeout(Ln)),t-Fn>24?(t<1/0&&(Ln=setTimeout(qn,t-jn.now()-Pn)),In&&(In=clearInterval(In))):(In||(Rn=jn.now(),In=setInterval(Hn,1e3)),Bn=1,Yn(qn)))}$n.prototype=Wn.prototype={constructor:$n,restart:function(t,e,n){if("function"!=typeof t)throw new TypeError("callback is not a function");n=(null==n?zn():+n)+(null==e?0:+e),this._next||Cn===this||(Cn?Cn._next=this:Tn=this,Cn=this),this._call=t,this._time=n,Gn()},stop:function(){this._call&&(this._call=null,this._time=1/0,Gn())}};var Xn=function(t,e,n){var r=new $n;return e=null==e?0:+e,r.restart((function(n){r.stop(),t(n+e)}),e,n),r},Zn=lt("start","end","cancel","interrupt"),Qn=[],Kn=function(t,e,n,r,i,a){var o=t.__transition;if(o){if(n in o)return}else t.__transition={};!function(t,e,n){var r,i=t.__transition;function a(c){var u,l,h,f;if(1!==n.state)return s();for(u in i)if((f=i[u]).name===n.name){if(3===f.state)return Xn(a);4===f.state?(f.state=6,f.timer.stop(),f.on.call("interrupt",t,t.__data__,f.index,f.group),delete i[u]):+u<e&&(f.state=6,f.timer.stop(),f.on.call("cancel",t,t.__data__,f.index,f.group),delete i[u])}if(Xn((function(){3===n.state&&(n.state=4,n.timer.restart(o,n.delay,n.time),o(c))})),n.state=2,n.on.call("start",t,t.__data__,n.index,n.group),2===n.state){for(n.state=3,r=new Array(h=n.tween.length),u=0,l=-1;u<h;++u)(f=n.tween[u].value.call(t,t.__data__,n.index,n.group))&&(r[++l]=f);r.length=l+1}}function o(e){for(var i=e<n.duration?n.ease.call(null,e/n.duration):(n.timer.restart(s),n.state=5,1),a=-1,o=r.length;++a<o;)r[a].call(t,i);5===n.state&&(n.on.call("end",t,t.__data__,n.index,n.group),s())}function s(){for(var r in n.state=6,n.timer.stop(),delete i[e],i)return;delete t.__transition}i[e]=n,n.timer=Wn((function(t){n.state=1,n.timer.restart(a,n.delay,n.time),n.delay<=t&&a(t-n.delay)}),0,n.time)}(t,n,{name:e,index:r,group:i,on:Zn,tween:Qn,time:a.time,delay:a.delay,duration:a.duration,ease:a.ease,timer:null,state:0})};function Jn(t,e){var n=er(t,e);if(n.state>0)throw new Error("too late; already scheduled");return n}function tr(t,e){var n=er(t,e);if(n.state>3)throw new Error("too late; already running");return n}function er(t,e){var n=t.__transition;if(!n||!(n=n[e]))throw new Error("transition not found");return n}var nr,rr,ir,ar,or=function(t,e){var n,r,i,a=t.__transition,o=!0;if(a){for(i in e=null==e?null:e+"",a)(n=a[i]).name===e?(r=n.state>2&&n.state<5,n.state=6,n.timer.stop(),n.on.call(r?"interrupt":"cancel",t,t.__data__,n.index,n.group),delete a[i]):o=!1;o&&delete t.__transition}},sr=180/Math.PI,cr={translateX:0,translateY:0,rotate:0,skewX:0,scaleX:1,scaleY:1},ur=function(t,e,n,r,i,a){var o,s,c;return(o=Math.sqrt(t*t+e*e))&&(t/=o,e/=o),(c=t*n+e*r)&&(n-=t*c,r-=e*c),(s=Math.sqrt(n*n+r*r))&&(n/=s,r/=s,c/=s),t*r<e*n&&(t=-t,e=-e,c=-c,o=-o),{translateX:i,translateY:a,rotate:Math.atan2(e,t)*sr,skewX:Math.atan(c)*sr,scaleX:o,scaleY:s}};function lr(t,e,n,r){function i(t){return t.length?t.pop()+" ":""}return function(a,o){var s=[],c=[];return a=t(a),o=t(o),function(t,r,i,a,o,s){if(t!==i||r!==a){var c=o.push("translate(",null,e,null,n);s.push({i:c-4,x:xn(t,i)},{i:c-2,x:xn(r,a)})}else(i||a)&&o.push("translate("+i+e+a+n)}(a.translateX,a.translateY,o.translateX,o.translateY,s,c),function(t,e,n,a){t!==e?(t-e>180?e+=360:e-t>180&&(t+=360),a.push({i:n.push(i(n)+"rotate(",null,r)-2,x:xn(t,e)})):e&&n.push(i(n)+"rotate("+e+r)}(a.rotate,o.rotate,s,c),function(t,e,n,a){t!==e?a.push({i:n.push(i(n)+"skewX(",null,r)-2,x:xn(t,e)}):e&&n.push(i(n)+"skewX("+e+r)}(a.skewX,o.skewX,s,c),function(t,e,n,r,a,o){if(t!==n||e!==r){var s=a.push(i(a)+"scale(",null,",",null,")");o.push({i:s-4,x:xn(t,n)},{i:s-2,x:xn(e,r)})}else 1===n&&1===r||a.push(i(a)+"scale("+n+","+r+")")}(a.scaleX,a.scaleY,o.scaleX,o.scaleY,s,c),a=o=null,function(t){for(var e,n=-1,r=c.length;++n<r;)s[(e=c[n]).i]=e.x(t);return s.join("")}}}var hr=lr((function(t){return"none"===t?cr:(nr||(nr=document.createElement("DIV"),rr=document.documentElement,ir=document.defaultView),nr.style.transform=t,t=ir.getComputedStyle(rr.appendChild(nr),null).getPropertyValue("transform"),rr.removeChild(nr),t=t.slice(7,-1).split(","),ur(+t[0],+t[1],+t[2],+t[3],+t[4],+t[5]))}),"px, ","px)","deg)"),fr=lr((function(t){return null==t?cr:(ar||(ar=document.createElementNS("http://www.w3.org/2000/svg","g")),ar.setAttribute("transform",t),(t=ar.transform.baseVal.consolidate())?(t=t.matrix,ur(t.a,t.b,t.c,t.d,t.e,t.f)):cr)}),", ",")",")");function dr(t,e){var n,r;return function(){var i=tr(this,t),a=i.tween;if(a!==n)for(var o=0,s=(r=n=a).length;o<s;++o)if(r[o].name===e){(r=r.slice()).splice(o,1);break}i.tween=r}}function pr(t,e,n){var r,i;if("function"!=typeof n)throw new Error;return function(){var a=tr(this,t),o=a.tween;if(o!==r){i=(r=o).slice();for(var s={name:e,value:n},c=0,u=i.length;c<u;++c)if(i[c].name===e){i[c]=s;break}c===u&&i.push(s)}a.tween=i}}function yr(t,e,n){var r=t._id;return t.each((function(){var t=tr(this,r);(t.value||(t.value={}))[e]=n.apply(this,arguments)})),function(t){return er(t,r).value[e]}}var gr=function(t,e){var n;return("number"==typeof e?xn:e instanceof $e?fn:(n=$e(e))?(e=n,fn):Sn)(t,e)};function vr(t){return function(){this.removeAttribute(t)}}function mr(t){return function(){this.removeAttributeNS(t.space,t.local)}}function br(t,e,n){var r,i,a=n+"";return function(){var o=this.getAttribute(t);return o===a?null:o===r?i:i=e(r=o,n)}}function _r(t,e,n){var r,i,a=n+"";return function(){var o=this.getAttributeNS(t.space,t.local);return o===a?null:o===r?i:i=e(r=o,n)}}function xr(t,e,n){var r,i,a;return function(){var o,s,c=n(this);if(null!=c)return(o=this.getAttribute(t))===(s=c+"")?null:o===r&&s===i?a:(i=s,a=e(r=o,c));this.removeAttribute(t)}}function kr(t,e,n){var r,i,a;return function(){var o,s,c=n(this);if(null!=c)return(o=this.getAttributeNS(t.space,t.local))===(s=c+"")?null:o===r&&s===i?a:(i=s,a=e(r=o,c));this.removeAttributeNS(t.space,t.local)}}function wr(t,e){return function(n){this.setAttribute(t,e.call(this,n))}}function Er(t,e){return function(n){this.setAttributeNS(t.space,t.local,e.call(this,n))}}function Tr(t,e){var n,r;function i(){var i=e.apply(this,arguments);return i!==r&&(n=(r=i)&&Er(t,i)),n}return i._value=e,i}function Cr(t,e){var n,r;function i(){var i=e.apply(this,arguments);return i!==r&&(n=(r=i)&&wr(t,i)),n}return i._value=e,i}function Sr(t,e){return function(){Jn(this,t).delay=+e.apply(this,arguments)}}function Ar(t,e){return e=+e,function(){Jn(this,t).delay=e}}function Mr(t,e){return function(){tr(this,t).duration=+e.apply(this,arguments)}}function Or(t,e){return e=+e,function(){tr(this,t).duration=e}}function Nr(t,e){if("function"!=typeof e)throw new Error;return function(){tr(this,t).ease=e}}function Dr(t,e,n){var r,i,a=function(t){return(t+"").trim().split(/^|\s+/).every((function(t){var e=t.indexOf(".");return e>=0&&(t=t.slice(0,e)),!t||"start"===t}))}(e)?Jn:tr;return function(){var o=a(this,t),s=o.on;s!==r&&(i=(r=s).copy()).on(e,n),o.on=i}}var Br=xe.prototype.constructor;function Lr(t){return function(){this.style.removeProperty(t)}}function Ir(t,e,n){return function(r){this.style.setProperty(t,e.call(this,r),n)}}function Rr(t,e,n){var r,i;function a(){var a=e.apply(this,arguments);return a!==i&&(r=(i=a)&&Ir(t,a,n)),r}return a._value=e,a}function Fr(t){return function(e){this.textContent=t.call(this,e)}}function Pr(t){var e,n;function r(){var r=t.apply(this,arguments);return r!==n&&(e=(n=r)&&Fr(r)),e}return r._value=t,r}var jr=0;function Yr(t,e,n,r){this._groups=t,this._parents=e,this._name=n,this._id=r}function zr(t){return xe().transition(t)}function Ur(){return++jr}var $r=xe.prototype;function Wr(t){return t*t*t}function Vr(t){return--t*t*t+1}function qr(t){return((t*=2)<=1?t*t*t:(t-=2)*t*t+2)/2}Yr.prototype=zr.prototype={constructor:Yr,select:function(t){var e=this._name,n=this._id;"function"!=typeof t&&(t=ft(t));for(var r=this._groups,i=r.length,a=new Array(i),o=0;o<i;++o)for(var s,c,u=r[o],l=u.length,h=a[o]=new Array(l),f=0;f<l;++f)(s=u[f])&&(c=t.call(s,s.__data__,f,u))&&("__data__"in s&&(c.__data__=s.__data__),h[f]=c,Kn(h[f],e,n,f,h,er(s,n)));return new Yr(a,this._parents,e,n)},selectAll:function(t){var e=this._name,n=this._id;"function"!=typeof t&&(t=pt(t));for(var r=this._groups,i=r.length,a=[],o=[],s=0;s<i;++s)for(var c,u=r[s],l=u.length,h=0;h<l;++h)if(c=u[h]){for(var f,d=t.call(c,c.__data__,h,u),p=er(c,n),y=0,g=d.length;y<g;++y)(f=d[y])&&Kn(f,e,n,y,d,p);a.push(d),o.push(c)}return new Yr(a,o,e,n)},filter:function(t){"function"!=typeof t&&(t=yt(t));for(var e=this._groups,n=e.length,r=new Array(n),i=0;i<n;++i)for(var a,o=e[i],s=o.length,c=r[i]=[],u=0;u<s;++u)(a=o[u])&&t.call(a,a.__data__,u,o)&&c.push(a);return new Yr(r,this._parents,this._name,this._id)},merge:function(t){if(t._id!==this._id)throw new Error;for(var e=this._groups,n=t._groups,r=e.length,i=n.length,a=Math.min(r,i),o=new Array(r),s=0;s<a;++s)for(var c,u=e[s],l=n[s],h=u.length,f=o[s]=new Array(h),d=0;d<h;++d)(c=u[d]||l[d])&&(f[d]=c);for(;s<r;++s)o[s]=e[s];return new Yr(o,this._parents,this._name,this._id)},selection:function(){return new Br(this._groups,this._parents)},transition:function(){for(var t=this._name,e=this._id,n=Ur(),r=this._groups,i=r.length,a=0;a<i;++a)for(var o,s=r[a],c=s.length,u=0;u<c;++u)if(o=s[u]){var l=er(o,e);Kn(o,t,n,u,s,{time:l.time+l.delay+l.duration,delay:0,duration:l.duration,ease:l.ease})}return new Yr(r,this._parents,t,n)},call:$r.call,nodes:$r.nodes,node:$r.node,size:$r.size,empty:$r.empty,each:$r.each,on:function(t,e){var n=this._id;return arguments.length<2?er(this.node(),n).on.on(t):this.each(Dr(n,t,e))},attr:function(t,e){var n=wt(t),r="transform"===n?fr:gr;return this.attrTween(t,"function"==typeof e?(n.local?kr:xr)(n,r,yr(this,"attr."+t,e)):null==e?(n.local?mr:vr)(n):(n.local?_r:br)(n,r,e))},attrTween:function(t,e){var n="attr."+t;if(arguments.length<2)return(n=this.tween(n))&&n._value;if(null==e)return this.tween(n,null);if("function"!=typeof e)throw new Error;var r=wt(t);return this.tween(n,(r.local?Tr:Cr)(r,e))},style:function(t,e,n){var r="transform"==(t+="")?hr:gr;return null==e?this.styleTween(t,function(t,e){var n,r,i;return function(){var a=Lt(this,t),o=(this.style.removeProperty(t),Lt(this,t));return a===o?null:a===n&&o===r?i:i=e(n=a,r=o)}}(t,r)).on("end.style."+t,Lr(t)):"function"==typeof e?this.styleTween(t,function(t,e,n){var r,i,a;return function(){var o=Lt(this,t),s=n(this),c=s+"";return null==s&&(this.style.removeProperty(t),c=s=Lt(this,t)),o===c?null:o===r&&c===i?a:(i=c,a=e(r=o,s))}}(t,r,yr(this,"style."+t,e))).each(function(t,e){var n,r,i,a,o="style."+e,s="end."+o;return function(){var c=tr(this,t),u=c.on,l=null==c.value[o]?a||(a=Lr(e)):void 0;u===n&&i===l||(r=(n=u).copy()).on(s,i=l),c.on=r}}(this._id,t)):this.styleTween(t,function(t,e,n){var r,i,a=n+"";return function(){var o=Lt(this,t);return o===a?null:o===r?i:i=e(r=o,n)}}(t,r,e),n).on("end.style."+t,null)},styleTween:function(t,e,n){var r="style."+(t+="");if(arguments.length<2)return(r=this.tween(r))&&r._value;if(null==e)return this.tween(r,null);if("function"!=typeof e)throw new Error;return this.tween(r,Rr(t,e,null==n?"":n))},text:function(t){return this.tween("text","function"==typeof t?function(t){return function(){var e=t(this);this.textContent=null==e?"":e}}(yr(this,"text",t)):function(t){return function(){this.textContent=t}}(null==t?"":t+""))},textTween:function(t){var e="text";if(arguments.length<1)return(e=this.tween(e))&&e._value;if(null==t)return this.tween(e,null);if("function"!=typeof t)throw new Error;return this.tween(e,Pr(t))},remove:function(){return this.on("end.remove",(t=this._id,function(){var e=this.parentNode;for(var n in this.__transition)if(+n!==t)return;e&&e.removeChild(this)}));var t},tween:function(t,e){var n=this._id;if(t+="",arguments.length<2){for(var r,i=er(this.node(),n).tween,a=0,o=i.length;a<o;++a)if((r=i[a]).name===t)return r.value;return null}return this.each((null==e?dr:pr)(n,t,e))},delay:function(t){var e=this._id;return arguments.length?this.each(("function"==typeof t?Sr:Ar)(e,t)):er(this.node(),e).delay},duration:function(t){var e=this._id;return arguments.length?this.each(("function"==typeof t?Mr:Or)(e,t)):er(this.node(),e).duration},ease:function(t){var e=this._id;return arguments.length?this.each(Nr(e,t)):er(this.node(),e).ease},end:function(){var t,e,n=this,r=n._id,i=n.size();return new Promise((function(a,o){var s={value:o},c={value:function(){0==--i&&a()}};n.each((function(){var n=tr(this,r),i=n.on;i!==t&&((e=(t=i).copy())._.cancel.push(s),e._.interrupt.push(s),e._.end.push(c)),n.on=e}))}))}};var Hr={time:null,delay:0,duration:250,ease:qr};function Gr(t,e){for(var n;!(n=t.__transition)||!(n=n[e]);)if(!(t=t.parentNode))return Hr.time=zn(),Hr;return n}xe.prototype.interrupt=function(t){return this.each((function(){or(this,t)}))},xe.prototype.transition=function(t){var e,n;t instanceof Yr?(e=t._id,t=t._name):(e=Ur(),(n=Hr).time=zn(),t=null==t?null:t+"");for(var r=this._groups,i=r.length,a=0;a<i;++a)for(var o,s=r[a],c=s.length,u=0;u<c;++u)(o=s[u])&&Kn(o,t,e,u,s,n||Gr(o,e));return new Yr(r,this._parents,t,e)};var Xr=[null],Zr=function(t,e){var n,r,i=t.__transition;if(i)for(r in e=null==e?null:e+"",i)if((n=i[r]).state>1&&n.name===e)return new Yr([[t]],Xr,e,+r);return null},Qr=function(t){return function(){return t}},Kr=function(t,e,n){this.target=t,this.type=e,this.selection=n};function Jr(){ce.stopImmediatePropagation()}var ti=function(){ce.preventDefault(),ce.stopImmediatePropagation()},ei={name:"drag"},ni={name:"space"},ri={name:"handle"},ii={name:"center"};function ai(t){return[+t[0],+t[1]]}function oi(t){return[ai(t[0]),ai(t[1])]}function si(t){return function(e){return Nn(e,ce.touches,t)}}var ci={name:"x",handles:["w","e"].map(gi),input:function(t,e){return null==t?null:[[+t[0],e[0][1]],[+t[1],e[1][1]]]},output:function(t){return t&&[t[0][0],t[1][0]]}},ui={name:"y",handles:["n","s"].map(gi),input:function(t,e){return null==t?null:[[e[0][0],+t[0]],[e[1][0],+t[1]]]},output:function(t){return t&&[t[0][1],t[1][1]]}},li={name:"xy",handles:["n","w","e","s","nw","ne","sw","se"].map(gi),input:function(t){return null==t?null:oi(t)},output:function(t){return t}},hi={overlay:"crosshair",selection:"move",n:"ns-resize",e:"ew-resize",s:"ns-resize",w:"ew-resize",nw:"nwse-resize",ne:"nesw-resize",se:"nwse-resize",sw:"nesw-resize"},fi={e:"w",w:"e",nw:"ne",ne:"nw",se:"sw",sw:"se"},di={n:"s",s:"n",nw:"sw",ne:"se",se:"ne",sw:"nw"},pi={overlay:1,selection:1,n:null,e:1,s:null,w:-1,nw:-1,ne:1,se:1,sw:-1},yi={overlay:1,selection:1,n:-1,e:null,s:1,w:null,nw:-1,ne:-1,se:1,sw:1};function gi(t){return{type:t}}function vi(){return!ce.ctrlKey&&!ce.button}function mi(){var t=this.ownerSVGElement||this;return t.hasAttribute("viewBox")?[[(t=t.viewBox.baseVal).x,t.y],[t.x+t.width,t.y+t.height]]:[[0,0],[t.width.baseVal.value,t.height.baseVal.value]]}function bi(){return navigator.maxTouchPoints||"ontouchstart"in this}function _i(t){for(;!t.__brush;)if(!(t=t.parentNode))return;return t.__brush}function xi(t){return t[0][0]===t[1][0]||t[0][1]===t[1][1]}function ki(t){var e=t.__brush;return e?e.dim.output(e.selection):null}function wi(){return Ci(ci)}function Ei(){return Ci(ui)}var Ti=function(){return Ci(li)};function Ci(t){var e,n=mi,r=vi,i=bi,a=!0,o=lt("start","brush","end"),s=6;function c(e){var n=e.property("__brush",y).selectAll(".overlay").data([gi("overlay")]);n.enter().append("rect").attr("class","overlay").attr("pointer-events","all").attr("cursor",hi.overlay).merge(n).each((function(){var t=_i(this).extent;ke(this).attr("x",t[0][0]).attr("y",t[0][1]).attr("width",t[1][0]-t[0][0]).attr("height",t[1][1]-t[0][1])})),e.selectAll(".selection").data([gi("selection")]).enter().append("rect").attr("class","selection").attr("cursor",hi.selection).attr("fill","#777").attr("fill-opacity",.3).attr("stroke","#fff").attr("shape-rendering","crispEdges");var r=e.selectAll(".handle").data(t.handles,(function(t){return t.type}));r.exit().remove(),r.enter().append("rect").attr("class",(function(t){return"handle handle--"+t.type})).attr("cursor",(function(t){return hi[t.type]})),e.each(u).attr("fill","none").attr("pointer-events","all").on("mousedown.brush",f).filter(i).on("touchstart.brush",f).on("touchmove.brush",d).on("touchend.brush touchcancel.brush",p).style("touch-action","none").style("-webkit-tap-highlight-color","rgba(0,0,0,0)")}function u(){var t=ke(this),e=_i(this).selection;e?(t.selectAll(".selection").style("display",null).attr("x",e[0][0]).attr("y",e[0][1]).attr("width",e[1][0]-e[0][0]).attr("height",e[1][1]-e[0][1]),t.selectAll(".handle").style("display",null).attr("x",(function(t){return"e"===t.type[t.type.length-1]?e[1][0]-s/2:e[0][0]-s/2})).attr("y",(function(t){return"s"===t.type[0]?e[1][1]-s/2:e[0][1]-s/2})).attr("width",(function(t){return"n"===t.type||"s"===t.type?e[1][0]-e[0][0]+s:s})).attr("height",(function(t){return"e"===t.type||"w"===t.type?e[1][1]-e[0][1]+s:s}))):t.selectAll(".selection,.handle").style("display","none").attr("x",null).attr("y",null).attr("width",null).attr("height",null)}function l(t,e,n){return!n&&t.__brush.emitter||new h(t,e)}function h(t,e){this.that=t,this.args=e,this.state=t.__brush,this.active=0}function f(){if((!e||ce.touches)&&r.apply(this,arguments)){var n,i,o,s,c,h,f,d,p,y,g,v=this,m=ce.target.__data__.type,b="selection"===(a&&ce.metaKey?m="overlay":m)?ei:a&&ce.altKey?ii:ri,_=t===ui?null:pi[m],x=t===ci?null:yi[m],k=_i(v),w=k.extent,E=k.selection,T=w[0][0],C=w[0][1],S=w[1][0],A=w[1][1],M=0,O=0,N=_&&x&&a&&ce.shiftKey,D=ce.touches?si(ce.changedTouches[0].identifier):Dn,B=D(v),L=B,I=l(v,arguments,!0).beforestart();"overlay"===m?(E&&(p=!0),k.selection=E=[[n=t===ui?T:B[0],o=t===ci?C:B[1]],[c=t===ui?S:n,f=t===ci?A:o]]):(n=E[0][0],o=E[0][1],c=E[1][0],f=E[1][1]),i=n,s=o,h=c,d=f;var R=ke(v).attr("pointer-events","none"),F=R.selectAll(".overlay").attr("cursor",hi[m]);if(ce.touches)I.moved=j,I.ended=z;else{var P=ke(ce.view).on("mousemove.brush",j,!0).on("mouseup.brush",z,!0);a&&P.on("keydown.brush",U,!0).on("keyup.brush",$,!0),Te(ce.view)}Jr(),or(v),u.call(v),I.start()}function j(){var t=D(v);!N||y||g||(Math.abs(t[0]-L[0])>Math.abs(t[1]-L[1])?g=!0:y=!0),L=t,p=!0,ti(),Y()}function Y(){var t;switch(M=L[0]-B[0],O=L[1]-B[1],b){case ni:case ei:_&&(M=Math.max(T-n,Math.min(S-c,M)),i=n+M,h=c+M),x&&(O=Math.max(C-o,Math.min(A-f,O)),s=o+O,d=f+O);break;case ri:_<0?(M=Math.max(T-n,Math.min(S-n,M)),i=n+M,h=c):_>0&&(M=Math.max(T-c,Math.min(S-c,M)),i=n,h=c+M),x<0?(O=Math.max(C-o,Math.min(A-o,O)),s=o+O,d=f):x>0&&(O=Math.max(C-f,Math.min(A-f,O)),s=o,d=f+O);break;case ii:_&&(i=Math.max(T,Math.min(S,n-M*_)),h=Math.max(T,Math.min(S,c+M*_))),x&&(s=Math.max(C,Math.min(A,o-O*x)),d=Math.max(C,Math.min(A,f+O*x)))}h<i&&(_*=-1,t=n,n=c,c=t,t=i,i=h,h=t,m in fi&&F.attr("cursor",hi[m=fi[m]])),d<s&&(x*=-1,t=o,o=f,f=t,t=s,s=d,d=t,m in di&&F.attr("cursor",hi[m=di[m]])),k.selection&&(E=k.selection),y&&(i=E[0][0],h=E[1][0]),g&&(s=E[0][1],d=E[1][1]),E[0][0]===i&&E[0][1]===s&&E[1][0]===h&&E[1][1]===d||(k.selection=[[i,s],[h,d]],u.call(v),I.brush())}function z(){if(Jr(),ce.touches){if(ce.touches.length)return;e&&clearTimeout(e),e=setTimeout((function(){e=null}),500)}else Ce(ce.view,p),P.on("keydown.brush keyup.brush mousemove.brush mouseup.brush",null);R.attr("pointer-events","all"),F.attr("cursor",hi.overlay),k.selection&&(E=k.selection),xi(E)&&(k.selection=null,u.call(v)),I.end()}function U(){switch(ce.keyCode){case 16:N=_&&x;break;case 18:b===ri&&(_&&(c=h-M*_,n=i+M*_),x&&(f=d-O*x,o=s+O*x),b=ii,Y());break;case 32:b!==ri&&b!==ii||(_<0?c=h-M:_>0&&(n=i-M),x<0?f=d-O:x>0&&(o=s-O),b=ni,F.attr("cursor",hi.selection),Y());break;default:return}ti()}function $(){switch(ce.keyCode){case 16:N&&(y=g=N=!1,Y());break;case 18:b===ii&&(_<0?c=h:_>0&&(n=i),x<0?f=d:x>0&&(o=s),b=ri,Y());break;case 32:b===ni&&(ce.altKey?(_&&(c=h-M*_,n=i+M*_),x&&(f=d-O*x,o=s+O*x),b=ii):(_<0?c=h:_>0&&(n=i),x<0?f=d:x>0&&(o=s),b=ri),F.attr("cursor",hi[m]),Y());break;default:return}ti()}}function d(){l(this,arguments).moved()}function p(){l(this,arguments).ended()}function y(){var e=this.__brush||{selection:null};return e.extent=oi(n.apply(this,arguments)),e.dim=t,e}return c.move=function(e,n){e.selection?e.on("start.brush",(function(){l(this,arguments).beforestart().start()})).on("interrupt.brush end.brush",(function(){l(this,arguments).end()})).tween("brush",(function(){var e=this,r=e.__brush,i=l(e,arguments),a=r.selection,o=t.input("function"==typeof n?n.apply(this,arguments):n,r.extent),s=An(a,o);function c(t){r.selection=1===t&&null===o?null:s(t),u.call(e),i.brush()}return null!==a&&null!==o?c:c(1)})):e.each((function(){var e=this,r=arguments,i=e.__brush,a=t.input("function"==typeof n?n.apply(e,r):n,i.extent),o=l(e,r).beforestart();or(e),i.selection=null===a?null:a,u.call(e),o.start().brush().end()}))},c.clear=function(t){c.move(t,null)},h.prototype={beforestart:function(){return 1==++this.active&&(this.state.emitter=this,this.starting=!0),this},start:function(){return this.starting?(this.starting=!1,this.emit("start")):this.emit("brush"),this},brush:function(){return this.emit("brush"),this},end:function(){return 0==--this.active&&(delete this.state.emitter,this.emit("end")),this},emit:function(e){pe(new Kr(c,e,t.output(this.state.selection)),o.apply,o,[e,this.that,this.args])}},c.extent=function(t){return arguments.length?(n="function"==typeof t?t:Qr(oi(t)),c):n},c.filter=function(t){return arguments.length?(r="function"==typeof t?t:Qr(!!t),c):r},c.touchable=function(t){return arguments.length?(i="function"==typeof t?t:Qr(!!t),c):i},c.handleSize=function(t){return arguments.length?(s=+t,c):s},c.keyModifiers=function(t){return arguments.length?(a=!!t,c):a},c.on=function(){var t=o.on.apply(o,arguments);return t===o?c:t},c}var Si=Math.cos,Ai=Math.sin,Mi=Math.PI,Oi=Mi/2,Ni=2*Mi,Di=Math.max;function Bi(t){return function(e,n){return t(e.source.value+e.target.value,n.source.value+n.target.value)}}var Li=function(){var t=0,e=null,n=null,r=null;function i(i){var a,o,s,c,u,l,h=i.length,f=[],d=k(h),p=[],y=[],g=y.groups=new Array(h),v=new Array(h*h);for(a=0,u=-1;++u<h;){for(o=0,l=-1;++l<h;)o+=i[u][l];f.push(o),p.push(k(h)),a+=o}for(e&&d.sort((function(t,n){return e(f[t],f[n])})),n&&p.forEach((function(t,e){t.sort((function(t,r){return n(i[e][t],i[e][r])}))})),c=(a=Di(0,Ni-t*h)/a)?t:Ni/h,o=0,u=-1;++u<h;){for(s=o,l=-1;++l<h;){var m=d[u],b=p[m][l],_=i[m][b],x=o,w=o+=_*a;v[b*h+m]={index:m,subindex:b,startAngle:x,endAngle:w,value:_}}g[m]={index:m,startAngle:s,endAngle:o,value:f[m]},o+=c}for(u=-1;++u<h;)for(l=u-1;++l<h;){var E=v[l*h+u],T=v[u*h+l];(E.value||T.value)&&y.push(E.value<T.value?{source:T,target:E}:{source:E,target:T})}return r?y.sort(r):y}return i.padAngle=function(e){return arguments.length?(t=Di(0,e),i):t},i.sortGroups=function(t){return arguments.length?(e=t,i):e},i.sortSubgroups=function(t){return arguments.length?(n=t,i):n},i.sortChords=function(t){return arguments.length?(null==t?r=null:(r=Bi(t))._=t,i):r&&r._},i},Ii=Array.prototype.slice,Ri=function(t){return function(){return t}},Fi=Math.PI,Pi=2*Fi,ji=Pi-1e-6;function Yi(){this._x0=this._y0=this._x1=this._y1=null,this._=""}function zi(){return new Yi}Yi.prototype=zi.prototype={constructor:Yi,moveTo:function(t,e){this._+="M"+(this._x0=this._x1=+t)+","+(this._y0=this._y1=+e)},closePath:function(){null!==this._x1&&(this._x1=this._x0,this._y1=this._y0,this._+="Z")},lineTo:function(t,e){this._+="L"+(this._x1=+t)+","+(this._y1=+e)},quadraticCurveTo:function(t,e,n,r){this._+="Q"+ +t+","+ +e+","+(this._x1=+n)+","+(this._y1=+r)},bezierCurveTo:function(t,e,n,r,i,a){this._+="C"+ +t+","+ +e+","+ +n+","+ +r+","+(this._x1=+i)+","+(this._y1=+a)},arcTo:function(t,e,n,r,i){t=+t,e=+e,n=+n,r=+r,i=+i;var a=this._x1,o=this._y1,s=n-t,c=r-e,u=a-t,l=o-e,h=u*u+l*l;if(i<0)throw new Error("negative radius: "+i);if(null===this._x1)this._+="M"+(this._x1=t)+","+(this._y1=e);else if(h>1e-6)if(Math.abs(l*s-c*u)>1e-6&&i){var f=n-a,d=r-o,p=s*s+c*c,y=f*f+d*d,g=Math.sqrt(p),v=Math.sqrt(h),m=i*Math.tan((Fi-Math.acos((p+h-y)/(2*g*v)))/2),b=m/v,_=m/g;Math.abs(b-1)>1e-6&&(this._+="L"+(t+b*u)+","+(e+b*l)),this._+="A"+i+","+i+",0,0,"+ +(l*f>u*d)+","+(this._x1=t+_*s)+","+(this._y1=e+_*c)}else this._+="L"+(this._x1=t)+","+(this._y1=e);else;},arc:function(t,e,n,r,i,a){t=+t,e=+e,a=!!a;var o=(n=+n)*Math.cos(r),s=n*Math.sin(r),c=t+o,u=e+s,l=1^a,h=a?r-i:i-r;if(n<0)throw new Error("negative radius: "+n);null===this._x1?this._+="M"+c+","+u:(Math.abs(this._x1-c)>1e-6||Math.abs(this._y1-u)>1e-6)&&(this._+="L"+c+","+u),n&&(h<0&&(h=h%Pi+Pi),h>ji?this._+="A"+n+","+n+",0,1,"+l+","+(t-o)+","+(e-s)+"A"+n+","+n+",0,1,"+l+","+(this._x1=c)+","+(this._y1=u):h>1e-6&&(this._+="A"+n+","+n+",0,"+ +(h>=Fi)+","+l+","+(this._x1=t+n*Math.cos(i))+","+(this._y1=e+n*Math.sin(i))))},rect:function(t,e,n,r){this._+="M"+(this._x0=this._x1=+t)+","+(this._y0=this._y1=+e)+"h"+ +n+"v"+ +r+"h"+-n+"Z"},toString:function(){return this._}};var Ui=zi;function $i(t){return t.source}function Wi(t){return t.target}function Vi(t){return t.radius}function qi(t){return t.startAngle}function Hi(t){return t.endAngle}var Gi=function(){var t=$i,e=Wi,n=Vi,r=qi,i=Hi,a=null;function o(){var o,s=Ii.call(arguments),c=t.apply(this,s),u=e.apply(this,s),l=+n.apply(this,(s[0]=c,s)),h=r.apply(this,s)-Oi,f=i.apply(this,s)-Oi,d=l*Si(h),p=l*Ai(h),y=+n.apply(this,(s[0]=u,s)),g=r.apply(this,s)-Oi,v=i.apply(this,s)-Oi;if(a||(a=o=Ui()),a.moveTo(d,p),a.arc(0,0,l,h,f),h===g&&f===v||(a.quadraticCurveTo(0,0,y*Si(g),y*Ai(g)),a.arc(0,0,y,g,v)),a.quadraticCurveTo(0,0,d,p),a.closePath(),o)return a=null,o+""||null}return o.radius=function(t){return arguments.length?(n="function"==typeof t?t:Ri(+t),o):n},o.startAngle=function(t){return arguments.length?(r="function"==typeof t?t:Ri(+t),o):r},o.endAngle=function(t){return arguments.length?(i="function"==typeof t?t:Ri(+t),o):i},o.source=function(e){return arguments.length?(t=e,o):t},o.target=function(t){return arguments.length?(e=t,o):e},o.context=function(t){return arguments.length?(a=null==t?null:t,o):a},o};function Xi(){}function Zi(t,e){var n=new Xi;if(t instanceof Xi)t.each((function(t,e){n.set(e,t)}));else if(Array.isArray(t)){var r,i=-1,a=t.length;if(null==e)for(;++i<a;)n.set(i,t[i]);else for(;++i<a;)n.set(e(r=t[i],i,t),r)}else if(t)for(var o in t)n.set(o,t[o]);return n}Xi.prototype=Zi.prototype={constructor:Xi,has:function(t){return"$"+t in this},get:function(t){return this["$"+t]},set:function(t,e){return this["$"+t]=e,this},remove:function(t){var e="$"+t;return e in this&&delete this[e]},clear:function(){for(var t in this)"$"===t[0]&&delete this[t]},keys:function(){var t=[];for(var e in this)"$"===e[0]&&t.push(e.slice(1));return t},values:function(){var t=[];for(var e in this)"$"===e[0]&&t.push(this[e]);return t},entries:function(){var t=[];for(var e in this)"$"===e[0]&&t.push({key:e.slice(1),value:this[e]});return t},size:function(){var t=0;for(var e in this)"$"===e[0]&&++t;return t},empty:function(){for(var t in this)if("$"===t[0])return!1;return!0},each:function(t){for(var e in this)"$"===e[0]&&t(this[e],e.slice(1),this)}};var Qi=Zi,Ki=function(){var t,e,n,r=[],i=[];function a(n,i,o,s){if(i>=r.length)return null!=t&&n.sort(t),null!=e?e(n):n;for(var c,u,l,h=-1,f=n.length,d=r[i++],p=Qi(),y=o();++h<f;)(l=p.get(c=d(u=n[h])+""))?l.push(u):p.set(c,[u]);return p.each((function(t,e){s(y,e,a(t,i,o,s))})),y}return n={object:function(t){return a(t,0,Ji,ta)},map:function(t){return a(t,0,ea,na)},entries:function(t){return function t(n,a){if(++a>r.length)return n;var o,s=i[a-1];return null!=e&&a>=r.length?o=n.entries():(o=[],n.each((function(e,n){o.push({key:n,values:t(e,a)})}))),null!=s?o.sort((function(t,e){return s(t.key,e.key)})):o}(a(t,0,ea,na),0)},key:function(t){return r.push(t),n},sortKeys:function(t){return i[r.length-1]=t,n},sortValues:function(e){return t=e,n},rollup:function(t){return e=t,n}}};function Ji(){return{}}function ta(t,e,n){t[e]=n}function ea(){return Qi()}function na(t,e,n){t.set(e,n)}function ra(){}var ia=Qi.prototype;function aa(t,e){var n=new ra;if(t instanceof ra)t.each((function(t){n.add(t)}));else if(t){var r=-1,i=t.length;if(null==e)for(;++r<i;)n.add(t[r]);else for(;++r<i;)n.add(e(t[r],r,t))}return n}ra.prototype=aa.prototype={constructor:ra,has:ia.has,add:function(t){return this["$"+(t+="")]=t,this},remove:ia.remove,clear:ia.clear,values:ia.keys,size:ia.size,empty:ia.empty,each:ia.each};var oa=aa,sa=function(t){var e=[];for(var n in t)e.push(n);return e},ca=function(t){var e=[];for(var n in t)e.push(t[n]);return e},ua=function(t){var e=[];for(var n in t)e.push({key:n,value:t[n]});return e},la=Math.PI/180,ha=180/Math.PI;function fa(t){if(t instanceof ya)return new ya(t.l,t.a,t.b,t.opacity);if(t instanceof wa)return Ea(t);t instanceof Ge||(t=qe(t));var e,n,r=ba(t.r),i=ba(t.g),a=ba(t.b),o=ga((.2225045*r+.7168786*i+.0606169*a)/1);return r===i&&i===a?e=n=o:(e=ga((.4360747*r+.3850649*i+.1430804*a)/.96422),n=ga((.0139322*r+.0971045*i+.7141733*a)/.82521)),new ya(116*o-16,500*(e-o),200*(o-n),t.opacity)}function da(t,e){return new ya(t,0,0,null==e?1:e)}function pa(t,e,n,r){return 1===arguments.length?fa(t):new ya(t,e,n,null==r?1:r)}function ya(t,e,n,r){this.l=+t,this.a=+e,this.b=+n,this.opacity=+r}function ga(t){return t>6/29*(6/29)*(6/29)?Math.pow(t,1/3):t/(6/29*3*(6/29))+4/29}function va(t){return t>6/29?t*t*t:6/29*3*(6/29)*(t-4/29)}function ma(t){return 255*(t<=.0031308?12.92*t:1.055*Math.pow(t,1/2.4)-.055)}function ba(t){return(t/=255)<=.04045?t/12.92:Math.pow((t+.055)/1.055,2.4)}function _a(t){if(t instanceof wa)return new wa(t.h,t.c,t.l,t.opacity);if(t instanceof ya||(t=fa(t)),0===t.a&&0===t.b)return new wa(NaN,0<t.l&&t.l<100?0:NaN,t.l,t.opacity);var e=Math.atan2(t.b,t.a)*ha;return new wa(e<0?e+360:e,Math.sqrt(t.a*t.a+t.b*t.b),t.l,t.opacity)}function xa(t,e,n,r){return 1===arguments.length?_a(t):new wa(n,e,t,null==r?1:r)}function ka(t,e,n,r){return 1===arguments.length?_a(t):new wa(t,e,n,null==r?1:r)}function wa(t,e,n,r){this.h=+t,this.c=+e,this.l=+n,this.opacity=+r}function Ea(t){if(isNaN(t.h))return new ya(t.l,0,0,t.opacity);var e=t.h*la;return new ya(t.l,Math.cos(e)*t.c,Math.sin(e)*t.c,t.opacity)}Se(ya,pa,Ae(Me,{brighter:function(t){return new ya(this.l+18*(null==t?1:t),this.a,this.b,this.opacity)},darker:function(t){return new ya(this.l-18*(null==t?1:t),this.a,this.b,this.opacity)},rgb:function(){var t=(this.l+16)/116,e=isNaN(this.a)?t:t+this.a/500,n=isNaN(this.b)?t:t-this.b/200;return new Ge(ma(3.1338561*(e=.96422*va(e))-1.6168667*(t=1*va(t))-.4906146*(n=.82521*va(n))),ma(-.9787684*e+1.9161415*t+.033454*n),ma(.0719453*e-.2289914*t+1.4052427*n),this.opacity)}})),Se(wa,ka,Ae(Me,{brighter:function(t){return new wa(this.h,this.c,this.l+18*(null==t?1:t),this.opacity)},darker:function(t){return new wa(this.h,this.c,this.l-18*(null==t?1:t),this.opacity)},rgb:function(){return Ea(this).rgb()}}));var Ta=-.29227,Ca=-1.7884503806,Sa=3.5172982438,Aa=-.6557636667999999;function Ma(t){if(t instanceof Na)return new Na(t.h,t.s,t.l,t.opacity);t instanceof Ge||(t=qe(t));var e=t.r/255,n=t.g/255,r=t.b/255,i=(Aa*r+Ca*e-Sa*n)/(Aa+Ca-Sa),a=r-i,o=(1.97294*(n-i)-Ta*a)/-.90649,s=Math.sqrt(o*o+a*a)/(1.97294*i*(1-i)),c=s?Math.atan2(o,a)*ha-120:NaN;return new Na(c<0?c+360:c,s,i,t.opacity)}function Oa(t,e,n,r){return 1===arguments.length?Ma(t):new Na(t,e,n,null==r?1:r)}function Na(t,e,n,r){this.h=+t,this.s=+e,this.l=+n,this.opacity=+r}Se(Na,Oa,Ae(Me,{brighter:function(t){return t=null==t?1/.7:Math.pow(1/.7,t),new Na(this.h,this.s,this.l*t,this.opacity)},darker:function(t){return t=null==t?.7:Math.pow(.7,t),new Na(this.h,this.s,this.l*t,this.opacity)},rgb:function(){var t=isNaN(this.h)?0:(this.h+120)*la,e=+this.l,n=isNaN(this.s)?0:this.s*e*(1-e),r=Math.cos(t),i=Math.sin(t);return new Ge(255*(e+n*(-.14861*r+1.78277*i)),255*(e+n*(Ta*r+-.90649*i)),255*(e+n*(1.97294*r)),this.opacity)}}));var Da=Array.prototype.slice,Ba=function(t,e){return t-e},La=function(t){return function(){return t}},Ia=function(t,e){for(var n,r=-1,i=e.length;++r<i;)if(n=Ra(t,e[r]))return n;return 0};function Ra(t,e){for(var n=e[0],r=e[1],i=-1,a=0,o=t.length,s=o-1;a<o;s=a++){var c=t[a],u=c[0],l=c[1],h=t[s],f=h[0],d=h[1];if(Fa(c,h,e))return 0;l>r!=d>r&&n<(f-u)*(r-l)/(d-l)+u&&(i=-i)}return i}function Fa(t,e,n){var r,i,a,o;return function(t,e,n){return(e[0]-t[0])*(n[1]-t[1])==(n[0]-t[0])*(e[1]-t[1])}(t,e,n)&&(i=t[r=+(t[0]===e[0])],a=n[r],o=e[r],i<=a&&a<=o||o<=a&&a<=i)}var Pa=function(){},ja=[[],[[[1,1.5],[.5,1]]],[[[1.5,1],[1,1.5]]],[[[1.5,1],[.5,1]]],[[[1,.5],[1.5,1]]],[[[1,1.5],[.5,1]],[[1,.5],[1.5,1]]],[[[1,.5],[1,1.5]]],[[[1,.5],[.5,1]]],[[[.5,1],[1,.5]]],[[[1,1.5],[1,.5]]],[[[.5,1],[1,.5]],[[1.5,1],[1,1.5]]],[[[1.5,1],[1,.5]]],[[[.5,1],[1.5,1]]],[[[1,1.5],[1.5,1]]],[[[.5,1],[1,1.5]]],[]],Ya=function(){var t=1,e=1,n=M,r=s;function i(t){var e=n(t);if(Array.isArray(e))e=e.slice().sort(Ba);else{var r=g(t),i=r[0],o=r[1];e=A(i,o,e),e=k(Math.floor(i/e)*e,Math.floor(o/e)*e,e)}return e.map((function(e){return a(t,e)}))}function a(n,i){var a=[],s=[];return function(n,r,i){var a,s,c,u,l,h,f=new Array,d=new Array;a=s=-1,u=n[0]>=r,ja[u<<1].forEach(p);for(;++a<t-1;)c=u,u=n[a+1]>=r,ja[c|u<<1].forEach(p);ja[u<<0].forEach(p);for(;++s<e-1;){for(a=-1,u=n[s*t+t]>=r,l=n[s*t]>=r,ja[u<<1|l<<2].forEach(p);++a<t-1;)c=u,u=n[s*t+t+a+1]>=r,h=l,l=n[s*t+a+1]>=r,ja[c|u<<1|l<<2|h<<3].forEach(p);ja[u|l<<3].forEach(p)}a=-1,l=n[s*t]>=r,ja[l<<2].forEach(p);for(;++a<t-1;)h=l,l=n[s*t+a+1]>=r,ja[l<<2|h<<3].forEach(p);function p(t){var e,n,r=[t[0][0]+a,t[0][1]+s],c=[t[1][0]+a,t[1][1]+s],u=o(r),l=o(c);(e=d[u])?(n=f[l])?(delete d[e.end],delete f[n.start],e===n?(e.ring.push(c),i(e.ring)):f[e.start]=d[n.end]={start:e.start,end:n.end,ring:e.ring.concat(n.ring)}):(delete d[e.end],e.ring.push(c),d[e.end=l]=e):(e=f[l])?(n=d[u])?(delete f[e.start],delete d[n.end],e===n?(e.ring.push(c),i(e.ring)):f[n.start]=d[e.end]={start:n.start,end:e.end,ring:n.ring.concat(e.ring)}):(delete f[e.start],e.ring.unshift(r),f[e.start=u]=e):f[u]=d[l]={start:u,end:l,ring:[r,c]}}ja[l<<3].forEach(p)}(n,i,(function(t){r(t,n,i),function(t){for(var e=0,n=t.length,r=t[n-1][1]*t[0][0]-t[n-1][0]*t[0][1];++e<n;)r+=t[e-1][1]*t[e][0]-t[e-1][0]*t[e][1];return r}(t)>0?a.push([t]):s.push(t)})),s.forEach((function(t){for(var e,n=0,r=a.length;n<r;++n)if(-1!==Ia((e=a[n])[0],t))return void e.push(t)})),{type:"MultiPolygon",value:i,coordinates:a}}function o(e){return 2*e[0]+e[1]*(t+1)*4}function s(n,r,i){n.forEach((function(n){var a,o=n[0],s=n[1],c=0|o,u=0|s,l=r[u*t+c];o>0&&o<t&&c===o&&(a=r[u*t+c-1],n[0]=o+(i-a)/(l-a)-.5),s>0&&s<e&&u===s&&(a=r[(u-1)*t+c],n[1]=s+(i-a)/(l-a)-.5)}))}return i.contour=a,i.size=function(n){if(!arguments.length)return[t,e];var r=Math.ceil(n[0]),a=Math.ceil(n[1]);if(!(r>0&&a>0))throw new Error("invalid size");return t=r,e=a,i},i.thresholds=function(t){return arguments.length?(n="function"==typeof t?t:Array.isArray(t)?La(Da.call(t)):La(t),i):n},i.smooth=function(t){return arguments.length?(r=t?s:Pa,i):r===s},i};function za(t,e,n){for(var r=t.width,i=t.height,a=1+(n<<1),o=0;o<i;++o)for(var s=0,c=0;s<r+n;++s)s<r&&(c+=t.data[s+o*r]),s>=n&&(s>=a&&(c-=t.data[s-a+o*r]),e.data[s-n+o*r]=c/Math.min(s+1,r-1+a-s,a))}function Ua(t,e,n){for(var r=t.width,i=t.height,a=1+(n<<1),o=0;o<r;++o)for(var s=0,c=0;s<i+n;++s)s<i&&(c+=t.data[o+s*r]),s>=n&&(s>=a&&(c-=t.data[o+(s-a)*r]),e.data[o+(s-n)*r]=c/Math.min(s+1,i-1+a-s,a))}function $a(t){return t[0]}function Wa(t){return t[1]}function Va(){return 1}var qa=function(){var t=$a,e=Wa,n=Va,r=960,i=500,a=20,o=2,s=3*a,c=r+2*s>>o,u=i+2*s>>o,l=La(20);function h(r){var i=new Float32Array(c*u),h=new Float32Array(c*u);r.forEach((function(r,a,l){var h=+t(r,a,l)+s>>o,f=+e(r,a,l)+s>>o,d=+n(r,a,l);h>=0&&h<c&&f>=0&&f<u&&(i[h+f*c]+=d)})),za({width:c,height:u,data:i},{width:c,height:u,data:h},a>>o),Ua({width:c,height:u,data:h},{width:c,height:u,data:i},a>>o),za({width:c,height:u,data:i},{width:c,height:u,data:h},a>>o),Ua({width:c,height:u,data:h},{width:c,height:u,data:i},a>>o),za({width:c,height:u,data:i},{width:c,height:u,data:h},a>>o),Ua({width:c,height:u,data:h},{width:c,height:u,data:i},a>>o);var d=l(i);if(!Array.isArray(d)){var p=L(i);d=A(0,p,d),(d=k(0,Math.floor(p/d)*d,d)).shift()}return Ya().thresholds(d).size([c,u])(i).map(f)}function f(t){return t.value*=Math.pow(2,-2*o),t.coordinates.forEach(d),t}function d(t){t.forEach(p)}function p(t){t.forEach(y)}function y(t){t[0]=t[0]*Math.pow(2,o)-s,t[1]=t[1]*Math.pow(2,o)-s}function g(){return c=r+2*(s=3*a)>>o,u=i+2*s>>o,h}return h.x=function(e){return arguments.length?(t="function"==typeof e?e:La(+e),h):t},h.y=function(t){return arguments.length?(e="function"==typeof t?t:La(+t),h):e},h.weight=function(t){return arguments.length?(n="function"==typeof t?t:La(+t),h):n},h.size=function(t){if(!arguments.length)return[r,i];var e=Math.ceil(t[0]),n=Math.ceil(t[1]);if(!(e>=0||e>=0))throw new Error("invalid size");return r=e,i=n,g()},h.cellSize=function(t){if(!arguments.length)return 1<<o;if(!((t=+t)>=1))throw new Error("invalid cell size");return o=Math.floor(Math.log(t)/Math.LN2),g()},h.thresholds=function(t){return arguments.length?(l="function"==typeof t?t:Array.isArray(t)?La(Da.call(t)):La(t),h):l},h.bandwidth=function(t){if(!arguments.length)return Math.sqrt(a*(a+1));if(!((t=+t)>=0))throw new Error("invalid bandwidth");return a=Math.round((Math.sqrt(4*t*t+1)-1)/2),g()},h},Ha=function(t){return function(){return t}};function Ga(t,e,n,r,i,a,o,s,c,u){this.target=t,this.type=e,this.subject=n,this.identifier=r,this.active=i,this.x=a,this.y=o,this.dx=s,this.dy=c,this._=u}function Xa(){return!ce.ctrlKey&&!ce.button}function Za(){return this.parentNode}function Qa(t){return null==t?{x:ce.x,y:ce.y}:t}function Ka(){return navigator.maxTouchPoints||"ontouchstart"in this}Ga.prototype.on=function(){var t=this._.on.apply(this._,arguments);return t===this._?this:t};var Ja=function(){var t,e,n,r,i=Xa,a=Za,o=Qa,s=Ka,c={},u=lt("start","drag","end"),l=0,h=0;function f(t){t.on("mousedown.drag",d).filter(s).on("touchstart.drag",g).on("touchmove.drag",v).on("touchend.drag touchcancel.drag",m).style("touch-action","none").style("-webkit-tap-highlight-color","rgba(0,0,0,0)")}function d(){if(!r&&i.apply(this,arguments)){var o=b("mouse",a.apply(this,arguments),Dn,this,arguments);o&&(ke(ce.view).on("mousemove.drag",p,!0).on("mouseup.drag",y,!0),Te(ce.view),we(),n=!1,t=ce.clientX,e=ce.clientY,o("start"))}}function p(){if(Ee(),!n){var r=ce.clientX-t,i=ce.clientY-e;n=r*r+i*i>h}c.mouse("drag")}function y(){ke(ce.view).on("mousemove.drag mouseup.drag",null),Ce(ce.view,n),Ee(),c.mouse("end")}function g(){if(i.apply(this,arguments)){var t,e,n=ce.changedTouches,r=a.apply(this,arguments),o=n.length;for(t=0;t<o;++t)(e=b(n[t].identifier,r,Nn,this,arguments))&&(we(),e("start"))}}function v(){var t,e,n=ce.changedTouches,r=n.length;for(t=0;t<r;++t)(e=c[n[t].identifier])&&(Ee(),e("drag"))}function m(){var t,e,n=ce.changedTouches,i=n.length;for(r&&clearTimeout(r),r=setTimeout((function(){r=null}),500),t=0;t<i;++t)(e=c[n[t].identifier])&&(we(),e("end"))}function b(t,e,n,r,i){var a,s,h,d=n(e,t),p=u.copy();if(pe(new Ga(f,"beforestart",a,t,l,d[0],d[1],0,0,p),(function(){return null!=(ce.subject=a=o.apply(r,i))&&(s=a.x-d[0]||0,h=a.y-d[1]||0,!0)})))return function o(u){var y,g=d;switch(u){case"start":c[t]=o,y=l++;break;case"end":delete c[t],--l;case"drag":d=n(e,t),y=l}pe(new Ga(f,u,a,t,y,d[0]+s,d[1]+h,d[0]-g[0],d[1]-g[1],p),p.apply,p,[u,r,i])}}return f.filter=function(t){return arguments.length?(i="function"==typeof t?t:Ha(!!t),f):i},f.container=function(t){return arguments.length?(a="function"==typeof t?t:Ha(t),f):a},f.subject=function(t){return arguments.length?(o="function"==typeof t?t:Ha(t),f):o},f.touchable=function(t){return arguments.length?(s="function"==typeof t?t:Ha(!!t),f):s},f.on=function(){var t=u.on.apply(u,arguments);return t===u?f:t},f.clickDistance=function(t){return arguments.length?(h=(t=+t)*t,f):Math.sqrt(h)},f},to={},eo={};function no(t){return new Function("d","return {"+t.map((function(t,e){return JSON.stringify(t)+": d["+e+'] || ""'})).join(",")+"}")}function ro(t){var e=Object.create(null),n=[];return t.forEach((function(t){for(var r in t)r in e||n.push(e[r]=r)})),n}function io(t,e){var n=t+"",r=n.length;return r<e?new Array(e-r+1).join(0)+n:n}function ao(t){var e,n=t.getUTCHours(),r=t.getUTCMinutes(),i=t.getUTCSeconds(),a=t.getUTCMilliseconds();return isNaN(t)?"Invalid Date":((e=t.getUTCFullYear())<0?"-"+io(-e,6):e>9999?"+"+io(e,6):io(e,4))+"-"+io(t.getUTCMonth()+1,2)+"-"+io(t.getUTCDate(),2)+(a?"T"+io(n,2)+":"+io(r,2)+":"+io(i,2)+"."+io(a,3)+"Z":i?"T"+io(n,2)+":"+io(r,2)+":"+io(i,2)+"Z":r||n?"T"+io(n,2)+":"+io(r,2)+"Z":"")}var oo=function(t){var e=new RegExp('["'+t+"\n\r]"),n=t.charCodeAt(0);function r(t,e){var r,i=[],a=t.length,o=0,s=0,c=a<=0,u=!1;function l(){if(c)return eo;if(u)return u=!1,to;var e,r,i=o;if(34===t.charCodeAt(i)){for(;o++<a&&34!==t.charCodeAt(o)||34===t.charCodeAt(++o););return(e=o)>=a?c=!0:10===(r=t.charCodeAt(o++))?u=!0:13===r&&(u=!0,10===t.charCodeAt(o)&&++o),t.slice(i+1,e-1).replace(/""/g,'"')}for(;o<a;){if(10===(r=t.charCodeAt(e=o++)))u=!0;else if(13===r)u=!0,10===t.charCodeAt(o)&&++o;else if(r!==n)continue;return t.slice(i,e)}return c=!0,t.slice(i,a)}for(10===t.charCodeAt(a-1)&&--a,13===t.charCodeAt(a-1)&&--a;(r=l())!==eo;){for(var h=[];r!==to&&r!==eo;)h.push(r),r=l();e&&null==(h=e(h,s++))||i.push(h)}return i}function i(e,n){return e.map((function(e){return n.map((function(t){return o(e[t])})).join(t)}))}function a(e){return e.map(o).join(t)}function o(t){return null==t?"":t instanceof Date?ao(t):e.test(t+="")?'"'+t.replace(/"/g,'""')+'"':t}return{parse:function(t,e){var n,i,a=r(t,(function(t,r){if(n)return n(t,r-1);i=t,n=e?function(t,e){var n=no(t);return function(r,i){return e(n(r),i,t)}}(t,e):no(t)}));return a.columns=i||[],a},parseRows:r,format:function(e,n){return null==n&&(n=ro(e)),[n.map(o).join(t)].concat(i(e,n)).join("\n")},formatBody:function(t,e){return null==e&&(e=ro(t)),i(t,e).join("\n")},formatRows:function(t){return t.map(a).join("\n")},formatRow:a,formatValue:o}},so=oo(","),co=so.parse,uo=so.parseRows,lo=so.format,ho=so.formatBody,fo=so.formatRows,po=so.formatRow,yo=so.formatValue,go=oo("\t"),vo=go.parse,mo=go.parseRows,bo=go.format,_o=go.formatBody,xo=go.formatRows,ko=go.formatRow,wo=go.formatValue;function Eo(t){for(var e in t){var n,r,i=t[e].trim();if(i)if("true"===i)i=!0;else if("false"===i)i=!1;else if("NaN"===i)i=NaN;else if(isNaN(n=+i)){if(!(r=i.match(/^([-+]\d{2})?\d{4}(-\d{2}(-\d{2})?)?(T\d{2}:\d{2}(:\d{2}(\.\d{3})?)?(Z|[-+]\d{2}:\d{2})?)?$/)))continue;To&&r[4]&&!r[7]&&(i=i.replace(/-/g,"/").replace(/T/," ")),i=new Date(i)}else i=n;else i=null;t[e]=i}return t}var To=new Date("2019-01-01T00:00").getHours()||new Date("2019-07-01T00:00").getHours();function Co(t){return+t}function So(t){return t*t}function Ao(t){return t*(2-t)}function Mo(t){return((t*=2)<=1?t*t:--t*(2-t)+1)/2}var Oo=function t(e){function n(t){return Math.pow(t,e)}return e=+e,n.exponent=t,n}(3),No=function t(e){function n(t){return 1-Math.pow(1-t,e)}return e=+e,n.exponent=t,n}(3),Do=function t(e){function n(t){return((t*=2)<=1?Math.pow(t,e):2-Math.pow(2-t,e))/2}return e=+e,n.exponent=t,n}(3),Bo=Math.PI,Lo=Bo/2;function Io(t){return 1-Math.cos(t*Lo)}function Ro(t){return Math.sin(t*Lo)}function Fo(t){return(1-Math.cos(Bo*t))/2}function Po(t){return Math.pow(2,10*t-10)}function jo(t){return 1-Math.pow(2,-10*t)}function Yo(t){return((t*=2)<=1?Math.pow(2,10*t-10):2-Math.pow(2,10-10*t))/2}function zo(t){return 1-Math.sqrt(1-t*t)}function Uo(t){return Math.sqrt(1- --t*t)}function $o(t){return((t*=2)<=1?1-Math.sqrt(1-t*t):Math.sqrt(1-(t-=2)*t)+1)/2}function Wo(t){return 1-Vo(1-t)}function Vo(t){return(t=+t)<4/11?7.5625*t*t:t<8/11?7.5625*(t-=6/11)*t+.75:t<10/11?7.5625*(t-=9/11)*t+.9375:7.5625*(t-=21/22)*t+63/64}function qo(t){return((t*=2)<=1?1-Vo(1-t):Vo(t-1)+1)/2}var Ho=function t(e){function n(t){return t*t*((e+1)*t-e)}return e=+e,n.overshoot=t,n}(1.70158),Go=function t(e){function n(t){return--t*t*((e+1)*t+e)+1}return e=+e,n.overshoot=t,n}(1.70158),Xo=function t(e){function n(t){return((t*=2)<1?t*t*((e+1)*t-e):(t-=2)*t*((e+1)*t+e)+2)/2}return e=+e,n.overshoot=t,n}(1.70158),Zo=2*Math.PI,Qo=function t(e,n){var r=Math.asin(1/(e=Math.max(1,e)))*(n/=Zo);function i(t){return e*Math.pow(2,10*--t)*Math.sin((r-t)/n)}return i.amplitude=function(e){return t(e,n*Zo)},i.period=function(n){return t(e,n)},i}(1,.3),Ko=function t(e,n){var r=Math.asin(1/(e=Math.max(1,e)))*(n/=Zo);function i(t){return 1-e*Math.pow(2,-10*(t=+t))*Math.sin((t+r)/n)}return i.amplitude=function(e){return t(e,n*Zo)},i.period=function(n){return t(e,n)},i}(1,.3),Jo=function t(e,n){var r=Math.asin(1/(e=Math.max(1,e)))*(n/=Zo);function i(t){return((t=2*t-1)<0?e*Math.pow(2,10*t)*Math.sin((r-t)/n):2-e*Math.pow(2,-10*t)*Math.sin((r+t)/n))/2}return i.amplitude=function(e){return t(e,n*Zo)},i.period=function(n){return t(e,n)},i}(1,.3);function ts(t){if(!t.ok)throw new Error(t.status+" "+t.statusText);return t.blob()}var es=function(t,e){return fetch(t,e).then(ts)};function ns(t){if(!t.ok)throw new Error(t.status+" "+t.statusText);return t.arrayBuffer()}var rs=function(t,e){return fetch(t,e).then(ns)};function is(t){if(!t.ok)throw new Error(t.status+" "+t.statusText);return t.text()}var as=function(t,e){return fetch(t,e).then(is)};function os(t){return function(e,n,r){return 2===arguments.length&&"function"==typeof n&&(r=n,n=void 0),as(e,n).then((function(e){return t(e,r)}))}}function ss(t,e,n,r){3===arguments.length&&"function"==typeof n&&(r=n,n=void 0);var i=oo(t);return as(e,n).then((function(t){return i.parse(t,r)}))}var cs=os(co),us=os(vo),ls=function(t,e){return new Promise((function(n,r){var i=new Image;for(var a in e)i[a]=e[a];i.onerror=r,i.onload=function(){n(i)},i.src=t}))};function hs(t){if(!t.ok)throw new Error(t.status+" "+t.statusText);return t.json()}var fs=function(t,e){return fetch(t,e).then(hs)};function ds(t){return function(e,n){return as(e,n).then((function(e){return(new DOMParser).parseFromString(e,t)}))}}var ps=ds("application/xml"),ys=ds("text/html"),gs=ds("image/svg+xml"),vs=function(t,e){var n;function r(){var r,i,a=n.length,o=0,s=0;for(r=0;r<a;++r)o+=(i=n[r]).x,s+=i.y;for(o=o/a-t,s=s/a-e,r=0;r<a;++r)(i=n[r]).x-=o,i.y-=s}return null==t&&(t=0),null==e&&(e=0),r.initialize=function(t){n=t},r.x=function(e){return arguments.length?(t=+e,r):t},r.y=function(t){return arguments.length?(e=+t,r):e},r},ms=function(t){return function(){return t}},bs=function(){return 1e-6*(Math.random()-.5)};function _s(t,e,n,r){if(isNaN(e)||isNaN(n))return t;var i,a,o,s,c,u,l,h,f,d=t._root,p={data:r},y=t._x0,g=t._y0,v=t._x1,m=t._y1;if(!d)return t._root=p,t;for(;d.length;)if((u=e>=(a=(y+v)/2))?y=a:v=a,(l=n>=(o=(g+m)/2))?g=o:m=o,i=d,!(d=d[h=l<<1|u]))return i[h]=p,t;if(s=+t._x.call(null,d.data),c=+t._y.call(null,d.data),e===s&&n===c)return p.next=d,i?i[h]=p:t._root=p,t;do{i=i?i[h]=new Array(4):t._root=new Array(4),(u=e>=(a=(y+v)/2))?y=a:v=a,(l=n>=(o=(g+m)/2))?g=o:m=o}while((h=l<<1|u)==(f=(c>=o)<<1|s>=a));return i[f]=d,i[h]=p,t}var xs=function(t,e,n,r,i){this.node=t,this.x0=e,this.y0=n,this.x1=r,this.y1=i};function ks(t){return t[0]}function ws(t){return t[1]}function Es(t,e,n){var r=new Ts(null==e?ks:e,null==n?ws:n,NaN,NaN,NaN,NaN);return null==t?r:r.addAll(t)}function Ts(t,e,n,r,i,a){this._x=t,this._y=e,this._x0=n,this._y0=r,this._x1=i,this._y1=a,this._root=void 0}function Cs(t){for(var e={data:t.data},n=e;t=t.next;)n=n.next={data:t.data};return e}var Ss=Es.prototype=Ts.prototype;function As(t){return t.x+t.vx}function Ms(t){return t.y+t.vy}Ss.copy=function(){var t,e,n=new Ts(this._x,this._y,this._x0,this._y0,this._x1,this._y1),r=this._root;if(!r)return n;if(!r.length)return n._root=Cs(r),n;for(t=[{source:r,target:n._root=new Array(4)}];r=t.pop();)for(var i=0;i<4;++i)(e=r.source[i])&&(e.length?t.push({source:e,target:r.target[i]=new Array(4)}):r.target[i]=Cs(e));return n},Ss.add=function(t){var e=+this._x.call(null,t),n=+this._y.call(null,t);return _s(this.cover(e,n),e,n,t)},Ss.addAll=function(t){var e,n,r,i,a=t.length,o=new Array(a),s=new Array(a),c=1/0,u=1/0,l=-1/0,h=-1/0;for(n=0;n<a;++n)isNaN(r=+this._x.call(null,e=t[n]))||isNaN(i=+this._y.call(null,e))||(o[n]=r,s[n]=i,r<c&&(c=r),r>l&&(l=r),i<u&&(u=i),i>h&&(h=i));if(c>l||u>h)return this;for(this.cover(c,u).cover(l,h),n=0;n<a;++n)_s(this,o[n],s[n],t[n]);return this},Ss.cover=function(t,e){if(isNaN(t=+t)||isNaN(e=+e))return this;var n=this._x0,r=this._y0,i=this._x1,a=this._y1;if(isNaN(n))i=(n=Math.floor(t))+1,a=(r=Math.floor(e))+1;else{for(var o,s,c=i-n,u=this._root;n>t||t>=i||r>e||e>=a;)switch(s=(e<r)<<1|t<n,(o=new Array(4))[s]=u,u=o,c*=2,s){case 0:i=n+c,a=r+c;break;case 1:n=i-c,a=r+c;break;case 2:i=n+c,r=a-c;break;case 3:n=i-c,r=a-c}this._root&&this._root.length&&(this._root=u)}return this._x0=n,this._y0=r,this._x1=i,this._y1=a,this},Ss.data=function(){var t=[];return this.visit((function(e){if(!e.length)do{t.push(e.data)}while(e=e.next)})),t},Ss.extent=function(t){return arguments.length?this.cover(+t[0][0],+t[0][1]).cover(+t[1][0],+t[1][1]):isNaN(this._x0)?void 0:[[this._x0,this._y0],[this._x1,this._y1]]},Ss.find=function(t,e,n){var r,i,a,o,s,c,u,l=this._x0,h=this._y0,f=this._x1,d=this._y1,p=[],y=this._root;for(y&&p.push(new xs(y,l,h,f,d)),null==n?n=1/0:(l=t-n,h=e-n,f=t+n,d=e+n,n*=n);c=p.pop();)if(!(!(y=c.node)||(i=c.x0)>f||(a=c.y0)>d||(o=c.x1)<l||(s=c.y1)<h))if(y.length){var g=(i+o)/2,v=(a+s)/2;p.push(new xs(y[3],g,v,o,s),new xs(y[2],i,v,g,s),new xs(y[1],g,a,o,v),new xs(y[0],i,a,g,v)),(u=(e>=v)<<1|t>=g)&&(c=p[p.length-1],p[p.length-1]=p[p.length-1-u],p[p.length-1-u]=c)}else{var m=t-+this._x.call(null,y.data),b=e-+this._y.call(null,y.data),_=m*m+b*b;if(_<n){var x=Math.sqrt(n=_);l=t-x,h=e-x,f=t+x,d=e+x,r=y.data}}return r},Ss.remove=function(t){if(isNaN(a=+this._x.call(null,t))||isNaN(o=+this._y.call(null,t)))return this;var e,n,r,i,a,o,s,c,u,l,h,f,d=this._root,p=this._x0,y=this._y0,g=this._x1,v=this._y1;if(!d)return this;if(d.length)for(;;){if((u=a>=(s=(p+g)/2))?p=s:g=s,(l=o>=(c=(y+v)/2))?y=c:v=c,e=d,!(d=d[h=l<<1|u]))return this;if(!d.length)break;(e[h+1&3]||e[h+2&3]||e[h+3&3])&&(n=e,f=h)}for(;d.data!==t;)if(r=d,!(d=d.next))return this;return(i=d.next)&&delete d.next,r?(i?r.next=i:delete r.next,this):e?(i?e[h]=i:delete e[h],(d=e[0]||e[1]||e[2]||e[3])&&d===(e[3]||e[2]||e[1]||e[0])&&!d.length&&(n?n[f]=d:this._root=d),this):(this._root=i,this)},Ss.removeAll=function(t){for(var e=0,n=t.length;e<n;++e)this.remove(t[e]);return this},Ss.root=function(){return this._root},Ss.size=function(){var t=0;return this.visit((function(e){if(!e.length)do{++t}while(e=e.next)})),t},Ss.visit=function(t){var e,n,r,i,a,o,s=[],c=this._root;for(c&&s.push(new xs(c,this._x0,this._y0,this._x1,this._y1));e=s.pop();)if(!t(c=e.node,r=e.x0,i=e.y0,a=e.x1,o=e.y1)&&c.length){var u=(r+a)/2,l=(i+o)/2;(n=c[3])&&s.push(new xs(n,u,l,a,o)),(n=c[2])&&s.push(new xs(n,r,l,u,o)),(n=c[1])&&s.push(new xs(n,u,i,a,l)),(n=c[0])&&s.push(new xs(n,r,i,u,l))}return this},Ss.visitAfter=function(t){var e,n=[],r=[];for(this._root&&n.push(new xs(this._root,this._x0,this._y0,this._x1,this._y1));e=n.pop();){var i=e.node;if(i.length){var a,o=e.x0,s=e.y0,c=e.x1,u=e.y1,l=(o+c)/2,h=(s+u)/2;(a=i[0])&&n.push(new xs(a,o,s,l,h)),(a=i[1])&&n.push(new xs(a,l,s,c,h)),(a=i[2])&&n.push(new xs(a,o,h,l,u)),(a=i[3])&&n.push(new xs(a,l,h,c,u))}r.push(e)}for(;e=r.pop();)t(e.node,e.x0,e.y0,e.x1,e.y1);return this},Ss.x=function(t){return arguments.length?(this._x=t,this):this._x},Ss.y=function(t){return arguments.length?(this._y=t,this):this._y};var Os=function(t){var e,n,r=1,i=1;function a(){for(var t,a,s,c,u,l,h,f=e.length,d=0;d<i;++d)for(a=Es(e,As,Ms).visitAfter(o),t=0;t<f;++t)s=e[t],l=n[s.index],h=l*l,c=s.x+s.vx,u=s.y+s.vy,a.visit(p);function p(t,e,n,i,a){var o=t.data,f=t.r,d=l+f;if(!o)return e>c+d||i<c-d||n>u+d||a<u-d;if(o.index>s.index){var p=c-o.x-o.vx,y=u-o.y-o.vy,g=p*p+y*y;g<d*d&&(0===p&&(g+=(p=bs())*p),0===y&&(g+=(y=bs())*y),g=(d-(g=Math.sqrt(g)))/g*r,s.vx+=(p*=g)*(d=(f*=f)/(h+f)),s.vy+=(y*=g)*d,o.vx-=p*(d=1-d),o.vy-=y*d)}}}function o(t){if(t.data)return t.r=n[t.data.index];for(var e=t.r=0;e<4;++e)t[e]&&t[e].r>t.r&&(t.r=t[e].r)}function s(){if(e){var r,i,a=e.length;for(n=new Array(a),r=0;r<a;++r)i=e[r],n[i.index]=+t(i,r,e)}}return"function"!=typeof t&&(t=ms(null==t?1:+t)),a.initialize=function(t){e=t,s()},a.iterations=function(t){return arguments.length?(i=+t,a):i},a.strength=function(t){return arguments.length?(r=+t,a):r},a.radius=function(e){return arguments.length?(t="function"==typeof e?e:ms(+e),s(),a):t},a};function Ns(t){return t.index}function Ds(t,e){var n=t.get(e);if(!n)throw new Error("missing: "+e);return n}var Bs=function(t){var e,n,r,i,a,o=Ns,s=function(t){return 1/Math.min(i[t.source.index],i[t.target.index])},c=ms(30),u=1;function l(r){for(var i=0,o=t.length;i<u;++i)for(var s,c,l,h,f,d,p,y=0;y<o;++y)c=(s=t[y]).source,h=(l=s.target).x+l.vx-c.x-c.vx||bs(),f=l.y+l.vy-c.y-c.vy||bs(),h*=d=((d=Math.sqrt(h*h+f*f))-n[y])/d*r*e[y],f*=d,l.vx-=h*(p=a[y]),l.vy-=f*p,c.vx+=h*(p=1-p),c.vy+=f*p}function h(){if(r){var s,c,u=r.length,l=t.length,h=Qi(r,o);for(s=0,i=new Array(u);s<l;++s)(c=t[s]).index=s,"object"!=typeof c.source&&(c.source=Ds(h,c.source)),"object"!=typeof c.target&&(c.target=Ds(h,c.target)),i[c.source.index]=(i[c.source.index]||0)+1,i[c.target.index]=(i[c.target.index]||0)+1;for(s=0,a=new Array(l);s<l;++s)c=t[s],a[s]=i[c.source.index]/(i[c.source.index]+i[c.target.index]);e=new Array(l),f(),n=new Array(l),d()}}function f(){if(r)for(var n=0,i=t.length;n<i;++n)e[n]=+s(t[n],n,t)}function d(){if(r)for(var e=0,i=t.length;e<i;++e)n[e]=+c(t[e],e,t)}return null==t&&(t=[]),l.initialize=function(t){r=t,h()},l.links=function(e){return arguments.length?(t=e,h(),l):t},l.id=function(t){return arguments.length?(o=t,l):o},l.iterations=function(t){return arguments.length?(u=+t,l):u},l.strength=function(t){return arguments.length?(s="function"==typeof t?t:ms(+t),f(),l):s},l.distance=function(t){return arguments.length?(c="function"==typeof t?t:ms(+t),d(),l):c},l};function Ls(t){return t.x}function Is(t){return t.y}var Rs=Math.PI*(3-Math.sqrt(5)),Fs=function(t){var e,n=1,r=.001,i=1-Math.pow(r,1/300),a=0,o=.6,s=Qi(),c=Wn(l),u=lt("tick","end");function l(){h(),u.call("tick",e),n<r&&(c.stop(),u.call("end",e))}function h(r){var c,u,l=t.length;void 0===r&&(r=1);for(var h=0;h<r;++h)for(n+=(a-n)*i,s.each((function(t){t(n)})),c=0;c<l;++c)null==(u=t[c]).fx?u.x+=u.vx*=o:(u.x=u.fx,u.vx=0),null==u.fy?u.y+=u.vy*=o:(u.y=u.fy,u.vy=0);return e}function f(){for(var e,n=0,r=t.length;n<r;++n){if((e=t[n]).index=n,null!=e.fx&&(e.x=e.fx),null!=e.fy&&(e.y=e.fy),isNaN(e.x)||isNaN(e.y)){var i=10*Math.sqrt(n),a=n*Rs;e.x=i*Math.cos(a),e.y=i*Math.sin(a)}(isNaN(e.vx)||isNaN(e.vy))&&(e.vx=e.vy=0)}}function d(e){return e.initialize&&e.initialize(t),e}return null==t&&(t=[]),f(),e={tick:h,restart:function(){return c.restart(l),e},stop:function(){return c.stop(),e},nodes:function(n){return arguments.length?(t=n,f(),s.each(d),e):t},alpha:function(t){return arguments.length?(n=+t,e):n},alphaMin:function(t){return arguments.length?(r=+t,e):r},alphaDecay:function(t){return arguments.length?(i=+t,e):+i},alphaTarget:function(t){return arguments.length?(a=+t,e):a},velocityDecay:function(t){return arguments.length?(o=1-t,e):1-o},force:function(t,n){return arguments.length>1?(null==n?s.remove(t):s.set(t,d(n)),e):s.get(t)},find:function(e,n,r){var i,a,o,s,c,u=0,l=t.length;for(null==r?r=1/0:r*=r,u=0;u<l;++u)(o=(i=e-(s=t[u]).x)*i+(a=n-s.y)*a)<r&&(c=s,r=o);return c},on:function(t,n){return arguments.length>1?(u.on(t,n),e):u.on(t)}}},Ps=function(){var t,e,n,r,i=ms(-30),a=1,o=1/0,s=.81;function c(r){var i,a=t.length,o=Es(t,Ls,Is).visitAfter(l);for(n=r,i=0;i<a;++i)e=t[i],o.visit(h)}function u(){if(t){var e,n,a=t.length;for(r=new Array(a),e=0;e<a;++e)n=t[e],r[n.index]=+i(n,e,t)}}function l(t){var e,n,i,a,o,s=0,c=0;if(t.length){for(i=a=o=0;o<4;++o)(e=t[o])&&(n=Math.abs(e.value))&&(s+=e.value,c+=n,i+=n*e.x,a+=n*e.y);t.x=i/c,t.y=a/c}else{(e=t).x=e.data.x,e.y=e.data.y;do{s+=r[e.data.index]}while(e=e.next)}t.value=s}function h(t,i,c,u){if(!t.value)return!0;var l=t.x-e.x,h=t.y-e.y,f=u-i,d=l*l+h*h;if(f*f/s<d)return d<o&&(0===l&&(d+=(l=bs())*l),0===h&&(d+=(h=bs())*h),d<a&&(d=Math.sqrt(a*d)),e.vx+=l*t.value*n/d,e.vy+=h*t.value*n/d),!0;if(!(t.length||d>=o)){(t.data!==e||t.next)&&(0===l&&(d+=(l=bs())*l),0===h&&(d+=(h=bs())*h),d<a&&(d=Math.sqrt(a*d)));do{t.data!==e&&(f=r[t.data.index]*n/d,e.vx+=l*f,e.vy+=h*f)}while(t=t.next)}}return c.initialize=function(e){t=e,u()},c.strength=function(t){return arguments.length?(i="function"==typeof t?t:ms(+t),u(),c):i},c.distanceMin=function(t){return arguments.length?(a=t*t,c):Math.sqrt(a)},c.distanceMax=function(t){return arguments.length?(o=t*t,c):Math.sqrt(o)},c.theta=function(t){return arguments.length?(s=t*t,c):Math.sqrt(s)},c},js=function(t,e,n){var r,i,a,o=ms(.1);function s(t){for(var o=0,s=r.length;o<s;++o){var c=r[o],u=c.x-e||1e-6,l=c.y-n||1e-6,h=Math.sqrt(u*u+l*l),f=(a[o]-h)*i[o]*t/h;c.vx+=u*f,c.vy+=l*f}}function c(){if(r){var e,n=r.length;for(i=new Array(n),a=new Array(n),e=0;e<n;++e)a[e]=+t(r[e],e,r),i[e]=isNaN(a[e])?0:+o(r[e],e,r)}}return"function"!=typeof t&&(t=ms(+t)),null==e&&(e=0),null==n&&(n=0),s.initialize=function(t){r=t,c()},s.strength=function(t){return arguments.length?(o="function"==typeof t?t:ms(+t),c(),s):o},s.radius=function(e){return arguments.length?(t="function"==typeof e?e:ms(+e),c(),s):t},s.x=function(t){return arguments.length?(e=+t,s):e},s.y=function(t){return arguments.length?(n=+t,s):n},s},Ys=function(t){var e,n,r,i=ms(.1);function a(t){for(var i,a=0,o=e.length;a<o;++a)(i=e[a]).vx+=(r[a]-i.x)*n[a]*t}function o(){if(e){var a,o=e.length;for(n=new Array(o),r=new Array(o),a=0;a<o;++a)n[a]=isNaN(r[a]=+t(e[a],a,e))?0:+i(e[a],a,e)}}return"function"!=typeof t&&(t=ms(null==t?0:+t)),a.initialize=function(t){e=t,o()},a.strength=function(t){return arguments.length?(i="function"==typeof t?t:ms(+t),o(),a):i},a.x=function(e){return arguments.length?(t="function"==typeof e?e:ms(+e),o(),a):t},a},zs=function(t){var e,n,r,i=ms(.1);function a(t){for(var i,a=0,o=e.length;a<o;++a)(i=e[a]).vy+=(r[a]-i.y)*n[a]*t}function o(){if(e){var a,o=e.length;for(n=new Array(o),r=new Array(o),a=0;a<o;++a)n[a]=isNaN(r[a]=+t(e[a],a,e))?0:+i(e[a],a,e)}}return"function"!=typeof t&&(t=ms(null==t?0:+t)),a.initialize=function(t){e=t,o()},a.strength=function(t){return arguments.length?(i="function"==typeof t?t:ms(+t),o(),a):i},a.y=function(e){return arguments.length?(t="function"==typeof e?e:ms(+e),o(),a):t},a},Us=function(t,e){if((n=(t=e?t.toExponential(e-1):t.toExponential()).indexOf("e"))<0)return null;var n,r=t.slice(0,n);return[r.length>1?r[0]+r.slice(2):r,+t.slice(n+1)]},$s=function(t){return(t=Us(Math.abs(t)))?t[1]:NaN},Ws=/^(?:(.)?([<>=^]))?([+\-( ])?([$#])?(0)?(\d+)?(,)?(\.\d+)?(~)?([a-z%])?$/i;function Vs(t){if(!(e=Ws.exec(t)))throw new Error("invalid format: "+t);var e;return new qs({fill:e[1],align:e[2],sign:e[3],symbol:e[4],zero:e[5],width:e[6],comma:e[7],precision:e[8]&&e[8].slice(1),trim:e[9],type:e[10]})}function qs(t){this.fill=void 0===t.fill?" ":t.fill+"",this.align=void 0===t.align?">":t.align+"",this.sign=void 0===t.sign?"-":t.sign+"",this.symbol=void 0===t.symbol?"":t.symbol+"",this.zero=!!t.zero,this.width=void 0===t.width?void 0:+t.width,this.comma=!!t.comma,this.precision=void 0===t.precision?void 0:+t.precision,this.trim=!!t.trim,this.type=void 0===t.type?"":t.type+""}Vs.prototype=qs.prototype,qs.prototype.toString=function(){return this.fill+this.align+this.sign+this.symbol+(this.zero?"0":"")+(void 0===this.width?"":Math.max(1,0|this.width))+(this.comma?",":"")+(void 0===this.precision?"":"."+Math.max(0,0|this.precision))+(this.trim?"~":"")+this.type};var Hs,Gs,Xs,Zs,Qs=function(t,e){var n=Us(t,e);if(!n)return t+"";var r=n[0],i=n[1];return i<0?"0."+new Array(-i).join("0")+r:r.length>i+1?r.slice(0,i+1)+"."+r.slice(i+1):r+new Array(i-r.length+2).join("0")},Ks={"%":function(t,e){return(100*t).toFixed(e)},b:function(t){return Math.round(t).toString(2)},c:function(t){return t+""},d:function(t){return Math.round(t).toString(10)},e:function(t,e){return t.toExponential(e)},f:function(t,e){return t.toFixed(e)},g:function(t,e){return t.toPrecision(e)},o:function(t){return Math.round(t).toString(8)},p:function(t,e){return Qs(100*t,e)},r:Qs,s:function(t,e){var n=Us(t,e);if(!n)return t+"";var r=n[0],i=n[1],a=i-(Hs=3*Math.max(-8,Math.min(8,Math.floor(i/3))))+1,o=r.length;return a===o?r:a>o?r+new Array(a-o+1).join("0"):a>0?r.slice(0,a)+"."+r.slice(a):"0."+new Array(1-a).join("0")+Us(t,Math.max(0,e+a-1))[0]},X:function(t){return Math.round(t).toString(16).toUpperCase()},x:function(t){return Math.round(t).toString(16)}},Js=function(t){return t},tc=Array.prototype.map,ec=["y","z","a","f","p","n","µ","m","","k","M","G","T","P","E","Z","Y"],nc=function(t){var e,n,r=void 0===t.grouping||void 0===t.thousands?Js:(e=tc.call(t.grouping,Number),n=t.thousands+"",function(t,r){for(var i=t.length,a=[],o=0,s=e[0],c=0;i>0&&s>0&&(c+s+1>r&&(s=Math.max(1,r-c)),a.push(t.substring(i-=s,i+s)),!((c+=s+1)>r));)s=e[o=(o+1)%e.length];return a.reverse().join(n)}),i=void 0===t.currency?"":t.currency[0]+"",a=void 0===t.currency?"":t.currency[1]+"",o=void 0===t.decimal?".":t.decimal+"",s=void 0===t.numerals?Js:function(t){return function(e){return e.replace(/[0-9]/g,(function(e){return t[+e]}))}}(tc.call(t.numerals,String)),c=void 0===t.percent?"%":t.percent+"",u=void 0===t.minus?"-":t.minus+"",l=void 0===t.nan?"NaN":t.nan+"";function h(t){var e=(t=Vs(t)).fill,n=t.align,h=t.sign,f=t.symbol,d=t.zero,p=t.width,y=t.comma,g=t.precision,v=t.trim,m=t.type;"n"===m?(y=!0,m="g"):Ks[m]||(void 0===g&&(g=12),v=!0,m="g"),(d||"0"===e&&"="===n)&&(d=!0,e="0",n="=");var b="$"===f?i:"#"===f&&/[boxX]/.test(m)?"0"+m.toLowerCase():"",_="$"===f?a:/[%p]/.test(m)?c:"",x=Ks[m],k=/[defgprs%]/.test(m);function w(t){var i,a,c,f=b,w=_;if("c"===m)w=x(t)+w,t="";else{var E=(t=+t)<0;if(t=isNaN(t)?l:x(Math.abs(t),g),v&&(t=function(t){t:for(var e,n=t.length,r=1,i=-1;r<n;++r)switch(t[r]){case".":i=e=r;break;case"0":0===i&&(i=r),e=r;break;default:if(!+t[r])break t;i>0&&(i=0)}return i>0?t.slice(0,i)+t.slice(e+1):t}(t)),E&&0==+t&&(E=!1),f=(E?"("===h?h:u:"-"===h||"("===h?"":h)+f,w=("s"===m?ec[8+Hs/3]:"")+w+(E&&"("===h?")":""),k)for(i=-1,a=t.length;++i<a;)if(48>(c=t.charCodeAt(i))||c>57){w=(46===c?o+t.slice(i+1):t.slice(i))+w,t=t.slice(0,i);break}}y&&!d&&(t=r(t,1/0));var T=f.length+t.length+w.length,C=T<p?new Array(p-T+1).join(e):"";switch(y&&d&&(t=r(C+t,C.length?p-w.length:1/0),C=""),n){case"<":t=f+t+w+C;break;case"=":t=f+C+t+w;break;case"^":t=C.slice(0,T=C.length>>1)+f+t+w+C.slice(T);break;default:t=C+f+t+w}return s(t)}return g=void 0===g?6:/[gprs]/.test(m)?Math.max(1,Math.min(21,g)):Math.max(0,Math.min(20,g)),w.toString=function(){return t+""},w}return{format:h,formatPrefix:function(t,e){var n=h(((t=Vs(t)).type="f",t)),r=3*Math.max(-8,Math.min(8,Math.floor($s(e)/3))),i=Math.pow(10,-r),a=ec[8+r/3];return function(t){return n(i*t)+a}}}};function rc(t){return Gs=nc(t),Xs=Gs.format,Zs=Gs.formatPrefix,Gs}rc({decimal:".",thousands:",",grouping:[3],currency:["$",""],minus:"-"});var ic=function(t){return Math.max(0,-$s(Math.abs(t)))},ac=function(t,e){return Math.max(0,3*Math.max(-8,Math.min(8,Math.floor($s(e)/3)))-$s(Math.abs(t)))},oc=function(t,e){return t=Math.abs(t),e=Math.abs(e)-t,Math.max(0,$s(e)-$s(t))+1},sc=function(){return new cc};function cc(){this.reset()}cc.prototype={constructor:cc,reset:function(){this.s=this.t=0},add:function(t){lc(uc,t,this.t),lc(this,uc.s,this.s),this.s?this.t+=uc.t:this.s=uc.t},valueOf:function(){return this.s}};var uc=new cc;function lc(t,e,n){var r=t.s=e+n,i=r-e,a=r-i;t.t=e-a+(n-i)}var hc=Math.PI,fc=hc/2,dc=hc/4,pc=2*hc,yc=180/hc,gc=hc/180,vc=Math.abs,mc=Math.atan,bc=Math.atan2,_c=Math.cos,xc=Math.ceil,kc=Math.exp,wc=(Math.floor,Math.log),Ec=Math.pow,Tc=Math.sin,Cc=Math.sign||function(t){return t>0?1:t<0?-1:0},Sc=Math.sqrt,Ac=Math.tan;function Mc(t){return t>1?0:t<-1?hc:Math.acos(t)}function Oc(t){return t>1?fc:t<-1?-fc:Math.asin(t)}function Nc(t){return(t=Tc(t/2))*t}function Dc(){}function Bc(t,e){t&&Ic.hasOwnProperty(t.type)&&Ic[t.type](t,e)}var Lc={Feature:function(t,e){Bc(t.geometry,e)},FeatureCollection:function(t,e){for(var n=t.features,r=-1,i=n.length;++r<i;)Bc(n[r].geometry,e)}},Ic={Sphere:function(t,e){e.sphere()},Point:function(t,e){t=t.coordinates,e.point(t[0],t[1],t[2])},MultiPoint:function(t,e){for(var n=t.coordinates,r=-1,i=n.length;++r<i;)t=n[r],e.point(t[0],t[1],t[2])},LineString:function(t,e){Rc(t.coordinates,e,0)},MultiLineString:function(t,e){for(var n=t.coordinates,r=-1,i=n.length;++r<i;)Rc(n[r],e,0)},Polygon:function(t,e){Fc(t.coordinates,e)},MultiPolygon:function(t,e){for(var n=t.coordinates,r=-1,i=n.length;++r<i;)Fc(n[r],e)},GeometryCollection:function(t,e){for(var n=t.geometries,r=-1,i=n.length;++r<i;)Bc(n[r],e)}};function Rc(t,e,n){var r,i=-1,a=t.length-n;for(e.lineStart();++i<a;)r=t[i],e.point(r[0],r[1],r[2]);e.lineEnd()}function Fc(t,e){var n=-1,r=t.length;for(e.polygonStart();++n<r;)Rc(t[n],e,1);e.polygonEnd()}var Pc,jc,Yc,zc,Uc,$c=function(t,e){t&&Lc.hasOwnProperty(t.type)?Lc[t.type](t,e):Bc(t,e)},Wc=sc(),Vc=sc(),qc={point:Dc,lineStart:Dc,lineEnd:Dc,polygonStart:function(){Wc.reset(),qc.lineStart=Hc,qc.lineEnd=Gc},polygonEnd:function(){var t=+Wc;Vc.add(t<0?pc+t:t),this.lineStart=this.lineEnd=this.point=Dc},sphere:function(){Vc.add(pc)}};function Hc(){qc.point=Xc}function Gc(){Zc(Pc,jc)}function Xc(t,e){qc.point=Zc,Pc=t,jc=e,Yc=t*=gc,zc=_c(e=(e*=gc)/2+dc),Uc=Tc(e)}function Zc(t,e){var n=(t*=gc)-Yc,r=n>=0?1:-1,i=r*n,a=_c(e=(e*=gc)/2+dc),o=Tc(e),s=Uc*o,c=zc*a+s*_c(i),u=s*r*Tc(i);Wc.add(bc(u,c)),Yc=t,zc=a,Uc=o}var Qc=function(t){return Vc.reset(),$c(t,qc),2*Vc};function Kc(t){return[bc(t[1],t[0]),Oc(t[2])]}function Jc(t){var e=t[0],n=t[1],r=_c(n);return[r*_c(e),r*Tc(e),Tc(n)]}function tu(t,e){return t[0]*e[0]+t[1]*e[1]+t[2]*e[2]}function eu(t,e){return[t[1]*e[2]-t[2]*e[1],t[2]*e[0]-t[0]*e[2],t[0]*e[1]-t[1]*e[0]]}function nu(t,e){t[0]+=e[0],t[1]+=e[1],t[2]+=e[2]}function ru(t,e){return[t[0]*e,t[1]*e,t[2]*e]}function iu(t){var e=Sc(t[0]*t[0]+t[1]*t[1]+t[2]*t[2]);t[0]/=e,t[1]/=e,t[2]/=e}var au,ou,su,cu,uu,lu,hu,fu,du,pu,yu=sc(),gu={point:vu,lineStart:bu,lineEnd:_u,polygonStart:function(){gu.point=xu,gu.lineStart=ku,gu.lineEnd=wu,yu.reset(),qc.polygonStart()},polygonEnd:function(){qc.polygonEnd(),gu.point=vu,gu.lineStart=bu,gu.lineEnd=_u,Wc<0?(au=-(su=180),ou=-(cu=90)):yu>1e-6?cu=90:yu<-1e-6&&(ou=-90),pu[0]=au,pu[1]=su},sphere:function(){au=-(su=180),ou=-(cu=90)}};function vu(t,e){du.push(pu=[au=t,su=t]),e<ou&&(ou=e),e>cu&&(cu=e)}function mu(t,e){var n=Jc([t*gc,e*gc]);if(fu){var r=eu(fu,n),i=eu([r[1],-r[0],0],r);iu(i),i=Kc(i);var a,o=t-uu,s=o>0?1:-1,c=i[0]*yc*s,u=vc(o)>180;u^(s*uu<c&&c<s*t)?(a=i[1]*yc)>cu&&(cu=a):u^(s*uu<(c=(c+360)%360-180)&&c<s*t)?(a=-i[1]*yc)<ou&&(ou=a):(e<ou&&(ou=e),e>cu&&(cu=e)),u?t<uu?Eu(au,t)>Eu(au,su)&&(su=t):Eu(t,su)>Eu(au,su)&&(au=t):su>=au?(t<au&&(au=t),t>su&&(su=t)):t>uu?Eu(au,t)>Eu(au,su)&&(su=t):Eu(t,su)>Eu(au,su)&&(au=t)}else du.push(pu=[au=t,su=t]);e<ou&&(ou=e),e>cu&&(cu=e),fu=n,uu=t}function bu(){gu.point=mu}function _u(){pu[0]=au,pu[1]=su,gu.point=vu,fu=null}function xu(t,e){if(fu){var n=t-uu;yu.add(vc(n)>180?n+(n>0?360:-360):n)}else lu=t,hu=e;qc.point(t,e),mu(t,e)}function ku(){qc.lineStart()}function wu(){xu(lu,hu),qc.lineEnd(),vc(yu)>1e-6&&(au=-(su=180)),pu[0]=au,pu[1]=su,fu=null}function Eu(t,e){return(e-=t)<0?e+360:e}function Tu(t,e){return t[0]-e[0]}function Cu(t,e){return t[0]<=t[1]?t[0]<=e&&e<=t[1]:e<t[0]||t[1]<e}var Su,Au,Mu,Ou,Nu,Du,Bu,Lu,Iu,Ru,Fu,Pu,ju,Yu,zu,Uu,$u=function(t){var e,n,r,i,a,o,s;if(cu=su=-(au=ou=1/0),du=[],$c(t,gu),n=du.length){for(du.sort(Tu),e=1,a=[r=du[0]];e<n;++e)Cu(r,(i=du[e])[0])||Cu(r,i[1])?(Eu(r[0],i[1])>Eu(r[0],r[1])&&(r[1]=i[1]),Eu(i[0],r[1])>Eu(r[0],r[1])&&(r[0]=i[0])):a.push(r=i);for(o=-1/0,e=0,r=a[n=a.length-1];e<=n;r=i,++e)i=a[e],(s=Eu(r[1],i[0]))>o&&(o=s,au=i[0],su=r[1])}return du=pu=null,au===1/0||ou===1/0?[[NaN,NaN],[NaN,NaN]]:[[au,ou],[su,cu]]},Wu={sphere:Dc,point:Vu,lineStart:Hu,lineEnd:Zu,polygonStart:function(){Wu.lineStart=Qu,Wu.lineEnd=Ku},polygonEnd:function(){Wu.lineStart=Hu,Wu.lineEnd=Zu}};function Vu(t,e){t*=gc;var n=_c(e*=gc);qu(n*_c(t),n*Tc(t),Tc(e))}function qu(t,e,n){++Su,Mu+=(t-Mu)/Su,Ou+=(e-Ou)/Su,Nu+=(n-Nu)/Su}function Hu(){Wu.point=Gu}function Gu(t,e){t*=gc;var n=_c(e*=gc);Yu=n*_c(t),zu=n*Tc(t),Uu=Tc(e),Wu.point=Xu,qu(Yu,zu,Uu)}function Xu(t,e){t*=gc;var n=_c(e*=gc),r=n*_c(t),i=n*Tc(t),a=Tc(e),o=bc(Sc((o=zu*a-Uu*i)*o+(o=Uu*r-Yu*a)*o+(o=Yu*i-zu*r)*o),Yu*r+zu*i+Uu*a);Au+=o,Du+=o*(Yu+(Yu=r)),Bu+=o*(zu+(zu=i)),Lu+=o*(Uu+(Uu=a)),qu(Yu,zu,Uu)}function Zu(){Wu.point=Vu}function Qu(){Wu.point=Ju}function Ku(){tl(Pu,ju),Wu.point=Vu}function Ju(t,e){Pu=t,ju=e,t*=gc,e*=gc,Wu.point=tl;var n=_c(e);Yu=n*_c(t),zu=n*Tc(t),Uu=Tc(e),qu(Yu,zu,Uu)}function tl(t,e){t*=gc;var n=_c(e*=gc),r=n*_c(t),i=n*Tc(t),a=Tc(e),o=zu*a-Uu*i,s=Uu*r-Yu*a,c=Yu*i-zu*r,u=Sc(o*o+s*s+c*c),l=Oc(u),h=u&&-l/u;Iu+=h*o,Ru+=h*s,Fu+=h*c,Au+=l,Du+=l*(Yu+(Yu=r)),Bu+=l*(zu+(zu=i)),Lu+=l*(Uu+(Uu=a)),qu(Yu,zu,Uu)}var el=function(t){Su=Au=Mu=Ou=Nu=Du=Bu=Lu=Iu=Ru=Fu=0,$c(t,Wu);var e=Iu,n=Ru,r=Fu,i=e*e+n*n+r*r;return i<1e-12&&(e=Du,n=Bu,r=Lu,Au<1e-6&&(e=Mu,n=Ou,r=Nu),(i=e*e+n*n+r*r)<1e-12)?[NaN,NaN]:[bc(n,e)*yc,Oc(r/Sc(i))*yc]},nl=function(t){return function(){return t}},rl=function(t,e){function n(n,r){return n=t(n,r),e(n[0],n[1])}return t.invert&&e.invert&&(n.invert=function(n,r){return(n=e.invert(n,r))&&t.invert(n[0],n[1])}),n};function il(t,e){return[vc(t)>hc?t+Math.round(-t/pc)*pc:t,e]}function al(t,e,n){return(t%=pc)?e||n?rl(sl(t),cl(e,n)):sl(t):e||n?cl(e,n):il}function ol(t){return function(e,n){return[(e+=t)>hc?e-pc:e<-hc?e+pc:e,n]}}function sl(t){var e=ol(t);return e.invert=ol(-t),e}function cl(t,e){var n=_c(t),r=Tc(t),i=_c(e),a=Tc(e);function o(t,e){var o=_c(e),s=_c(t)*o,c=Tc(t)*o,u=Tc(e),l=u*n+s*r;return[bc(c*i-l*a,s*n-u*r),Oc(l*i+c*a)]}return o.invert=function(t,e){var o=_c(e),s=_c(t)*o,c=Tc(t)*o,u=Tc(e),l=u*i-c*a;return[bc(c*i+u*a,s*n+l*r),Oc(l*n-s*r)]},o}il.invert=il;var ul=function(t){function e(e){return(e=t(e[0]*gc,e[1]*gc))[0]*=yc,e[1]*=yc,e}return t=al(t[0]*gc,t[1]*gc,t.length>2?t[2]*gc:0),e.invert=function(e){return(e=t.invert(e[0]*gc,e[1]*gc))[0]*=yc,e[1]*=yc,e},e};function ll(t,e,n,r,i,a){if(n){var o=_c(e),s=Tc(e),c=r*n;null==i?(i=e+r*pc,a=e-c/2):(i=hl(o,i),a=hl(o,a),(r>0?i<a:i>a)&&(i+=r*pc));for(var u,l=i;r>0?l>a:l<a;l-=c)u=Kc([o,-s*_c(l),-s*Tc(l)]),t.point(u[0],u[1])}}function hl(t,e){(e=Jc(e))[0]-=t,iu(e);var n=Mc(-e[1]);return((-e[2]<0?-n:n)+pc-1e-6)%pc}var fl=function(){var t,e,n=nl([0,0]),r=nl(90),i=nl(6),a={point:function(n,r){t.push(n=e(n,r)),n[0]*=yc,n[1]*=yc}};function o(){var o=n.apply(this,arguments),s=r.apply(this,arguments)*gc,c=i.apply(this,arguments)*gc;return t=[],e=al(-o[0]*gc,-o[1]*gc,0).invert,ll(a,s,c,1),o={type:"Polygon",coordinates:[t]},t=e=null,o}return o.center=function(t){return arguments.length?(n="function"==typeof t?t:nl([+t[0],+t[1]]),o):n},o.radius=function(t){return arguments.length?(r="function"==typeof t?t:nl(+t),o):r},o.precision=function(t){return arguments.length?(i="function"==typeof t?t:nl(+t),o):i},o},dl=function(){var t,e=[];return{point:function(e,n){t.push([e,n])},lineStart:function(){e.push(t=[])},lineEnd:Dc,rejoin:function(){e.length>1&&e.push(e.pop().concat(e.shift()))},result:function(){var n=e;return e=[],t=null,n}}},pl=function(t,e){return vc(t[0]-e[0])<1e-6&&vc(t[1]-e[1])<1e-6};function yl(t,e,n,r){this.x=t,this.z=e,this.o=n,this.e=r,this.v=!1,this.n=this.p=null}var gl=function(t,e,n,r,i){var a,o,s=[],c=[];if(t.forEach((function(t){if(!((e=t.length-1)<=0)){var e,n,r=t[0],o=t[e];if(pl(r,o)){for(i.lineStart(),a=0;a<e;++a)i.point((r=t[a])[0],r[1]);i.lineEnd()}else s.push(n=new yl(r,t,null,!0)),c.push(n.o=new yl(r,null,n,!1)),s.push(n=new yl(o,t,null,!1)),c.push(n.o=new yl(o,null,n,!0))}})),s.length){for(c.sort(e),vl(s),vl(c),a=0,o=c.length;a<o;++a)c[a].e=n=!n;for(var u,l,h=s[0];;){for(var f=h,d=!0;f.v;)if((f=f.n)===h)return;u=f.z,i.lineStart();do{if(f.v=f.o.v=!0,f.e){if(d)for(a=0,o=u.length;a<o;++a)i.point((l=u[a])[0],l[1]);else r(f.x,f.n.x,1,i);f=f.n}else{if(d)for(u=f.p.z,a=u.length-1;a>=0;--a)i.point((l=u[a])[0],l[1]);else r(f.x,f.p.x,-1,i);f=f.p}u=(f=f.o).z,d=!d}while(!f.v);i.lineEnd()}}};function vl(t){if(e=t.length){for(var e,n,r=0,i=t[0];++r<e;)i.n=n=t[r],n.p=i,i=n;i.n=n=t[0],n.p=i}}var ml=sc();function bl(t){return vc(t[0])<=hc?t[0]:Cc(t[0])*((vc(t[0])+hc)%pc-hc)}var _l=function(t,e){var n=bl(e),r=e[1],i=Tc(r),a=[Tc(n),-_c(n),0],o=0,s=0;ml.reset(),1===i?r=fc+1e-6:-1===i&&(r=-fc-1e-6);for(var c=0,u=t.length;c<u;++c)if(h=(l=t[c]).length)for(var l,h,f=l[h-1],d=bl(f),p=f[1]/2+dc,y=Tc(p),g=_c(p),v=0;v<h;++v,d=b,y=x,g=k,f=m){var m=l[v],b=bl(m),_=m[1]/2+dc,x=Tc(_),k=_c(_),w=b-d,E=w>=0?1:-1,T=E*w,C=T>hc,S=y*x;if(ml.add(bc(S*E*Tc(T),g*k+S*_c(T))),o+=C?w+E*pc:w,C^d>=n^b>=n){var A=eu(Jc(f),Jc(m));iu(A);var M=eu(a,A);iu(M);var O=(C^w>=0?-1:1)*Oc(M[2]);(r>O||r===O&&(A[0]||A[1]))&&(s+=C^w>=0?1:-1)}}return(o<-1e-6||o<1e-6&&ml<-1e-6)^1&s},xl=function(t,e,n,r){return function(i){var a,o,s,c=e(i),u=dl(),l=e(u),h=!1,f={point:d,lineStart:y,lineEnd:g,polygonStart:function(){f.point=v,f.lineStart=m,f.lineEnd=b,o=[],a=[]},polygonEnd:function(){f.point=d,f.lineStart=y,f.lineEnd=g,o=F(o);var t=_l(a,r);o.length?(h||(i.polygonStart(),h=!0),gl(o,wl,t,n,i)):t&&(h||(i.polygonStart(),h=!0),i.lineStart(),n(null,null,1,i),i.lineEnd()),h&&(i.polygonEnd(),h=!1),o=a=null},sphere:function(){i.polygonStart(),i.lineStart(),n(null,null,1,i),i.lineEnd(),i.polygonEnd()}};function d(e,n){t(e,n)&&i.point(e,n)}function p(t,e){c.point(t,e)}function y(){f.point=p,c.lineStart()}function g(){f.point=d,c.lineEnd()}function v(t,e){s.push([t,e]),l.point(t,e)}function m(){l.lineStart(),s=[]}function b(){v(s[0][0],s[0][1]),l.lineEnd();var t,e,n,r,c=l.clean(),f=u.result(),d=f.length;if(s.pop(),a.push(s),s=null,d)if(1&c){if((e=(n=f[0]).length-1)>0){for(h||(i.polygonStart(),h=!0),i.lineStart(),t=0;t<e;++t)i.point((r=n[t])[0],r[1]);i.lineEnd()}}else d>1&&2&c&&f.push(f.pop().concat(f.shift())),o.push(f.filter(kl))}return f}};function kl(t){return t.length>1}function wl(t,e){return((t=t.x)[0]<0?t[1]-fc-1e-6:fc-t[1])-((e=e.x)[0]<0?e[1]-fc-1e-6:fc-e[1])}var El=xl((function(){return!0}),(function(t){var e,n=NaN,r=NaN,i=NaN;return{lineStart:function(){t.lineStart(),e=1},point:function(a,o){var s=a>0?hc:-hc,c=vc(a-n);vc(c-hc)<1e-6?(t.point(n,r=(r+o)/2>0?fc:-fc),t.point(i,r),t.lineEnd(),t.lineStart(),t.point(s,r),t.point(a,r),e=0):i!==s&&c>=hc&&(vc(n-i)<1e-6&&(n-=1e-6*i),vc(a-s)<1e-6&&(a-=1e-6*s),r=function(t,e,n,r){var i,a,o=Tc(t-n);return vc(o)>1e-6?mc((Tc(e)*(a=_c(r))*Tc(n)-Tc(r)*(i=_c(e))*Tc(t))/(i*a*o)):(e+r)/2}(n,r,a,o),t.point(i,r),t.lineEnd(),t.lineStart(),t.point(s,r),e=0),t.point(n=a,r=o),i=s},lineEnd:function(){t.lineEnd(),n=r=NaN},clean:function(){return 2-e}}}),(function(t,e,n,r){var i;if(null==t)i=n*fc,r.point(-hc,i),r.point(0,i),r.point(hc,i),r.point(hc,0),r.point(hc,-i),r.point(0,-i),r.point(-hc,-i),r.point(-hc,0),r.point(-hc,i);else if(vc(t[0]-e[0])>1e-6){var a=t[0]<e[0]?hc:-hc;i=n*a/2,r.point(-a,i),r.point(0,i),r.point(a,i)}else r.point(e[0],e[1])}),[-hc,-fc]);var Tl=function(t){var e=_c(t),n=6*gc,r=e>0,i=vc(e)>1e-6;function a(t,n){return _c(t)*_c(n)>e}function o(t,n,r){var i=[1,0,0],a=eu(Jc(t),Jc(n)),o=tu(a,a),s=a[0],c=o-s*s;if(!c)return!r&&t;var u=e*o/c,l=-e*s/c,h=eu(i,a),f=ru(i,u);nu(f,ru(a,l));var d=h,p=tu(f,d),y=tu(d,d),g=p*p-y*(tu(f,f)-1);if(!(g<0)){var v=Sc(g),m=ru(d,(-p-v)/y);if(nu(m,f),m=Kc(m),!r)return m;var b,_=t[0],x=n[0],k=t[1],w=n[1];x<_&&(b=_,_=x,x=b);var E=x-_,T=vc(E-hc)<1e-6;if(!T&&w<k&&(b=k,k=w,w=b),T||E<1e-6?T?k+w>0^m[1]<(vc(m[0]-_)<1e-6?k:w):k<=m[1]&&m[1]<=w:E>hc^(_<=m[0]&&m[0]<=x)){var C=ru(d,(-p+v)/y);return nu(C,f),[m,Kc(C)]}}}function s(e,n){var i=r?t:hc-t,a=0;return e<-i?a|=1:e>i&&(a|=2),n<-i?a|=4:n>i&&(a|=8),a}return xl(a,(function(t){var e,n,c,u,l;return{lineStart:function(){u=c=!1,l=1},point:function(h,f){var d,p=[h,f],y=a(h,f),g=r?y?0:s(h,f):y?s(h+(h<0?hc:-hc),f):0;if(!e&&(u=c=y)&&t.lineStart(),y!==c&&(!(d=o(e,p))||pl(e,d)||pl(p,d))&&(p[0]+=1e-6,p[1]+=1e-6,y=a(p[0],p[1])),y!==c)l=0,y?(t.lineStart(),d=o(p,e),t.point(d[0],d[1])):(d=o(e,p),t.point(d[0],d[1]),t.lineEnd()),e=d;else if(i&&e&&r^y){var v;g&n||!(v=o(p,e,!0))||(l=0,r?(t.lineStart(),t.point(v[0][0],v[0][1]),t.point(v[1][0],v[1][1]),t.lineEnd()):(t.point(v[1][0],v[1][1]),t.lineEnd(),t.lineStart(),t.point(v[0][0],v[0][1])))}!y||e&&pl(e,p)||t.point(p[0],p[1]),e=p,c=y,n=g},lineEnd:function(){c&&t.lineEnd(),e=null},clean:function(){return l|(u&&c)<<1}}}),(function(e,r,i,a){ll(a,t,n,i,e,r)}),r?[0,-t]:[-hc,t-hc])};function Cl(t,e,n,r){function i(i,a){return t<=i&&i<=n&&e<=a&&a<=r}function a(i,a,s,u){var l=0,h=0;if(null==i||(l=o(i,s))!==(h=o(a,s))||c(i,a)<0^s>0)do{u.point(0===l||3===l?t:n,l>1?r:e)}while((l=(l+s+4)%4)!==h);else u.point(a[0],a[1])}function o(r,i){return vc(r[0]-t)<1e-6?i>0?0:3:vc(r[0]-n)<1e-6?i>0?2:1:vc(r[1]-e)<1e-6?i>0?1:0:i>0?3:2}function s(t,e){return c(t.x,e.x)}function c(t,e){var n=o(t,1),r=o(e,1);return n!==r?n-r:0===n?e[1]-t[1]:1===n?t[0]-e[0]:2===n?t[1]-e[1]:e[0]-t[0]}return function(o){var c,u,l,h,f,d,p,y,g,v,m,b=o,_=dl(),x={point:k,lineStart:function(){x.point=w,u&&u.push(l=[]);v=!0,g=!1,p=y=NaN},lineEnd:function(){c&&(w(h,f),d&&g&&_.rejoin(),c.push(_.result()));x.point=k,g&&b.lineEnd()},polygonStart:function(){b=_,c=[],u=[],m=!0},polygonEnd:function(){var e=function(){for(var e=0,n=0,i=u.length;n<i;++n)for(var a,o,s=u[n],c=1,l=s.length,h=s[0],f=h[0],d=h[1];c<l;++c)a=f,o=d,h=s[c],f=h[0],d=h[1],o<=r?d>r&&(f-a)*(r-o)>(d-o)*(t-a)&&++e:d<=r&&(f-a)*(r-o)<(d-o)*(t-a)&&--e;return e}(),n=m&&e,i=(c=F(c)).length;(n||i)&&(o.polygonStart(),n&&(o.lineStart(),a(null,null,1,o),o.lineEnd()),i&&gl(c,s,e,a,o),o.polygonEnd());b=o,c=u=l=null}};function k(t,e){i(t,e)&&b.point(t,e)}function w(a,o){var s=i(a,o);if(u&&l.push([a,o]),v)h=a,f=o,d=s,v=!1,s&&(b.lineStart(),b.point(a,o));else if(s&&g)b.point(a,o);else{var c=[p=Math.max(-1e9,Math.min(1e9,p)),y=Math.max(-1e9,Math.min(1e9,y))],_=[a=Math.max(-1e9,Math.min(1e9,a)),o=Math.max(-1e9,Math.min(1e9,o))];!function(t,e,n,r,i,a){var o,s=t[0],c=t[1],u=0,l=1,h=e[0]-s,f=e[1]-c;if(o=n-s,h||!(o>0)){if(o/=h,h<0){if(o<u)return;o<l&&(l=o)}else if(h>0){if(o>l)return;o>u&&(u=o)}if(o=i-s,h||!(o<0)){if(o/=h,h<0){if(o>l)return;o>u&&(u=o)}else if(h>0){if(o<u)return;o<l&&(l=o)}if(o=r-c,f||!(o>0)){if(o/=f,f<0){if(o<u)return;o<l&&(l=o)}else if(f>0){if(o>l)return;o>u&&(u=o)}if(o=a-c,f||!(o<0)){if(o/=f,f<0){if(o>l)return;o>u&&(u=o)}else if(f>0){if(o<u)return;o<l&&(l=o)}return u>0&&(t[0]=s+u*h,t[1]=c+u*f),l<1&&(e[0]=s+l*h,e[1]=c+l*f),!0}}}}}(c,_,t,e,n,r)?s&&(b.lineStart(),b.point(a,o),m=!1):(g||(b.lineStart(),b.point(c[0],c[1])),b.point(_[0],_[1]),s||b.lineEnd(),m=!1)}p=a,y=o,g=s}return x}}var Sl,Al,Ml,Ol=function(){var t,e,n,r=0,i=0,a=960,o=500;return n={stream:function(n){return t&&e===n?t:t=Cl(r,i,a,o)(e=n)},extent:function(s){return arguments.length?(r=+s[0][0],i=+s[0][1],a=+s[1][0],o=+s[1][1],t=e=null,n):[[r,i],[a,o]]}}},Nl=sc(),Dl={sphere:Dc,point:Dc,lineStart:function(){Dl.point=Ll,Dl.lineEnd=Bl},lineEnd:Dc,polygonStart:Dc,polygonEnd:Dc};function Bl(){Dl.point=Dl.lineEnd=Dc}function Ll(t,e){Sl=t*=gc,Al=Tc(e*=gc),Ml=_c(e),Dl.point=Il}function Il(t,e){t*=gc;var n=Tc(e*=gc),r=_c(e),i=vc(t-Sl),a=_c(i),o=r*Tc(i),s=Ml*n-Al*r*a,c=Al*n+Ml*r*a;Nl.add(bc(Sc(o*o+s*s),c)),Sl=t,Al=n,Ml=r}var Rl=function(t){return Nl.reset(),$c(t,Dl),+Nl},Fl=[null,null],Pl={type:"LineString",coordinates:Fl},jl=function(t,e){return Fl[0]=t,Fl[1]=e,Rl(Pl)},Yl={Feature:function(t,e){return Ul(t.geometry,e)},FeatureCollection:function(t,e){for(var n=t.features,r=-1,i=n.length;++r<i;)if(Ul(n[r].geometry,e))return!0;return!1}},zl={Sphere:function(){return!0},Point:function(t,e){return $l(t.coordinates,e)},MultiPoint:function(t,e){for(var n=t.coordinates,r=-1,i=n.length;++r<i;)if($l(n[r],e))return!0;return!1},LineString:function(t,e){return Wl(t.coordinates,e)},MultiLineString:function(t,e){for(var n=t.coordinates,r=-1,i=n.length;++r<i;)if(Wl(n[r],e))return!0;return!1},Polygon:function(t,e){return Vl(t.coordinates,e)},MultiPolygon:function(t,e){for(var n=t.coordinates,r=-1,i=n.length;++r<i;)if(Vl(n[r],e))return!0;return!1},GeometryCollection:function(t,e){for(var n=t.geometries,r=-1,i=n.length;++r<i;)if(Ul(n[r],e))return!0;return!1}};function Ul(t,e){return!(!t||!zl.hasOwnProperty(t.type))&&zl[t.type](t,e)}function $l(t,e){return 0===jl(t,e)}function Wl(t,e){for(var n,r,i,a=0,o=t.length;a<o;a++){if(0===(r=jl(t[a],e)))return!0;if(a>0&&(i=jl(t[a],t[a-1]))>0&&n<=i&&r<=i&&(n+r-i)*(1-Math.pow((n-r)/i,2))<1e-12*i)return!0;n=r}return!1}function Vl(t,e){return!!_l(t.map(ql),Hl(e))}function ql(t){return(t=t.map(Hl)).pop(),t}function Hl(t){return[t[0]*gc,t[1]*gc]}var Gl=function(t,e){return(t&&Yl.hasOwnProperty(t.type)?Yl[t.type]:Ul)(t,e)};function Xl(t,e,n){var r=k(t,e-1e-6,n).concat(e);return function(t){return r.map((function(e){return[t,e]}))}}function Zl(t,e,n){var r=k(t,e-1e-6,n).concat(e);return function(t){return r.map((function(e){return[e,t]}))}}function Ql(){var t,e,n,r,i,a,o,s,c,u,l,h,f=10,d=f,p=90,y=360,g=2.5;function v(){return{type:"MultiLineString",coordinates:m()}}function m(){return k(xc(r/p)*p,n,p).map(l).concat(k(xc(s/y)*y,o,y).map(h)).concat(k(xc(e/f)*f,t,f).filter((function(t){return vc(t%p)>1e-6})).map(c)).concat(k(xc(a/d)*d,i,d).filter((function(t){return vc(t%y)>1e-6})).map(u))}return v.lines=function(){return m().map((function(t){return{type:"LineString",coordinates:t}}))},v.outline=function(){return{type:"Polygon",coordinates:[l(r).concat(h(o).slice(1),l(n).reverse().slice(1),h(s).reverse().slice(1))]}},v.extent=function(t){return arguments.length?v.extentMajor(t).extentMinor(t):v.extentMinor()},v.extentMajor=function(t){return arguments.length?(r=+t[0][0],n=+t[1][0],s=+t[0][1],o=+t[1][1],r>n&&(t=r,r=n,n=t),s>o&&(t=s,s=o,o=t),v.precision(g)):[[r,s],[n,o]]},v.extentMinor=function(n){return arguments.length?(e=+n[0][0],t=+n[1][0],a=+n[0][1],i=+n[1][1],e>t&&(n=e,e=t,t=n),a>i&&(n=a,a=i,i=n),v.precision(g)):[[e,a],[t,i]]},v.step=function(t){return arguments.length?v.stepMajor(t).stepMinor(t):v.stepMinor()},v.stepMajor=function(t){return arguments.length?(p=+t[0],y=+t[1],v):[p,y]},v.stepMinor=function(t){return arguments.length?(f=+t[0],d=+t[1],v):[f,d]},v.precision=function(f){return arguments.length?(g=+f,c=Xl(a,i,90),u=Zl(e,t,g),l=Xl(s,o,90),h=Zl(r,n,g),v):g},v.extentMajor([[-180,1e-6-90],[180,90-1e-6]]).extentMinor([[-180,-80-1e-6],[180,80+1e-6]])}function Kl(){return Ql()()}var Jl,th,eh,nh,rh=function(t,e){var n=t[0]*gc,r=t[1]*gc,i=e[0]*gc,a=e[1]*gc,o=_c(r),s=Tc(r),c=_c(a),u=Tc(a),l=o*_c(n),h=o*Tc(n),f=c*_c(i),d=c*Tc(i),p=2*Oc(Sc(Nc(a-r)+o*c*Nc(i-n))),y=Tc(p),g=p?function(t){var e=Tc(t*=p)/y,n=Tc(p-t)/y,r=n*l+e*f,i=n*h+e*d,a=n*s+e*u;return[bc(i,r)*yc,bc(a,Sc(r*r+i*i))*yc]}:function(){return[n*yc,r*yc]};return g.distance=p,g},ih=function(t){return t},ah=sc(),oh=sc(),sh={point:Dc,lineStart:Dc,lineEnd:Dc,polygonStart:function(){sh.lineStart=ch,sh.lineEnd=hh},polygonEnd:function(){sh.lineStart=sh.lineEnd=sh.point=Dc,ah.add(vc(oh)),oh.reset()},result:function(){var t=ah/2;return ah.reset(),t}};function ch(){sh.point=uh}function uh(t,e){sh.point=lh,Jl=eh=t,th=nh=e}function lh(t,e){oh.add(nh*t-eh*e),eh=t,nh=e}function hh(){lh(Jl,th)}var fh=sh,dh=1/0,ph=dh,yh=-dh,gh=yh;var vh,mh,bh,_h,xh={point:function(t,e){t<dh&&(dh=t);t>yh&&(yh=t);e<ph&&(ph=e);e>gh&&(gh=e)},lineStart:Dc,lineEnd:Dc,polygonStart:Dc,polygonEnd:Dc,result:function(){var t=[[dh,ph],[yh,gh]];return yh=gh=-(ph=dh=1/0),t}},kh=0,wh=0,Eh=0,Th=0,Ch=0,Sh=0,Ah=0,Mh=0,Oh=0,Nh={point:Dh,lineStart:Bh,lineEnd:Rh,polygonStart:function(){Nh.lineStart=Fh,Nh.lineEnd=Ph},polygonEnd:function(){Nh.point=Dh,Nh.lineStart=Bh,Nh.lineEnd=Rh},result:function(){var t=Oh?[Ah/Oh,Mh/Oh]:Sh?[Th/Sh,Ch/Sh]:Eh?[kh/Eh,wh/Eh]:[NaN,NaN];return kh=wh=Eh=Th=Ch=Sh=Ah=Mh=Oh=0,t}};function Dh(t,e){kh+=t,wh+=e,++Eh}function Bh(){Nh.point=Lh}function Lh(t,e){Nh.point=Ih,Dh(bh=t,_h=e)}function Ih(t,e){var n=t-bh,r=e-_h,i=Sc(n*n+r*r);Th+=i*(bh+t)/2,Ch+=i*(_h+e)/2,Sh+=i,Dh(bh=t,_h=e)}function Rh(){Nh.point=Dh}function Fh(){Nh.point=jh}function Ph(){Yh(vh,mh)}function jh(t,e){Nh.point=Yh,Dh(vh=bh=t,mh=_h=e)}function Yh(t,e){var n=t-bh,r=e-_h,i=Sc(n*n+r*r);Th+=i*(bh+t)/2,Ch+=i*(_h+e)/2,Sh+=i,Ah+=(i=_h*t-bh*e)*(bh+t),Mh+=i*(_h+e),Oh+=3*i,Dh(bh=t,_h=e)}var zh=Nh;function Uh(t){this._context=t}Uh.prototype={_radius:4.5,pointRadius:function(t){return this._radius=t,this},polygonStart:function(){this._line=0},polygonEnd:function(){this._line=NaN},lineStart:function(){this._point=0},lineEnd:function(){0===this._line&&this._context.closePath(),this._point=NaN},point:function(t,e){switch(this._point){case 0:this._context.moveTo(t,e),this._point=1;break;case 1:this._context.lineTo(t,e);break;default:this._context.moveTo(t+this._radius,e),this._context.arc(t,e,this._radius,0,pc)}},result:Dc};var $h,Wh,Vh,qh,Hh,Gh=sc(),Xh={point:Dc,lineStart:function(){Xh.point=Zh},lineEnd:function(){$h&&Qh(Wh,Vh),Xh.point=Dc},polygonStart:function(){$h=!0},polygonEnd:function(){$h=null},result:function(){var t=+Gh;return Gh.reset(),t}};function Zh(t,e){Xh.point=Qh,Wh=qh=t,Vh=Hh=e}function Qh(t,e){qh-=t,Hh-=e,Gh.add(Sc(qh*qh+Hh*Hh)),qh=t,Hh=e}var Kh=Xh;function Jh(){this._string=[]}function tf(t){return"m0,"+t+"a"+t+","+t+" 0 1,1 0,"+-2*t+"a"+t+","+t+" 0 1,1 0,"+2*t+"z"}Jh.prototype={_radius:4.5,_circle:tf(4.5),pointRadius:function(t){return(t=+t)!==this._radius&&(this._radius=t,this._circle=null),this},polygonStart:function(){this._line=0},polygonEnd:function(){this._line=NaN},lineStart:function(){this._point=0},lineEnd:function(){0===this._line&&this._string.push("Z"),this._point=NaN},point:function(t,e){switch(this._point){case 0:this._string.push("M",t,",",e),this._point=1;break;case 1:this._string.push("L",t,",",e);break;default:null==this._circle&&(this._circle=tf(this._radius)),this._string.push("M",t,",",e,this._circle)}},result:function(){if(this._string.length){var t=this._string.join("");return this._string=[],t}return null}};var ef=function(t,e){var n,r,i=4.5;function a(t){return t&&("function"==typeof i&&r.pointRadius(+i.apply(this,arguments)),$c(t,n(r))),r.result()}return a.area=function(t){return $c(t,n(fh)),fh.result()},a.measure=function(t){return $c(t,n(Kh)),Kh.result()},a.bounds=function(t){return $c(t,n(xh)),xh.result()},a.centroid=function(t){return $c(t,n(zh)),zh.result()},a.projection=function(e){return arguments.length?(n=null==e?(t=null,ih):(t=e).stream,a):t},a.context=function(t){return arguments.length?(r=null==t?(e=null,new Jh):new Uh(e=t),"function"!=typeof i&&r.pointRadius(i),a):e},a.pointRadius=function(t){return arguments.length?(i="function"==typeof t?t:(r.pointRadius(+t),+t),a):i},a.projection(t).context(e)},nf=function(t){return{stream:rf(t)}};function rf(t){return function(e){var n=new af;for(var r in t)n[r]=t[r];return n.stream=e,n}}function af(){}function of(t,e,n){var r=t.clipExtent&&t.clipExtent();return t.scale(150).translate([0,0]),null!=r&&t.clipExtent(null),$c(n,t.stream(xh)),e(xh.result()),null!=r&&t.clipExtent(r),t}function sf(t,e,n){return of(t,(function(n){var r=e[1][0]-e[0][0],i=e[1][1]-e[0][1],a=Math.min(r/(n[1][0]-n[0][0]),i/(n[1][1]-n[0][1])),o=+e[0][0]+(r-a*(n[1][0]+n[0][0]))/2,s=+e[0][1]+(i-a*(n[1][1]+n[0][1]))/2;t.scale(150*a).translate([o,s])}),n)}function cf(t,e,n){return sf(t,[[0,0],e],n)}function uf(t,e,n){return of(t,(function(n){var r=+e,i=r/(n[1][0]-n[0][0]),a=(r-i*(n[1][0]+n[0][0]))/2,o=-i*n[0][1];t.scale(150*i).translate([a,o])}),n)}function lf(t,e,n){return of(t,(function(n){var r=+e,i=r/(n[1][1]-n[0][1]),a=-i*n[0][0],o=(r-i*(n[1][1]+n[0][1]))/2;t.scale(150*i).translate([a,o])}),n)}af.prototype={constructor:af,point:function(t,e){this.stream.point(t,e)},sphere:function(){this.stream.sphere()},lineStart:function(){this.stream.lineStart()},lineEnd:function(){this.stream.lineEnd()},polygonStart:function(){this.stream.polygonStart()},polygonEnd:function(){this.stream.polygonEnd()}};var hf=_c(30*gc),ff=function(t,e){return+e?function(t,e){function n(r,i,a,o,s,c,u,l,h,f,d,p,y,g){var v=u-r,m=l-i,b=v*v+m*m;if(b>4*e&&y--){var _=o+f,x=s+d,k=c+p,w=Sc(_*_+x*x+k*k),E=Oc(k/=w),T=vc(vc(k)-1)<1e-6||vc(a-h)<1e-6?(a+h)/2:bc(x,_),C=t(T,E),S=C[0],A=C[1],M=S-r,O=A-i,N=m*M-v*O;(N*N/b>e||vc((v*M+m*O)/b-.5)>.3||o*f+s*d+c*p<hf)&&(n(r,i,a,o,s,c,S,A,T,_/=w,x/=w,k,y,g),g.point(S,A),n(S,A,T,_,x,k,u,l,h,f,d,p,y,g))}}return function(e){var r,i,a,o,s,c,u,l,h,f,d,p,y={point:g,lineStart:v,lineEnd:b,polygonStart:function(){e.polygonStart(),y.lineStart=_},polygonEnd:function(){e.polygonEnd(),y.lineStart=v}};function g(n,r){n=t(n,r),e.point(n[0],n[1])}function v(){l=NaN,y.point=m,e.lineStart()}function m(r,i){var a=Jc([r,i]),o=t(r,i);n(l,h,u,f,d,p,l=o[0],h=o[1],u=r,f=a[0],d=a[1],p=a[2],16,e),e.point(l,h)}function b(){y.point=g,e.lineEnd()}function _(){v(),y.point=x,y.lineEnd=k}function x(t,e){m(r=t,e),i=l,a=h,o=f,s=d,c=p,y.point=m}function k(){n(l,h,u,f,d,p,i,a,r,o,s,c,16,e),y.lineEnd=b,b()}return y}}(t,e):function(t){return rf({point:function(e,n){e=t(e,n),this.stream.point(e[0],e[1])}})}(t)};var df=rf({point:function(t,e){this.stream.point(t*gc,e*gc)}});function pf(t,e,n){function r(r,i){return[e+t*r,n-t*i]}return r.invert=function(r,i){return[(r-e)/t,(n-i)/t]},r}function yf(t,e,n,r){var i=_c(r),a=Tc(r),o=i*t,s=a*t,c=i/t,u=a/t,l=(a*n-i*e)/t,h=(a*e+i*n)/t;function f(t,r){return[o*t-s*r+e,n-s*t-o*r]}return f.invert=function(t,e){return[c*t-u*e+l,h-u*t-c*e]},f}function gf(t){return vf((function(){return t}))()}function vf(t){var e,n,r,i,a,o,s,c,u,l,h=150,f=480,d=250,p=0,y=0,g=0,v=0,m=0,b=0,_=null,x=El,k=null,w=ih,E=.5;function T(t){return c(t[0]*gc,t[1]*gc)}function C(t){return(t=c.invert(t[0],t[1]))&&[t[0]*yc,t[1]*yc]}function S(){var t=yf(h,0,0,b).apply(null,e(p,y)),r=(b?yf:pf)(h,f-t[0],d-t[1],b);return n=al(g,v,m),s=rl(e,r),c=rl(n,s),o=ff(s,E),A()}function A(){return u=l=null,T}return T.stream=function(t){return u&&l===t?u:u=df(function(t){return rf({point:function(e,n){var r=t(e,n);return this.stream.point(r[0],r[1])}})}(n)(x(o(w(l=t)))))},T.preclip=function(t){return arguments.length?(x=t,_=void 0,A()):x},T.postclip=function(t){return arguments.length?(w=t,k=r=i=a=null,A()):w},T.clipAngle=function(t){return arguments.length?(x=+t?Tl(_=t*gc):(_=null,El),A()):_*yc},T.clipExtent=function(t){return arguments.length?(w=null==t?(k=r=i=a=null,ih):Cl(k=+t[0][0],r=+t[0][1],i=+t[1][0],a=+t[1][1]),A()):null==k?null:[[k,r],[i,a]]},T.scale=function(t){return arguments.length?(h=+t,S()):h},T.translate=function(t){return arguments.length?(f=+t[0],d=+t[1],S()):[f,d]},T.center=function(t){return arguments.length?(p=t[0]%360*gc,y=t[1]%360*gc,S()):[p*yc,y*yc]},T.rotate=function(t){return arguments.length?(g=t[0]%360*gc,v=t[1]%360*gc,m=t.length>2?t[2]%360*gc:0,S()):[g*yc,v*yc,m*yc]},T.angle=function(t){return arguments.length?(b=t%360*gc,S()):b*yc},T.precision=function(t){return arguments.length?(o=ff(s,E=t*t),A()):Sc(E)},T.fitExtent=function(t,e){return sf(T,t,e)},T.fitSize=function(t,e){return cf(T,t,e)},T.fitWidth=function(t,e){return uf(T,t,e)},T.fitHeight=function(t,e){return lf(T,t,e)},function(){return e=t.apply(this,arguments),T.invert=e.invert&&C,S()}}function mf(t){var e=0,n=hc/3,r=vf(t),i=r(e,n);return i.parallels=function(t){return arguments.length?r(e=t[0]*gc,n=t[1]*gc):[e*yc,n*yc]},i}function bf(t,e){var n=Tc(t),r=(n+Tc(e))/2;if(vc(r)<1e-6)return function(t){var e=_c(t);function n(t,n){return[t*e,Tc(n)/e]}return n.invert=function(t,n){return[t/e,Oc(n*e)]},n}(t);var i=1+n*(2*r-n),a=Sc(i)/r;function o(t,e){var n=Sc(i-2*r*Tc(e))/r;return[n*Tc(t*=r),a-n*_c(t)]}return o.invert=function(t,e){var n=a-e;return[bc(t,vc(n))/r*Cc(n),Oc((i-(t*t+n*n)*r*r)/(2*r))]},o}var _f=function(){return mf(bf).scale(155.424).center([0,33.6442])},xf=function(){return _f().parallels([29.5,45.5]).scale(1070).translate([480,250]).rotate([96,0]).center([-.6,38.7])};var kf=function(){var t,e,n,r,i,a,o=xf(),s=_f().rotate([154,0]).center([-2,58.5]).parallels([55,65]),c=_f().rotate([157,0]).center([-3,19.9]).parallels([8,18]),u={point:function(t,e){a=[t,e]}};function l(t){var e=t[0],o=t[1];return a=null,n.point(e,o),a||(r.point(e,o),a)||(i.point(e,o),a)}function h(){return t=e=null,l}return l.invert=function(t){var e=o.scale(),n=o.translate(),r=(t[0]-n[0])/e,i=(t[1]-n[1])/e;return(i>=.12&&i<.234&&r>=-.425&&r<-.214?s:i>=.166&&i<.234&&r>=-.214&&r<-.115?c:o).invert(t)},l.stream=function(n){return t&&e===n?t:(r=[o.stream(e=n),s.stream(n),c.stream(n)],i=r.length,t={point:function(t,e){for(var n=-1;++n<i;)r[n].point(t,e)},sphere:function(){for(var t=-1;++t<i;)r[t].sphere()},lineStart:function(){for(var t=-1;++t<i;)r[t].lineStart()},lineEnd:function(){for(var t=-1;++t<i;)r[t].lineEnd()},polygonStart:function(){for(var t=-1;++t<i;)r[t].polygonStart()},polygonEnd:function(){for(var t=-1;++t<i;)r[t].polygonEnd()}});var r,i},l.precision=function(t){return arguments.length?(o.precision(t),s.precision(t),c.precision(t),h()):o.precision()},l.scale=function(t){return arguments.length?(o.scale(t),s.scale(.35*t),c.scale(t),l.translate(o.translate())):o.scale()},l.translate=function(t){if(!arguments.length)return o.translate();var e=o.scale(),a=+t[0],l=+t[1];return n=o.translate(t).clipExtent([[a-.455*e,l-.238*e],[a+.455*e,l+.238*e]]).stream(u),r=s.translate([a-.307*e,l+.201*e]).clipExtent([[a-.425*e+1e-6,l+.12*e+1e-6],[a-.214*e-1e-6,l+.234*e-1e-6]]).stream(u),i=c.translate([a-.205*e,l+.212*e]).clipExtent([[a-.214*e+1e-6,l+.166*e+1e-6],[a-.115*e-1e-6,l+.234*e-1e-6]]).stream(u),h()},l.fitExtent=function(t,e){return sf(l,t,e)},l.fitSize=function(t,e){return cf(l,t,e)},l.fitWidth=function(t,e){return uf(l,t,e)},l.fitHeight=function(t,e){return lf(l,t,e)},l.scale(1070)};function wf(t){return function(e,n){var r=_c(e),i=_c(n),a=t(r*i);return[a*i*Tc(e),a*Tc(n)]}}function Ef(t){return function(e,n){var r=Sc(e*e+n*n),i=t(r),a=Tc(i),o=_c(i);return[bc(e*a,r*o),Oc(r&&n*a/r)]}}var Tf=wf((function(t){return Sc(2/(1+t))}));Tf.invert=Ef((function(t){return 2*Oc(t/2)}));var Cf=function(){return gf(Tf).scale(124.75).clipAngle(179.999)},Sf=wf((function(t){return(t=Mc(t))&&t/Tc(t)}));Sf.invert=Ef((function(t){return t}));var Af=function(){return gf(Sf).scale(79.4188).clipAngle(179.999)};function Mf(t,e){return[t,wc(Ac((fc+e)/2))]}Mf.invert=function(t,e){return[t,2*mc(kc(e))-fc]};var Of=function(){return Nf(Mf).scale(961/pc)};function Nf(t){var e,n,r,i=gf(t),a=i.center,o=i.scale,s=i.translate,c=i.clipExtent,u=null;function l(){var a=hc*o(),s=i(ul(i.rotate()).invert([0,0]));return c(null==u?[[s[0]-a,s[1]-a],[s[0]+a,s[1]+a]]:t===Mf?[[Math.max(s[0]-a,u),e],[Math.min(s[0]+a,n),r]]:[[u,Math.max(s[1]-a,e)],[n,Math.min(s[1]+a,r)]])}return i.scale=function(t){return arguments.length?(o(t),l()):o()},i.translate=function(t){return arguments.length?(s(t),l()):s()},i.center=function(t){return arguments.length?(a(t),l()):a()},i.clipExtent=function(t){return arguments.length?(null==t?u=e=n=r=null:(u=+t[0][0],e=+t[0][1],n=+t[1][0],r=+t[1][1]),l()):null==u?null:[[u,e],[n,r]]},l()}function Df(t){return Ac((fc+t)/2)}function Bf(t,e){var n=_c(t),r=t===e?Tc(t):wc(n/_c(e))/wc(Df(e)/Df(t)),i=n*Ec(Df(t),r)/r;if(!r)return Mf;function a(t,e){i>0?e<1e-6-fc&&(e=1e-6-fc):e>fc-1e-6&&(e=fc-1e-6);var n=i/Ec(Df(e),r);return[n*Tc(r*t),i-n*_c(r*t)]}return a.invert=function(t,e){var n=i-e,a=Cc(r)*Sc(t*t+n*n);return[bc(t,vc(n))/r*Cc(n),2*mc(Ec(i/a,1/r))-fc]},a}var Lf=function(){return mf(Bf).scale(109.5).parallels([30,30])};function If(t,e){return[t,e]}If.invert=If;var Rf=function(){return gf(If).scale(152.63)};function Ff(t,e){var n=_c(t),r=t===e?Tc(t):(n-_c(e))/(e-t),i=n/r+t;if(vc(r)<1e-6)return If;function a(t,e){var n=i-e,a=r*t;return[n*Tc(a),i-n*_c(a)]}return a.invert=function(t,e){var n=i-e;return[bc(t,vc(n))/r*Cc(n),i-Cc(r)*Sc(t*t+n*n)]},a}var Pf=function(){return mf(Ff).scale(131.154).center([0,13.9389])},jf=1.340264,Yf=-.081106,zf=893e-6,Uf=.003796,$f=Sc(3)/2;function Wf(t,e){var n=Oc($f*Tc(e)),r=n*n,i=r*r*r;return[t*_c(n)/($f*(jf+3*Yf*r+i*(7*zf+9*Uf*r))),n*(jf+Yf*r+i*(zf+Uf*r))]}Wf.invert=function(t,e){for(var n,r=e,i=r*r,a=i*i*i,o=0;o<12&&(a=(i=(r-=n=(r*(jf+Yf*i+a*(zf+Uf*i))-e)/(jf+3*Yf*i+a*(7*zf+9*Uf*i)))*r)*i*i,!(vc(n)<1e-12));++o);return[$f*t*(jf+3*Yf*i+a*(7*zf+9*Uf*i))/_c(r),Oc(Tc(r)/$f)]};var Vf=function(){return gf(Wf).scale(177.158)};function qf(t,e){var n=_c(e),r=_c(t)*n;return[n*Tc(t)/r,Tc(e)/r]}qf.invert=Ef(mc);var Hf=function(){return gf(qf).scale(144.049).clipAngle(60)};function Gf(t,e,n,r){return 1===t&&1===e&&0===n&&0===r?ih:rf({point:function(i,a){this.stream.point(i*t+n,a*e+r)}})}var Xf=function(){var t,e,n,r,i,a,o=1,s=0,c=0,u=1,l=1,h=ih,f=null,d=ih;function p(){return r=i=null,a}return a={stream:function(t){return r&&i===t?r:r=h(d(i=t))},postclip:function(r){return arguments.length?(d=r,f=t=e=n=null,p()):d},clipExtent:function(r){return arguments.length?(d=null==r?(f=t=e=n=null,ih):Cl(f=+r[0][0],t=+r[0][1],e=+r[1][0],n=+r[1][1]),p()):null==f?null:[[f,t],[e,n]]},scale:function(t){return arguments.length?(h=Gf((o=+t)*u,o*l,s,c),p()):o},translate:function(t){return arguments.length?(h=Gf(o*u,o*l,s=+t[0],c=+t[1]),p()):[s,c]},reflectX:function(t){return arguments.length?(h=Gf(o*(u=t?-1:1),o*l,s,c),p()):u<0},reflectY:function(t){return arguments.length?(h=Gf(o*u,o*(l=t?-1:1),s,c),p()):l<0},fitExtent:function(t,e){return sf(a,t,e)},fitSize:function(t,e){return cf(a,t,e)},fitWidth:function(t,e){return uf(a,t,e)},fitHeight:function(t,e){return lf(a,t,e)}}};function Zf(t,e){var n=e*e,r=n*n;return[t*(.8707-.131979*n+r*(r*(.003971*n-.001529*r)-.013791)),e*(1.007226+n*(.015085+r*(.028874*n-.044475-.005916*r)))]}Zf.invert=function(t,e){var n,r=e,i=25;do{var a=r*r,o=a*a;r-=n=(r*(1.007226+a*(.015085+o*(.028874*a-.044475-.005916*o)))-e)/(1.007226+a*(.045255+o*(.259866*a-.311325-.005916*11*o)))}while(vc(n)>1e-6&&--i>0);return[t/(.8707+(a=r*r)*(a*(a*a*a*(.003971-.001529*a)-.013791)-.131979)),r]};var Qf=function(){return gf(Zf).scale(175.295)};function Kf(t,e){return[_c(e)*Tc(t),Tc(e)]}Kf.invert=Ef(Oc);var Jf=function(){return gf(Kf).scale(249.5).clipAngle(90+1e-6)};function td(t,e){var n=_c(e),r=1+_c(t)*n;return[n*Tc(t)/r,Tc(e)/r]}td.invert=Ef((function(t){return 2*mc(t)}));var ed=function(){return gf(td).scale(250).clipAngle(142)};function nd(t,e){return[wc(Ac((fc+e)/2)),-t]}nd.invert=function(t,e){return[-e,2*mc(kc(t))-fc]};var rd=function(){var t=Nf(nd),e=t.center,n=t.rotate;return t.center=function(t){return arguments.length?e([-t[1],t[0]]):[(t=e())[1],-t[0]]},t.rotate=function(t){return arguments.length?n([t[0],t[1],t.length>2?t[2]+90:90]):[(t=n())[0],t[1],t[2]-90]},n([0,0,90]).scale(159.155)};function id(t,e){return t.parent===e.parent?1:2}function ad(t,e){return t+e.x}function od(t,e){return Math.max(t,e.y)}var sd=function(){var t=id,e=1,n=1,r=!1;function i(i){var a,o=0;i.eachAfter((function(e){var n=e.children;n?(e.x=function(t){return t.reduce(ad,0)/t.length}(n),e.y=function(t){return 1+t.reduce(od,0)}(n)):(e.x=a?o+=t(e,a):0,e.y=0,a=e)}));var s=function(t){for(var e;e=t.children;)t=e[0];return t}(i),c=function(t){for(var e;e=t.children;)t=e[e.length-1];return t}(i),u=s.x-t(s,c)/2,l=c.x+t(c,s)/2;return i.eachAfter(r?function(t){t.x=(t.x-i.x)*e,t.y=(i.y-t.y)*n}:function(t){t.x=(t.x-u)/(l-u)*e,t.y=(1-(i.y?t.y/i.y:1))*n})}return i.separation=function(e){return arguments.length?(t=e,i):t},i.size=function(t){return arguments.length?(r=!1,e=+t[0],n=+t[1],i):r?null:[e,n]},i.nodeSize=function(t){return arguments.length?(r=!0,e=+t[0],n=+t[1],i):r?[e,n]:null},i};function cd(t){var e=0,n=t.children,r=n&&n.length;if(r)for(;--r>=0;)e+=n[r].value;else e=1;t.value=e}function ud(t,e){var n,r,i,a,o,s=new dd(t),c=+t.value&&(s.value=t.value),u=[s];for(null==e&&(e=ld);n=u.pop();)if(c&&(n.value=+n.data.value),(i=e(n.data))&&(o=i.length))for(n.children=new Array(o),a=o-1;a>=0;--a)u.push(r=n.children[a]=new dd(i[a])),r.parent=n,r.depth=n.depth+1;return s.eachBefore(fd)}function ld(t){return t.children}function hd(t){t.data=t.data.data}function fd(t){var e=0;do{t.height=e}while((t=t.parent)&&t.height<++e)}function dd(t){this.data=t,this.depth=this.height=0,this.parent=null}dd.prototype=ud.prototype={constructor:dd,count:function(){return this.eachAfter(cd)},each:function(t){var e,n,r,i,a=this,o=[a];do{for(e=o.reverse(),o=[];a=e.pop();)if(t(a),n=a.children)for(r=0,i=n.length;r<i;++r)o.push(n[r])}while(o.length);return this},eachAfter:function(t){for(var e,n,r,i=this,a=[i],o=[];i=a.pop();)if(o.push(i),e=i.children)for(n=0,r=e.length;n<r;++n)a.push(e[n]);for(;i=o.pop();)t(i);return this},eachBefore:function(t){for(var e,n,r=this,i=[r];r=i.pop();)if(t(r),e=r.children)for(n=e.length-1;n>=0;--n)i.push(e[n]);return this},sum:function(t){return this.eachAfter((function(e){for(var n=+t(e.data)||0,r=e.children,i=r&&r.length;--i>=0;)n+=r[i].value;e.value=n}))},sort:function(t){return this.eachBefore((function(e){e.children&&e.children.sort(t)}))},path:function(t){for(var e=this,n=function(t,e){if(t===e)return t;var n=t.ancestors(),r=e.ancestors(),i=null;t=n.pop(),e=r.pop();for(;t===e;)i=t,t=n.pop(),e=r.pop();return i}(e,t),r=[e];e!==n;)e=e.parent,r.push(e);for(var i=r.length;t!==n;)r.splice(i,0,t),t=t.parent;return r},ancestors:function(){for(var t=this,e=[t];t=t.parent;)e.push(t);return e},descendants:function(){var t=[];return this.each((function(e){t.push(e)})),t},leaves:function(){var t=[];return this.eachBefore((function(e){e.children||t.push(e)})),t},links:function(){var t=this,e=[];return t.each((function(n){n!==t&&e.push({source:n.parent,target:n})})),e},copy:function(){return ud(this).eachBefore(hd)}};var pd=Array.prototype.slice;var yd=function(t){for(var e,n,r=0,i=(t=function(t){for(var e,n,r=t.length;r;)n=Math.random()*r--|0,e=t[r],t[r]=t[n],t[n]=e;return t}(pd.call(t))).length,a=[];r<i;)e=t[r],n&&md(n,e)?++r:(n=_d(a=gd(a,e)),r=0);return n};function gd(t,e){var n,r;if(bd(e,t))return[e];for(n=0;n<t.length;++n)if(vd(e,t[n])&&bd(xd(t[n],e),t))return[t[n],e];for(n=0;n<t.length-1;++n)for(r=n+1;r<t.length;++r)if(vd(xd(t[n],t[r]),e)&&vd(xd(t[n],e),t[r])&&vd(xd(t[r],e),t[n])&&bd(kd(t[n],t[r],e),t))return[t[n],t[r],e];throw new Error}function vd(t,e){var n=t.r-e.r,r=e.x-t.x,i=e.y-t.y;return n<0||n*n<r*r+i*i}function md(t,e){var n=t.r-e.r+1e-6,r=e.x-t.x,i=e.y-t.y;return n>0&&n*n>r*r+i*i}function bd(t,e){for(var n=0;n<e.length;++n)if(!md(t,e[n]))return!1;return!0}function _d(t){switch(t.length){case 1:return{x:(e=t[0]).x,y:e.y,r:e.r};case 2:return xd(t[0],t[1]);case 3:return kd(t[0],t[1],t[2])}var e}function xd(t,e){var n=t.x,r=t.y,i=t.r,a=e.x,o=e.y,s=e.r,c=a-n,u=o-r,l=s-i,h=Math.sqrt(c*c+u*u);return{x:(n+a+c/h*l)/2,y:(r+o+u/h*l)/2,r:(h+i+s)/2}}function kd(t,e,n){var r=t.x,i=t.y,a=t.r,o=e.x,s=e.y,c=e.r,u=n.x,l=n.y,h=n.r,f=r-o,d=r-u,p=i-s,y=i-l,g=c-a,v=h-a,m=r*r+i*i-a*a,b=m-o*o-s*s+c*c,_=m-u*u-l*l+h*h,x=d*p-f*y,k=(p*_-y*b)/(2*x)-r,w=(y*g-p*v)/x,E=(d*b-f*_)/(2*x)-i,T=(f*v-d*g)/x,C=w*w+T*T-1,S=2*(a+k*w+E*T),A=k*k+E*E-a*a,M=-(C?(S+Math.sqrt(S*S-4*C*A))/(2*C):A/S);return{x:r+k+w*M,y:i+E+T*M,r:M}}function wd(t,e,n){var r,i,a,o,s=t.x-e.x,c=t.y-e.y,u=s*s+c*c;u?(i=e.r+n.r,i*=i,o=t.r+n.r,i>(o*=o)?(r=(u+o-i)/(2*u),a=Math.sqrt(Math.max(0,o/u-r*r)),n.x=t.x-r*s-a*c,n.y=t.y-r*c+a*s):(r=(u+i-o)/(2*u),a=Math.sqrt(Math.max(0,i/u-r*r)),n.x=e.x+r*s-a*c,n.y=e.y+r*c+a*s)):(n.x=e.x+n.r,n.y=e.y)}function Ed(t,e){var n=t.r+e.r-1e-6,r=e.x-t.x,i=e.y-t.y;return n>0&&n*n>r*r+i*i}function Td(t){var e=t._,n=t.next._,r=e.r+n.r,i=(e.x*n.r+n.x*e.r)/r,a=(e.y*n.r+n.y*e.r)/r;return i*i+a*a}function Cd(t){this._=t,this.next=null,this.previous=null}function Sd(t){if(!(i=t.length))return 0;var e,n,r,i,a,o,s,c,u,l,h;if((e=t[0]).x=0,e.y=0,!(i>1))return e.r;if(n=t[1],e.x=-n.r,n.x=e.r,n.y=0,!(i>2))return e.r+n.r;wd(n,e,r=t[2]),e=new Cd(e),n=new Cd(n),r=new Cd(r),e.next=r.previous=n,n.next=e.previous=r,r.next=n.previous=e;t:for(s=3;s<i;++s){wd(e._,n._,r=t[s]),r=new Cd(r),c=n.next,u=e.previous,l=n._.r,h=e._.r;do{if(l<=h){if(Ed(c._,r._)){n=c,e.next=n,n.previous=e,--s;continue t}l+=c._.r,c=c.next}else{if(Ed(u._,r._)){(e=u).next=n,n.previous=e,--s;continue t}h+=u._.r,u=u.previous}}while(c!==u.next);for(r.previous=e,r.next=n,e.next=n.previous=n=r,a=Td(e);(r=r.next)!==n;)(o=Td(r))<a&&(e=r,a=o);n=e.next}for(e=[n._],r=n;(r=r.next)!==n;)e.push(r._);for(r=yd(e),s=0;s<i;++s)(e=t[s]).x-=r.x,e.y-=r.y;return r.r}var Ad=function(t){return Sd(t),t};function Md(t){return null==t?null:Od(t)}function Od(t){if("function"!=typeof t)throw new Error;return t}function Nd(){return 0}var Dd=function(t){return function(){return t}};function Bd(t){return Math.sqrt(t.value)}var Ld=function(){var t=null,e=1,n=1,r=Nd;function i(i){return i.x=e/2,i.y=n/2,t?i.eachBefore(Id(t)).eachAfter(Rd(r,.5)).eachBefore(Fd(1)):i.eachBefore(Id(Bd)).eachAfter(Rd(Nd,1)).eachAfter(Rd(r,i.r/Math.min(e,n))).eachBefore(Fd(Math.min(e,n)/(2*i.r))),i}return i.radius=function(e){return arguments.length?(t=Md(e),i):t},i.size=function(t){return arguments.length?(e=+t[0],n=+t[1],i):[e,n]},i.padding=function(t){return arguments.length?(r="function"==typeof t?t:Dd(+t),i):r},i};function Id(t){return function(e){e.children||(e.r=Math.max(0,+t(e)||0))}}function Rd(t,e){return function(n){if(r=n.children){var r,i,a,o=r.length,s=t(n)*e||0;if(s)for(i=0;i<o;++i)r[i].r+=s;if(a=Sd(r),s)for(i=0;i<o;++i)r[i].r-=s;n.r=a+s}}}function Fd(t){return function(e){var n=e.parent;e.r*=t,n&&(e.x=n.x+t*e.x,e.y=n.y+t*e.y)}}var Pd=function(t){t.x0=Math.round(t.x0),t.y0=Math.round(t.y0),t.x1=Math.round(t.x1),t.y1=Math.round(t.y1)},jd=function(t,e,n,r,i){for(var a,o=t.children,s=-1,c=o.length,u=t.value&&(r-e)/t.value;++s<c;)(a=o[s]).y0=n,a.y1=i,a.x0=e,a.x1=e+=a.value*u},Yd=function(){var t=1,e=1,n=0,r=!1;function i(i){var a=i.height+1;return i.x0=i.y0=n,i.x1=t,i.y1=e/a,i.eachBefore(function(t,e){return function(r){r.children&&jd(r,r.x0,t*(r.depth+1)/e,r.x1,t*(r.depth+2)/e);var i=r.x0,a=r.y0,o=r.x1-n,s=r.y1-n;o<i&&(i=o=(i+o)/2),s<a&&(a=s=(a+s)/2),r.x0=i,r.y0=a,r.x1=o,r.y1=s}}(e,a)),r&&i.eachBefore(Pd),i}return i.round=function(t){return arguments.length?(r=!!t,i):r},i.size=function(n){return arguments.length?(t=+n[0],e=+n[1],i):[t,e]},i.padding=function(t){return arguments.length?(n=+t,i):n},i},zd={depth:-1},Ud={};function $d(t){return t.id}function Wd(t){return t.parentId}var Vd=function(){var t=$d,e=Wd;function n(n){var r,i,a,o,s,c,u,l=n.length,h=new Array(l),f={};for(i=0;i<l;++i)r=n[i],s=h[i]=new dd(r),null!=(c=t(r,i,n))&&(c+="")&&(f[u="$"+(s.id=c)]=u in f?Ud:s);for(i=0;i<l;++i)if(s=h[i],null!=(c=e(n[i],i,n))&&(c+="")){if(!(o=f["$"+c]))throw new Error("missing: "+c);if(o===Ud)throw new Error("ambiguous: "+c);o.children?o.children.push(s):o.children=[s],s.parent=o}else{if(a)throw new Error("multiple roots");a=s}if(!a)throw new Error("no root");if(a.parent=zd,a.eachBefore((function(t){t.depth=t.parent.depth+1,--l})).eachBefore(fd),a.parent=null,l>0)throw new Error("cycle");return a}return n.id=function(e){return arguments.length?(t=Od(e),n):t},n.parentId=function(t){return arguments.length?(e=Od(t),n):e},n};function qd(t,e){return t.parent===e.parent?1:2}function Hd(t){var e=t.children;return e?e[0]:t.t}function Gd(t){var e=t.children;return e?e[e.length-1]:t.t}function Xd(t,e,n){var r=n/(e.i-t.i);e.c-=r,e.s+=n,t.c+=r,e.z+=n,e.m+=n}function Zd(t,e,n){return t.a.parent===e.parent?t.a:n}function Qd(t,e){this._=t,this.parent=null,this.children=null,this.A=null,this.a=this,this.z=0,this.m=0,this.c=0,this.s=0,this.t=null,this.i=e}Qd.prototype=Object.create(dd.prototype);var Kd=function(){var t=qd,e=1,n=1,r=null;function i(i){var c=function(t){for(var e,n,r,i,a,o=new Qd(t,0),s=[o];e=s.pop();)if(r=e._.children)for(e.children=new Array(a=r.length),i=a-1;i>=0;--i)s.push(n=e.children[i]=new Qd(r[i],i)),n.parent=e;return(o.parent=new Qd(null,0)).children=[o],o}(i);if(c.eachAfter(a),c.parent.m=-c.z,c.eachBefore(o),r)i.eachBefore(s);else{var u=i,l=i,h=i;i.eachBefore((function(t){t.x<u.x&&(u=t),t.x>l.x&&(l=t),t.depth>h.depth&&(h=t)}));var f=u===l?1:t(u,l)/2,d=f-u.x,p=e/(l.x+f+d),y=n/(h.depth||1);i.eachBefore((function(t){t.x=(t.x+d)*p,t.y=t.depth*y}))}return i}function a(e){var n=e.children,r=e.parent.children,i=e.i?r[e.i-1]:null;if(n){!function(t){for(var e,n=0,r=0,i=t.children,a=i.length;--a>=0;)(e=i[a]).z+=n,e.m+=n,n+=e.s+(r+=e.c)}(e);var a=(n[0].z+n[n.length-1].z)/2;i?(e.z=i.z+t(e._,i._),e.m=e.z-a):e.z=a}else i&&(e.z=i.z+t(e._,i._));e.parent.A=function(e,n,r){if(n){for(var i,a=e,o=e,s=n,c=a.parent.children[0],u=a.m,l=o.m,h=s.m,f=c.m;s=Gd(s),a=Hd(a),s&&a;)c=Hd(c),(o=Gd(o)).a=e,(i=s.z+h-a.z-u+t(s._,a._))>0&&(Xd(Zd(s,e,r),e,i),u+=i,l+=i),h+=s.m,u+=a.m,f+=c.m,l+=o.m;s&&!Gd(o)&&(o.t=s,o.m+=h-l),a&&!Hd(c)&&(c.t=a,c.m+=u-f,r=e)}return r}(e,i,e.parent.A||r[0])}function o(t){t._.x=t.z+t.parent.m,t.m+=t.parent.m}function s(t){t.x*=e,t.y=t.depth*n}return i.separation=function(e){return arguments.length?(t=e,i):t},i.size=function(t){return arguments.length?(r=!1,e=+t[0],n=+t[1],i):r?null:[e,n]},i.nodeSize=function(t){return arguments.length?(r=!0,e=+t[0],n=+t[1],i):r?[e,n]:null},i},Jd=function(t,e,n,r,i){for(var a,o=t.children,s=-1,c=o.length,u=t.value&&(i-n)/t.value;++s<c;)(a=o[s]).x0=e,a.x1=r,a.y0=n,a.y1=n+=a.value*u},tp=(1+Math.sqrt(5))/2;function ep(t,e,n,r,i,a){for(var o,s,c,u,l,h,f,d,p,y,g,v=[],m=e.children,b=0,_=0,x=m.length,k=e.value;b<x;){c=i-n,u=a-r;do{l=m[_++].value}while(!l&&_<x);for(h=f=l,g=l*l*(y=Math.max(u/c,c/u)/(k*t)),p=Math.max(f/g,g/h);_<x;++_){if(l+=s=m[_].value,s<h&&(h=s),s>f&&(f=s),g=l*l*y,(d=Math.max(f/g,g/h))>p){l-=s;break}p=d}v.push(o={value:l,dice:c<u,children:m.slice(b,_)}),o.dice?jd(o,n,r,i,k?r+=u*l/k:a):Jd(o,n,r,k?n+=c*l/k:i,a),k-=l,b=_}return v}var np=function t(e){function n(t,n,r,i,a){ep(e,t,n,r,i,a)}return n.ratio=function(e){return t((e=+e)>1?e:1)},n}(tp),rp=function(){var t=np,e=!1,n=1,r=1,i=[0],a=Nd,o=Nd,s=Nd,c=Nd,u=Nd;function l(t){return t.x0=t.y0=0,t.x1=n,t.y1=r,t.eachBefore(h),i=[0],e&&t.eachBefore(Pd),t}function h(e){var n=i[e.depth],r=e.x0+n,l=e.y0+n,h=e.x1-n,f=e.y1-n;h<r&&(r=h=(r+h)/2),f<l&&(l=f=(l+f)/2),e.x0=r,e.y0=l,e.x1=h,e.y1=f,e.children&&(n=i[e.depth+1]=a(e)/2,r+=u(e)-n,l+=o(e)-n,(h-=s(e)-n)<r&&(r=h=(r+h)/2),(f-=c(e)-n)<l&&(l=f=(l+f)/2),t(e,r,l,h,f))}return l.round=function(t){return arguments.length?(e=!!t,l):e},l.size=function(t){return arguments.length?(n=+t[0],r=+t[1],l):[n,r]},l.tile=function(e){return arguments.length?(t=Od(e),l):t},l.padding=function(t){return arguments.length?l.paddingInner(t).paddingOuter(t):l.paddingInner()},l.paddingInner=function(t){return arguments.length?(a="function"==typeof t?t:Dd(+t),l):a},l.paddingOuter=function(t){return arguments.length?l.paddingTop(t).paddingRight(t).paddingBottom(t).paddingLeft(t):l.paddingTop()},l.paddingTop=function(t){return arguments.length?(o="function"==typeof t?t:Dd(+t),l):o},l.paddingRight=function(t){return arguments.length?(s="function"==typeof t?t:Dd(+t),l):s},l.paddingBottom=function(t){return arguments.length?(c="function"==typeof t?t:Dd(+t),l):c},l.paddingLeft=function(t){return arguments.length?(u="function"==typeof t?t:Dd(+t),l):u},l},ip=function(t,e,n,r,i){var a,o,s=t.children,c=s.length,u=new Array(c+1);for(u[0]=o=a=0;a<c;++a)u[a+1]=o+=s[a].value;!function t(e,n,r,i,a,o,c){if(e>=n-1){var l=s[e];return l.x0=i,l.y0=a,l.x1=o,void(l.y1=c)}var h=u[e],f=r/2+h,d=e+1,p=n-1;for(;d<p;){var y=d+p>>>1;u[y]<f?d=y+1:p=y}f-u[d-1]<u[d]-f&&e+1<d&&--d;var g=u[d]-h,v=r-g;if(o-i>c-a){var m=(i*v+o*g)/r;t(e,d,g,i,a,m,c),t(d,n,v,m,a,o,c)}else{var b=(a*v+c*g)/r;t(e,d,g,i,a,o,b),t(d,n,v,i,b,o,c)}}(0,c,t.value,e,n,r,i)},ap=function(t,e,n,r,i){(1&t.depth?Jd:jd)(t,e,n,r,i)},op=function t(e){function n(t,n,r,i,a){if((o=t._squarify)&&o.ratio===e)for(var o,s,c,u,l,h=-1,f=o.length,d=t.value;++h<f;){for(c=(s=o[h]).children,u=s.value=0,l=c.length;u<l;++u)s.value+=c[u].value;s.dice?jd(s,n,r,i,r+=(a-r)*s.value/d):Jd(s,n,r,n+=(i-n)*s.value/d,a),d-=s.value}else t._squarify=o=ep(e,t,n,r,i,a),o.ratio=e}return n.ratio=function(e){return t((e=+e)>1?e:1)},n}(tp),sp=function(t){var e=t.length;return function(n){return t[Math.max(0,Math.min(e-1,Math.floor(n*e)))]}},cp=function(t,e){var n=un(+t,+e);return function(t){var e=n(t);return e-360*Math.floor(e/360)}},up=function(t,e){return t=+t,e=+e,function(n){return Math.round(t*(1-n)+e*n)}},lp=Math.SQRT2;function hp(t){return((t=Math.exp(t))+1/t)/2}var fp=function(t,e){var n,r,i=t[0],a=t[1],o=t[2],s=e[0],c=e[1],u=e[2],l=s-i,h=c-a,f=l*l+h*h;if(f<1e-12)r=Math.log(u/o)/lp,n=function(t){return[i+t*l,a+t*h,o*Math.exp(lp*t*r)]};else{var d=Math.sqrt(f),p=(u*u-o*o+4*f)/(2*o*2*d),y=(u*u-o*o-4*f)/(2*u*2*d),g=Math.log(Math.sqrt(p*p+1)-p),v=Math.log(Math.sqrt(y*y+1)-y);r=(v-g)/lp,n=function(t){var e,n=t*r,s=hp(g),c=o/(2*d)*(s*(e=lp*n+g,((e=Math.exp(2*e))-1)/(e+1))-function(t){return((t=Math.exp(t))-1/t)/2}(g));return[i+c*l,a+c*h,o*s/hp(lp*n+g)]}}return n.duration=1e3*r,n};function dp(t){return function(e,n){var r=t((e=tn(e)).h,(n=tn(n)).h),i=hn(e.s,n.s),a=hn(e.l,n.l),o=hn(e.opacity,n.opacity);return function(t){return e.h=r(t),e.s=i(t),e.l=a(t),e.opacity=o(t),e+""}}}var pp=dp(un),yp=dp(hn);function gp(t,e){var n=hn((t=pa(t)).l,(e=pa(e)).l),r=hn(t.a,e.a),i=hn(t.b,e.b),a=hn(t.opacity,e.opacity);return function(e){return t.l=n(e),t.a=r(e),t.b=i(e),t.opacity=a(e),t+""}}function vp(t){return function(e,n){var r=t((e=ka(e)).h,(n=ka(n)).h),i=hn(e.c,n.c),a=hn(e.l,n.l),o=hn(e.opacity,n.opacity);return function(t){return e.h=r(t),e.c=i(t),e.l=a(t),e.opacity=o(t),e+""}}}var mp=vp(un),bp=vp(hn);function _p(t){return function e(n){function r(e,r){var i=t((e=Oa(e)).h,(r=Oa(r)).h),a=hn(e.s,r.s),o=hn(e.l,r.l),s=hn(e.opacity,r.opacity);return function(t){return e.h=i(t),e.s=a(t),e.l=o(Math.pow(t,n)),e.opacity=s(t),e+""}}return n=+n,r.gamma=e,r}(1)}var xp=_p(un),kp=_p(hn);function wp(t,e){for(var n=0,r=e.length-1,i=e[0],a=new Array(r<0?0:r);n<r;)a[n]=t(i,i=e[++n]);return function(t){var e=Math.max(0,Math.min(r-1,Math.floor(t*=r)));return a[e](t-e)}}var Ep=function(t,e){for(var n=new Array(e),r=0;r<e;++r)n[r]=t(r/(e-1));return n},Tp=function(t){for(var e,n=-1,r=t.length,i=t[r-1],a=0;++n<r;)e=i,i=t[n],a+=e[1]*i[0]-e[0]*i[1];return a/2},Cp=function(t){for(var e,n,r=-1,i=t.length,a=0,o=0,s=t[i-1],c=0;++r<i;)e=s,s=t[r],c+=n=e[0]*s[1]-s[0]*e[1],a+=(e[0]+s[0])*n,o+=(e[1]+s[1])*n;return[a/(c*=3),o/c]};function Sp(t,e){return t[0]-e[0]||t[1]-e[1]}function Ap(t){for(var e,n,r,i=t.length,a=[0,1],o=2,s=2;s<i;++s){for(;o>1&&(e=t[a[o-2]],n=t[a[o-1]],r=t[s],(n[0]-e[0])*(r[1]-e[1])-(n[1]-e[1])*(r[0]-e[0])<=0);)--o;a[o++]=s}return a.slice(0,o)}var Mp=function(t){if((n=t.length)<3)return null;var e,n,r=new Array(n),i=new Array(n);for(e=0;e<n;++e)r[e]=[+t[e][0],+t[e][1],e];for(r.sort(Sp),e=0;e<n;++e)i[e]=[r[e][0],-r[e][1]];var a=Ap(r),o=Ap(i),s=o[0]===a[0],c=o[o.length-1]===a[a.length-1],u=[];for(e=a.length-1;e>=0;--e)u.push(t[r[a[e]][2]]);for(e=+s;e<o.length-c;++e)u.push(t[r[o[e]][2]]);return u},Op=function(t,e){for(var n,r,i=t.length,a=t[i-1],o=e[0],s=e[1],c=a[0],u=a[1],l=!1,h=0;h<i;++h)n=(a=t[h])[0],(r=a[1])>s!=u>s&&o<(c-n)*(s-r)/(u-r)+n&&(l=!l),c=n,u=r;return l},Np=function(t){for(var e,n,r=-1,i=t.length,a=t[i-1],o=a[0],s=a[1],c=0;++r<i;)e=o,n=s,e-=o=(a=t[r])[0],n-=s=a[1],c+=Math.sqrt(e*e+n*n);return c},Dp=function(){return Math.random()},Bp=function t(e){function n(t,n){return t=null==t?0:+t,n=null==n?1:+n,1===arguments.length?(n=t,t=0):n-=t,function(){return e()*n+t}}return n.source=t,n}(Dp),Lp=function t(e){function n(t,n){var r,i;return t=null==t?0:+t,n=null==n?1:+n,function(){var a;if(null!=r)a=r,r=null;else do{r=2*e()-1,a=2*e()-1,i=r*r+a*a}while(!i||i>1);return t+n*a*Math.sqrt(-2*Math.log(i)/i)}}return n.source=t,n}(Dp),Ip=function t(e){function n(){var t=Lp.source(e).apply(this,arguments);return function(){return Math.exp(t())}}return n.source=t,n}(Dp),Rp=function t(e){function n(t){return function(){for(var n=0,r=0;r<t;++r)n+=e();return n}}return n.source=t,n}(Dp),Fp=function t(e){function n(t){var n=Rp.source(e)(t);return function(){return n()/t}}return n.source=t,n}(Dp),Pp=function t(e){function n(t){return function(){return-Math.log(1-e())/t}}return n.source=t,n}(Dp);function jp(t,e){switch(arguments.length){case 0:break;case 1:this.range(t);break;default:this.range(e).domain(t)}return this}function Yp(t,e){switch(arguments.length){case 0:break;case 1:this.interpolator(t);break;default:this.interpolator(e).domain(t)}return this}var zp=Array.prototype,Up=zp.map,$p=zp.slice,Wp={name:"implicit"};function Vp(){var t=Qi(),e=[],n=[],r=Wp;function i(i){var a=i+"",o=t.get(a);if(!o){if(r!==Wp)return r;t.set(a,o=e.push(i))}return n[(o-1)%n.length]}return i.domain=function(n){if(!arguments.length)return e.slice();e=[],t=Qi();for(var r,a,o=-1,s=n.length;++o<s;)t.has(a=(r=n[o])+"")||t.set(a,e.push(r));return i},i.range=function(t){return arguments.length?(n=$p.call(t),i):n.slice()},i.unknown=function(t){return arguments.length?(r=t,i):r},i.copy=function(){return Vp(e,n).unknown(r)},jp.apply(i,arguments),i}function qp(){var t,e,n=Vp().unknown(void 0),r=n.domain,i=n.range,a=[0,1],o=!1,s=0,c=0,u=.5;function l(){var n=r().length,l=a[1]<a[0],h=a[l-0],f=a[1-l];t=(f-h)/Math.max(1,n-s+2*c),o&&(t=Math.floor(t)),h+=(f-h-t*(n-s))*u,e=t*(1-s),o&&(h=Math.round(h),e=Math.round(e));var d=k(n).map((function(e){return h+t*e}));return i(l?d.reverse():d)}return delete n.unknown,n.domain=function(t){return arguments.length?(r(t),l()):r()},n.range=function(t){return arguments.length?(a=[+t[0],+t[1]],l()):a.slice()},n.rangeRound=function(t){return a=[+t[0],+t[1]],o=!0,l()},n.bandwidth=function(){return e},n.step=function(){return t},n.round=function(t){return arguments.length?(o=!!t,l()):o},n.padding=function(t){return arguments.length?(s=Math.min(1,c=+t),l()):s},n.paddingInner=function(t){return arguments.length?(s=Math.min(1,t),l()):s},n.paddingOuter=function(t){return arguments.length?(c=+t,l()):c},n.align=function(t){return arguments.length?(u=Math.max(0,Math.min(1,t)),l()):u},n.copy=function(){return qp(r(),a).round(o).paddingInner(s).paddingOuter(c).align(u)},jp.apply(l(),arguments)}function Hp(t){var e=t.copy;return t.padding=t.paddingOuter,delete t.paddingInner,delete t.paddingOuter,t.copy=function(){return Hp(e())},t}function Gp(){return Hp(qp.apply(null,arguments).paddingInner(1))}var Xp=function(t){return+t},Zp=[0,1];function Qp(t){return t}function Kp(t,e){return(e-=t=+t)?function(n){return(n-t)/e}:(n=isNaN(e)?NaN:.5,function(){return n});var n}function Jp(t){var e,n=t[0],r=t[t.length-1];return n>r&&(e=n,n=r,r=e),function(t){return Math.max(n,Math.min(r,t))}}function ty(t,e,n){var r=t[0],i=t[1],a=e[0],o=e[1];return i<r?(r=Kp(i,r),a=n(o,a)):(r=Kp(r,i),a=n(a,o)),function(t){return a(r(t))}}function ey(t,e,n){var r=Math.min(t.length,e.length)-1,i=new Array(r),a=new Array(r),o=-1;for(t[r]<t[0]&&(t=t.slice().reverse(),e=e.slice().reverse());++o<r;)i[o]=Kp(t[o],t[o+1]),a[o]=n(e[o],e[o+1]);return function(e){var n=c(t,e,1,r)-1;return a[n](i[n](e))}}function ny(t,e){return e.domain(t.domain()).range(t.range()).interpolate(t.interpolate()).clamp(t.clamp()).unknown(t.unknown())}function ry(){var t,e,n,r,i,a,o=Zp,s=Zp,c=An,u=Qp;function l(){return r=Math.min(o.length,s.length)>2?ey:ty,i=a=null,h}function h(e){return isNaN(e=+e)?n:(i||(i=r(o.map(t),s,c)))(t(u(e)))}return h.invert=function(n){return u(e((a||(a=r(s,o.map(t),xn)))(n)))},h.domain=function(t){return arguments.length?(o=Up.call(t,Xp),u===Qp||(u=Jp(o)),l()):o.slice()},h.range=function(t){return arguments.length?(s=$p.call(t),l()):s.slice()},h.rangeRound=function(t){return s=$p.call(t),c=up,l()},h.clamp=function(t){return arguments.length?(u=t?Jp(o):Qp,h):u!==Qp},h.interpolate=function(t){return arguments.length?(c=t,l()):c},h.unknown=function(t){return arguments.length?(n=t,h):n},function(n,r){return t=n,e=r,l()}}function iy(t,e){return ry()(t,e)}var ay=function(t,e,n,r){var i,a=A(t,e,n);switch((r=Vs(null==r?",f":r)).type){case"s":var o=Math.max(Math.abs(t),Math.abs(e));return null!=r.precision||isNaN(i=ac(a,o))||(r.precision=i),Zs(r,o);case"":case"e":case"g":case"p":case"r":null!=r.precision||isNaN(i=oc(a,Math.max(Math.abs(t),Math.abs(e))))||(r.precision=i-("e"===r.type));break;case"f":case"%":null!=r.precision||isNaN(i=ic(a))||(r.precision=i-2*("%"===r.type))}return Xs(r)};function oy(t){var e=t.domain;return t.ticks=function(t){var n=e();return C(n[0],n[n.length-1],null==t?10:t)},t.tickFormat=function(t,n){var r=e();return ay(r[0],r[r.length-1],null==t?10:t,n)},t.nice=function(n){null==n&&(n=10);var r,i=e(),a=0,o=i.length-1,s=i[a],c=i[o];return c<s&&(r=s,s=c,c=r,r=a,a=o,o=r),(r=S(s,c,n))>0?r=S(s=Math.floor(s/r)*r,c=Math.ceil(c/r)*r,n):r<0&&(r=S(s=Math.ceil(s*r)/r,c=Math.floor(c*r)/r,n)),r>0?(i[a]=Math.floor(s/r)*r,i[o]=Math.ceil(c/r)*r,e(i)):r<0&&(i[a]=Math.ceil(s*r)/r,i[o]=Math.floor(c*r)/r,e(i)),t},t}function sy(){var t=iy(Qp,Qp);return t.copy=function(){return ny(t,sy())},jp.apply(t,arguments),oy(t)}function cy(t){var e;function n(t){return isNaN(t=+t)?e:t}return n.invert=n,n.domain=n.range=function(e){return arguments.length?(t=Up.call(e,Xp),n):t.slice()},n.unknown=function(t){return arguments.length?(e=t,n):e},n.copy=function(){return cy(t).unknown(e)},t=arguments.length?Up.call(t,Xp):[0,1],oy(n)}var uy=function(t,e){var n,r=0,i=(t=t.slice()).length-1,a=t[r],o=t[i];return o<a&&(n=r,r=i,i=n,n=a,a=o,o=n),t[r]=e.floor(a),t[i]=e.ceil(o),t};function ly(t){return Math.log(t)}function hy(t){return Math.exp(t)}function fy(t){return-Math.log(-t)}function dy(t){return-Math.exp(-t)}function py(t){return isFinite(t)?+("1e"+t):t<0?0:t}function yy(t){return function(e){return-t(-e)}}function gy(t){var e,n,r=t(ly,hy),i=r.domain,a=10;function o(){return e=function(t){return t===Math.E?Math.log:10===t&&Math.log10||2===t&&Math.log2||(t=Math.log(t),function(e){return Math.log(e)/t})}(a),n=function(t){return 10===t?py:t===Math.E?Math.exp:function(e){return Math.pow(t,e)}}(a),i()[0]<0?(e=yy(e),n=yy(n),t(fy,dy)):t(ly,hy),r}return r.base=function(t){return arguments.length?(a=+t,o()):a},r.domain=function(t){return arguments.length?(i(t),o()):i()},r.ticks=function(t){var r,o=i(),s=o[0],c=o[o.length-1];(r=c<s)&&(f=s,s=c,c=f);var u,l,h,f=e(s),d=e(c),p=null==t?10:+t,y=[];if(!(a%1)&&d-f<p){if(f=Math.round(f)-1,d=Math.round(d)+1,s>0){for(;f<d;++f)for(l=1,u=n(f);l<a;++l)if(!((h=u*l)<s)){if(h>c)break;y.push(h)}}else for(;f<d;++f)for(l=a-1,u=n(f);l>=1;--l)if(!((h=u*l)<s)){if(h>c)break;y.push(h)}}else y=C(f,d,Math.min(d-f,p)).map(n);return r?y.reverse():y},r.tickFormat=function(t,i){if(null==i&&(i=10===a?".0e":","),"function"!=typeof i&&(i=Xs(i)),t===1/0)return i;null==t&&(t=10);var o=Math.max(1,a*t/r.ticks().length);return function(t){var r=t/n(Math.round(e(t)));return r*a<a-.5&&(r*=a),r<=o?i(t):""}},r.nice=function(){return i(uy(i(),{floor:function(t){return n(Math.floor(e(t)))},ceil:function(t){return n(Math.ceil(e(t)))}}))},r}function vy(){var t=gy(ry()).domain([1,10]);return t.copy=function(){return ny(t,vy()).base(t.base())},jp.apply(t,arguments),t}function my(t){return function(e){return Math.sign(e)*Math.log1p(Math.abs(e/t))}}function by(t){return function(e){return Math.sign(e)*Math.expm1(Math.abs(e))*t}}function _y(t){var e=1,n=t(my(e),by(e));return n.constant=function(n){return arguments.length?t(my(e=+n),by(e)):e},oy(n)}function xy(){var t=_y(ry());return t.copy=function(){return ny(t,xy()).constant(t.constant())},jp.apply(t,arguments)}function ky(t){return function(e){return e<0?-Math.pow(-e,t):Math.pow(e,t)}}function wy(t){return t<0?-Math.sqrt(-t):Math.sqrt(t)}function Ey(t){return t<0?-t*t:t*t}function Ty(t){var e=t(Qp,Qp),n=1;function r(){return 1===n?t(Qp,Qp):.5===n?t(wy,Ey):t(ky(n),ky(1/n))}return e.exponent=function(t){return arguments.length?(n=+t,r()):n},oy(e)}function Cy(){var t=Ty(ry());return t.copy=function(){return ny(t,Cy()).exponent(t.exponent())},jp.apply(t,arguments),t}function Sy(){return Cy.apply(null,arguments).exponent(.5)}function Ay(){var t,e=[],n=[],i=[];function a(){var t=0,r=Math.max(1,n.length);for(i=new Array(r-1);++t<r;)i[t-1]=N(e,t/r);return o}function o(e){return isNaN(e=+e)?t:n[c(i,e)]}return o.invertExtent=function(t){var r=n.indexOf(t);return r<0?[NaN,NaN]:[r>0?i[r-1]:e[0],r<i.length?i[r]:e[e.length-1]]},o.domain=function(t){if(!arguments.length)return e.slice();e=[];for(var n,i=0,o=t.length;i<o;++i)null==(n=t[i])||isNaN(n=+n)||e.push(n);return e.sort(r),a()},o.range=function(t){return arguments.length?(n=$p.call(t),a()):n.slice()},o.unknown=function(e){return arguments.length?(t=e,o):t},o.quantiles=function(){return i.slice()},o.copy=function(){return Ay().domain(e).range(n).unknown(t)},jp.apply(o,arguments)}function My(){var t,e=0,n=1,r=1,i=[.5],a=[0,1];function o(e){return e<=e?a[c(i,e,0,r)]:t}function s(){var t=-1;for(i=new Array(r);++t<r;)i[t]=((t+1)*n-(t-r)*e)/(r+1);return o}return o.domain=function(t){return arguments.length?(e=+t[0],n=+t[1],s()):[e,n]},o.range=function(t){return arguments.length?(r=(a=$p.call(t)).length-1,s()):a.slice()},o.invertExtent=function(t){var o=a.indexOf(t);return o<0?[NaN,NaN]:o<1?[e,i[0]]:o>=r?[i[r-1],n]:[i[o-1],i[o]]},o.unknown=function(e){return arguments.length?(t=e,o):o},o.thresholds=function(){return i.slice()},o.copy=function(){return My().domain([e,n]).range(a).unknown(t)},jp.apply(oy(o),arguments)}function Oy(){var t,e=[.5],n=[0,1],r=1;function i(i){return i<=i?n[c(e,i,0,r)]:t}return i.domain=function(t){return arguments.length?(e=$p.call(t),r=Math.min(e.length,n.length-1),i):e.slice()},i.range=function(t){return arguments.length?(n=$p.call(t),r=Math.min(e.length,n.length-1),i):n.slice()},i.invertExtent=function(t){var r=n.indexOf(t);return[e[r-1],e[r]]},i.unknown=function(e){return arguments.length?(t=e,i):t},i.copy=function(){return Oy().domain(e).range(n).unknown(t)},jp.apply(i,arguments)}var Ny=new Date,Dy=new Date;function By(t,e,n,r){function i(e){return t(e=0===arguments.length?new Date:new Date(+e)),e}return i.floor=function(e){return t(e=new Date(+e)),e},i.ceil=function(n){return t(n=new Date(n-1)),e(n,1),t(n),n},i.round=function(t){var e=i(t),n=i.ceil(t);return t-e<n-t?e:n},i.offset=function(t,n){return e(t=new Date(+t),null==n?1:Math.floor(n)),t},i.range=function(n,r,a){var o,s=[];if(n=i.ceil(n),a=null==a?1:Math.floor(a),!(n<r&&a>0))return s;do{s.push(o=new Date(+n)),e(n,a),t(n)}while(o<n&&n<r);return s},i.filter=function(n){return By((function(e){if(e>=e)for(;t(e),!n(e);)e.setTime(e-1)}),(function(t,r){if(t>=t)if(r<0)for(;++r<=0;)for(;e(t,-1),!n(t););else for(;--r>=0;)for(;e(t,1),!n(t););}))},n&&(i.count=function(e,r){return Ny.setTime(+e),Dy.setTime(+r),t(Ny),t(Dy),Math.floor(n(Ny,Dy))},i.every=function(t){return t=Math.floor(t),isFinite(t)&&t>0?t>1?i.filter(r?function(e){return r(e)%t==0}:function(e){return i.count(0,e)%t==0}):i:null}),i}var Ly=By((function(t){t.setMonth(0,1),t.setHours(0,0,0,0)}),(function(t,e){t.setFullYear(t.getFullYear()+e)}),(function(t,e){return e.getFullYear()-t.getFullYear()}),(function(t){return t.getFullYear()}));Ly.every=function(t){return isFinite(t=Math.floor(t))&&t>0?By((function(e){e.setFullYear(Math.floor(e.getFullYear()/t)*t),e.setMonth(0,1),e.setHours(0,0,0,0)}),(function(e,n){e.setFullYear(e.getFullYear()+n*t)})):null};var Iy=Ly,Ry=Ly.range,Fy=By((function(t){t.setDate(1),t.setHours(0,0,0,0)}),(function(t,e){t.setMonth(t.getMonth()+e)}),(function(t,e){return e.getMonth()-t.getMonth()+12*(e.getFullYear()-t.getFullYear())}),(function(t){return t.getMonth()})),Py=Fy,jy=Fy.range;function Yy(t){return By((function(e){e.setDate(e.getDate()-(e.getDay()+7-t)%7),e.setHours(0,0,0,0)}),(function(t,e){t.setDate(t.getDate()+7*e)}),(function(t,e){return(e-t-6e4*(e.getTimezoneOffset()-t.getTimezoneOffset()))/6048e5}))}var zy=Yy(0),Uy=Yy(1),$y=Yy(2),Wy=Yy(3),Vy=Yy(4),qy=Yy(5),Hy=Yy(6),Gy=zy.range,Xy=Uy.range,Zy=$y.range,Qy=Wy.range,Ky=Vy.range,Jy=qy.range,tg=Hy.range,eg=By((function(t){t.setHours(0,0,0,0)}),(function(t,e){t.setDate(t.getDate()+e)}),(function(t,e){return(e-t-6e4*(e.getTimezoneOffset()-t.getTimezoneOffset()))/864e5}),(function(t){return t.getDate()-1})),ng=eg,rg=eg.range,ig=By((function(t){t.setTime(t-t.getMilliseconds()-1e3*t.getSeconds()-6e4*t.getMinutes())}),(function(t,e){t.setTime(+t+36e5*e)}),(function(t,e){return(e-t)/36e5}),(function(t){return t.getHours()})),ag=ig,og=ig.range,sg=By((function(t){t.setTime(t-t.getMilliseconds()-1e3*t.getSeconds())}),(function(t,e){t.setTime(+t+6e4*e)}),(function(t,e){return(e-t)/6e4}),(function(t){return t.getMinutes()})),cg=sg,ug=sg.range,lg=By((function(t){t.setTime(t-t.getMilliseconds())}),(function(t,e){t.setTime(+t+1e3*e)}),(function(t,e){return(e-t)/1e3}),(function(t){return t.getUTCSeconds()})),hg=lg,fg=lg.range,dg=By((function(){}),(function(t,e){t.setTime(+t+e)}),(function(t,e){return e-t}));dg.every=function(t){return t=Math.floor(t),isFinite(t)&&t>0?t>1?By((function(e){e.setTime(Math.floor(e/t)*t)}),(function(e,n){e.setTime(+e+n*t)}),(function(e,n){return(n-e)/t})):dg:null};var pg=dg,yg=dg.range;function gg(t){return By((function(e){e.setUTCDate(e.getUTCDate()-(e.getUTCDay()+7-t)%7),e.setUTCHours(0,0,0,0)}),(function(t,e){t.setUTCDate(t.getUTCDate()+7*e)}),(function(t,e){return(e-t)/6048e5}))}var vg=gg(0),mg=gg(1),bg=gg(2),_g=gg(3),xg=gg(4),kg=gg(5),wg=gg(6),Eg=vg.range,Tg=mg.range,Cg=bg.range,Sg=_g.range,Ag=xg.range,Mg=kg.range,Og=wg.range,Ng=By((function(t){t.setUTCHours(0,0,0,0)}),(function(t,e){t.setUTCDate(t.getUTCDate()+e)}),(function(t,e){return(e-t)/864e5}),(function(t){return t.getUTCDate()-1})),Dg=Ng,Bg=Ng.range,Lg=By((function(t){t.setUTCMonth(0,1),t.setUTCHours(0,0,0,0)}),(function(t,e){t.setUTCFullYear(t.getUTCFullYear()+e)}),(function(t,e){return e.getUTCFullYear()-t.getUTCFullYear()}),(function(t){return t.getUTCFullYear()}));Lg.every=function(t){return isFinite(t=Math.floor(t))&&t>0?By((function(e){e.setUTCFullYear(Math.floor(e.getUTCFullYear()/t)*t),e.setUTCMonth(0,1),e.setUTCHours(0,0,0,0)}),(function(e,n){e.setUTCFullYear(e.getUTCFullYear()+n*t)})):null};var Ig=Lg,Rg=Lg.range;function Fg(t){if(0<=t.y&&t.y<100){var e=new Date(-1,t.m,t.d,t.H,t.M,t.S,t.L);return e.setFullYear(t.y),e}return new Date(t.y,t.m,t.d,t.H,t.M,t.S,t.L)}function Pg(t){if(0<=t.y&&t.y<100){var e=new Date(Date.UTC(-1,t.m,t.d,t.H,t.M,t.S,t.L));return e.setUTCFullYear(t.y),e}return new Date(Date.UTC(t.y,t.m,t.d,t.H,t.M,t.S,t.L))}function jg(t,e,n){return{y:t,m:e,d:n,H:0,M:0,S:0,L:0}}function Yg(t){var e=t.dateTime,n=t.date,r=t.time,i=t.periods,a=t.days,o=t.shortDays,s=t.months,c=t.shortMonths,u=Kg(i),l=Jg(i),h=Kg(a),f=Jg(a),d=Kg(o),p=Jg(o),y=Kg(s),g=Jg(s),v=Kg(c),m=Jg(c),b={a:function(t){return o[t.getDay()]},A:function(t){return a[t.getDay()]},b:function(t){return c[t.getMonth()]},B:function(t){return s[t.getMonth()]},c:null,d:_v,e:_v,f:Tv,H:xv,I:kv,j:wv,L:Ev,m:Cv,M:Sv,p:function(t){return i[+(t.getHours()>=12)]},q:function(t){return 1+~~(t.getMonth()/3)},Q:em,s:nm,S:Av,u:Mv,U:Ov,V:Nv,w:Dv,W:Bv,x:null,X:null,y:Lv,Y:Iv,Z:Rv,"%":tm},_={a:function(t){return o[t.getUTCDay()]},A:function(t){return a[t.getUTCDay()]},b:function(t){return c[t.getUTCMonth()]},B:function(t){return s[t.getUTCMonth()]},c:null,d:Fv,e:Fv,f:Uv,H:Pv,I:jv,j:Yv,L:zv,m:$v,M:Wv,p:function(t){return i[+(t.getUTCHours()>=12)]},q:function(t){return 1+~~(t.getUTCMonth()/3)},Q:em,s:nm,S:Vv,u:qv,U:Hv,V:Gv,w:Xv,W:Zv,x:null,X:null,y:Qv,Y:Kv,Z:Jv,"%":tm},x={a:function(t,e,n){var r=d.exec(e.slice(n));return r?(t.w=p[r[0].toLowerCase()],n+r[0].length):-1},A:function(t,e,n){var r=h.exec(e.slice(n));return r?(t.w=f[r[0].toLowerCase()],n+r[0].length):-1},b:function(t,e,n){var r=v.exec(e.slice(n));return r?(t.m=m[r[0].toLowerCase()],n+r[0].length):-1},B:function(t,e,n){var r=y.exec(e.slice(n));return r?(t.m=g[r[0].toLowerCase()],n+r[0].length):-1},c:function(t,n,r){return E(t,e,n,r)},d:lv,e:lv,f:gv,H:fv,I:fv,j:hv,L:yv,m:uv,M:dv,p:function(t,e,n){var r=u.exec(e.slice(n));return r?(t.p=l[r[0].toLowerCase()],n+r[0].length):-1},q:cv,Q:mv,s:bv,S:pv,u:ev,U:nv,V:rv,w:tv,W:iv,x:function(t,e,r){return E(t,n,e,r)},X:function(t,e,n){return E(t,r,e,n)},y:ov,Y:av,Z:sv,"%":vv};function k(t,e){return function(n){var r,i,a,o=[],s=-1,c=0,u=t.length;for(n instanceof Date||(n=new Date(+n));++s<u;)37===t.charCodeAt(s)&&(o.push(t.slice(c,s)),null!=(i=qg[r=t.charAt(++s)])?r=t.charAt(++s):i="e"===r?" ":"0",(a=e[r])&&(r=a(n,i)),o.push(r),c=s+1);return o.push(t.slice(c,s)),o.join("")}}function w(t,e){return function(n){var r,i,a=jg(1900,void 0,1);if(E(a,t,n+="",0)!=n.length)return null;if("Q"in a)return new Date(a.Q);if("s"in a)return new Date(1e3*a.s+("L"in a?a.L:0));if(!e||"Z"in a||(a.Z=0),"p"in a&&(a.H=a.H%12+12*a.p),void 0===a.m&&(a.m="q"in a?a.q:0),"V"in a){if(a.V<1||a.V>53)return null;"w"in a||(a.w=1),"Z"in a?(i=(r=Pg(jg(a.y,0,1))).getUTCDay(),r=i>4||0===i?mg.ceil(r):mg(r),r=Dg.offset(r,7*(a.V-1)),a.y=r.getUTCFullYear(),a.m=r.getUTCMonth(),a.d=r.getUTCDate()+(a.w+6)%7):(i=(r=Fg(jg(a.y,0,1))).getDay(),r=i>4||0===i?Uy.ceil(r):Uy(r),r=ng.offset(r,7*(a.V-1)),a.y=r.getFullYear(),a.m=r.getMonth(),a.d=r.getDate()+(a.w+6)%7)}else("W"in a||"U"in a)&&("w"in a||(a.w="u"in a?a.u%7:"W"in a?1:0),i="Z"in a?Pg(jg(a.y,0,1)).getUTCDay():Fg(jg(a.y,0,1)).getDay(),a.m=0,a.d="W"in a?(a.w+6)%7+7*a.W-(i+5)%7:a.w+7*a.U-(i+6)%7);return"Z"in a?(a.H+=a.Z/100|0,a.M+=a.Z%100,Pg(a)):Fg(a)}}function E(t,e,n,r){for(var i,a,o=0,s=e.length,c=n.length;o<s;){if(r>=c)return-1;if(37===(i=e.charCodeAt(o++))){if(i=e.charAt(o++),!(a=x[i in qg?e.charAt(o++):i])||(r=a(t,n,r))<0)return-1}else if(i!=n.charCodeAt(r++))return-1}return r}return(b.x=k(n,b),b.X=k(r,b),b.c=k(e,b),_.x=k(n,_),_.X=k(r,_),_.c=k(e,_),{format:function(t){var e=k(t+="",b);return e.toString=function(){return t},e},parse:function(t){var e=w(t+="",!1);return e.toString=function(){return t},e},utcFormat:function(t){var e=k(t+="",_);return e.toString=function(){return t},e},utcParse:function(t){var e=w(t+="",!0);return e.toString=function(){return t},e}})}var zg,Ug,$g,Wg,Vg,qg={"-":"",_:" ",0:"0"},Hg=/^\s*\d+/,Gg=/^%/,Xg=/[\\^$*+?|[\]().{}]/g;function Zg(t,e,n){var r=t<0?"-":"",i=(r?-t:t)+"",a=i.length;return r+(a<n?new Array(n-a+1).join(e)+i:i)}function Qg(t){return t.replace(Xg,"\\$&")}function Kg(t){return new RegExp("^(?:"+t.map(Qg).join("|")+")","i")}function Jg(t){for(var e={},n=-1,r=t.length;++n<r;)e[t[n].toLowerCase()]=n;return e}function tv(t,e,n){var r=Hg.exec(e.slice(n,n+1));return r?(t.w=+r[0],n+r[0].length):-1}function ev(t,e,n){var r=Hg.exec(e.slice(n,n+1));return r?(t.u=+r[0],n+r[0].length):-1}function nv(t,e,n){var r=Hg.exec(e.slice(n,n+2));return r?(t.U=+r[0],n+r[0].length):-1}function rv(t,e,n){var r=Hg.exec(e.slice(n,n+2));return r?(t.V=+r[0],n+r[0].length):-1}function iv(t,e,n){var r=Hg.exec(e.slice(n,n+2));return r?(t.W=+r[0],n+r[0].length):-1}function av(t,e,n){var r=Hg.exec(e.slice(n,n+4));return r?(t.y=+r[0],n+r[0].length):-1}function ov(t,e,n){var r=Hg.exec(e.slice(n,n+2));return r?(t.y=+r[0]+(+r[0]>68?1900:2e3),n+r[0].length):-1}function sv(t,e,n){var r=/^(Z)|([+-]\d\d)(?::?(\d\d))?/.exec(e.slice(n,n+6));return r?(t.Z=r[1]?0:-(r[2]+(r[3]||"00")),n+r[0].length):-1}function cv(t,e,n){var r=Hg.exec(e.slice(n,n+1));return r?(t.q=3*r[0]-3,n+r[0].length):-1}function uv(t,e,n){var r=Hg.exec(e.slice(n,n+2));return r?(t.m=r[0]-1,n+r[0].length):-1}function lv(t,e,n){var r=Hg.exec(e.slice(n,n+2));return r?(t.d=+r[0],n+r[0].length):-1}function hv(t,e,n){var r=Hg.exec(e.slice(n,n+3));return r?(t.m=0,t.d=+r[0],n+r[0].length):-1}function fv(t,e,n){var r=Hg.exec(e.slice(n,n+2));return r?(t.H=+r[0],n+r[0].length):-1}function dv(t,e,n){var r=Hg.exec(e.slice(n,n+2));return r?(t.M=+r[0],n+r[0].length):-1}function pv(t,e,n){var r=Hg.exec(e.slice(n,n+2));return r?(t.S=+r[0],n+r[0].length):-1}function yv(t,e,n){var r=Hg.exec(e.slice(n,n+3));return r?(t.L=+r[0],n+r[0].length):-1}function gv(t,e,n){var r=Hg.exec(e.slice(n,n+6));return r?(t.L=Math.floor(r[0]/1e3),n+r[0].length):-1}function vv(t,e,n){var r=Gg.exec(e.slice(n,n+1));return r?n+r[0].length:-1}function mv(t,e,n){var r=Hg.exec(e.slice(n));return r?(t.Q=+r[0],n+r[0].length):-1}function bv(t,e,n){var r=Hg.exec(e.slice(n));return r?(t.s=+r[0],n+r[0].length):-1}function _v(t,e){return Zg(t.getDate(),e,2)}function xv(t,e){return Zg(t.getHours(),e,2)}function kv(t,e){return Zg(t.getHours()%12||12,e,2)}function wv(t,e){return Zg(1+ng.count(Iy(t),t),e,3)}function Ev(t,e){return Zg(t.getMilliseconds(),e,3)}function Tv(t,e){return Ev(t,e)+"000"}function Cv(t,e){return Zg(t.getMonth()+1,e,2)}function Sv(t,e){return Zg(t.getMinutes(),e,2)}function Av(t,e){return Zg(t.getSeconds(),e,2)}function Mv(t){var e=t.getDay();return 0===e?7:e}function Ov(t,e){return Zg(zy.count(Iy(t)-1,t),e,2)}function Nv(t,e){var n=t.getDay();return t=n>=4||0===n?Vy(t):Vy.ceil(t),Zg(Vy.count(Iy(t),t)+(4===Iy(t).getDay()),e,2)}function Dv(t){return t.getDay()}function Bv(t,e){return Zg(Uy.count(Iy(t)-1,t),e,2)}function Lv(t,e){return Zg(t.getFullYear()%100,e,2)}function Iv(t,e){return Zg(t.getFullYear()%1e4,e,4)}function Rv(t){var e=t.getTimezoneOffset();return(e>0?"-":(e*=-1,"+"))+Zg(e/60|0,"0",2)+Zg(e%60,"0",2)}function Fv(t,e){return Zg(t.getUTCDate(),e,2)}function Pv(t,e){return Zg(t.getUTCHours(),e,2)}function jv(t,e){return Zg(t.getUTCHours()%12||12,e,2)}function Yv(t,e){return Zg(1+Dg.count(Ig(t),t),e,3)}function zv(t,e){return Zg(t.getUTCMilliseconds(),e,3)}function Uv(t,e){return zv(t,e)+"000"}function $v(t,e){return Zg(t.getUTCMonth()+1,e,2)}function Wv(t,e){return Zg(t.getUTCMinutes(),e,2)}function Vv(t,e){return Zg(t.getUTCSeconds(),e,2)}function qv(t){var e=t.getUTCDay();return 0===e?7:e}function Hv(t,e){return Zg(vg.count(Ig(t)-1,t),e,2)}function Gv(t,e){var n=t.getUTCDay();return t=n>=4||0===n?xg(t):xg.ceil(t),Zg(xg.count(Ig(t),t)+(4===Ig(t).getUTCDay()),e,2)}function Xv(t){return t.getUTCDay()}function Zv(t,e){return Zg(mg.count(Ig(t)-1,t),e,2)}function Qv(t,e){return Zg(t.getUTCFullYear()%100,e,2)}function Kv(t,e){return Zg(t.getUTCFullYear()%1e4,e,4)}function Jv(){return"+0000"}function tm(){return"%"}function em(t){return+t}function nm(t){return Math.floor(+t/1e3)}function rm(t){return zg=Yg(t),Ug=zg.format,$g=zg.parse,Wg=zg.utcFormat,Vg=zg.utcParse,zg}rm({dateTime:"%x, %X",date:"%-m/%-d/%Y",time:"%-I:%M:%S %p",periods:["AM","PM"],days:["Sunday","Monday","Tuesday","Wednesday","Thursday","Friday","Saturday"],shortDays:["Sun","Mon","Tue","Wed","Thu","Fri","Sat"],months:["January","February","March","April","May","June","July","August","September","October","November","December"],shortMonths:["Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec"]});function im(t){return new Date(t)}function am(t){return t instanceof Date?+t:+new Date(+t)}function om(t,e,n,r,a,o,s,c,u){var l=iy(Qp,Qp),h=l.invert,f=l.domain,d=u(".%L"),p=u(":%S"),y=u("%I:%M"),g=u("%I %p"),v=u("%a %d"),m=u("%b %d"),b=u("%B"),_=u("%Y"),x=[[s,1,1e3],[s,5,5e3],[s,15,15e3],[s,30,3e4],[o,1,6e4],[o,5,3e5],[o,15,9e5],[o,30,18e5],[a,1,36e5],[a,3,108e5],[a,6,216e5],[a,12,432e5],[r,1,864e5],[r,2,1728e5],[n,1,6048e5],[e,1,2592e6],[e,3,7776e6],[t,1,31536e6]];function k(i){return(s(i)<i?d:o(i)<i?p:a(i)<i?y:r(i)<i?g:e(i)<i?n(i)<i?v:m:t(i)<i?b:_)(i)}function w(e,n,r,a){if(null==e&&(e=10),"number"==typeof e){var o=Math.abs(r-n)/e,s=i((function(t){return t[2]})).right(x,o);s===x.length?(a=A(n/31536e6,r/31536e6,e),e=t):s?(a=(s=x[o/x[s-1][2]<x[s][2]/o?s-1:s])[1],e=s[0]):(a=Math.max(A(n,r,e),1),e=c)}return null==a?e:e.every(a)}return l.invert=function(t){return new Date(h(t))},l.domain=function(t){return arguments.length?f(Up.call(t,am)):f().map(im)},l.ticks=function(t,e){var n,r=f(),i=r[0],a=r[r.length-1],o=a<i;return o&&(n=i,i=a,a=n),n=(n=w(t,i,a,e))?n.range(i,a+1):[],o?n.reverse():n},l.tickFormat=function(t,e){return null==e?k:u(e)},l.nice=function(t,e){var n=f();return(t=w(t,n[0],n[n.length-1],e))?f(uy(n,t)):l},l.copy=function(){return ny(l,om(t,e,n,r,a,o,s,c,u))},l}var sm=function(){return jp.apply(om(Iy,Py,zy,ng,ag,cg,hg,pg,Ug).domain([new Date(2e3,0,1),new Date(2e3,0,2)]),arguments)},cm=By((function(t){t.setUTCDate(1),t.setUTCHours(0,0,0,0)}),(function(t,e){t.setUTCMonth(t.getUTCMonth()+e)}),(function(t,e){return e.getUTCMonth()-t.getUTCMonth()+12*(e.getUTCFullYear()-t.getUTCFullYear())}),(function(t){return t.getUTCMonth()})),um=cm,lm=cm.range,hm=By((function(t){t.setUTCMinutes(0,0,0)}),(function(t,e){t.setTime(+t+36e5*e)}),(function(t,e){return(e-t)/36e5}),(function(t){return t.getUTCHours()})),fm=hm,dm=hm.range,pm=By((function(t){t.setUTCSeconds(0,0)}),(function(t,e){t.setTime(+t+6e4*e)}),(function(t,e){return(e-t)/6e4}),(function(t){return t.getUTCMinutes()})),ym=pm,gm=pm.range,vm=function(){return jp.apply(om(Ig,um,vg,Dg,fm,ym,hg,pg,Wg).domain([Date.UTC(2e3,0,1),Date.UTC(2e3,0,2)]),arguments)};function mm(){var t,e,n,r,i,a=0,o=1,s=Qp,c=!1;function u(e){return isNaN(e=+e)?i:s(0===n?.5:(e=(r(e)-t)*n,c?Math.max(0,Math.min(1,e)):e))}return u.domain=function(i){return arguments.length?(t=r(a=+i[0]),e=r(o=+i[1]),n=t===e?0:1/(e-t),u):[a,o]},u.clamp=function(t){return arguments.length?(c=!!t,u):c},u.interpolator=function(t){return arguments.length?(s=t,u):s},u.unknown=function(t){return arguments.length?(i=t,u):i},function(i){return r=i,t=i(a),e=i(o),n=t===e?0:1/(e-t),u}}function bm(t,e){return e.domain(t.domain()).interpolator(t.interpolator()).clamp(t.clamp()).unknown(t.unknown())}function _m(){var t=oy(mm()(Qp));return t.copy=function(){return bm(t,_m())},Yp.apply(t,arguments)}function xm(){var t=gy(mm()).domain([1,10]);return t.copy=function(){return bm(t,xm()).base(t.base())},Yp.apply(t,arguments)}function km(){var t=_y(mm());return t.copy=function(){return bm(t,km()).constant(t.constant())},Yp.apply(t,arguments)}function wm(){var t=Ty(mm());return t.copy=function(){return bm(t,wm()).exponent(t.exponent())},Yp.apply(t,arguments)}function Em(){return wm.apply(null,arguments).exponent(.5)}function Tm(){var t=[],e=Qp;function n(n){if(!isNaN(n=+n))return e((c(t,n)-1)/(t.length-1))}return n.domain=function(e){if(!arguments.length)return t.slice();t=[];for(var i,a=0,o=e.length;a<o;++a)null==(i=e[a])||isNaN(i=+i)||t.push(i);return t.sort(r),n},n.interpolator=function(t){return arguments.length?(e=t,n):e},n.copy=function(){return Tm(e).domain(t)},Yp.apply(n,arguments)}function Cm(){var t,e,n,r,i,a,o,s=0,c=.5,u=1,l=Qp,h=!1;function f(t){return isNaN(t=+t)?o:(t=.5+((t=+a(t))-e)*(t<e?r:i),l(h?Math.max(0,Math.min(1,t)):t))}return f.domain=function(o){return arguments.length?(t=a(s=+o[0]),e=a(c=+o[1]),n=a(u=+o[2]),r=t===e?0:.5/(e-t),i=e===n?0:.5/(n-e),f):[s,c,u]},f.clamp=function(t){return arguments.length?(h=!!t,f):h},f.interpolator=function(t){return arguments.length?(l=t,f):l},f.unknown=function(t){return arguments.length?(o=t,f):o},function(o){return a=o,t=o(s),e=o(c),n=o(u),r=t===e?0:.5/(e-t),i=e===n?0:.5/(n-e),f}}function Sm(){var t=oy(Cm()(Qp));return t.copy=function(){return bm(t,Sm())},Yp.apply(t,arguments)}function Am(){var t=gy(Cm()).domain([.1,1,10]);return t.copy=function(){return bm(t,Am()).base(t.base())},Yp.apply(t,arguments)}function Mm(){var t=_y(Cm());return t.copy=function(){return bm(t,Mm()).constant(t.constant())},Yp.apply(t,arguments)}function Om(){var t=Ty(Cm());return t.copy=function(){return bm(t,Om()).exponent(t.exponent())},Yp.apply(t,arguments)}function Nm(){return Om.apply(null,arguments).exponent(.5)}var Dm=function(t){for(var e=t.length/6|0,n=new Array(e),r=0;r<e;)n[r]="#"+t.slice(6*r,6*++r);return n},Bm=Dm("1f77b4ff7f0e2ca02cd627289467bd8c564be377c27f7f7fbcbd2217becf"),Lm=Dm("7fc97fbeaed4fdc086ffff99386cb0f0027fbf5b17666666"),Im=Dm("1b9e77d95f027570b3e7298a66a61ee6ab02a6761d666666"),Rm=Dm("a6cee31f78b4b2df8a33a02cfb9a99e31a1cfdbf6fff7f00cab2d66a3d9affff99b15928"),Fm=Dm("fbb4aeb3cde3ccebc5decbe4fed9a6ffffcce5d8bdfddaecf2f2f2"),Pm=Dm("b3e2cdfdcdaccbd5e8f4cae4e6f5c9fff2aef1e2cccccccc"),jm=Dm("e41a1c377eb84daf4a984ea3ff7f00ffff33a65628f781bf999999"),Ym=Dm("66c2a5fc8d628da0cbe78ac3a6d854ffd92fe5c494b3b3b3"),zm=Dm("8dd3c7ffffb3bebadafb807280b1d3fdb462b3de69fccde5d9d9d9bc80bdccebc5ffed6f"),Um=Dm("4e79a7f28e2ce1575976b7b259a14fedc949af7aa1ff9da79c755fbab0ab"),$m=function(t){return pn(t[t.length-1])},Wm=new Array(3).concat("d8b365f5f5f55ab4ac","a6611adfc27d80cdc1018571","a6611adfc27df5f5f580cdc1018571","8c510ad8b365f6e8c3c7eae55ab4ac01665e","8c510ad8b365f6e8c3f5f5f5c7eae55ab4ac01665e","8c510abf812ddfc27df6e8c3c7eae580cdc135978f01665e","8c510abf812ddfc27df6e8c3f5f5f5c7eae580cdc135978f01665e","5430058c510abf812ddfc27df6e8c3c7eae580cdc135978f01665e003c30","5430058c510abf812ddfc27df6e8c3f5f5f5c7eae580cdc135978f01665e003c30").map(Dm),Vm=$m(Wm),qm=new Array(3).concat("af8dc3f7f7f77fbf7b","7b3294c2a5cfa6dba0008837","7b3294c2a5cff7f7f7a6dba0008837","762a83af8dc3e7d4e8d9f0d37fbf7b1b7837","762a83af8dc3e7d4e8f7f7f7d9f0d37fbf7b1b7837","762a839970abc2a5cfe7d4e8d9f0d3a6dba05aae611b7837","762a839970abc2a5cfe7d4e8f7f7f7d9f0d3a6dba05aae611b7837","40004b762a839970abc2a5cfe7d4e8d9f0d3a6dba05aae611b783700441b","40004b762a839970abc2a5cfe7d4e8f7f7f7d9f0d3a6dba05aae611b783700441b").map(Dm),Hm=$m(qm),Gm=new Array(3).concat("e9a3c9f7f7f7a1d76a","d01c8bf1b6dab8e1864dac26","d01c8bf1b6daf7f7f7b8e1864dac26","c51b7de9a3c9fde0efe6f5d0a1d76a4d9221","c51b7de9a3c9fde0eff7f7f7e6f5d0a1d76a4d9221","c51b7dde77aef1b6dafde0efe6f5d0b8e1867fbc414d9221","c51b7dde77aef1b6dafde0eff7f7f7e6f5d0b8e1867fbc414d9221","8e0152c51b7dde77aef1b6dafde0efe6f5d0b8e1867fbc414d9221276419","8e0152c51b7dde77aef1b6dafde0eff7f7f7e6f5d0b8e1867fbc414d9221276419").map(Dm),Xm=$m(Gm),Zm=new Array(3).concat("998ec3f7f7f7f1a340","5e3c99b2abd2fdb863e66101","5e3c99b2abd2f7f7f7fdb863e66101","542788998ec3d8daebfee0b6f1a340b35806","542788998ec3d8daebf7f7f7fee0b6f1a340b35806","5427888073acb2abd2d8daebfee0b6fdb863e08214b35806","5427888073acb2abd2d8daebf7f7f7fee0b6fdb863e08214b35806","2d004b5427888073acb2abd2d8daebfee0b6fdb863e08214b358067f3b08","2d004b5427888073acb2abd2d8daebf7f7f7fee0b6fdb863e08214b358067f3b08").map(Dm),Qm=$m(Zm),Km=new Array(3).concat("ef8a62f7f7f767a9cf","ca0020f4a58292c5de0571b0","ca0020f4a582f7f7f792c5de0571b0","b2182bef8a62fddbc7d1e5f067a9cf2166ac","b2182bef8a62fddbc7f7f7f7d1e5f067a9cf2166ac","b2182bd6604df4a582fddbc7d1e5f092c5de4393c32166ac","b2182bd6604df4a582fddbc7f7f7f7d1e5f092c5de4393c32166ac","67001fb2182bd6604df4a582fddbc7d1e5f092c5de4393c32166ac053061","67001fb2182bd6604df4a582fddbc7f7f7f7d1e5f092c5de4393c32166ac053061").map(Dm),Jm=$m(Km),tb=new Array(3).concat("ef8a62ffffff999999","ca0020f4a582bababa404040","ca0020f4a582ffffffbababa404040","b2182bef8a62fddbc7e0e0e09999994d4d4d","b2182bef8a62fddbc7ffffffe0e0e09999994d4d4d","b2182bd6604df4a582fddbc7e0e0e0bababa8787874d4d4d","b2182bd6604df4a582fddbc7ffffffe0e0e0bababa8787874d4d4d","67001fb2182bd6604df4a582fddbc7e0e0e0bababa8787874d4d4d1a1a1a","67001fb2182bd6604df4a582fddbc7ffffffe0e0e0bababa8787874d4d4d1a1a1a").map(Dm),eb=$m(tb),nb=new Array(3).concat("fc8d59ffffbf91bfdb","d7191cfdae61abd9e92c7bb6","d7191cfdae61ffffbfabd9e92c7bb6","d73027fc8d59fee090e0f3f891bfdb4575b4","d73027fc8d59fee090ffffbfe0f3f891bfdb4575b4","d73027f46d43fdae61fee090e0f3f8abd9e974add14575b4","d73027f46d43fdae61fee090ffffbfe0f3f8abd9e974add14575b4","a50026d73027f46d43fdae61fee090e0f3f8abd9e974add14575b4313695","a50026d73027f46d43fdae61fee090ffffbfe0f3f8abd9e974add14575b4313695").map(Dm),rb=$m(nb),ib=new Array(3).concat("fc8d59ffffbf91cf60","d7191cfdae61a6d96a1a9641","d7191cfdae61ffffbfa6d96a1a9641","d73027fc8d59fee08bd9ef8b91cf601a9850","d73027fc8d59fee08bffffbfd9ef8b91cf601a9850","d73027f46d43fdae61fee08bd9ef8ba6d96a66bd631a9850","d73027f46d43fdae61fee08bffffbfd9ef8ba6d96a66bd631a9850","a50026d73027f46d43fdae61fee08bd9ef8ba6d96a66bd631a9850006837","a50026d73027f46d43fdae61fee08bffffbfd9ef8ba6d96a66bd631a9850006837").map(Dm),ab=$m(ib),ob=new Array(3).concat("fc8d59ffffbf99d594","d7191cfdae61abdda42b83ba","d7191cfdae61ffffbfabdda42b83ba","d53e4ffc8d59fee08be6f59899d5943288bd","d53e4ffc8d59fee08bffffbfe6f59899d5943288bd","d53e4ff46d43fdae61fee08be6f598abdda466c2a53288bd","d53e4ff46d43fdae61fee08bffffbfe6f598abdda466c2a53288bd","9e0142d53e4ff46d43fdae61fee08be6f598abdda466c2a53288bd5e4fa2","9e0142d53e4ff46d43fdae61fee08bffffbfe6f598abdda466c2a53288bd5e4fa2").map(Dm),sb=$m(ob),cb=new Array(3).concat("e5f5f999d8c92ca25f","edf8fbb2e2e266c2a4238b45","edf8fbb2e2e266c2a42ca25f006d2c","edf8fbccece699d8c966c2a42ca25f006d2c","edf8fbccece699d8c966c2a441ae76238b45005824","f7fcfde5f5f9ccece699d8c966c2a441ae76238b45005824","f7fcfde5f5f9ccece699d8c966c2a441ae76238b45006d2c00441b").map(Dm),ub=$m(cb),lb=new Array(3).concat("e0ecf49ebcda8856a7","edf8fbb3cde38c96c688419d","edf8fbb3cde38c96c68856a7810f7c","edf8fbbfd3e69ebcda8c96c68856a7810f7c","edf8fbbfd3e69ebcda8c96c68c6bb188419d6e016b","f7fcfde0ecf4bfd3e69ebcda8c96c68c6bb188419d6e016b","f7fcfde0ecf4bfd3e69ebcda8c96c68c6bb188419d810f7c4d004b").map(Dm),hb=$m(lb),fb=new Array(3).concat("e0f3dba8ddb543a2ca","f0f9e8bae4bc7bccc42b8cbe","f0f9e8bae4bc7bccc443a2ca0868ac","f0f9e8ccebc5a8ddb57bccc443a2ca0868ac","f0f9e8ccebc5a8ddb57bccc44eb3d32b8cbe08589e","f7fcf0e0f3dbccebc5a8ddb57bccc44eb3d32b8cbe08589e","f7fcf0e0f3dbccebc5a8ddb57bccc44eb3d32b8cbe0868ac084081").map(Dm),db=$m(fb),pb=new Array(3).concat("fee8c8fdbb84e34a33","fef0d9fdcc8afc8d59d7301f","fef0d9fdcc8afc8d59e34a33b30000","fef0d9fdd49efdbb84fc8d59e34a33b30000","fef0d9fdd49efdbb84fc8d59ef6548d7301f990000","fff7ecfee8c8fdd49efdbb84fc8d59ef6548d7301f990000","fff7ecfee8c8fdd49efdbb84fc8d59ef6548d7301fb300007f0000").map(Dm),yb=$m(pb),gb=new Array(3).concat("ece2f0a6bddb1c9099","f6eff7bdc9e167a9cf02818a","f6eff7bdc9e167a9cf1c9099016c59","f6eff7d0d1e6a6bddb67a9cf1c9099016c59","f6eff7d0d1e6a6bddb67a9cf3690c002818a016450","fff7fbece2f0d0d1e6a6bddb67a9cf3690c002818a016450","fff7fbece2f0d0d1e6a6bddb67a9cf3690c002818a016c59014636").map(Dm),vb=$m(gb),mb=new Array(3).concat("ece7f2a6bddb2b8cbe","f1eef6bdc9e174a9cf0570b0","f1eef6bdc9e174a9cf2b8cbe045a8d","f1eef6d0d1e6a6bddb74a9cf2b8cbe045a8d","f1eef6d0d1e6a6bddb74a9cf3690c00570b0034e7b","fff7fbece7f2d0d1e6a6bddb74a9cf3690c00570b0034e7b","fff7fbece7f2d0d1e6a6bddb74a9cf3690c00570b0045a8d023858").map(Dm),bb=$m(mb),_b=new Array(3).concat("e7e1efc994c7dd1c77","f1eef6d7b5d8df65b0ce1256","f1eef6d7b5d8df65b0dd1c77980043","f1eef6d4b9dac994c7df65b0dd1c77980043","f1eef6d4b9dac994c7df65b0e7298ace125691003f","f7f4f9e7e1efd4b9dac994c7df65b0e7298ace125691003f","f7f4f9e7e1efd4b9dac994c7df65b0e7298ace125698004367001f").map(Dm),xb=$m(_b),kb=new Array(3).concat("fde0ddfa9fb5c51b8a","feebe2fbb4b9f768a1ae017e","feebe2fbb4b9f768a1c51b8a7a0177","feebe2fcc5c0fa9fb5f768a1c51b8a7a0177","feebe2fcc5c0fa9fb5f768a1dd3497ae017e7a0177","fff7f3fde0ddfcc5c0fa9fb5f768a1dd3497ae017e7a0177","fff7f3fde0ddfcc5c0fa9fb5f768a1dd3497ae017e7a017749006a").map(Dm),wb=$m(kb),Eb=new Array(3).concat("edf8b17fcdbb2c7fb8","ffffcca1dab441b6c4225ea8","ffffcca1dab441b6c42c7fb8253494","ffffccc7e9b47fcdbb41b6c42c7fb8253494","ffffccc7e9b47fcdbb41b6c41d91c0225ea80c2c84","ffffd9edf8b1c7e9b47fcdbb41b6c41d91c0225ea80c2c84","ffffd9edf8b1c7e9b47fcdbb41b6c41d91c0225ea8253494081d58").map(Dm),Tb=$m(Eb),Cb=new Array(3).concat("f7fcb9addd8e31a354","ffffccc2e69978c679238443","ffffccc2e69978c67931a354006837","ffffccd9f0a3addd8e78c67931a354006837","ffffccd9f0a3addd8e78c67941ab5d238443005a32","ffffe5f7fcb9d9f0a3addd8e78c67941ab5d238443005a32","ffffe5f7fcb9d9f0a3addd8e78c67941ab5d238443006837004529").map(Dm),Sb=$m(Cb),Ab=new Array(3).concat("fff7bcfec44fd95f0e","ffffd4fed98efe9929cc4c02","ffffd4fed98efe9929d95f0e993404","ffffd4fee391fec44ffe9929d95f0e993404","ffffd4fee391fec44ffe9929ec7014cc4c028c2d04","ffffe5fff7bcfee391fec44ffe9929ec7014cc4c028c2d04","ffffe5fff7bcfee391fec44ffe9929ec7014cc4c02993404662506").map(Dm),Mb=$m(Ab),Ob=new Array(3).concat("ffeda0feb24cf03b20","ffffb2fecc5cfd8d3ce31a1c","ffffb2fecc5cfd8d3cf03b20bd0026","ffffb2fed976feb24cfd8d3cf03b20bd0026","ffffb2fed976feb24cfd8d3cfc4e2ae31a1cb10026","ffffccffeda0fed976feb24cfd8d3cfc4e2ae31a1cb10026","ffffccffeda0fed976feb24cfd8d3cfc4e2ae31a1cbd0026800026").map(Dm),Nb=$m(Ob),Db=new Array(3).concat("deebf79ecae13182bd","eff3ffbdd7e76baed62171b5","eff3ffbdd7e76baed63182bd08519c","eff3ffc6dbef9ecae16baed63182bd08519c","eff3ffc6dbef9ecae16baed64292c62171b5084594","f7fbffdeebf7c6dbef9ecae16baed64292c62171b5084594","f7fbffdeebf7c6dbef9ecae16baed64292c62171b508519c08306b").map(Dm),Bb=$m(Db),Lb=new Array(3).concat("e5f5e0a1d99b31a354","edf8e9bae4b374c476238b45","edf8e9bae4b374c47631a354006d2c","edf8e9c7e9c0a1d99b74c47631a354006d2c","edf8e9c7e9c0a1d99b74c47641ab5d238b45005a32","f7fcf5e5f5e0c7e9c0a1d99b74c47641ab5d238b45005a32","f7fcf5e5f5e0c7e9c0a1d99b74c47641ab5d238b45006d2c00441b").map(Dm),Ib=$m(Lb),Rb=new Array(3).concat("f0f0f0bdbdbd636363","f7f7f7cccccc969696525252","f7f7f7cccccc969696636363252525","f7f7f7d9d9d9bdbdbd969696636363252525","f7f7f7d9d9d9bdbdbd969696737373525252252525","fffffff0f0f0d9d9d9bdbdbd969696737373525252252525","fffffff0f0f0d9d9d9bdbdbd969696737373525252252525000000").map(Dm),Fb=$m(Rb),Pb=new Array(3).concat("efedf5bcbddc756bb1","f2f0f7cbc9e29e9ac86a51a3","f2f0f7cbc9e29e9ac8756bb154278f","f2f0f7dadaebbcbddc9e9ac8756bb154278f","f2f0f7dadaebbcbddc9e9ac8807dba6a51a34a1486","fcfbfdefedf5dadaebbcbddc9e9ac8807dba6a51a34a1486","fcfbfdefedf5dadaebbcbddc9e9ac8807dba6a51a354278f3f007d").map(Dm),jb=$m(Pb),Yb=new Array(3).concat("fee0d2fc9272de2d26","fee5d9fcae91fb6a4acb181d","fee5d9fcae91fb6a4ade2d26a50f15","fee5d9fcbba1fc9272fb6a4ade2d26a50f15","fee5d9fcbba1fc9272fb6a4aef3b2ccb181d99000d","fff5f0fee0d2fcbba1fc9272fb6a4aef3b2ccb181d99000d","fff5f0fee0d2fcbba1fc9272fb6a4aef3b2ccb181da50f1567000d").map(Dm),zb=$m(Yb),Ub=new Array(3).concat("fee6cefdae6be6550d","feeddefdbe85fd8d3cd94701","feeddefdbe85fd8d3ce6550da63603","feeddefdd0a2fdae6bfd8d3ce6550da63603","feeddefdd0a2fdae6bfd8d3cf16913d948018c2d04","fff5ebfee6cefdd0a2fdae6bfd8d3cf16913d948018c2d04","fff5ebfee6cefdd0a2fdae6bfd8d3cf16913d94801a636037f2704").map(Dm),$b=$m(Ub),Wb=function(t){return t=Math.max(0,Math.min(1,t)),"rgb("+Math.max(0,Math.min(255,Math.round(-4.54-t*(35.34-t*(2381.73-t*(6402.7-t*(7024.72-2710.57*t)))))))+", "+Math.max(0,Math.min(255,Math.round(32.49+t*(170.73+t*(52.82-t*(131.46-t*(176.58-67.37*t)))))))+", "+Math.max(0,Math.min(255,Math.round(81.24+t*(442.36-t*(2482.43-t*(6167.24-t*(6614.94-2475.67*t)))))))+")"},Vb=kp(Oa(300,.5,0),Oa(-240,.5,1)),qb=kp(Oa(-100,.75,.35),Oa(80,1.5,.8)),Hb=kp(Oa(260,.75,.35),Oa(80,1.5,.8)),Gb=Oa(),Xb=function(t){(t<0||t>1)&&(t-=Math.floor(t));var e=Math.abs(t-.5);return Gb.h=360*t-100,Gb.s=1.5-1.5*e,Gb.l=.8-.9*e,Gb+""},Zb=He(),Qb=Math.PI/3,Kb=2*Math.PI/3,Jb=function(t){var e;return t=(.5-t)*Math.PI,Zb.r=255*(e=Math.sin(t))*e,Zb.g=255*(e=Math.sin(t+Qb))*e,Zb.b=255*(e=Math.sin(t+Kb))*e,Zb+""},t_=function(t){return t=Math.max(0,Math.min(1,t)),"rgb("+Math.max(0,Math.min(255,Math.round(34.61+t*(1172.33-t*(10793.56-t*(33300.12-t*(38394.49-14825.05*t)))))))+", "+Math.max(0,Math.min(255,Math.round(23.31+t*(557.33+t*(1225.33-t*(3574.96-t*(1073.77+707.56*t)))))))+", "+Math.max(0,Math.min(255,Math.round(27.2+t*(3211.1-t*(15327.97-t*(27814-t*(22569.18-6838.66*t)))))))+")"};function e_(t){var e=t.length;return function(n){return t[Math.max(0,Math.min(e-1,Math.floor(n*e)))]}}var n_=e_(Dm("44015444025645045745055946075a46085c460a5d460b5e470d60470e6147106347116447136548146748166848176948186a481a6c481b6d481c6e481d6f481f70482071482173482374482475482576482677482878482979472a7a472c7a472d7b472e7c472f7d46307e46327e46337f463480453581453781453882443983443a83443b84433d84433e85423f854240864241864142874144874045884046883f47883f48893e49893e4a893e4c8a3d4d8a3d4e8a3c4f8a3c508b3b518b3b528b3a538b3a548c39558c39568c38588c38598c375a8c375b8d365c8d365d8d355e8d355f8d34608d34618d33628d33638d32648e32658e31668e31678e31688e30698e306a8e2f6b8e2f6c8e2e6d8e2e6e8e2e6f8e2d708e2d718e2c718e2c728e2c738e2b748e2b758e2a768e2a778e2a788e29798e297a8e297b8e287c8e287d8e277e8e277f8e27808e26818e26828e26828e25838e25848e25858e24868e24878e23888e23898e238a8d228b8d228c8d228d8d218e8d218f8d21908d21918c20928c20928c20938c1f948c1f958b1f968b1f978b1f988b1f998a1f9a8a1e9b8a1e9c891e9d891f9e891f9f881fa0881fa1881fa1871fa28720a38620a48621a58521a68522a78522a88423a98324aa8325ab8225ac8226ad8127ad8128ae8029af7f2ab07f2cb17e2db27d2eb37c2fb47c31b57b32b67a34b67935b77937b87838b9773aba763bbb753dbc743fbc7340bd7242be7144bf7046c06f48c16e4ac16d4cc26c4ec36b50c46a52c56954c56856c66758c7655ac8645cc8635ec96260ca6063cb5f65cb5e67cc5c69cd5b6ccd5a6ece5870cf5773d05675d05477d1537ad1517cd2507fd34e81d34d84d44b86d54989d5488bd6468ed64590d74393d74195d84098d83e9bd93c9dd93ba0da39a2da37a5db36a8db34aadc32addc30b0dd2fb2dd2db5de2bb8de29bade28bddf26c0df25c2df23c5e021c8e020cae11fcde11dd0e11cd2e21bd5e21ad8e219dae319dde318dfe318e2e418e5e419e7e419eae51aece51befe51cf1e51df4e61ef6e620f8e621fbe723fde725")),r_=e_(Dm("00000401000501010601010802010902020b02020d03030f03031204041405041606051806051a07061c08071e0907200a08220b09240c09260d0a290e0b2b100b2d110c2f120d31130d34140e36150e38160f3b180f3d19103f1a10421c10441d11471e114920114b21114e22115024125325125527125829115a2a115c2c115f2d11612f116331116533106734106936106b38106c390f6e3b0f703d0f713f0f72400f74420f75440f764510774710784910784a10794c117a4e117b4f127b51127c52137c54137d56147d57157e59157e5a167e5c167f5d177f5f187f601880621980641a80651a80671b80681c816a1c816b1d816d1d816e1e81701f81721f817320817521817621817822817922827b23827c23827e24828025828125818326818426818627818827818928818b29818c29818e2a81902a81912b81932b80942c80962c80982d80992d809b2e7f9c2e7f9e2f7fa02f7fa1307ea3307ea5317ea6317da8327daa337dab337cad347cae347bb0357bb2357bb3367ab5367ab73779b83779ba3878bc3978bd3977bf3a77c03a76c23b75c43c75c53c74c73d73c83e73ca3e72cc3f71cd4071cf4070d0416fd2426fd3436ed5446dd6456cd8456cd9466bdb476adc4869de4968df4a68e04c67e24d66e34e65e44f64e55064e75263e85362e95462ea5661eb5760ec5860ed5a5fee5b5eef5d5ef05f5ef1605df2625df2645cf3655cf4675cf4695cf56b5cf66c5cf66e5cf7705cf7725cf8745cf8765cf9785df9795df97b5dfa7d5efa7f5efa815ffb835ffb8560fb8761fc8961fc8a62fc8c63fc8e64fc9065fd9266fd9467fd9668fd9869fd9a6afd9b6bfe9d6cfe9f6dfea16efea36ffea571fea772fea973feaa74feac76feae77feb078feb27afeb47bfeb67cfeb77efeb97ffebb81febd82febf84fec185fec287fec488fec68afec88cfeca8dfecc8ffecd90fecf92fed194fed395fed597fed799fed89afdda9cfddc9efddea0fde0a1fde2a3fde3a5fde5a7fde7a9fde9aafdebacfcecaefceeb0fcf0b2fcf2b4fcf4b6fcf6b8fcf7b9fcf9bbfcfbbdfcfdbf")),i_=e_(Dm("00000401000501010601010802010a02020c02020e03021004031204031405041706041907051b08051d09061f0a07220b07240c08260d08290e092b10092d110a30120a32140b34150b37160b39180c3c190c3e1b0c411c0c431e0c451f0c48210c4a230c4c240c4f260c51280b53290b552b0b572d0b592f0a5b310a5c320a5e340a5f3609613809623909633b09643d09653e0966400a67420a68440a68450a69470b6a490b6a4a0c6b4c0c6b4d0d6c4f0d6c510e6c520e6d540f6d550f6d57106e59106e5a116e5c126e5d126e5f136e61136e62146e64156e65156e67166e69166e6a176e6c186e6d186e6f196e71196e721a6e741a6e751b6e771c6d781c6d7a1d6d7c1d6d7d1e6d7f1e6c801f6c82206c84206b85216b87216b88226a8a226a8c23698d23698f24699025689225689326679526679727669827669a28659b29649d29649f2a63a02a63a22b62a32c61a52c60a62d60a82e5fa92e5eab2f5ead305dae305cb0315bb1325ab3325ab43359b63458b73557b93556ba3655bc3754bd3853bf3952c03a51c13a50c33b4fc43c4ec63d4dc73e4cc83f4bca404acb4149cc4248ce4347cf4446d04545d24644d34743d44842d54a41d74b3fd84c3ed94d3dda4e3cdb503bdd513ade5238df5337e05536e15635e25734e35933e45a31e55c30e65d2fe75e2ee8602de9612bea632aeb6429eb6628ec6726ed6925ee6a24ef6c23ef6e21f06f20f1711ff1731df2741cf3761bf37819f47918f57b17f57d15f67e14f68013f78212f78410f8850ff8870ef8890cf98b0bf98c0af98e09fa9008fa9207fa9407fb9606fb9706fb9906fb9b06fb9d07fc9f07fca108fca309fca50afca60cfca80dfcaa0ffcac11fcae12fcb014fcb216fcb418fbb61afbb81dfbba1ffbbc21fbbe23fac026fac228fac42afac62df9c72ff9c932f9cb35f8cd37f8cf3af7d13df7d340f6d543f6d746f5d949f5db4cf4dd4ff4df53f4e156f3e35af3e55df2e661f2e865f2ea69f1ec6df1ed71f1ef75f1f179f2f27df2f482f3f586f3f68af4f88ef5f992f6fa96f8fb9af9fc9dfafda1fcffa4")),a_=e_(Dm("0d088710078813078916078a19068c1b068d1d068e20068f2206902406912605912805922a05932c05942e05952f059631059733059735049837049938049a3a049a3c049b3e049c3f049c41049d43039e44039e46039f48039f4903a04b03a14c02a14e02a25002a25102a35302a35502a45601a45801a45901a55b01a55c01a65e01a66001a66100a76300a76400a76600a76700a86900a86a00a86c00a86e00a86f00a87100a87201a87401a87501a87701a87801a87a02a87b02a87d03a87e03a88004a88104a78305a78405a78606a68707a68808a68a09a58b0aa58d0ba58e0ca48f0da4910ea3920fa39410a29511a19613a19814a099159f9a169f9c179e9d189d9e199da01a9ca11b9ba21d9aa31e9aa51f99a62098a72197a82296aa2395ab2494ac2694ad2793ae2892b02991b12a90b22b8fb32c8eb42e8db52f8cb6308bb7318ab83289ba3388bb3488bc3587bd3786be3885bf3984c03a83c13b82c23c81c33d80c43e7fc5407ec6417dc7427cc8437bc9447aca457acb4679cc4778cc4977cd4a76ce4b75cf4c74d04d73d14e72d24f71d35171d45270d5536fd5546ed6556dd7566cd8576bd9586ada5a6ada5b69db5c68dc5d67dd5e66de5f65de6164df6263e06363e16462e26561e26660e3685fe4695ee56a5de56b5de66c5ce76e5be76f5ae87059e97158e97257ea7457eb7556eb7655ec7754ed7953ed7a52ee7b51ef7c51ef7e50f07f4ff0804ef1814df1834cf2844bf3854bf3874af48849f48948f58b47f58c46f68d45f68f44f79044f79143f79342f89441f89540f9973ff9983ef99a3efa9b3dfa9c3cfa9e3bfb9f3afba139fba238fca338fca537fca636fca835fca934fdab33fdac33fdae32fdaf31fdb130fdb22ffdb42ffdb52efeb72dfeb82cfeba2cfebb2bfebd2afebe2afec029fdc229fdc328fdc527fdc627fdc827fdca26fdcb26fccd25fcce25fcd025fcd225fbd324fbd524fbd724fad824fada24f9dc24f9dd25f8df25f8e125f7e225f7e425f6e626f6e826f5e926f5eb27f4ed27f3ee27f3f027f2f227f1f426f1f525f0f724f0f921")),o_=function(t){return ke(ne(t).call(document.documentElement))},s_=0;function c_(){return new u_}function u_(){this._="@"+(++s_).toString(36)}u_.prototype=c_.prototype={constructor:u_,get:function(t){for(var e=this._;!(e in t);)if(!(t=t.parentNode))return;return t[e]},set:function(t,e){return t[this._]=e},remove:function(t){return this._ in t&&delete t[this._]},toString:function(){return this._}};var l_=function(t){return"string"==typeof t?new be([document.querySelectorAll(t)],[document.documentElement]):new be([null==t?[]:t],me)},h_=function(t,e){null==e&&(e=Mn().touches);for(var n=0,r=e?e.length:0,i=new Array(r);n<r;++n)i[n]=On(t,e[n]);return i},f_=function(t){return function(){return t}},d_=Math.abs,p_=Math.atan2,y_=Math.cos,g_=Math.max,v_=Math.min,m_=Math.sin,b_=Math.sqrt,__=Math.PI,x_=__/2,k_=2*__;function w_(t){return t>1?0:t<-1?__:Math.acos(t)}function E_(t){return t>=1?x_:t<=-1?-x_:Math.asin(t)}function T_(t){return t.innerRadius}function C_(t){return t.outerRadius}function S_(t){return t.startAngle}function A_(t){return t.endAngle}function M_(t){return t&&t.padAngle}function O_(t,e,n,r,i,a,o,s){var c=n-t,u=r-e,l=o-i,h=s-a,f=h*c-l*u;if(!(f*f<1e-12))return[t+(f=(l*(e-a)-h*(t-i))/f)*c,e+f*u]}function N_(t,e,n,r,i,a,o){var s=t-n,c=e-r,u=(o?a:-a)/b_(s*s+c*c),l=u*c,h=-u*s,f=t+l,d=e+h,p=n+l,y=r+h,g=(f+p)/2,v=(d+y)/2,m=p-f,b=y-d,_=m*m+b*b,x=i-a,k=f*y-p*d,w=(b<0?-1:1)*b_(g_(0,x*x*_-k*k)),E=(k*b-m*w)/_,T=(-k*m-b*w)/_,C=(k*b+m*w)/_,S=(-k*m+b*w)/_,A=E-g,M=T-v,O=C-g,N=S-v;return A*A+M*M>O*O+N*N&&(E=C,T=S),{cx:E,cy:T,x01:-l,y01:-h,x11:E*(i/x-1),y11:T*(i/x-1)}}var D_=function(){var t=T_,e=C_,n=f_(0),r=null,i=S_,a=A_,o=M_,s=null;function c(){var c,u,l=+t.apply(this,arguments),h=+e.apply(this,arguments),f=i.apply(this,arguments)-x_,d=a.apply(this,arguments)-x_,p=d_(d-f),y=d>f;if(s||(s=c=Ui()),h<l&&(u=h,h=l,l=u),h>1e-12)if(p>k_-1e-12)s.moveTo(h*y_(f),h*m_(f)),s.arc(0,0,h,f,d,!y),l>1e-12&&(s.moveTo(l*y_(d),l*m_(d)),s.arc(0,0,l,d,f,y));else{var g,v,m=f,b=d,_=f,x=d,k=p,w=p,E=o.apply(this,arguments)/2,T=E>1e-12&&(r?+r.apply(this,arguments):b_(l*l+h*h)),C=v_(d_(h-l)/2,+n.apply(this,arguments)),S=C,A=C;if(T>1e-12){var M=E_(T/l*m_(E)),O=E_(T/h*m_(E));(k-=2*M)>1e-12?(_+=M*=y?1:-1,x-=M):(k=0,_=x=(f+d)/2),(w-=2*O)>1e-12?(m+=O*=y?1:-1,b-=O):(w=0,m=b=(f+d)/2)}var N=h*y_(m),D=h*m_(m),B=l*y_(x),L=l*m_(x);if(C>1e-12){var I,R=h*y_(b),F=h*m_(b),P=l*y_(_),j=l*m_(_);if(p<__&&(I=O_(N,D,P,j,R,F,B,L))){var Y=N-I[0],z=D-I[1],U=R-I[0],$=F-I[1],W=1/m_(w_((Y*U+z*$)/(b_(Y*Y+z*z)*b_(U*U+$*$)))/2),V=b_(I[0]*I[0]+I[1]*I[1]);S=v_(C,(l-V)/(W-1)),A=v_(C,(h-V)/(W+1))}}w>1e-12?A>1e-12?(g=N_(P,j,N,D,h,A,y),v=N_(R,F,B,L,h,A,y),s.moveTo(g.cx+g.x01,g.cy+g.y01),A<C?s.arc(g.cx,g.cy,A,p_(g.y01,g.x01),p_(v.y01,v.x01),!y):(s.arc(g.cx,g.cy,A,p_(g.y01,g.x01),p_(g.y11,g.x11),!y),s.arc(0,0,h,p_(g.cy+g.y11,g.cx+g.x11),p_(v.cy+v.y11,v.cx+v.x11),!y),s.arc(v.cx,v.cy,A,p_(v.y11,v.x11),p_(v.y01,v.x01),!y))):(s.moveTo(N,D),s.arc(0,0,h,m,b,!y)):s.moveTo(N,D),l>1e-12&&k>1e-12?S>1e-12?(g=N_(B,L,R,F,l,-S,y),v=N_(N,D,P,j,l,-S,y),s.lineTo(g.cx+g.x01,g.cy+g.y01),S<C?s.arc(g.cx,g.cy,S,p_(g.y01,g.x01),p_(v.y01,v.x01),!y):(s.arc(g.cx,g.cy,S,p_(g.y01,g.x01),p_(g.y11,g.x11),!y),s.arc(0,0,l,p_(g.cy+g.y11,g.cx+g.x11),p_(v.cy+v.y11,v.cx+v.x11),y),s.arc(v.cx,v.cy,S,p_(v.y11,v.x11),p_(v.y01,v.x01),!y))):s.arc(0,0,l,x,_,y):s.lineTo(B,L)}else s.moveTo(0,0);if(s.closePath(),c)return s=null,c+""||null}return c.centroid=function(){var n=(+t.apply(this,arguments)+ +e.apply(this,arguments))/2,r=(+i.apply(this,arguments)+ +a.apply(this,arguments))/2-__/2;return[y_(r)*n,m_(r)*n]},c.innerRadius=function(e){return arguments.length?(t="function"==typeof e?e:f_(+e),c):t},c.outerRadius=function(t){return arguments.length?(e="function"==typeof t?t:f_(+t),c):e},c.cornerRadius=function(t){return arguments.length?(n="function"==typeof t?t:f_(+t),c):n},c.padRadius=function(t){return arguments.length?(r=null==t?null:"function"==typeof t?t:f_(+t),c):r},c.startAngle=function(t){return arguments.length?(i="function"==typeof t?t:f_(+t),c):i},c.endAngle=function(t){return arguments.length?(a="function"==typeof t?t:f_(+t),c):a},c.padAngle=function(t){return arguments.length?(o="function"==typeof t?t:f_(+t),c):o},c.context=function(t){return arguments.length?(s=null==t?null:t,c):s},c};function B_(t){this._context=t}B_.prototype={areaStart:function(){this._line=0},areaEnd:function(){this._line=NaN},lineStart:function(){this._point=0},lineEnd:function(){(this._line||0!==this._line&&1===this._point)&&this._context.closePath(),this._line=1-this._line},point:function(t,e){switch(t=+t,e=+e,this._point){case 0:this._point=1,this._line?this._context.lineTo(t,e):this._context.moveTo(t,e);break;case 1:this._point=2;default:this._context.lineTo(t,e)}}};var L_=function(t){return new B_(t)};function I_(t){return t[0]}function R_(t){return t[1]}var F_=function(){var t=I_,e=R_,n=f_(!0),r=null,i=L_,a=null;function o(o){var s,c,u,l=o.length,h=!1;for(null==r&&(a=i(u=Ui())),s=0;s<=l;++s)!(s<l&&n(c=o[s],s,o))===h&&((h=!h)?a.lineStart():a.lineEnd()),h&&a.point(+t(c,s,o),+e(c,s,o));if(u)return a=null,u+""||null}return o.x=function(e){return arguments.length?(t="function"==typeof e?e:f_(+e),o):t},o.y=function(t){return arguments.length?(e="function"==typeof t?t:f_(+t),o):e},o.defined=function(t){return arguments.length?(n="function"==typeof t?t:f_(!!t),o):n},o.curve=function(t){return arguments.length?(i=t,null!=r&&(a=i(r)),o):i},o.context=function(t){return arguments.length?(null==t?r=a=null:a=i(r=t),o):r},o},P_=function(){var t=I_,e=null,n=f_(0),r=R_,i=f_(!0),a=null,o=L_,s=null;function c(c){var u,l,h,f,d,p=c.length,y=!1,g=new Array(p),v=new Array(p);for(null==a&&(s=o(d=Ui())),u=0;u<=p;++u){if(!(u<p&&i(f=c[u],u,c))===y)if(y=!y)l=u,s.areaStart(),s.lineStart();else{for(s.lineEnd(),s.lineStart(),h=u-1;h>=l;--h)s.point(g[h],v[h]);s.lineEnd(),s.areaEnd()}y&&(g[u]=+t(f,u,c),v[u]=+n(f,u,c),s.point(e?+e(f,u,c):g[u],r?+r(f,u,c):v[u]))}if(d)return s=null,d+""||null}function u(){return F_().defined(i).curve(o).context(a)}return c.x=function(n){return arguments.length?(t="function"==typeof n?n:f_(+n),e=null,c):t},c.x0=function(e){return arguments.length?(t="function"==typeof e?e:f_(+e),c):t},c.x1=function(t){return arguments.length?(e=null==t?null:"function"==typeof t?t:f_(+t),c):e},c.y=function(t){return arguments.length?(n="function"==typeof t?t:f_(+t),r=null,c):n},c.y0=function(t){return arguments.length?(n="function"==typeof t?t:f_(+t),c):n},c.y1=function(t){return arguments.length?(r=null==t?null:"function"==typeof t?t:f_(+t),c):r},c.lineX0=c.lineY0=function(){return u().x(t).y(n)},c.lineY1=function(){return u().x(t).y(r)},c.lineX1=function(){return u().x(e).y(n)},c.defined=function(t){return arguments.length?(i="function"==typeof t?t:f_(!!t),c):i},c.curve=function(t){return arguments.length?(o=t,null!=a&&(s=o(a)),c):o},c.context=function(t){return arguments.length?(null==t?a=s=null:s=o(a=t),c):a},c},j_=function(t,e){return e<t?-1:e>t?1:e>=t?0:NaN},Y_=function(t){return t},z_=function(){var t=Y_,e=j_,n=null,r=f_(0),i=f_(k_),a=f_(0);function o(o){var s,c,u,l,h,f=o.length,d=0,p=new Array(f),y=new Array(f),g=+r.apply(this,arguments),v=Math.min(k_,Math.max(-k_,i.apply(this,arguments)-g)),m=Math.min(Math.abs(v)/f,a.apply(this,arguments)),b=m*(v<0?-1:1);for(s=0;s<f;++s)(h=y[p[s]=s]=+t(o[s],s,o))>0&&(d+=h);for(null!=e?p.sort((function(t,n){return e(y[t],y[n])})):null!=n&&p.sort((function(t,e){return n(o[t],o[e])})),s=0,u=d?(v-f*b)/d:0;s<f;++s,g=l)c=p[s],l=g+((h=y[c])>0?h*u:0)+b,y[c]={data:o[c],index:s,value:h,startAngle:g,endAngle:l,padAngle:m};return y}return o.value=function(e){return arguments.length?(t="function"==typeof e?e:f_(+e),o):t},o.sortValues=function(t){return arguments.length?(e=t,n=null,o):e},o.sort=function(t){return arguments.length?(n=t,e=null,o):n},o.startAngle=function(t){return arguments.length?(r="function"==typeof t?t:f_(+t),o):r},o.endAngle=function(t){return arguments.length?(i="function"==typeof t?t:f_(+t),o):i},o.padAngle=function(t){return arguments.length?(a="function"==typeof t?t:f_(+t),o):a},o},U_=W_(L_);function $_(t){this._curve=t}function W_(t){function e(e){return new $_(t(e))}return e._curve=t,e}function V_(t){var e=t.curve;return t.angle=t.x,delete t.x,t.radius=t.y,delete t.y,t.curve=function(t){return arguments.length?e(W_(t)):e()._curve},t}$_.prototype={areaStart:function(){this._curve.areaStart()},areaEnd:function(){this._curve.areaEnd()},lineStart:function(){this._curve.lineStart()},lineEnd:function(){this._curve.lineEnd()},point:function(t,e){this._curve.point(e*Math.sin(t),e*-Math.cos(t))}};var q_=function(){return V_(F_().curve(U_))},H_=function(){var t=P_().curve(U_),e=t.curve,n=t.lineX0,r=t.lineX1,i=t.lineY0,a=t.lineY1;return t.angle=t.x,delete t.x,t.startAngle=t.x0,delete t.x0,t.endAngle=t.x1,delete t.x1,t.radius=t.y,delete t.y,t.innerRadius=t.y0,delete t.y0,t.outerRadius=t.y1,delete t.y1,t.lineStartAngle=function(){return V_(n())},delete t.lineX0,t.lineEndAngle=function(){return V_(r())},delete t.lineX1,t.lineInnerRadius=function(){return V_(i())},delete t.lineY0,t.lineOuterRadius=function(){return V_(a())},delete t.lineY1,t.curve=function(t){return arguments.length?e(W_(t)):e()._curve},t},G_=function(t,e){return[(e=+e)*Math.cos(t-=Math.PI/2),e*Math.sin(t)]},X_=Array.prototype.slice;function Z_(t){return t.source}function Q_(t){return t.target}function K_(t){var e=Z_,n=Q_,r=I_,i=R_,a=null;function o(){var o,s=X_.call(arguments),c=e.apply(this,s),u=n.apply(this,s);if(a||(a=o=Ui()),t(a,+r.apply(this,(s[0]=c,s)),+i.apply(this,s),+r.apply(this,(s[0]=u,s)),+i.apply(this,s)),o)return a=null,o+""||null}return o.source=function(t){return arguments.length?(e=t,o):e},o.target=function(t){return arguments.length?(n=t,o):n},o.x=function(t){return arguments.length?(r="function"==typeof t?t:f_(+t),o):r},o.y=function(t){return arguments.length?(i="function"==typeof t?t:f_(+t),o):i},o.context=function(t){return arguments.length?(a=null==t?null:t,o):a},o}function J_(t,e,n,r,i){t.moveTo(e,n),t.bezierCurveTo(e=(e+r)/2,n,e,i,r,i)}function tx(t,e,n,r,i){t.moveTo(e,n),t.bezierCurveTo(e,n=(n+i)/2,r,n,r,i)}function ex(t,e,n,r,i){var a=G_(e,n),o=G_(e,n=(n+i)/2),s=G_(r,n),c=G_(r,i);t.moveTo(a[0],a[1]),t.bezierCurveTo(o[0],o[1],s[0],s[1],c[0],c[1])}function nx(){return K_(J_)}function rx(){return K_(tx)}function ix(){var t=K_(ex);return t.angle=t.x,delete t.x,t.radius=t.y,delete t.y,t}var ax={draw:function(t,e){var n=Math.sqrt(e/__);t.moveTo(n,0),t.arc(0,0,n,0,k_)}},ox={draw:function(t,e){var n=Math.sqrt(e/5)/2;t.moveTo(-3*n,-n),t.lineTo(-n,-n),t.lineTo(-n,-3*n),t.lineTo(n,-3*n),t.lineTo(n,-n),t.lineTo(3*n,-n),t.lineTo(3*n,n),t.lineTo(n,n),t.lineTo(n,3*n),t.lineTo(-n,3*n),t.lineTo(-n,n),t.lineTo(-3*n,n),t.closePath()}},sx=Math.sqrt(1/3),cx=2*sx,ux={draw:function(t,e){var n=Math.sqrt(e/cx),r=n*sx;t.moveTo(0,-n),t.lineTo(r,0),t.lineTo(0,n),t.lineTo(-r,0),t.closePath()}},lx=Math.sin(__/10)/Math.sin(7*__/10),hx=Math.sin(k_/10)*lx,fx=-Math.cos(k_/10)*lx,dx={draw:function(t,e){var n=Math.sqrt(.8908130915292852*e),r=hx*n,i=fx*n;t.moveTo(0,-n),t.lineTo(r,i);for(var a=1;a<5;++a){var o=k_*a/5,s=Math.cos(o),c=Math.sin(o);t.lineTo(c*n,-s*n),t.lineTo(s*r-c*i,c*r+s*i)}t.closePath()}},px={draw:function(t,e){var n=Math.sqrt(e),r=-n/2;t.rect(r,r,n,n)}},yx=Math.sqrt(3),gx={draw:function(t,e){var n=-Math.sqrt(e/(3*yx));t.moveTo(0,2*n),t.lineTo(-yx*n,-n),t.lineTo(yx*n,-n),t.closePath()}},vx=Math.sqrt(3)/2,mx=1/Math.sqrt(12),bx=3*(mx/2+1),_x={draw:function(t,e){var n=Math.sqrt(e/bx),r=n/2,i=n*mx,a=r,o=n*mx+n,s=-a,c=o;t.moveTo(r,i),t.lineTo(a,o),t.lineTo(s,c),t.lineTo(-.5*r-vx*i,vx*r+-.5*i),t.lineTo(-.5*a-vx*o,vx*a+-.5*o),t.lineTo(-.5*s-vx*c,vx*s+-.5*c),t.lineTo(-.5*r+vx*i,-.5*i-vx*r),t.lineTo(-.5*a+vx*o,-.5*o-vx*a),t.lineTo(-.5*s+vx*c,-.5*c-vx*s),t.closePath()}},xx=[ax,ox,ux,px,dx,gx,_x],kx=function(){var t=f_(ax),e=f_(64),n=null;function r(){var r;if(n||(n=r=Ui()),t.apply(this,arguments).draw(n,+e.apply(this,arguments)),r)return n=null,r+""||null}return r.type=function(e){return arguments.length?(t="function"==typeof e?e:f_(e),r):t},r.size=function(t){return arguments.length?(e="function"==typeof t?t:f_(+t),r):e},r.context=function(t){return arguments.length?(n=null==t?null:t,r):n},r},wx=function(){};function Ex(t,e,n){t._context.bezierCurveTo((2*t._x0+t._x1)/3,(2*t._y0+t._y1)/3,(t._x0+2*t._x1)/3,(t._y0+2*t._y1)/3,(t._x0+4*t._x1+e)/6,(t._y0+4*t._y1+n)/6)}function Tx(t){this._context=t}Tx.prototype={areaStart:function(){this._line=0},areaEnd:function(){this._line=NaN},lineStart:function(){this._x0=this._x1=this._y0=this._y1=NaN,this._point=0},lineEnd:function(){switch(this._point){case 3:Ex(this,this._x1,this._y1);case 2:this._context.lineTo(this._x1,this._y1)}(this._line||0!==this._line&&1===this._point)&&this._context.closePath(),this._line=1-this._line},point:function(t,e){switch(t=+t,e=+e,this._point){case 0:this._point=1,this._line?this._context.lineTo(t,e):this._context.moveTo(t,e);break;case 1:this._point=2;break;case 2:this._point=3,this._context.lineTo((5*this._x0+this._x1)/6,(5*this._y0+this._y1)/6);default:Ex(this,t,e)}this._x0=this._x1,this._x1=t,this._y0=this._y1,this._y1=e}};var Cx=function(t){return new Tx(t)};function Sx(t){this._context=t}Sx.prototype={areaStart:wx,areaEnd:wx,lineStart:function(){this._x0=this._x1=this._x2=this._x3=this._x4=this._y0=this._y1=this._y2=this._y3=this._y4=NaN,this._point=0},lineEnd:function(){switch(this._point){case 1:this._context.moveTo(this._x2,this._y2),this._context.closePath();break;case 2:this._context.moveTo((this._x2+2*this._x3)/3,(this._y2+2*this._y3)/3),this._context.lineTo((this._x3+2*this._x2)/3,(this._y3+2*this._y2)/3),this._context.closePath();break;case 3:this.point(this._x2,this._y2),this.point(this._x3,this._y3),this.point(this._x4,this._y4)}},point:function(t,e){switch(t=+t,e=+e,this._point){case 0:this._point=1,this._x2=t,this._y2=e;break;case 1:this._point=2,this._x3=t,this._y3=e;break;case 2:this._point=3,this._x4=t,this._y4=e,this._context.moveTo((this._x0+4*this._x1+t)/6,(this._y0+4*this._y1+e)/6);break;default:Ex(this,t,e)}this._x0=this._x1,this._x1=t,this._y0=this._y1,this._y1=e}};var Ax=function(t){return new Sx(t)};function Mx(t){this._context=t}Mx.prototype={areaStart:function(){this._line=0},areaEnd:function(){this._line=NaN},lineStart:function(){this._x0=this._x1=this._y0=this._y1=NaN,this._point=0},lineEnd:function(){(this._line||0!==this._line&&3===this._point)&&this._context.closePath(),this._line=1-this._line},point:function(t,e){switch(t=+t,e=+e,this._point){case 0:this._point=1;break;case 1:this._point=2;break;case 2:this._point=3;var n=(this._x0+4*this._x1+t)/6,r=(this._y0+4*this._y1+e)/6;this._line?this._context.lineTo(n,r):this._context.moveTo(n,r);break;case 3:this._point=4;default:Ex(this,t,e)}this._x0=this._x1,this._x1=t,this._y0=this._y1,this._y1=e}};var Ox=function(t){return new Mx(t)};function Nx(t,e){this._basis=new Tx(t),this._beta=e}Nx.prototype={lineStart:function(){this._x=[],this._y=[],this._basis.lineStart()},lineEnd:function(){var t=this._x,e=this._y,n=t.length-1;if(n>0)for(var r,i=t[0],a=e[0],o=t[n]-i,s=e[n]-a,c=-1;++c<=n;)r=c/n,this._basis.point(this._beta*t[c]+(1-this._beta)*(i+r*o),this._beta*e[c]+(1-this._beta)*(a+r*s));this._x=this._y=null,this._basis.lineEnd()},point:function(t,e){this._x.push(+t),this._y.push(+e)}};var Dx=function t(e){function n(t){return 1===e?new Tx(t):new Nx(t,e)}return n.beta=function(e){return t(+e)},n}(.85);function Bx(t,e,n){t._context.bezierCurveTo(t._x1+t._k*(t._x2-t._x0),t._y1+t._k*(t._y2-t._y0),t._x2+t._k*(t._x1-e),t._y2+t._k*(t._y1-n),t._x2,t._y2)}function Lx(t,e){this._context=t,this._k=(1-e)/6}Lx.prototype={areaStart:function(){this._line=0},areaEnd:function(){this._line=NaN},lineStart:function(){this._x0=this._x1=this._x2=this._y0=this._y1=this._y2=NaN,this._point=0},lineEnd:function(){switch(this._point){case 2:this._context.lineTo(this._x2,this._y2);break;case 3:Bx(this,this._x1,this._y1)}(this._line||0!==this._line&&1===this._point)&&this._context.closePath(),this._line=1-this._line},point:function(t,e){switch(t=+t,e=+e,this._point){case 0:this._point=1,this._line?this._context.lineTo(t,e):this._context.moveTo(t,e);break;case 1:this._point=2,this._x1=t,this._y1=e;break;case 2:this._point=3;default:Bx(this,t,e)}this._x0=this._x1,this._x1=this._x2,this._x2=t,this._y0=this._y1,this._y1=this._y2,this._y2=e}};var Ix=function t(e){function n(t){return new Lx(t,e)}return n.tension=function(e){return t(+e)},n}(0);function Rx(t,e){this._context=t,this._k=(1-e)/6}Rx.prototype={areaStart:wx,areaEnd:wx,lineStart:function(){this._x0=this._x1=this._x2=this._x3=this._x4=this._x5=this._y0=this._y1=this._y2=this._y3=this._y4=this._y5=NaN,this._point=0},lineEnd:function(){switch(this._point){case 1:this._context.moveTo(this._x3,this._y3),this._context.closePath();break;case 2:this._context.lineTo(this._x3,this._y3),this._context.closePath();break;case 3:this.point(this._x3,this._y3),this.point(this._x4,this._y4),this.point(this._x5,this._y5)}},point:function(t,e){switch(t=+t,e=+e,this._point){case 0:this._point=1,this._x3=t,this._y3=e;break;case 1:this._point=2,this._context.moveTo(this._x4=t,this._y4=e);break;case 2:this._point=3,this._x5=t,this._y5=e;break;default:Bx(this,t,e)}this._x0=this._x1,this._x1=this._x2,this._x2=t,this._y0=this._y1,this._y1=this._y2,this._y2=e}};var Fx=function t(e){function n(t){return new Rx(t,e)}return n.tension=function(e){return t(+e)},n}(0);function Px(t,e){this._context=t,this._k=(1-e)/6}Px.prototype={areaStart:function(){this._line=0},areaEnd:function(){this._line=NaN},lineStart:function(){this._x0=this._x1=this._x2=this._y0=this._y1=this._y2=NaN,this._point=0},lineEnd:function(){(this._line||0!==this._line&&3===this._point)&&this._context.closePath(),this._line=1-this._line},point:function(t,e){switch(t=+t,e=+e,this._point){case 0:this._point=1;break;case 1:this._point=2;break;case 2:this._point=3,this._line?this._context.lineTo(this._x2,this._y2):this._context.moveTo(this._x2,this._y2);break;case 3:this._point=4;default:Bx(this,t,e)}this._x0=this._x1,this._x1=this._x2,this._x2=t,this._y0=this._y1,this._y1=this._y2,this._y2=e}};var jx=function t(e){function n(t){return new Px(t,e)}return n.tension=function(e){return t(+e)},n}(0);function Yx(t,e,n){var r=t._x1,i=t._y1,a=t._x2,o=t._y2;if(t._l01_a>1e-12){var s=2*t._l01_2a+3*t._l01_a*t._l12_a+t._l12_2a,c=3*t._l01_a*(t._l01_a+t._l12_a);r=(r*s-t._x0*t._l12_2a+t._x2*t._l01_2a)/c,i=(i*s-t._y0*t._l12_2a+t._y2*t._l01_2a)/c}if(t._l23_a>1e-12){var u=2*t._l23_2a+3*t._l23_a*t._l12_a+t._l12_2a,l=3*t._l23_a*(t._l23_a+t._l12_a);a=(a*u+t._x1*t._l23_2a-e*t._l12_2a)/l,o=(o*u+t._y1*t._l23_2a-n*t._l12_2a)/l}t._context.bezierCurveTo(r,i,a,o,t._x2,t._y2)}function zx(t,e){this._context=t,this._alpha=e}zx.prototype={areaStart:function(){this._line=0},areaEnd:function(){this._line=NaN},lineStart:function(){this._x0=this._x1=this._x2=this._y0=this._y1=this._y2=NaN,this._l01_a=this._l12_a=this._l23_a=this._l01_2a=this._l12_2a=this._l23_2a=this._point=0},lineEnd:function(){switch(this._point){case 2:this._context.lineTo(this._x2,this._y2);break;case 3:this.point(this._x2,this._y2)}(this._line||0!==this._line&&1===this._point)&&this._context.closePath(),this._line=1-this._line},point:function(t,e){if(t=+t,e=+e,this._point){var n=this._x2-t,r=this._y2-e;this._l23_a=Math.sqrt(this._l23_2a=Math.pow(n*n+r*r,this._alpha))}switch(this._point){case 0:this._point=1,this._line?this._context.lineTo(t,e):this._context.moveTo(t,e);break;case 1:this._point=2;break;case 2:this._point=3;default:Yx(this,t,e)}this._l01_a=this._l12_a,this._l12_a=this._l23_a,this._l01_2a=this._l12_2a,this._l12_2a=this._l23_2a,this._x0=this._x1,this._x1=this._x2,this._x2=t,this._y0=this._y1,this._y1=this._y2,this._y2=e}};var Ux=function t(e){function n(t){return e?new zx(t,e):new Lx(t,0)}return n.alpha=function(e){return t(+e)},n}(.5);function $x(t,e){this._context=t,this._alpha=e}$x.prototype={areaStart:wx,areaEnd:wx,lineStart:function(){this._x0=this._x1=this._x2=this._x3=this._x4=this._x5=this._y0=this._y1=this._y2=this._y3=this._y4=this._y5=NaN,this._l01_a=this._l12_a=this._l23_a=this._l01_2a=this._l12_2a=this._l23_2a=this._point=0},lineEnd:function(){switch(this._point){case 1:this._context.moveTo(this._x3,this._y3),this._context.closePath();break;case 2:this._context.lineTo(this._x3,this._y3),this._context.closePath();break;case 3:this.point(this._x3,this._y3),this.point(this._x4,this._y4),this.point(this._x5,this._y5)}},point:function(t,e){if(t=+t,e=+e,this._point){var n=this._x2-t,r=this._y2-e;this._l23_a=Math.sqrt(this._l23_2a=Math.pow(n*n+r*r,this._alpha))}switch(this._point){case 0:this._point=1,this._x3=t,this._y3=e;break;case 1:this._point=2,this._context.moveTo(this._x4=t,this._y4=e);break;case 2:this._point=3,this._x5=t,this._y5=e;break;default:Yx(this,t,e)}this._l01_a=this._l12_a,this._l12_a=this._l23_a,this._l01_2a=this._l12_2a,this._l12_2a=this._l23_2a,this._x0=this._x1,this._x1=this._x2,this._x2=t,this._y0=this._y1,this._y1=this._y2,this._y2=e}};var Wx=function t(e){function n(t){return e?new $x(t,e):new Rx(t,0)}return n.alpha=function(e){return t(+e)},n}(.5);function Vx(t,e){this._context=t,this._alpha=e}Vx.prototype={areaStart:function(){this._line=0},areaEnd:function(){this._line=NaN},lineStart:function(){this._x0=this._x1=this._x2=this._y0=this._y1=this._y2=NaN,this._l01_a=this._l12_a=this._l23_a=this._l01_2a=this._l12_2a=this._l23_2a=this._point=0},lineEnd:function(){(this._line||0!==this._line&&3===this._point)&&this._context.closePath(),this._line=1-this._line},point:function(t,e){if(t=+t,e=+e,this._point){var n=this._x2-t,r=this._y2-e;this._l23_a=Math.sqrt(this._l23_2a=Math.pow(n*n+r*r,this._alpha))}switch(this._point){case 0:this._point=1;break;case 1:this._point=2;break;case 2:this._point=3,this._line?this._context.lineTo(this._x2,this._y2):this._context.moveTo(this._x2,this._y2);break;case 3:this._point=4;default:Yx(this,t,e)}this._l01_a=this._l12_a,this._l12_a=this._l23_a,this._l01_2a=this._l12_2a,this._l12_2a=this._l23_2a,this._x0=this._x1,this._x1=this._x2,this._x2=t,this._y0=this._y1,this._y1=this._y2,this._y2=e}};var qx=function t(e){function n(t){return e?new Vx(t,e):new Px(t,0)}return n.alpha=function(e){return t(+e)},n}(.5);function Hx(t){this._context=t}Hx.prototype={areaStart:wx,areaEnd:wx,lineStart:function(){this._point=0},lineEnd:function(){this._point&&this._context.closePath()},point:function(t,e){t=+t,e=+e,this._point?this._context.lineTo(t,e):(this._point=1,this._context.moveTo(t,e))}};var Gx=function(t){return new Hx(t)};function Xx(t){return t<0?-1:1}function Zx(t,e,n){var r=t._x1-t._x0,i=e-t._x1,a=(t._y1-t._y0)/(r||i<0&&-0),o=(n-t._y1)/(i||r<0&&-0),s=(a*i+o*r)/(r+i);return(Xx(a)+Xx(o))*Math.min(Math.abs(a),Math.abs(o),.5*Math.abs(s))||0}function Qx(t,e){var n=t._x1-t._x0;return n?(3*(t._y1-t._y0)/n-e)/2:e}function Kx(t,e,n){var r=t._x0,i=t._y0,a=t._x1,o=t._y1,s=(a-r)/3;t._context.bezierCurveTo(r+s,i+s*e,a-s,o-s*n,a,o)}function Jx(t){this._context=t}function tk(t){this._context=new ek(t)}function ek(t){this._context=t}function nk(t){return new Jx(t)}function rk(t){return new tk(t)}function ik(t){this._context=t}function ak(t){var e,n,r=t.length-1,i=new Array(r),a=new Array(r),o=new Array(r);for(i[0]=0,a[0]=2,o[0]=t[0]+2*t[1],e=1;e<r-1;++e)i[e]=1,a[e]=4,o[e]=4*t[e]+2*t[e+1];for(i[r-1]=2,a[r-1]=7,o[r-1]=8*t[r-1]+t[r],e=1;e<r;++e)n=i[e]/a[e-1],a[e]-=n,o[e]-=n*o[e-1];for(i[r-1]=o[r-1]/a[r-1],e=r-2;e>=0;--e)i[e]=(o[e]-i[e+1])/a[e];for(a[r-1]=(t[r]+i[r-1])/2,e=0;e<r-1;++e)a[e]=2*t[e+1]-i[e+1];return[i,a]}Jx.prototype={areaStart:function(){this._line=0},areaEnd:function(){this._line=NaN},lineStart:function(){this._x0=this._x1=this._y0=this._y1=this._t0=NaN,this._point=0},lineEnd:function(){switch(this._point){case 2:this._context.lineTo(this._x1,this._y1);break;case 3:Kx(this,this._t0,Qx(this,this._t0))}(this._line||0!==this._line&&1===this._point)&&this._context.closePath(),this._line=1-this._line},point:function(t,e){var n=NaN;if(e=+e,(t=+t)!==this._x1||e!==this._y1){switch(this._point){case 0:this._point=1,this._line?this._context.lineTo(t,e):this._context.moveTo(t,e);break;case 1:this._point=2;break;case 2:this._point=3,Kx(this,Qx(this,n=Zx(this,t,e)),n);break;default:Kx(this,this._t0,n=Zx(this,t,e))}this._x0=this._x1,this._x1=t,this._y0=this._y1,this._y1=e,this._t0=n}}},(tk.prototype=Object.create(Jx.prototype)).point=function(t,e){Jx.prototype.point.call(this,e,t)},ek.prototype={moveTo:function(t,e){this._context.moveTo(e,t)},closePath:function(){this._context.closePath()},lineTo:function(t,e){this._context.lineTo(e,t)},bezierCurveTo:function(t,e,n,r,i,a){this._context.bezierCurveTo(e,t,r,n,a,i)}},ik.prototype={areaStart:function(){this._line=0},areaEnd:function(){this._line=NaN},lineStart:function(){this._x=[],this._y=[]},lineEnd:function(){var t=this._x,e=this._y,n=t.length;if(n)if(this._line?this._context.lineTo(t[0],e[0]):this._context.moveTo(t[0],e[0]),2===n)this._context.lineTo(t[1],e[1]);else for(var r=ak(t),i=ak(e),a=0,o=1;o<n;++a,++o)this._context.bezierCurveTo(r[0][a],i[0][a],r[1][a],i[1][a],t[o],e[o]);(this._line||0!==this._line&&1===n)&&this._context.closePath(),this._line=1-this._line,this._x=this._y=null},point:function(t,e){this._x.push(+t),this._y.push(+e)}};var ok=function(t){return new ik(t)};function sk(t,e){this._context=t,this._t=e}sk.prototype={areaStart:function(){this._line=0},areaEnd:function(){this._line=NaN},lineStart:function(){this._x=this._y=NaN,this._point=0},lineEnd:function(){0<this._t&&this._t<1&&2===this._point&&this._context.lineTo(this._x,this._y),(this._line||0!==this._line&&1===this._point)&&this._context.closePath(),this._line>=0&&(this._t=1-this._t,this._line=1-this._line)},point:function(t,e){switch(t=+t,e=+e,this._point){case 0:this._point=1,this._line?this._context.lineTo(t,e):this._context.moveTo(t,e);break;case 1:this._point=2;default:if(this._t<=0)this._context.lineTo(this._x,e),this._context.lineTo(t,e);else{var n=this._x*(1-this._t)+t*this._t;this._context.lineTo(n,this._y),this._context.lineTo(n,e)}}this._x=t,this._y=e}};var ck=function(t){return new sk(t,.5)};function uk(t){return new sk(t,0)}function lk(t){return new sk(t,1)}var hk=function(t,e){if((i=t.length)>1)for(var n,r,i,a=1,o=t[e[0]],s=o.length;a<i;++a)for(r=o,o=t[e[a]],n=0;n<s;++n)o[n][1]+=o[n][0]=isNaN(r[n][1])?r[n][0]:r[n][1]},fk=function(t){for(var e=t.length,n=new Array(e);--e>=0;)n[e]=e;return n};function dk(t,e){return t[e]}var pk=function(){var t=f_([]),e=fk,n=hk,r=dk;function i(i){var a,o,s=t.apply(this,arguments),c=i.length,u=s.length,l=new Array(u);for(a=0;a<u;++a){for(var h,f=s[a],d=l[a]=new Array(c),p=0;p<c;++p)d[p]=h=[0,+r(i[p],f,p,i)],h.data=i[p];d.key=f}for(a=0,o=e(l);a<u;++a)l[o[a]].index=a;return n(l,o),l}return i.keys=function(e){return arguments.length?(t="function"==typeof e?e:f_(X_.call(e)),i):t},i.value=function(t){return arguments.length?(r="function"==typeof t?t:f_(+t),i):r},i.order=function(t){return arguments.length?(e=null==t?fk:"function"==typeof t?t:f_(X_.call(t)),i):e},i.offset=function(t){return arguments.length?(n=null==t?hk:t,i):n},i},yk=function(t,e){if((r=t.length)>0){for(var n,r,i,a=0,o=t[0].length;a<o;++a){for(i=n=0;n<r;++n)i+=t[n][a][1]||0;if(i)for(n=0;n<r;++n)t[n][a][1]/=i}hk(t,e)}},gk=function(t,e){if((s=t.length)>0)for(var n,r,i,a,o,s,c=0,u=t[e[0]].length;c<u;++c)for(a=o=0,n=0;n<s;++n)(i=(r=t[e[n]][c])[1]-r[0])>0?(r[0]=a,r[1]=a+=i):i<0?(r[1]=o,r[0]=o+=i):(r[0]=0,r[1]=i)},vk=function(t,e){if((n=t.length)>0){for(var n,r=0,i=t[e[0]],a=i.length;r<a;++r){for(var o=0,s=0;o<n;++o)s+=t[o][r][1]||0;i[r][1]+=i[r][0]=-s/2}hk(t,e)}},mk=function(t,e){if((i=t.length)>0&&(r=(n=t[e[0]]).length)>0){for(var n,r,i,a=0,o=1;o<r;++o){for(var s=0,c=0,u=0;s<i;++s){for(var l=t[e[s]],h=l[o][1]||0,f=(h-(l[o-1][1]||0))/2,d=0;d<s;++d){var p=t[e[d]];f+=(p[o][1]||0)-(p[o-1][1]||0)}c+=h,u+=f*h}n[o-1][1]+=n[o-1][0]=a,c&&(a-=u/c)}n[o-1][1]+=n[o-1][0]=a,hk(t,e)}},bk=function(t){var e=t.map(_k);return fk(t).sort((function(t,n){return e[t]-e[n]}))};function _k(t){for(var e,n=-1,r=0,i=t.length,a=-1/0;++n<i;)(e=+t[n][1])>a&&(a=e,r=n);return r}var xk=function(t){var e=t.map(kk);return fk(t).sort((function(t,n){return e[t]-e[n]}))};function kk(t){for(var e,n=0,r=-1,i=t.length;++r<i;)(e=+t[r][1])&&(n+=e);return n}var wk=function(t){return xk(t).reverse()},Ek=function(t){var e,n,r=t.length,i=t.map(kk),a=bk(t),o=0,s=0,c=[],u=[];for(e=0;e<r;++e)n=a[e],o<s?(o+=i[n],c.push(n)):(s+=i[n],u.push(n));return u.reverse().concat(c)},Tk=function(t){return fk(t).reverse()};var Ck=Date.prototype.toISOString?function(t){return t.toISOString()}:Wg("%Y-%m-%dT%H:%M:%S.%LZ");var Sk=+new Date("2000-01-01T00:00:00.000Z")?function(t){var e=new Date(t);return isNaN(e)?null:e}:Vg("%Y-%m-%dT%H:%M:%S.%LZ"),Ak=function(t,e,n){var r=new $n,i=e;return null==e?(r.restart(t,e,n),r):(e=+e,n=null==n?zn():+n,r.restart((function a(o){o+=i,r.restart(a,i+=e,n),t(o)}),e,n),r)},Mk=function(t){return function(){return t}};function Ok(t){return t[0]}function Nk(t){return t[1]}function Dk(){this._=null}function Bk(t){t.U=t.C=t.L=t.R=t.P=t.N=null}function Lk(t,e){var n=e,r=e.R,i=n.U;i?i.L===n?i.L=r:i.R=r:t._=r,r.U=i,n.U=r,n.R=r.L,n.R&&(n.R.U=n),r.L=n}function Ik(t,e){var n=e,r=e.L,i=n.U;i?i.L===n?i.L=r:i.R=r:t._=r,r.U=i,n.U=r,n.L=r.R,n.L&&(n.L.U=n),r.R=n}function Rk(t){for(;t.L;)t=t.L;return t}Dk.prototype={constructor:Dk,insert:function(t,e){var n,r,i;if(t){if(e.P=t,e.N=t.N,t.N&&(t.N.P=e),t.N=e,t.R){for(t=t.R;t.L;)t=t.L;t.L=e}else t.R=e;n=t}else this._?(t=Rk(this._),e.P=null,e.N=t,t.P=t.L=e,n=t):(e.P=e.N=null,this._=e,n=null);for(e.L=e.R=null,e.U=n,e.C=!0,t=e;n&&n.C;)n===(r=n.U).L?(i=r.R)&&i.C?(n.C=i.C=!1,r.C=!0,t=r):(t===n.R&&(Lk(this,n),n=(t=n).U),n.C=!1,r.C=!0,Ik(this,r)):(i=r.L)&&i.C?(n.C=i.C=!1,r.C=!0,t=r):(t===n.L&&(Ik(this,n),n=(t=n).U),n.C=!1,r.C=!0,Lk(this,r)),n=t.U;this._.C=!1},remove:function(t){t.N&&(t.N.P=t.P),t.P&&(t.P.N=t.N),t.N=t.P=null;var e,n,r,i=t.U,a=t.L,o=t.R;if(n=a?o?Rk(o):a:o,i?i.L===t?i.L=n:i.R=n:this._=n,a&&o?(r=n.C,n.C=t.C,n.L=a,a.U=n,n!==o?(i=n.U,n.U=t.U,t=n.R,i.L=t,n.R=o,o.U=n):(n.U=i,i=n,t=n.R)):(r=t.C,t=n),t&&(t.U=i),!r)if(t&&t.C)t.C=!1;else{do{if(t===this._)break;if(t===i.L){if((e=i.R).C&&(e.C=!1,i.C=!0,Lk(this,i),e=i.R),e.L&&e.L.C||e.R&&e.R.C){e.R&&e.R.C||(e.L.C=!1,e.C=!0,Ik(this,e),e=i.R),e.C=i.C,i.C=e.R.C=!1,Lk(this,i),t=this._;break}}else if((e=i.L).C&&(e.C=!1,i.C=!0,Ik(this,i),e=i.L),e.L&&e.L.C||e.R&&e.R.C){e.L&&e.L.C||(e.R.C=!1,e.C=!0,Lk(this,e),e=i.L),e.C=i.C,i.C=e.L.C=!1,Ik(this,i),t=this._;break}e.C=!0,t=i,i=i.U}while(!t.C);t&&(t.C=!1)}}};var Fk=Dk;function Pk(t,e,n,r){var i=[null,null],a=cw.push(i)-1;return i.left=t,i.right=e,n&&Yk(i,t,e,n),r&&Yk(i,e,t,r),ow[t.index].halfedges.push(a),ow[e.index].halfedges.push(a),i}function jk(t,e,n){var r=[e,n];return r.left=t,r}function Yk(t,e,n,r){t[0]||t[1]?t.left===n?t[1]=r:t[0]=r:(t[0]=r,t.left=e,t.right=n)}function zk(t,e,n,r,i){var a,o=t[0],s=t[1],c=o[0],u=o[1],l=0,h=1,f=s[0]-c,d=s[1]-u;if(a=e-c,f||!(a>0)){if(a/=f,f<0){if(a<l)return;a<h&&(h=a)}else if(f>0){if(a>h)return;a>l&&(l=a)}if(a=r-c,f||!(a<0)){if(a/=f,f<0){if(a>h)return;a>l&&(l=a)}else if(f>0){if(a<l)return;a<h&&(h=a)}if(a=n-u,d||!(a>0)){if(a/=d,d<0){if(a<l)return;a<h&&(h=a)}else if(d>0){if(a>h)return;a>l&&(l=a)}if(a=i-u,d||!(a<0)){if(a/=d,d<0){if(a>h)return;a>l&&(l=a)}else if(d>0){if(a<l)return;a<h&&(h=a)}return!(l>0||h<1)||(l>0&&(t[0]=[c+l*f,u+l*d]),h<1&&(t[1]=[c+h*f,u+h*d]),!0)}}}}}function Uk(t,e,n,r,i){var a=t[1];if(a)return!0;var o,s,c=t[0],u=t.left,l=t.right,h=u[0],f=u[1],d=l[0],p=l[1],y=(h+d)/2,g=(f+p)/2;if(p===f){if(y<e||y>=r)return;if(h>d){if(c){if(c[1]>=i)return}else c=[y,n];a=[y,i]}else{if(c){if(c[1]<n)return}else c=[y,i];a=[y,n]}}else if(s=g-(o=(h-d)/(p-f))*y,o<-1||o>1)if(h>d){if(c){if(c[1]>=i)return}else c=[(n-s)/o,n];a=[(i-s)/o,i]}else{if(c){if(c[1]<n)return}else c=[(i-s)/o,i];a=[(n-s)/o,n]}else if(f<p){if(c){if(c[0]>=r)return}else c=[e,o*e+s];a=[r,o*r+s]}else{if(c){if(c[0]<e)return}else c=[r,o*r+s];a=[e,o*e+s]}return t[0]=c,t[1]=a,!0}function $k(t,e){var n=t.site,r=e.left,i=e.right;return n===i&&(i=r,r=n),i?Math.atan2(i[1]-r[1],i[0]-r[0]):(n===r?(r=e[1],i=e[0]):(r=e[0],i=e[1]),Math.atan2(r[0]-i[0],i[1]-r[1]))}function Wk(t,e){return e[+(e.left!==t.site)]}function Vk(t,e){return e[+(e.left===t.site)]}var qk,Hk=[];function Gk(){Bk(this),this.x=this.y=this.arc=this.site=this.cy=null}function Xk(t){var e=t.P,n=t.N;if(e&&n){var r=e.site,i=t.site,a=n.site;if(r!==a){var o=i[0],s=i[1],c=r[0]-o,u=r[1]-s,l=a[0]-o,h=a[1]-s,f=2*(c*h-u*l);if(!(f>=-lw)){var d=c*c+u*u,p=l*l+h*h,y=(h*d-u*p)/f,g=(c*p-l*d)/f,v=Hk.pop()||new Gk;v.arc=t,v.site=i,v.x=y+o,v.y=(v.cy=g+s)+Math.sqrt(y*y+g*g),t.circle=v;for(var m=null,b=sw._;b;)if(v.y<b.y||v.y===b.y&&v.x<=b.x){if(!b.L){m=b.P;break}b=b.L}else{if(!b.R){m=b;break}b=b.R}sw.insert(m,v),m||(qk=v)}}}}function Zk(t){var e=t.circle;e&&(e.P||(qk=e.N),sw.remove(e),Hk.push(e),Bk(e),t.circle=null)}var Qk=[];function Kk(){Bk(this),this.edge=this.site=this.circle=null}function Jk(t){var e=Qk.pop()||new Kk;return e.site=t,e}function tw(t){Zk(t),aw.remove(t),Qk.push(t),Bk(t)}function ew(t){var e=t.circle,n=e.x,r=e.cy,i=[n,r],a=t.P,o=t.N,s=[t];tw(t);for(var c=a;c.circle&&Math.abs(n-c.circle.x)<uw&&Math.abs(r-c.circle.cy)<uw;)a=c.P,s.unshift(c),tw(c),c=a;s.unshift(c),Zk(c);for(var u=o;u.circle&&Math.abs(n-u.circle.x)<uw&&Math.abs(r-u.circle.cy)<uw;)o=u.N,s.push(u),tw(u),u=o;s.push(u),Zk(u);var l,h=s.length;for(l=1;l<h;++l)u=s[l],c=s[l-1],Yk(u.edge,c.site,u.site,i);c=s[0],(u=s[h-1]).edge=Pk(c.site,u.site,null,i),Xk(c),Xk(u)}function nw(t){for(var e,n,r,i,a=t[0],o=t[1],s=aw._;s;)if((r=rw(s,o)-a)>uw)s=s.L;else{if(!((i=a-iw(s,o))>uw)){r>-uw?(e=s.P,n=s):i>-uw?(e=s,n=s.N):e=n=s;break}if(!s.R){e=s;break}s=s.R}!function(t){ow[t.index]={site:t,halfedges:[]}}(t);var c=Jk(t);if(aw.insert(e,c),e||n){if(e===n)return Zk(e),n=Jk(e.site),aw.insert(c,n),c.edge=n.edge=Pk(e.site,c.site),Xk(e),void Xk(n);if(n){Zk(e),Zk(n);var u=e.site,l=u[0],h=u[1],f=t[0]-l,d=t[1]-h,p=n.site,y=p[0]-l,g=p[1]-h,v=2*(f*g-d*y),m=f*f+d*d,b=y*y+g*g,_=[(g*m-d*b)/v+l,(f*b-y*m)/v+h];Yk(n.edge,u,p,_),c.edge=Pk(u,t,null,_),n.edge=Pk(t,p,null,_),Xk(e),Xk(n)}else c.edge=Pk(e.site,c.site)}}function rw(t,e){var n=t.site,r=n[0],i=n[1],a=i-e;if(!a)return r;var o=t.P;if(!o)return-1/0;var s=(n=o.site)[0],c=n[1],u=c-e;if(!u)return s;var l=s-r,h=1/a-1/u,f=l/u;return h?(-f+Math.sqrt(f*f-2*h*(l*l/(-2*u)-c+u/2+i-a/2)))/h+r:(r+s)/2}function iw(t,e){var n=t.N;if(n)return rw(n,e);var r=t.site;return r[1]===e?r[0]:1/0}var aw,ow,sw,cw,uw=1e-6,lw=1e-12;function hw(t,e){return e[1]-t[1]||e[0]-t[0]}function fw(t,e){var n,r,i,a=t.sort(hw).pop();for(cw=[],ow=new Array(t.length),aw=new Fk,sw=new Fk;;)if(i=qk,a&&(!i||a[1]<i.y||a[1]===i.y&&a[0]<i.x))a[0]===n&&a[1]===r||(nw(a),n=a[0],r=a[1]),a=t.pop();else{if(!i)break;ew(i.arc)}if(function(){for(var t,e,n,r,i=0,a=ow.length;i<a;++i)if((t=ow[i])&&(r=(e=t.halfedges).length)){var o=new Array(r),s=new Array(r);for(n=0;n<r;++n)o[n]=n,s[n]=$k(t,cw[e[n]]);for(o.sort((function(t,e){return s[e]-s[t]})),n=0;n<r;++n)s[n]=e[o[n]];for(n=0;n<r;++n)e[n]=s[n]}}(),e){var o=+e[0][0],s=+e[0][1],c=+e[1][0],u=+e[1][1];!function(t,e,n,r){for(var i,a=cw.length;a--;)Uk(i=cw[a],t,e,n,r)&&zk(i,t,e,n,r)&&(Math.abs(i[0][0]-i[1][0])>uw||Math.abs(i[0][1]-i[1][1])>uw)||delete cw[a]}(o,s,c,u),function(t,e,n,r){var i,a,o,s,c,u,l,h,f,d,p,y,g=ow.length,v=!0;for(i=0;i<g;++i)if(a=ow[i]){for(o=a.site,s=(c=a.halfedges).length;s--;)cw[c[s]]||c.splice(s,1);for(s=0,u=c.length;s<u;)p=(d=Vk(a,cw[c[s]]))[0],y=d[1],h=(l=Wk(a,cw[c[++s%u]]))[0],f=l[1],(Math.abs(p-h)>uw||Math.abs(y-f)>uw)&&(c.splice(s,0,cw.push(jk(o,d,Math.abs(p-t)<uw&&r-y>uw?[t,Math.abs(h-t)<uw?f:r]:Math.abs(y-r)<uw&&n-p>uw?[Math.abs(f-r)<uw?h:n,r]:Math.abs(p-n)<uw&&y-e>uw?[n,Math.abs(h-n)<uw?f:e]:Math.abs(y-e)<uw&&p-t>uw?[Math.abs(f-e)<uw?h:t,e]:null))-1),++u);u&&(v=!1)}if(v){var m,b,_,x=1/0;for(i=0,v=null;i<g;++i)(a=ow[i])&&(_=(m=(o=a.site)[0]-t)*m+(b=o[1]-e)*b)<x&&(x=_,v=a);if(v){var k=[t,e],w=[t,r],E=[n,r],T=[n,e];v.halfedges.push(cw.push(jk(o=v.site,k,w))-1,cw.push(jk(o,w,E))-1,cw.push(jk(o,E,T))-1,cw.push(jk(o,T,k))-1)}}for(i=0;i<g;++i)(a=ow[i])&&(a.halfedges.length||delete ow[i])}(o,s,c,u)}this.edges=cw,this.cells=ow,aw=sw=cw=ow=null}fw.prototype={constructor:fw,polygons:function(){var t=this.edges;return this.cells.map((function(e){var n=e.halfedges.map((function(n){return Wk(e,t[n])}));return n.data=e.site.data,n}))},triangles:function(){var t=[],e=this.edges;return this.cells.forEach((function(n,r){if(a=(i=n.halfedges).length)for(var i,a,o,s,c,u,l=n.site,h=-1,f=e[i[a-1]],d=f.left===l?f.right:f.left;++h<a;)o=d,d=(f=e[i[h]]).left===l?f.right:f.left,o&&d&&r<o.index&&r<d.index&&(c=o,u=d,((s=l)[0]-u[0])*(c[1]-s[1])-(s[0]-c[0])*(u[1]-s[1])<0)&&t.push([l.data,o.data,d.data])})),t},links:function(){return this.edges.filter((function(t){return t.right})).map((function(t){return{source:t.left.data,target:t.right.data}}))},find:function(t,e,n){for(var r,i,a=this,o=a._found||0,s=a.cells.length;!(i=a.cells[o]);)if(++o>=s)return null;var c=t-i.site[0],u=e-i.site[1],l=c*c+u*u;do{i=a.cells[r=o],o=null,i.halfedges.forEach((function(n){var r=a.edges[n],s=r.left;if(s!==i.site&&s||(s=r.right)){var c=t-s[0],u=e-s[1],h=c*c+u*u;h<l&&(l=h,o=s.index)}}))}while(null!==o);return a._found=r,null==n||l<=n*n?i.site:null}};var dw=function(){var t=Ok,e=Nk,n=null;function r(r){return new fw(r.map((function(n,i){var a=[Math.round(t(n,i,r)/uw)*uw,Math.round(e(n,i,r)/uw)*uw];return a.index=i,a.data=n,a})),n)}return r.polygons=function(t){return r(t).polygons()},r.links=function(t){return r(t).links()},r.triangles=function(t){return r(t).triangles()},r.x=function(e){return arguments.length?(t="function"==typeof e?e:Mk(+e),r):t},r.y=function(t){return arguments.length?(e="function"==typeof t?t:Mk(+t),r):e},r.extent=function(t){return arguments.length?(n=null==t?null:[[+t[0][0],+t[0][1]],[+t[1][0],+t[1][1]]],r):n&&[[n[0][0],n[0][1]],[n[1][0],n[1][1]]]},r.size=function(t){return arguments.length?(n=null==t?null:[[0,0],[+t[0],+t[1]]],r):n&&[n[1][0]-n[0][0],n[1][1]-n[0][1]]},r},pw=function(t){return function(){return t}};function yw(t,e,n){this.target=t,this.type=e,this.transform=n}function gw(t,e,n){this.k=t,this.x=e,this.y=n}gw.prototype={constructor:gw,scale:function(t){return 1===t?this:new gw(this.k*t,this.x,this.y)},translate:function(t,e){return 0===t&0===e?this:new gw(this.k,this.x+this.k*t,this.y+this.k*e)},apply:function(t){return[t[0]*this.k+this.x,t[1]*this.k+this.y]},applyX:function(t){return t*this.k+this.x},applyY:function(t){return t*this.k+this.y},invert:function(t){return[(t[0]-this.x)/this.k,(t[1]-this.y)/this.k]},invertX:function(t){return(t-this.x)/this.k},invertY:function(t){return(t-this.y)/this.k},rescaleX:function(t){return t.copy().domain(t.range().map(this.invertX,this).map(t.invert,t))},rescaleY:function(t){return t.copy().domain(t.range().map(this.invertY,this).map(t.invert,t))},toString:function(){return"translate("+this.x+","+this.y+") scale("+this.k+")"}};var vw=new gw(1,0,0);function mw(t){for(;!t.__zoom;)if(!(t=t.parentNode))return vw;return t.__zoom}function bw(){ce.stopImmediatePropagation()}mw.prototype=gw.prototype;var _w=function(){ce.preventDefault(),ce.stopImmediatePropagation()};function xw(){return!ce.ctrlKey&&!ce.button}function kw(){var t=this;return t instanceof SVGElement?(t=t.ownerSVGElement||t).hasAttribute("viewBox")?[[(t=t.viewBox.baseVal).x,t.y],[t.x+t.width,t.y+t.height]]:[[0,0],[t.width.baseVal.value,t.height.baseVal.value]]:[[0,0],[t.clientWidth,t.clientHeight]]}function ww(){return this.__zoom||vw}function Ew(){return-ce.deltaY*(1===ce.deltaMode?.05:ce.deltaMode?1:.002)}function Tw(){return navigator.maxTouchPoints||"ontouchstart"in this}function Cw(t,e,n){var r=t.invertX(e[0][0])-n[0][0],i=t.invertX(e[1][0])-n[1][0],a=t.invertY(e[0][1])-n[0][1],o=t.invertY(e[1][1])-n[1][1];return t.translate(i>r?(r+i)/2:Math.min(0,r)||Math.max(0,i),o>a?(a+o)/2:Math.min(0,a)||Math.max(0,o))}var Sw=function(){var t,e,n=xw,r=kw,i=Cw,a=Ew,o=Tw,s=[0,1/0],c=[[-1/0,-1/0],[1/0,1/0]],u=250,l=fp,h=lt("start","zoom","end"),f=0;function d(t){t.property("__zoom",ww).on("wheel.zoom",_).on("mousedown.zoom",x).on("dblclick.zoom",k).filter(o).on("touchstart.zoom",w).on("touchmove.zoom",E).on("touchend.zoom touchcancel.zoom",T).style("touch-action","none").style("-webkit-tap-highlight-color","rgba(0,0,0,0)")}function p(t,e){return(e=Math.max(s[0],Math.min(s[1],e)))===t.k?t:new gw(e,t.x,t.y)}function y(t,e,n){var r=e[0]-n[0]*t.k,i=e[1]-n[1]*t.k;return r===t.x&&i===t.y?t:new gw(t.k,r,i)}function g(t){return[(+t[0][0]+ +t[1][0])/2,(+t[0][1]+ +t[1][1])/2]}function v(t,e,n){t.on("start.zoom",(function(){m(this,arguments).start()})).on("interrupt.zoom end.zoom",(function(){m(this,arguments).end()})).tween("zoom",(function(){var t=this,i=arguments,a=m(t,i),o=r.apply(t,i),s=null==n?g(o):"function"==typeof n?n.apply(t,i):n,c=Math.max(o[1][0]-o[0][0],o[1][1]-o[0][1]),u=t.__zoom,h="function"==typeof e?e.apply(t,i):e,f=l(u.invert(s).concat(c/u.k),h.invert(s).concat(c/h.k));return function(t){if(1===t)t=h;else{var e=f(t),n=c/e[2];t=new gw(n,s[0]-e[0]*n,s[1]-e[1]*n)}a.zoom(null,t)}}))}function m(t,e,n){return!n&&t.__zooming||new b(t,e)}function b(t,e){this.that=t,this.args=e,this.active=0,this.extent=r.apply(t,e),this.taps=0}function _(){if(n.apply(this,arguments)){var t=m(this,arguments),e=this.__zoom,r=Math.max(s[0],Math.min(s[1],e.k*Math.pow(2,a.apply(this,arguments)))),o=Dn(this);if(t.wheel)t.mouse[0][0]===o[0]&&t.mouse[0][1]===o[1]||(t.mouse[1]=e.invert(t.mouse[0]=o)),clearTimeout(t.wheel);else{if(e.k===r)return;t.mouse=[o,e.invert(o)],or(this),t.start()}_w(),t.wheel=setTimeout(u,150),t.zoom("mouse",i(y(p(e,r),t.mouse[0],t.mouse[1]),t.extent,c))}function u(){t.wheel=null,t.end()}}function x(){if(!e&&n.apply(this,arguments)){var t=m(this,arguments,!0),r=ke(ce.view).on("mousemove.zoom",u,!0).on("mouseup.zoom",l,!0),a=Dn(this),o=ce.clientX,s=ce.clientY;Te(ce.view),bw(),t.mouse=[a,this.__zoom.invert(a)],or(this),t.start()}function u(){if(_w(),!t.moved){var e=ce.clientX-o,n=ce.clientY-s;t.moved=e*e+n*n>f}t.zoom("mouse",i(y(t.that.__zoom,t.mouse[0]=Dn(t.that),t.mouse[1]),t.extent,c))}function l(){r.on("mousemove.zoom mouseup.zoom",null),Ce(ce.view,t.moved),_w(),t.end()}}function k(){if(n.apply(this,arguments)){var t=this.__zoom,e=Dn(this),a=t.invert(e),o=t.k*(ce.shiftKey?.5:2),s=i(y(p(t,o),e,a),r.apply(this,arguments),c);_w(),u>0?ke(this).transition().duration(u).call(v,s,e):ke(this).call(d.transform,s)}}function w(){if(n.apply(this,arguments)){var e,r,i,a,o=ce.touches,s=o.length,c=m(this,arguments,ce.changedTouches.length===s);for(bw(),r=0;r<s;++r)i=o[r],a=[a=Nn(this,o,i.identifier),this.__zoom.invert(a),i.identifier],c.touch0?c.touch1||c.touch0[2]===a[2]||(c.touch1=a,c.taps=0):(c.touch0=a,e=!0,c.taps=1+!!t);t&&(t=clearTimeout(t)),e&&(c.taps<2&&(t=setTimeout((function(){t=null}),500)),or(this),c.start())}}function E(){if(this.__zooming){var e,n,r,a,o=m(this,arguments),s=ce.changedTouches,u=s.length;for(_w(),t&&(t=clearTimeout(t)),o.taps=0,e=0;e<u;++e)n=s[e],r=Nn(this,s,n.identifier),o.touch0&&o.touch0[2]===n.identifier?o.touch0[0]=r:o.touch1&&o.touch1[2]===n.identifier&&(o.touch1[0]=r);if(n=o.that.__zoom,o.touch1){var l=o.touch0[0],h=o.touch0[1],f=o.touch1[0],d=o.touch1[1],g=(g=f[0]-l[0])*g+(g=f[1]-l[1])*g,v=(v=d[0]-h[0])*v+(v=d[1]-h[1])*v;n=p(n,Math.sqrt(g/v)),r=[(l[0]+f[0])/2,(l[1]+f[1])/2],a=[(h[0]+d[0])/2,(h[1]+d[1])/2]}else{if(!o.touch0)return;r=o.touch0[0],a=o.touch0[1]}o.zoom("touch",i(y(n,r,a),o.extent,c))}}function T(){if(this.__zooming){var t,n,r=m(this,arguments),i=ce.changedTouches,a=i.length;for(bw(),e&&clearTimeout(e),e=setTimeout((function(){e=null}),500),t=0;t<a;++t)n=i[t],r.touch0&&r.touch0[2]===n.identifier?delete r.touch0:r.touch1&&r.touch1[2]===n.identifier&&delete r.touch1;if(r.touch1&&!r.touch0&&(r.touch0=r.touch1,delete r.touch1),r.touch0)r.touch0[1]=this.__zoom.invert(r.touch0[0]);else if(r.end(),2===r.taps){var o=ke(this).on("dblclick.zoom");o&&o.apply(this,arguments)}}}return d.transform=function(t,e,n){var r=t.selection?t.selection():t;r.property("__zoom",ww),t!==r?v(t,e,n):r.interrupt().each((function(){m(this,arguments).start().zoom(null,"function"==typeof e?e.apply(this,arguments):e).end()}))},d.scaleBy=function(t,e,n){d.scaleTo(t,(function(){var t=this.__zoom.k,n="function"==typeof e?e.apply(this,arguments):e;return t*n}),n)},d.scaleTo=function(t,e,n){d.transform(t,(function(){var t=r.apply(this,arguments),a=this.__zoom,o=null==n?g(t):"function"==typeof n?n.apply(this,arguments):n,s=a.invert(o),u="function"==typeof e?e.apply(this,arguments):e;return i(y(p(a,u),o,s),t,c)}),n)},d.translateBy=function(t,e,n){d.transform(t,(function(){return i(this.__zoom.translate("function"==typeof e?e.apply(this,arguments):e,"function"==typeof n?n.apply(this,arguments):n),r.apply(this,arguments),c)}))},d.translateTo=function(t,e,n,a){d.transform(t,(function(){var t=r.apply(this,arguments),o=this.__zoom,s=null==a?g(t):"function"==typeof a?a.apply(this,arguments):a;return i(vw.translate(s[0],s[1]).scale(o.k).translate("function"==typeof e?-e.apply(this,arguments):-e,"function"==typeof n?-n.apply(this,arguments):-n),t,c)}),a)},b.prototype={start:function(){return 1==++this.active&&(this.that.__zooming=this,this.emit("start")),this},zoom:function(t,e){return this.mouse&&"mouse"!==t&&(this.mouse[1]=e.invert(this.mouse[0])),this.touch0&&"touch"!==t&&(this.touch0[1]=e.invert(this.touch0[0])),this.touch1&&"touch"!==t&&(this.touch1[1]=e.invert(this.touch1[0])),this.that.__zoom=e,this.emit("zoom"),this},end:function(){return 0==--this.active&&(delete this.that.__zooming,this.emit("end")),this},emit:function(t){pe(new yw(d,t,this.that.__zoom),h.apply,h,[t,this.that,this.args])}},d.wheelDelta=function(t){return arguments.length?(a="function"==typeof t?t:pw(+t),d):a},d.filter=function(t){return arguments.length?(n="function"==typeof t?t:pw(!!t),d):n},d.touchable=function(t){return arguments.length?(o="function"==typeof t?t:pw(!!t),d):o},d.extent=function(t){return arguments.length?(r="function"==typeof t?t:pw([[+t[0][0],+t[0][1]],[+t[1][0],+t[1][1]]]),d):r},d.scaleExtent=function(t){return arguments.length?(s[0]=+t[0],s[1]=+t[1],d):[s[0],s[1]]},d.translateExtent=function(t){return arguments.length?(c[0][0]=+t[0][0],c[1][0]=+t[1][0],c[0][1]=+t[0][1],c[1][1]=+t[1][1],d):[[c[0][0],c[0][1]],[c[1][0],c[1][1]]]},d.constrain=function(t){return arguments.length?(i=t,d):i},d.duration=function(t){return arguments.length?(u=+t,d):u},d.interpolate=function(t){return arguments.length?(l=t,d):l},d.on=function(){var t=h.on.apply(h,arguments);return t===h?d:t},d.clickDistance=function(t){return arguments.length?(f=(t=+t)*t,d):Math.sqrt(f)},d};n.d(e,"version",(function(){return"5.15.0"})),n.d(e,"bisect",(function(){return c})),n.d(e,"bisectRight",(function(){return o})),n.d(e,"bisectLeft",(function(){return s})),n.d(e,"ascending",(function(){return r})),n.d(e,"bisector",(function(){return i})),n.d(e,"cross",(function(){return h})),n.d(e,"descending",(function(){return f})),n.d(e,"deviation",(function(){return y})),n.d(e,"extent",(function(){return g})),n.d(e,"histogram",(function(){return O})),n.d(e,"thresholdFreedmanDiaconis",(function(){return D})),n.d(e,"thresholdScott",(function(){return B})),n.d(e,"thresholdSturges",(function(){return M})),n.d(e,"max",(function(){return L})),n.d(e,"mean",(function(){return I})),n.d(e,"median",(function(){return R})),n.d(e,"merge",(function(){return F})),n.d(e,"min",(function(){return P})),n.d(e,"pairs",(function(){return u})),n.d(e,"permute",(function(){return j})),n.d(e,"quantile",(function(){return N})),n.d(e,"range",(function(){return k})),n.d(e,"scan",(function(){return Y})),n.d(e,"shuffle",(function(){return z})),n.d(e,"sum",(function(){return U})),n.d(e,"ticks",(function(){return C})),n.d(e,"tickIncrement",(function(){return S})),n.d(e,"tickStep",(function(){return A})),n.d(e,"transpose",(function(){return $})),n.d(e,"variance",(function(){return p})),n.d(e,"zip",(function(){return V})),n.d(e,"axisTop",(function(){return tt})),n.d(e,"axisRight",(function(){return et})),n.d(e,"axisBottom",(function(){return nt})),n.d(e,"axisLeft",(function(){return rt})),n.d(e,"brush",(function(){return Ti})),n.d(e,"brushX",(function(){return wi})),n.d(e,"brushY",(function(){return Ei})),n.d(e,"brushSelection",(function(){return ki})),n.d(e,"chord",(function(){return Li})),n.d(e,"ribbon",(function(){return Gi})),n.d(e,"nest",(function(){return Ki})),n.d(e,"set",(function(){return oa})),n.d(e,"map",(function(){return Qi})),n.d(e,"keys",(function(){return sa})),n.d(e,"values",(function(){return ca})),n.d(e,"entries",(function(){return ua})),n.d(e,"color",(function(){return $e})),n.d(e,"rgb",(function(){return He})),n.d(e,"hsl",(function(){return tn})),n.d(e,"lab",(function(){return pa})),n.d(e,"hcl",(function(){return ka})),n.d(e,"lch",(function(){return xa})),n.d(e,"gray",(function(){return da})),n.d(e,"cubehelix",(function(){return Oa})),n.d(e,"contours",(function(){return Ya})),n.d(e,"contourDensity",(function(){return qa})),n.d(e,"dispatch",(function(){return lt})),n.d(e,"drag",(function(){return Ja})),n.d(e,"dragDisable",(function(){return Te})),n.d(e,"dragEnable",(function(){return Ce})),n.d(e,"dsvFormat",(function(){return oo})),n.d(e,"csvParse",(function(){return co})),n.d(e,"csvParseRows",(function(){return uo})),n.d(e,"csvFormat",(function(){return lo})),n.d(e,"csvFormatBody",(function(){return ho})),n.d(e,"csvFormatRows",(function(){return fo})),n.d(e,"csvFormatRow",(function(){return po})),n.d(e,"csvFormatValue",(function(){return yo})),n.d(e,"tsvParse",(function(){return vo})),n.d(e,"tsvParseRows",(function(){return mo})),n.d(e,"tsvFormat",(function(){return bo})),n.d(e,"tsvFormatBody",(function(){return _o})),n.d(e,"tsvFormatRows",(function(){return xo})),n.d(e,"tsvFormatRow",(function(){return ko})),n.d(e,"tsvFormatValue",(function(){return wo})),n.d(e,"autoType",(function(){return Eo})),n.d(e,"easeLinear",(function(){return Co})),n.d(e,"easeQuad",(function(){return Mo})),n.d(e,"easeQuadIn",(function(){return So})),n.d(e,"easeQuadOut",(function(){return Ao})),n.d(e,"easeQuadInOut",(function(){return Mo})),n.d(e,"easeCubic",(function(){return qr})),n.d(e,"easeCubicIn",(function(){return Wr})),n.d(e,"easeCubicOut",(function(){return Vr})),n.d(e,"easeCubicInOut",(function(){return qr})),n.d(e,"easePoly",(function(){return Do})),n.d(e,"easePolyIn",(function(){return Oo})),n.d(e,"easePolyOut",(function(){return No})),n.d(e,"easePolyInOut",(function(){return Do})),n.d(e,"easeSin",(function(){return Fo})),n.d(e,"easeSinIn",(function(){return Io})),n.d(e,"easeSinOut",(function(){return Ro})),n.d(e,"easeSinInOut",(function(){return Fo})),n.d(e,"easeExp",(function(){return Yo})),n.d(e,"easeExpIn",(function(){return Po})),n.d(e,"easeExpOut",(function(){return jo})),n.d(e,"easeExpInOut",(function(){return Yo})),n.d(e,"easeCircle",(function(){return $o})),n.d(e,"easeCircleIn",(function(){return zo})),n.d(e,"easeCircleOut",(function(){return Uo})),n.d(e,"easeCircleInOut",(function(){return $o})),n.d(e,"easeBounce",(function(){return Vo})),n.d(e,"easeBounceIn",(function(){return Wo})),n.d(e,"easeBounceOut",(function(){return Vo})),n.d(e,"easeBounceInOut",(function(){return qo})),n.d(e,"easeBack",(function(){return Xo})),n.d(e,"easeBackIn",(function(){return Ho})),n.d(e,"easeBackOut",(function(){return Go})),n.d(e,"easeBackInOut",(function(){return Xo})),n.d(e,"easeElastic",(function(){return Ko})),n.d(e,"easeElasticIn",(function(){return Qo})),n.d(e,"easeElasticOut",(function(){return Ko})),n.d(e,"easeElasticInOut",(function(){return Jo})),n.d(e,"blob",(function(){return es})),n.d(e,"buffer",(function(){return rs})),n.d(e,"dsv",(function(){return ss})),n.d(e,"csv",(function(){return cs})),n.d(e,"tsv",(function(){return us})),n.d(e,"image",(function(){return ls})),n.d(e,"json",(function(){return fs})),n.d(e,"text",(function(){return as})),n.d(e,"xml",(function(){return ps})),n.d(e,"html",(function(){return ys})),n.d(e,"svg",(function(){return gs})),n.d(e,"forceCenter",(function(){return vs})),n.d(e,"forceCollide",(function(){return Os})),n.d(e,"forceLink",(function(){return Bs})),n.d(e,"forceManyBody",(function(){return Ps})),n.d(e,"forceRadial",(function(){return js})),n.d(e,"forceSimulation",(function(){return Fs})),n.d(e,"forceX",(function(){return Ys})),n.d(e,"forceY",(function(){return zs})),n.d(e,"formatDefaultLocale",(function(){return rc})),n.d(e,"format",(function(){return Xs})),n.d(e,"formatPrefix",(function(){return Zs})),n.d(e,"formatLocale",(function(){return nc})),n.d(e,"formatSpecifier",(function(){return Vs})),n.d(e,"FormatSpecifier",(function(){return qs})),n.d(e,"precisionFixed",(function(){return ic})),n.d(e,"precisionPrefix",(function(){return ac})),n.d(e,"precisionRound",(function(){return oc})),n.d(e,"geoArea",(function(){return Qc})),n.d(e,"geoBounds",(function(){return $u})),n.d(e,"geoCentroid",(function(){return el})),n.d(e,"geoCircle",(function(){return fl})),n.d(e,"geoClipAntimeridian",(function(){return El})),n.d(e,"geoClipCircle",(function(){return Tl})),n.d(e,"geoClipExtent",(function(){return Ol})),n.d(e,"geoClipRectangle",(function(){return Cl})),n.d(e,"geoContains",(function(){return Gl})),n.d(e,"geoDistance",(function(){return jl})),n.d(e,"geoGraticule",(function(){return Ql})),n.d(e,"geoGraticule10",(function(){return Kl})),n.d(e,"geoInterpolate",(function(){return rh})),n.d(e,"geoLength",(function(){return Rl})),n.d(e,"geoPath",(function(){return ef})),n.d(e,"geoAlbers",(function(){return xf})),n.d(e,"geoAlbersUsa",(function(){return kf})),n.d(e,"geoAzimuthalEqualArea",(function(){return Cf})),n.d(e,"geoAzimuthalEqualAreaRaw",(function(){return Tf})),n.d(e,"geoAzimuthalEquidistant",(function(){return Af})),n.d(e,"geoAzimuthalEquidistantRaw",(function(){return Sf})),n.d(e,"geoConicConformal",(function(){return Lf})),n.d(e,"geoConicConformalRaw",(function(){return Bf})),n.d(e,"geoConicEqualArea",(function(){return _f})),n.d(e,"geoConicEqualAreaRaw",(function(){return bf})),n.d(e,"geoConicEquidistant",(function(){return Pf})),n.d(e,"geoConicEquidistantRaw",(function(){return Ff})),n.d(e,"geoEqualEarth",(function(){return Vf})),n.d(e,"geoEqualEarthRaw",(function(){return Wf})),n.d(e,"geoEquirectangular",(function(){return Rf})),n.d(e,"geoEquirectangularRaw",(function(){return If})),n.d(e,"geoGnomonic",(function(){return Hf})),n.d(e,"geoGnomonicRaw",(function(){return qf})),n.d(e,"geoIdentity",(function(){return Xf})),n.d(e,"geoProjection",(function(){return gf})),n.d(e,"geoProjectionMutator",(function(){return vf})),n.d(e,"geoMercator",(function(){return Of})),n.d(e,"geoMercatorRaw",(function(){return Mf})),n.d(e,"geoNaturalEarth1",(function(){return Qf})),n.d(e,"geoNaturalEarth1Raw",(function(){return Zf})),n.d(e,"geoOrthographic",(function(){return Jf})),n.d(e,"geoOrthographicRaw",(function(){return Kf})),n.d(e,"geoStereographic",(function(){return ed})),n.d(e,"geoStereographicRaw",(function(){return td})),n.d(e,"geoTransverseMercator",(function(){return rd})),n.d(e,"geoTransverseMercatorRaw",(function(){return nd})),n.d(e,"geoRotation",(function(){return ul})),n.d(e,"geoStream",(function(){return $c})),n.d(e,"geoTransform",(function(){return nf})),n.d(e,"cluster",(function(){return sd})),n.d(e,"hierarchy",(function(){return ud})),n.d(e,"pack",(function(){return Ld})),n.d(e,"packSiblings",(function(){return Ad})),n.d(e,"packEnclose",(function(){return yd})),n.d(e,"partition",(function(){return Yd})),n.d(e,"stratify",(function(){return Vd})),n.d(e,"tree",(function(){return Kd})),n.d(e,"treemap",(function(){return rp})),n.d(e,"treemapBinary",(function(){return ip})),n.d(e,"treemapDice",(function(){return jd})),n.d(e,"treemapSlice",(function(){return Jd})),n.d(e,"treemapSliceDice",(function(){return ap})),n.d(e,"treemapSquarify",(function(){return np})),n.d(e,"treemapResquarify",(function(){return op})),n.d(e,"interpolate",(function(){return An})),n.d(e,"interpolateArray",(function(){return mn})),n.d(e,"interpolateBasis",(function(){return an})),n.d(e,"interpolateBasisClosed",(function(){return on})),n.d(e,"interpolateDate",(function(){return _n})),n.d(e,"interpolateDiscrete",(function(){return sp})),n.d(e,"interpolateHue",(function(){return cp})),n.d(e,"interpolateNumber",(function(){return xn})),n.d(e,"interpolateNumberArray",(function(){return gn})),n.d(e,"interpolateObject",(function(){return kn})),n.d(e,"interpolateRound",(function(){return up})),n.d(e,"interpolateString",(function(){return Sn})),n.d(e,"interpolateTransformCss",(function(){return hr})),n.d(e,"interpolateTransformSvg",(function(){return fr})),n.d(e,"interpolateZoom",(function(){return fp})),n.d(e,"interpolateRgb",(function(){return fn})),n.d(e,"interpolateRgbBasis",(function(){return pn})),n.d(e,"interpolateRgbBasisClosed",(function(){return yn})),n.d(e,"interpolateHsl",(function(){return pp})),n.d(e,"interpolateHslLong",(function(){return yp})),n.d(e,"interpolateLab",(function(){return gp})),n.d(e,"interpolateHcl",(function(){return mp})),n.d(e,"interpolateHclLong",(function(){return bp})),n.d(e,"interpolateCubehelix",(function(){return xp})),n.d(e,"interpolateCubehelixLong",(function(){return kp})),n.d(e,"piecewise",(function(){return wp})),n.d(e,"quantize",(function(){return Ep})),n.d(e,"path",(function(){return Ui})),n.d(e,"polygonArea",(function(){return Tp})),n.d(e,"polygonCentroid",(function(){return Cp})),n.d(e,"polygonHull",(function(){return Mp})),n.d(e,"polygonContains",(function(){return Op})),n.d(e,"polygonLength",(function(){return Np})),n.d(e,"quadtree",(function(){return Es})),n.d(e,"randomUniform",(function(){return Bp})),n.d(e,"randomNormal",(function(){return Lp})),n.d(e,"randomLogNormal",(function(){return Ip})),n.d(e,"randomBates",(function(){return Fp})),n.d(e,"randomIrwinHall",(function(){return Rp})),n.d(e,"randomExponential",(function(){return Pp})),n.d(e,"scaleBand",(function(){return qp})),n.d(e,"scalePoint",(function(){return Gp})),n.d(e,"scaleIdentity",(function(){return cy})),n.d(e,"scaleLinear",(function(){return sy})),n.d(e,"scaleLog",(function(){return vy})),n.d(e,"scaleSymlog",(function(){return xy})),n.d(e,"scaleOrdinal",(function(){return Vp})),n.d(e,"scaleImplicit",(function(){return Wp})),n.d(e,"scalePow",(function(){return Cy})),n.d(e,"scaleSqrt",(function(){return Sy})),n.d(e,"scaleQuantile",(function(){return Ay})),n.d(e,"scaleQuantize",(function(){return My})),n.d(e,"scaleThreshold",(function(){return Oy})),n.d(e,"scaleTime",(function(){return sm})),n.d(e,"scaleUtc",(function(){return vm})),n.d(e,"scaleSequential",(function(){return _m})),n.d(e,"scaleSequentialLog",(function(){return xm})),n.d(e,"scaleSequentialPow",(function(){return wm})),n.d(e,"scaleSequentialSqrt",(function(){return Em})),n.d(e,"scaleSequentialSymlog",(function(){return km})),n.d(e,"scaleSequentialQuantile",(function(){return Tm})),n.d(e,"scaleDiverging",(function(){return Sm})),n.d(e,"scaleDivergingLog",(function(){return Am})),n.d(e,"scaleDivergingPow",(function(){return Om})),n.d(e,"scaleDivergingSqrt",(function(){return Nm})),n.d(e,"scaleDivergingSymlog",(function(){return Mm})),n.d(e,"tickFormat",(function(){return ay})),n.d(e,"schemeCategory10",(function(){return Bm})),n.d(e,"schemeAccent",(function(){return Lm})),n.d(e,"schemeDark2",(function(){return Im})),n.d(e,"schemePaired",(function(){return Rm})),n.d(e,"schemePastel1",(function(){return Fm})),n.d(e,"schemePastel2",(function(){return Pm})),n.d(e,"schemeSet1",(function(){return jm})),n.d(e,"schemeSet2",(function(){return Ym})),n.d(e,"schemeSet3",(function(){return zm})),n.d(e,"schemeTableau10",(function(){return Um})),n.d(e,"interpolateBrBG",(function(){return Vm})),n.d(e,"schemeBrBG",(function(){return Wm})),n.d(e,"interpolatePRGn",(function(){return Hm})),n.d(e,"schemePRGn",(function(){return qm})),n.d(e,"interpolatePiYG",(function(){return Xm})),n.d(e,"schemePiYG",(function(){return Gm})),n.d(e,"interpolatePuOr",(function(){return Qm})),n.d(e,"schemePuOr",(function(){return Zm})),n.d(e,"interpolateRdBu",(function(){return Jm})),n.d(e,"schemeRdBu",(function(){return Km})),n.d(e,"interpolateRdGy",(function(){return eb})),n.d(e,"schemeRdGy",(function(){return tb})),n.d(e,"interpolateRdYlBu",(function(){return rb})),n.d(e,"schemeRdYlBu",(function(){return nb})),n.d(e,"interpolateRdYlGn",(function(){return ab})),n.d(e,"schemeRdYlGn",(function(){return ib})),n.d(e,"interpolateSpectral",(function(){return sb})),n.d(e,"schemeSpectral",(function(){return ob})),n.d(e,"interpolateBuGn",(function(){return ub})),n.d(e,"schemeBuGn",(function(){return cb})),n.d(e,"interpolateBuPu",(function(){return hb})),n.d(e,"schemeBuPu",(function(){return lb})),n.d(e,"interpolateGnBu",(function(){return db})),n.d(e,"schemeGnBu",(function(){return fb})),n.d(e,"interpolateOrRd",(function(){return yb})),n.d(e,"schemeOrRd",(function(){return pb})),n.d(e,"interpolatePuBuGn",(function(){return vb})),n.d(e,"schemePuBuGn",(function(){return gb})),n.d(e,"interpolatePuBu",(function(){return bb})),n.d(e,"schemePuBu",(function(){return mb})),n.d(e,"interpolatePuRd",(function(){return xb})),n.d(e,"schemePuRd",(function(){return _b})),n.d(e,"interpolateRdPu",(function(){return wb})),n.d(e,"schemeRdPu",(function(){return kb})),n.d(e,"interpolateYlGnBu",(function(){return Tb})),n.d(e,"schemeYlGnBu",(function(){return Eb})),n.d(e,"interpolateYlGn",(function(){return Sb})),n.d(e,"schemeYlGn",(function(){return Cb})),n.d(e,"interpolateYlOrBr",(function(){return Mb})),n.d(e,"schemeYlOrBr",(function(){return Ab})),n.d(e,"interpolateYlOrRd",(function(){return Nb})),n.d(e,"schemeYlOrRd",(function(){return Ob})),n.d(e,"interpolateBlues",(function(){return Bb})),n.d(e,"schemeBlues",(function(){return Db})),n.d(e,"interpolateGreens",(function(){return Ib})),n.d(e,"schemeGreens",(function(){return Lb})),n.d(e,"interpolateGreys",(function(){return Fb})),n.d(e,"schemeGreys",(function(){return Rb})),n.d(e,"interpolatePurples",(function(){return jb})),n.d(e,"schemePurples",(function(){return Pb})),n.d(e,"interpolateReds",(function(){return zb})),n.d(e,"schemeReds",(function(){return Yb})),n.d(e,"interpolateOranges",(function(){return $b})),n.d(e,"schemeOranges",(function(){return Ub})),n.d(e,"interpolateCividis",(function(){return Wb})),n.d(e,"interpolateCubehelixDefault",(function(){return Vb})),n.d(e,"interpolateRainbow",(function(){return Xb})),n.d(e,"interpolateWarm",(function(){return qb})),n.d(e,"interpolateCool",(function(){return Hb})),n.d(e,"interpolateSinebow",(function(){return Jb})),n.d(e,"interpolateTurbo",(function(){return t_})),n.d(e,"interpolateViridis",(function(){return n_})),n.d(e,"interpolateMagma",(function(){return r_})),n.d(e,"interpolateInferno",(function(){return i_})),n.d(e,"interpolatePlasma",(function(){return a_})),n.d(e,"create",(function(){return o_})),n.d(e,"creator",(function(){return ne})),n.d(e,"local",(function(){return c_})),n.d(e,"matcher",(function(){return yt})),n.d(e,"mouse",(function(){return Dn})),n.d(e,"namespace",(function(){return wt})),n.d(e,"namespaces",(function(){return kt})),n.d(e,"clientPoint",(function(){return On})),n.d(e,"select",(function(){return ke})),n.d(e,"selectAll",(function(){return l_})),n.d(e,"selection",(function(){return xe})),n.d(e,"selector",(function(){return ft})),n.d(e,"selectorAll",(function(){return pt})),n.d(e,"style",(function(){return Lt})),n.d(e,"touch",(function(){return Nn})),n.d(e,"touches",(function(){return h_})),n.d(e,"window",(function(){return Ot})),n.d(e,"event",(function(){return ce})),n.d(e,"customEvent",(function(){return pe})),n.d(e,"arc",(function(){return D_})),n.d(e,"area",(function(){return P_})),n.d(e,"line",(function(){return F_})),n.d(e,"pie",(function(){return z_})),n.d(e,"areaRadial",(function(){return H_})),n.d(e,"radialArea",(function(){return H_})),n.d(e,"lineRadial",(function(){return q_})),n.d(e,"radialLine",(function(){return q_})),n.d(e,"pointRadial",(function(){return G_})),n.d(e,"linkHorizontal",(function(){return nx})),n.d(e,"linkVertical",(function(){return rx})),n.d(e,"linkRadial",(function(){return ix})),n.d(e,"symbol",(function(){return kx})),n.d(e,"symbols",(function(){return xx})),n.d(e,"symbolCircle",(function(){return ax})),n.d(e,"symbolCross",(function(){return ox})),n.d(e,"symbolDiamond",(function(){return ux})),n.d(e,"symbolSquare",(function(){return px})),n.d(e,"symbolStar",(function(){return dx})),n.d(e,"symbolTriangle",(function(){return gx})),n.d(e,"symbolWye",(function(){return _x})),n.d(e,"curveBasisClosed",(function(){return Ax})),n.d(e,"curveBasisOpen",(function(){return Ox})),n.d(e,"curveBasis",(function(){return Cx})),n.d(e,"curveBundle",(function(){return Dx})),n.d(e,"curveCardinalClosed",(function(){return Fx})),n.d(e,"curveCardinalOpen",(function(){return jx})),n.d(e,"curveCardinal",(function(){return Ix})),n.d(e,"curveCatmullRomClosed",(function(){return Wx})),n.d(e,"curveCatmullRomOpen",(function(){return qx})),n.d(e,"curveCatmullRom",(function(){return Ux})),n.d(e,"curveLinearClosed",(function(){return Gx})),n.d(e,"curveLinear",(function(){return L_})),n.d(e,"curveMonotoneX",(function(){return nk})),n.d(e,"curveMonotoneY",(function(){return rk})),n.d(e,"curveNatural",(function(){return ok})),n.d(e,"curveStep",(function(){return ck})),n.d(e,"curveStepAfter",(function(){return lk})),n.d(e,"curveStepBefore",(function(){return uk})),n.d(e,"stack",(function(){return pk})),n.d(e,"stackOffsetExpand",(function(){return yk})),n.d(e,"stackOffsetDiverging",(function(){return gk})),n.d(e,"stackOffsetNone",(function(){return hk})),n.d(e,"stackOffsetSilhouette",(function(){return vk})),n.d(e,"stackOffsetWiggle",(function(){return mk})),n.d(e,"stackOrderAppearance",(function(){return bk})),n.d(e,"stackOrderAscending",(function(){return xk})),n.d(e,"stackOrderDescending",(function(){return wk})),n.d(e,"stackOrderInsideOut",(function(){return Ek})),n.d(e,"stackOrderNone",(function(){return fk})),n.d(e,"stackOrderReverse",(function(){return Tk})),n.d(e,"timeInterval",(function(){return By})),n.d(e,"timeMillisecond",(function(){return pg})),n.d(e,"timeMilliseconds",(function(){return yg})),n.d(e,"utcMillisecond",(function(){return pg})),n.d(e,"utcMilliseconds",(function(){return yg})),n.d(e,"timeSecond",(function(){return hg})),n.d(e,"timeSeconds",(function(){return fg})),n.d(e,"utcSecond",(function(){return hg})),n.d(e,"utcSeconds",(function(){return fg})),n.d(e,"timeMinute",(function(){return cg})),n.d(e,"timeMinutes",(function(){return ug})),n.d(e,"timeHour",(function(){return ag})),n.d(e,"timeHours",(function(){return og})),n.d(e,"timeDay",(function(){return ng})),n.d(e,"timeDays",(function(){return rg})),n.d(e,"timeWeek",(function(){return zy})),n.d(e,"timeWeeks",(function(){return Gy})),n.d(e,"timeSunday",(function(){return zy})),n.d(e,"timeSundays",(function(){return Gy})),n.d(e,"timeMonday",(function(){return Uy})),n.d(e,"timeMondays",(function(){return Xy})),n.d(e,"timeTuesday",(function(){return $y})),n.d(e,"timeTuesdays",(function(){return Zy})),n.d(e,"timeWednesday",(function(){return Wy})),n.d(e,"timeWednesdays",(function(){return Qy})),n.d(e,"timeThursday",(function(){return Vy})),n.d(e,"timeThursdays",(function(){return Ky})),n.d(e,"timeFriday",(function(){return qy})),n.d(e,"timeFridays",(function(){return Jy})),n.d(e,"timeSaturday",(function(){return Hy})),n.d(e,"timeSaturdays",(function(){return tg})),n.d(e,"timeMonth",(function(){return Py})),n.d(e,"timeMonths",(function(){return jy})),n.d(e,"timeYear",(function(){return Iy})),n.d(e,"timeYears",(function(){return Ry})),n.d(e,"utcMinute",(function(){return ym})),n.d(e,"utcMinutes",(function(){return gm})),n.d(e,"utcHour",(function(){return fm})),n.d(e,"utcHours",(function(){return dm})),n.d(e,"utcDay",(function(){return Dg})),n.d(e,"utcDays",(function(){return Bg})),n.d(e,"utcWeek",(function(){return vg})),n.d(e,"utcWeeks",(function(){return Eg})),n.d(e,"utcSunday",(function(){return vg})),n.d(e,"utcSundays",(function(){return Eg})),n.d(e,"utcMonday",(function(){return mg})),n.d(e,"utcMondays",(function(){return Tg})),n.d(e,"utcTuesday",(function(){return bg})),n.d(e,"utcTuesdays",(function(){return Cg})),n.d(e,"utcWednesday",(function(){return _g})),n.d(e,"utcWednesdays",(function(){return Sg})),n.d(e,"utcThursday",(function(){return xg})),n.d(e,"utcThursdays",(function(){return Ag})),n.d(e,"utcFriday",(function(){return kg})),n.d(e,"utcFridays",(function(){return Mg})),n.d(e,"utcSaturday",(function(){return wg})),n.d(e,"utcSaturdays",(function(){return Og})),n.d(e,"utcMonth",(function(){return um})),n.d(e,"utcMonths",(function(){return lm})),n.d(e,"utcYear",(function(){return Ig})),n.d(e,"utcYears",(function(){return Rg})),n.d(e,"timeFormatDefaultLocale",(function(){return rm})),n.d(e,"timeFormat",(function(){return Ug})),n.d(e,"timeParse",(function(){return $g})),n.d(e,"utcFormat",(function(){return Wg})),n.d(e,"utcParse",(function(){return Vg})),n.d(e,"timeFormatLocale",(function(){return Yg})),n.d(e,"isoFormat",(function(){return Ck})),n.d(e,"isoParse",(function(){return Sk})),n.d(e,"now",(function(){return zn})),n.d(e,"timer",(function(){return Wn})),n.d(e,"timerFlush",(function(){return Vn})),n.d(e,"timeout",(function(){return Xn})),n.d(e,"interval",(function(){return Ak})),n.d(e,"transition",(function(){return zr})),n.d(e,"active",(function(){return Zr})),n.d(e,"interrupt",(function(){return or})),n.d(e,"voronoi",(function(){return dw})),n.d(e,"zoom",(function(){return Sw})),n.d(e,"zoomTransform",(function(){return mw})),n.d(e,"zoomIdentity",(function(){return vw}))},function(t,e,n){"use strict";Object.defineProperty(e,"__esModule",{value:!0}),function(t){for(var n in t)e.hasOwnProperty(n)||(e[n]=t[n])}(n(173))},function(t,e,n){(function(t,r){var i=function(){var t=function(t,e,n,r){for(n=n||{},r=t.length;r--;n[t[r]]=e);return n},e=[1,2],n=[1,3],r=[1,5],i=[1,7],a=[2,5],o=[1,15],s=[1,17],c=[1,18],u=[1,20],l=[1,21],h=[1,22],f=[1,24],d=[1,25],p=[1,26],y=[1,27],g=[1,28],v=[1,29],m=[1,32],b=[1,33],_=[1,36],x=[1,4,5,16,21,22,23,25,27,28,29,30,31,33,35,36,37,48,58],k=[1,44],w=[4,5,16,21,22,23,25,27,28,29,30,31,33,37,48,58],E=[4,5,16,21,22,23,25,27,28,29,30,31,33,36,37,48,58],T=[4,5,16,21,22,23,25,27,28,29,30,31,33,35,37,48,58],C=[46,47,48],S=[1,4,5,7,16,21,22,23,25,27,28,29,30,31,33,35,36,37,48,58],A={trace:function(){},yy:{},symbols_:{error:2,start:3,SPACE:4,NEWLINE:5,directive:6,SD:7,document:8,line:9,statement:10,openDirective:11,typeDirective:12,closeDirective:13,":":14,argDirective:15,participant:16,actor:17,AS:18,restOfLine:19,signal:20,autonumber:21,activate:22,deactivate:23,note_statement:24,title:25,text2:26,loop:27,end:28,rect:29,opt:30,alt:31,else_sections:32,par:33,par_sections:34,and:35,else:36,note:37,placement:38,over:39,actor_pair:40,spaceList:41,",":42,left_of:43,right_of:44,signaltype:45,"+":46,"-":47,ACTOR:48,SOLID_OPEN_ARROW:49,DOTTED_OPEN_ARROW:50,SOLID_ARROW:51,DOTTED_ARROW:52,SOLID_CROSS:53,DOTTED_CROSS:54,SOLID_POINT:55,DOTTED_POINT:56,TXT:57,open_directive:58,type_directive:59,arg_directive:60,close_directive:61,$accept:0,$end:1},terminals_:{2:"error",4:"SPACE",5:"NEWLINE",7:"SD",14:":",16:"participant",18:"AS",19:"restOfLine",21:"autonumber",22:"activate",23:"deactivate",25:"title",27:"loop",28:"end",29:"rect",30:"opt",31:"alt",33:"par",35:"and",36:"else",37:"note",39:"over",42:",",43:"left_of",44:"right_of",46:"+",47:"-",48:"ACTOR",49:"SOLID_OPEN_ARROW",50:"DOTTED_OPEN_ARROW",51:"SOLID_ARROW",52:"DOTTED_ARROW",53:"SOLID_CROSS",54:"DOTTED_CROSS",55:"SOLID_POINT",56:"DOTTED_POINT",57:"TXT",58:"open_directive",59:"type_directive",60:"arg_directive",61:"close_directive"},productions_:[0,[3,2],[3,2],[3,2],[3,2],[8,0],[8,2],[9,2],[9,1],[9,1],[6,4],[6,6],[10,5],[10,3],[10,2],[10,1],[10,3],[10,3],[10,2],[10,3],[10,4],[10,4],[10,4],[10,4],[10,4],[10,1],[34,1],[34,4],[32,1],[32,4],[24,4],[24,4],[41,2],[41,1],[40,3],[40,1],[38,1],[38,1],[20,5],[20,5],[20,4],[17,1],[45,1],[45,1],[45,1],[45,1],[45,1],[45,1],[45,1],[45,1],[26,1],[11,1],[12,1],[15,1],[13,1]],performAction:function(t,e,n,r,i,a,o){var s=a.length-1;switch(i){case 4:return r.apply(a[s]),a[s];case 5:this.$=[];break;case 6:a[s-1].push(a[s]),this.$=a[s-1];break;case 7:case 8:this.$=a[s];break;case 9:this.$=[];break;case 12:a[s-3].description=r.parseMessage(a[s-1]),this.$=a[s-3];break;case 13:this.$=a[s-1];break;case 15:r.enableSequenceNumbers();break;case 16:this.$={type:"activeStart",signalType:r.LINETYPE.ACTIVE_START,actor:a[s-1]};break;case 17:this.$={type:"activeEnd",signalType:r.LINETYPE.ACTIVE_END,actor:a[s-1]};break;case 19:this.$=[{type:"setTitle",text:a[s-1]}];break;case 20:a[s-1].unshift({type:"loopStart",loopText:r.parseMessage(a[s-2]),signalType:r.LINETYPE.LOOP_START}),a[s-1].push({type:"loopEnd",loopText:a[s-2],signalType:r.LINETYPE.LOOP_END}),this.$=a[s-1];break;case 21:a[s-1].unshift({type:"rectStart",color:r.parseMessage(a[s-2]),signalType:r.LINETYPE.RECT_START}),a[s-1].push({type:"rectEnd",color:r.parseMessage(a[s-2]),signalType:r.LINETYPE.RECT_END}),this.$=a[s-1];break;case 22:a[s-1].unshift({type:"optStart",optText:r.parseMessage(a[s-2]),signalType:r.LINETYPE.OPT_START}),a[s-1].push({type:"optEnd",optText:r.parseMessage(a[s-2]),signalType:r.LINETYPE.OPT_END}),this.$=a[s-1];break;case 23:a[s-1].unshift({type:"altStart",altText:r.parseMessage(a[s-2]),signalType:r.LINETYPE.ALT_START}),a[s-1].push({type:"altEnd",signalType:r.LINETYPE.ALT_END}),this.$=a[s-1];break;case 24:a[s-1].unshift({type:"parStart",parText:r.parseMessage(a[s-2]),signalType:r.LINETYPE.PAR_START}),a[s-1].push({type:"parEnd",signalType:r.LINETYPE.PAR_END}),this.$=a[s-1];break;case 27:this.$=a[s-3].concat([{type:"and",parText:r.parseMessage(a[s-1]),signalType:r.LINETYPE.PAR_AND},a[s]]);break;case 29:this.$=a[s-3].concat([{type:"else",altText:r.parseMessage(a[s-1]),signalType:r.LINETYPE.ALT_ELSE},a[s]]);break;case 30:this.$=[a[s-1],{type:"addNote",placement:a[s-2],actor:a[s-1].actor,text:a[s]}];break;case 31:a[s-2]=[].concat(a[s-1],a[s-1]).slice(0,2),a[s-2][0]=a[s-2][0].actor,a[s-2][1]=a[s-2][1].actor,this.$=[a[s-1],{type:"addNote",placement:r.PLACEMENT.OVER,actor:a[s-2].slice(0,2),text:a[s]}];break;case 34:this.$=[a[s-2],a[s]];break;case 35:this.$=a[s];break;case 36:this.$=r.PLACEMENT.LEFTOF;break;case 37:this.$=r.PLACEMENT.RIGHTOF;break;case 38:this.$=[a[s-4],a[s-1],{type:"addMessage",from:a[s-4].actor,to:a[s-1].actor,signalType:a[s-3],msg:a[s]},{type:"activeStart",signalType:r.LINETYPE.ACTIVE_START,actor:a[s-1]}];break;case 39:this.$=[a[s-4],a[s-1],{type:"addMessage",from:a[s-4].actor,to:a[s-1].actor,signalType:a[s-3],msg:a[s]},{type:"activeEnd",signalType:r.LINETYPE.ACTIVE_END,actor:a[s-4]}];break;case 40:this.$=[a[s-3],a[s-1],{type:"addMessage",from:a[s-3].actor,to:a[s-1].actor,signalType:a[s-2],msg:a[s]}];break;case 41:this.$={type:"addActor",actor:a[s]};break;case 42:this.$=r.LINETYPE.SOLID_OPEN;break;case 43:this.$=r.LINETYPE.DOTTED_OPEN;break;case 44:this.$=r.LINETYPE.SOLID;break;case 45:this.$=r.LINETYPE.DOTTED;break;case 46:this.$=r.LINETYPE.SOLID_CROSS;break;case 47:this.$=r.LINETYPE.DOTTED_CROSS;break;case 48:this.$=r.LINETYPE.SOLID_POINT;break;case 49:this.$=r.LINETYPE.DOTTED_POINT;break;case 50:this.$=r.parseMessage(a[s].trim().substring(1));break;case 51:r.parseDirective("%%{","open_directive");break;case 52:r.parseDirective(a[s],"type_directive");break;case 53:a[s]=a[s].trim().replace(/'/g,'"'),r.parseDirective(a[s],"arg_directive");break;case 54:r.parseDirective("}%%","close_directive","sequence")}},table:[{3:1,4:e,5:n,6:4,7:r,11:6,58:i},{1:[3]},{3:8,4:e,5:n,6:4,7:r,11:6,58:i},{3:9,4:e,5:n,6:4,7:r,11:6,58:i},{3:10,4:e,5:n,6:4,7:r,11:6,58:i},t([1,4,5,16,21,22,23,25,27,29,30,31,33,37,48,58],a,{8:11}),{12:12,59:[1,13]},{59:[2,51]},{1:[2,1]},{1:[2,2]},{1:[2,3]},{1:[2,4],4:o,5:s,6:30,9:14,10:16,11:6,16:c,17:31,20:19,21:u,22:l,23:h,24:23,25:f,27:d,29:p,30:y,31:g,33:v,37:m,48:b,58:i},{13:34,14:[1,35],61:_},t([14,61],[2,52]),t(x,[2,6]),{6:30,10:37,11:6,16:c,17:31,20:19,21:u,22:l,23:h,24:23,25:f,27:d,29:p,30:y,31:g,33:v,37:m,48:b,58:i},t(x,[2,8]),t(x,[2,9]),{17:38,48:b},{5:[1,39]},t(x,[2,15]),{17:40,48:b},{17:41,48:b},{5:[1,42]},{26:43,57:k},{19:[1,45]},{19:[1,46]},{19:[1,47]},{19:[1,48]},{19:[1,49]},t(x,[2,25]),{45:50,49:[1,51],50:[1,52],51:[1,53],52:[1,54],53:[1,55],54:[1,56],55:[1,57],56:[1,58]},{38:59,39:[1,60],43:[1,61],44:[1,62]},t([5,18,42,49,50,51,52,53,54,55,56,57],[2,41]),{5:[1,63]},{15:64,60:[1,65]},{5:[2,54]},t(x,[2,7]),{5:[1,67],18:[1,66]},t(x,[2,14]),{5:[1,68]},{5:[1,69]},t(x,[2,18]),{5:[1,70]},{5:[2,50]},t(w,a,{8:71}),t(w,a,{8:72}),t(w,a,{8:73}),t(E,a,{32:74,8:75}),t(T,a,{34:76,8:77}),{17:80,46:[1,78],47:[1,79],48:b},t(C,[2,42]),t(C,[2,43]),t(C,[2,44]),t(C,[2,45]),t(C,[2,46]),t(C,[2,47]),t(C,[2,48]),t(C,[2,49]),{17:81,48:b},{17:83,40:82,48:b},{48:[2,36]},{48:[2,37]},t(S,[2,10]),{13:84,61:_},{61:[2,53]},{19:[1,85]},t(x,[2,13]),t(x,[2,16]),t(x,[2,17]),t(x,[2,19]),{4:o,5:s,6:30,9:14,10:16,11:6,16:c,17:31,20:19,21:u,22:l,23:h,24:23,25:f,27:d,28:[1,86],29:p,30:y,31:g,33:v,37:m,48:b,58:i},{4:o,5:s,6:30,9:14,10:16,11:6,16:c,17:31,20:19,21:u,22:l,23:h,24:23,25:f,27:d,28:[1,87],29:p,30:y,31:g,33:v,37:m,48:b,58:i},{4:o,5:s,6:30,9:14,10:16,11:6,16:c,17:31,20:19,21:u,22:l,23:h,24:23,25:f,27:d,28:[1,88],29:p,30:y,31:g,33:v,37:m,48:b,58:i},{28:[1,89]},{4:o,5:s,6:30,9:14,10:16,11:6,16:c,17:31,20:19,21:u,22:l,23:h,24:23,25:f,27:d,28:[2,28],29:p,30:y,31:g,33:v,36:[1,90],37:m,48:b,58:i},{28:[1,91]},{4:o,5:s,6:30,9:14,10:16,11:6,16:c,17:31,20:19,21:u,22:l,23:h,24:23,25:f,27:d,28:[2,26],29:p,30:y,31:g,33:v,35:[1,92],37:m,48:b,58:i},{17:93,48:b},{17:94,48:b},{26:95,57:k},{26:96,57:k},{26:97,57:k},{42:[1,98],57:[2,35]},{5:[1,99]},{5:[1,100]},t(x,[2,20]),t(x,[2,21]),t(x,[2,22]),t(x,[2,23]),{19:[1,101]},t(x,[2,24]),{19:[1,102]},{26:103,57:k},{26:104,57:k},{5:[2,40]},{5:[2,30]},{5:[2,31]},{17:105,48:b},t(S,[2,11]),t(x,[2,12]),t(E,a,{8:75,32:106}),t(T,a,{8:77,34:107}),{5:[2,38]},{5:[2,39]},{57:[2,34]},{28:[2,29]},{28:[2,27]}],defaultActions:{7:[2,51],8:[2,1],9:[2,2],10:[2,3],36:[2,54],44:[2,50],61:[2,36],62:[2,37],65:[2,53],95:[2,40],96:[2,30],97:[2,31],103:[2,38],104:[2,39],105:[2,34],106:[2,29],107:[2,27]},parseError:function(t,e){if(!e.recoverable){var n=new Error(t);throw n.hash=e,n}this.trace(t)},parse:function(t){var e=this,n=[0],r=[],i=[null],a=[],o=this.table,s="",c=0,u=0,l=0,h=2,f=1,d=a.slice.call(arguments,1),p=Object.create(this.lexer),y={yy:{}};for(var g in this.yy)Object.prototype.hasOwnProperty.call(this.yy,g)&&(y.yy[g]=this.yy[g]);p.setInput(t,y.yy),y.yy.lexer=p,y.yy.parser=this,void 0===p.yylloc&&(p.yylloc={});var v=p.yylloc;a.push(v);var m=p.options&&p.options.ranges;function b(){var t;return"number"!=typeof(t=r.pop()||p.lex()||f)&&(t instanceof Array&&(t=(r=t).pop()),t=e.symbols_[t]||t),t}"function"==typeof y.yy.parseError?this.parseError=y.yy.parseError:this.parseError=Object.getPrototypeOf(this).parseError;for(var _,x,k,w,E,T,C,S,A,M={};;){if(k=n[n.length-1],this.defaultActions[k]?w=this.defaultActions[k]:(null==_&&(_=b()),w=o[k]&&o[k][_]),void 0===w||!w.length||!w[0]){var O="";for(T in A=[],o[k])this.terminals_[T]&&T>h&&A.push("'"+this.terminals_[T]+"'");O=p.showPosition?"Parse error on line "+(c+1)+":\n"+p.showPosition()+"\nExpecting "+A.join(", ")+", got '"+(this.terminals_[_]||_)+"'":"Parse error on line "+(c+1)+": Unexpected "+(_==f?"end of input":"'"+(this.terminals_[_]||_)+"'"),this.parseError(O,{text:p.match,token:this.terminals_[_]||_,line:p.yylineno,loc:v,expected:A})}if(w[0]instanceof Array&&w.length>1)throw new Error("Parse Error: multiple actions possible at state: "+k+", token: "+_);switch(w[0]){case 1:n.push(_),i.push(p.yytext),a.push(p.yylloc),n.push(w[1]),_=null,x?(_=x,x=null):(u=p.yyleng,s=p.yytext,c=p.yylineno,v=p.yylloc,l>0&&l--);break;case 2:if(C=this.productions_[w[1]][1],M.$=i[i.length-C],M._$={first_line:a[a.length-(C||1)].first_line,last_line:a[a.length-1].last_line,first_column:a[a.length-(C||1)].first_column,last_column:a[a.length-1].last_column},m&&(M._$.range=[a[a.length-(C||1)].range[0],a[a.length-1].range[1]]),void 0!==(E=this.performAction.apply(M,[s,u,c,y.yy,w[1],i,a].concat(d))))return E;C&&(n=n.slice(0,-1*C*2),i=i.slice(0,-1*C),a=a.slice(0,-1*C)),n.push(this.productions_[w[1]][0]),i.push(M.$),a.push(M._$),S=o[n[n.length-2]][n[n.length-1]],n.push(S);break;case 3:return!0}}return!0}},M={EOF:1,parseError:function(t,e){if(!this.yy.parser)throw new Error(t);this.yy.parser.parseError(t,e)},setInput:function(t,e){return this.yy=e||this.yy||{},this._input=t,this._more=this._backtrack=this.done=!1,this.yylineno=this.yyleng=0,this.yytext=this.matched=this.match="",this.conditionStack=["INITIAL"],this.yylloc={first_line:1,first_column:0,last_line:1,last_column:0},this.options.ranges&&(this.yylloc.range=[0,0]),this.offset=0,this},input:function(){var t=this._input[0];return this.yytext+=t,this.yyleng++,this.offset++,this.match+=t,this.matched+=t,t.match(/(?:\r\n?|\n).*/g)?(this.yylineno++,this.yylloc.last_line++):this.yylloc.last_column++,this.options.ranges&&this.yylloc.range[1]++,this._input=this._input.slice(1),t},unput:function(t){var e=t.length,n=t.split(/(?:\r\n?|\n)/g);this._input=t+this._input,this.yytext=this.yytext.substr(0,this.yytext.length-e),this.offset-=e;var r=this.match.split(/(?:\r\n?|\n)/g);this.match=this.match.substr(0,this.match.length-1),this.matched=this.matched.substr(0,this.matched.length-1),n.length-1&&(this.yylineno-=n.length-1);var i=this.yylloc.range;return this.yylloc={first_line:this.yylloc.first_line,last_line:this.yylineno+1,first_column:this.yylloc.first_column,last_column:n?(n.length===r.length?this.yylloc.first_column:0)+r[r.length-n.length].length-n[0].length:this.yylloc.first_column-e},this.options.ranges&&(this.yylloc.range=[i[0],i[0]+this.yyleng-e]),this.yyleng=this.yytext.length,this},more:function(){return this._more=!0,this},reject:function(){return this.options.backtrack_lexer?(this._backtrack=!0,this):this.parseError("Lexical error on line "+(this.yylineno+1)+". You can only invoke reject() in the lexer when the lexer is of the backtracking persuasion (options.backtrack_lexer = true).\n"+this.showPosition(),{text:"",token:null,line:this.yylineno})},less:function(t){this.unput(this.match.slice(t))},pastInput:function(){var t=this.matched.substr(0,this.matched.length-this.match.length);return(t.length>20?"...":"")+t.substr(-20).replace(/\n/g,"")},upcomingInput:function(){var t=this.match;return t.length<20&&(t+=this._input.substr(0,20-t.length)),(t.substr(0,20)+(t.length>20?"...":"")).replace(/\n/g,"")},showPosition:function(){var t=this.pastInput(),e=new Array(t.length+1).join("-");return t+this.upcomingInput()+"\n"+e+"^"},test_match:function(t,e){var n,r,i;if(this.options.backtrack_lexer&&(i={yylineno:this.yylineno,yylloc:{first_line:this.yylloc.first_line,last_line:this.last_line,first_column:this.yylloc.first_column,last_column:this.yylloc.last_column},yytext:this.yytext,match:this.match,matches:this.matches,matched:this.matched,yyleng:this.yyleng,offset:this.offset,_more:this._more,_input:this._input,yy:this.yy,conditionStack:this.conditionStack.slice(0),done:this.done},this.options.ranges&&(i.yylloc.range=this.yylloc.range.slice(0))),(r=t[0].match(/(?:\r\n?|\n).*/g))&&(this.yylineno+=r.length),this.yylloc={first_line:this.yylloc.last_line,last_line:this.yylineno+1,first_column:this.yylloc.last_column,last_column:r?r[r.length-1].length-r[r.length-1].match(/\r?\n?/)[0].length:this.yylloc.last_column+t[0].length},this.yytext+=t[0],this.match+=t[0],this.matches=t,this.yyleng=this.yytext.length,this.options.ranges&&(this.yylloc.range=[this.offset,this.offset+=this.yyleng]),this._more=!1,this._backtrack=!1,this._input=this._input.slice(t[0].length),this.matched+=t[0],n=this.performAction.call(this,this.yy,this,e,this.conditionStack[this.conditionStack.length-1]),this.done&&this._input&&(this.done=!1),n)return n;if(this._backtrack){for(var a in i)this[a]=i[a];return!1}return!1},next:function(){if(this.done)return this.EOF;var t,e,n,r;this._input||(this.done=!0),this._more||(this.yytext="",this.match="");for(var i=this._currentRules(),a=0;a<i.length;a++)if((n=this._input.match(this.rules[i[a]]))&&(!e||n[0].length>e[0].length)){if(e=n,r=a,this.options.backtrack_lexer){if(!1!==(t=this.test_match(n,i[a])))return t;if(this._backtrack){e=!1;continue}return!1}if(!this.options.flex)break}return e?!1!==(t=this.test_match(e,i[r]))&&t:""===this._input?this.EOF:this.parseError("Lexical error on line "+(this.yylineno+1)+". Unrecognized text.\n"+this.showPosition(),{text:"",token:null,line:this.yylineno})},lex:function(){var t=this.next();return t||this.lex()},begin:function(t){this.conditionStack.push(t)},popState:function(){return this.conditionStack.length-1>0?this.conditionStack.pop():this.conditionStack[0]},_currentRules:function(){return this.conditionStack.length&&this.conditionStack[this.conditionStack.length-1]?this.conditions[this.conditionStack[this.conditionStack.length-1]].rules:this.conditions.INITIAL.rules},topState:function(t){return(t=this.conditionStack.length-1-Math.abs(t||0))>=0?this.conditionStack[t]:"INITIAL"},pushState:function(t){this.begin(t)},stateStackSize:function(){return this.conditionStack.length},options:{"case-insensitive":!0},performAction:function(t,e,n,r){switch(n){case 0:return this.begin("open_directive"),58;case 1:return this.begin("type_directive"),59;case 2:return this.popState(),this.begin("arg_directive"),14;case 3:return this.popState(),this.popState(),61;case 4:return 60;case 5:return 5;case 6:case 7:case 8:case 9:case 10:break;case 11:return this.begin("ID"),16;case 12:return e.yytext=e.yytext.trim(),this.begin("ALIAS"),48;case 13:return this.popState(),this.popState(),this.begin("LINE"),18;case 14:return this.popState(),this.popState(),5;case 15:return this.begin("LINE"),27;case 16:return this.begin("LINE"),29;case 17:return this.begin("LINE"),30;case 18:return this.begin("LINE"),31;case 19:return this.begin("LINE"),36;case 20:return this.begin("LINE"),33;case 21:return this.begin("LINE"),35;case 22:return this.popState(),19;case 23:return 28;case 24:return 43;case 25:return 44;case 26:return 39;case 27:return 37;case 28:return this.begin("ID"),22;case 29:return this.begin("ID"),23;case 30:return 25;case 31:return 7;case 32:return 21;case 33:return 42;case 34:return 5;case 35:return e.yytext=e.yytext.trim(),48;case 36:return 51;case 37:return 52;case 38:return 49;case 39:return 50;case 40:return 53;case 41:return 54;case 42:return 55;case 43:return 56;case 44:return 57;case 45:return 46;case 46:return 47;case 47:return 5;case 48:return"INVALID"}},rules:[/^(?:%%\{)/i,/^(?:((?:(?!\}%%)[^:.])*))/i,/^(?::)/i,/^(?:\}%%)/i,/^(?:((?:(?!\}%%).|\n)*))/i,/^(?:[\n]+)/i,/^(?:\s+)/i,/^(?:((?!\n)\s)+)/i,/^(?:#[^\n]*)/i,/^(?:%(?!\{)[^\n]*)/i,/^(?:[^\}]%%[^\n]*)/i,/^(?:participant\b)/i,/^(?:[^\->:\n,;]+?(?=((?!\n)\s)+as(?!\n)\s|[#\n;]|$))/i,/^(?:as\b)/i,/^(?:(?:))/i,/^(?:loop\b)/i,/^(?:rect\b)/i,/^(?:opt\b)/i,/^(?:alt\b)/i,/^(?:else\b)/i,/^(?:par\b)/i,/^(?:and\b)/i,/^(?:(?:[:]?(?:no)?wrap)?[^#\n;]*)/i,/^(?:end\b)/i,/^(?:left of\b)/i,/^(?:right of\b)/i,/^(?:over\b)/i,/^(?:note\b)/i,/^(?:activate\b)/i,/^(?:deactivate\b)/i,/^(?:title\b)/i,/^(?:sequenceDiagram\b)/i,/^(?:autonumber\b)/i,/^(?:,)/i,/^(?:;)/i,/^(?:[^\+\->:\n,;]+((?!(-x|--x|-\)|--\)))[\-]*[^\+\->:\n,;]+)*)/i,/^(?:->>)/i,/^(?:-->>)/i,/^(?:->)/i,/^(?:-->)/i,/^(?:-[x])/i,/^(?:--[x])/i,/^(?:-[\)])/i,/^(?:--[\)])/i,/^(?::(?:(?:no)?wrap)?[^#\n;]+)/i,/^(?:\+)/i,/^(?:-)/i,/^(?:$)/i,/^(?:.)/i],conditions:{open_directive:{rules:[1,8],inclusive:!1},type_directive:{rules:[2,3,8],inclusive:!1},arg_directive:{rules:[3,4,8],inclusive:!1},ID:{rules:[7,8,12],inclusive:!1},ALIAS:{rules:[7,8,13,14],inclusive:!1},LINE:{rules:[7,8,22],inclusive:!1},INITIAL:{rules:[0,5,6,8,9,10,11,15,16,17,18,19,20,21,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48],inclusive:!0}}};function O(){this.yy={}}return A.lexer=M,O.prototype=A,A.Parser=O,new O}();e.parser=i,e.Parser=i.Parser,e.parse=function(){return i.parse.apply(i,arguments)},e.main=function(r){r[1]||(console.log("Usage: "+r[0]+" FILE"),t.exit(1));var i=n(16).readFileSync(n(17).normalize(r[1]),"utf8");return e.parser.parse(i)},n.c[n.s]===r&&e.main(t.argv.slice(1))}).call(this,n(10),n(6)(t))},function(t,e,n){var r=n(199);t.exports={Graph:r.Graph,json:n(302),alg:n(303),version:r.version}},function(t,e,n){var r;try{r={cloneDeep:n(314),constant:n(87),defaults:n(155),each:n(88),filter:n(129),find:n(315),flatten:n(157),forEach:n(127),forIn:n(320),has:n(94),isUndefined:n(140),last:n(321),map:n(141),mapValues:n(322),max:n(323),merge:n(325),min:n(330),minBy:n(331),now:n(332),pick:n(162),range:n(163),reduce:n(143),sortBy:n(339),uniqueId:n(164),values:n(148),zipObject:n(344)}}catch(t){}r||(r=window._),t.exports=r},function(t,e){var n=Array.isArray;t.exports=n},function(t,e){t.exports=function(t){return t.webpackPolyfill||(t.deprecate=function(){},t.paths=[],t.children||(t.children=[]),Object.defineProperty(t,"loaded",{enumerable:!0,get:function(){return t.l}}),Object.defineProperty(t,"id",{enumerable:!0,get:function(){return t.i}}),t.webpackPolyfill=1),t}},function(t,e,n){
+/**
+ * @license
+ * Copyright (c) 2012-2013 Chris Pettitt
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+t.exports={graphlib:n(312),dagre:n(154),intersect:n(369),render:n(371),util:n(14),version:n(383)}},function(t,e,n){"use strict";var r=n(4),i=n(20).Graph;function a(t,e,n,i){var a;do{a=r.uniqueId(i)}while(t.hasNode(a));return n.dummy=e,t.setNode(a,n),a}function o(t){return r.max(r.map(t.nodes(),(function(e){var n=t.node(e).rank;if(!r.isUndefined(n))return n})))}t.exports={addDummyNode:a,simplify:function(t){var e=(new i).setGraph(t.graph());return r.forEach(t.nodes(),(function(n){e.setNode(n,t.node(n))})),r.forEach(t.edges(),(function(n){var r=e.edge(n.v,n.w)||{weight:0,minlen:1},i=t.edge(n);e.setEdge(n.v,n.w,{weight:r.weight+i.weight,minlen:Math.max(r.minlen,i.minlen)})})),e},asNonCompoundGraph:function(t){var e=new i({multigraph:t.isMultigraph()}).setGraph(t.graph());return r.forEach(t.nodes(),(function(n){t.children(n).length||e.setNode(n,t.node(n))})),r.forEach(t.edges(),(function(n){e.setEdge(n,t.edge(n))})),e},successorWeights:function(t){var e=r.map(t.nodes(),(function(e){var n={};return r.forEach(t.outEdges(e),(function(e){n[e.w]=(n[e.w]||0)+t.edge(e).weight})),n}));return r.zipObject(t.nodes(),e)},predecessorWeights:function(t){var e=r.map(t.nodes(),(function(e){var n={};return r.forEach(t.inEdges(e),(function(e){n[e.v]=(n[e.v]||0)+t.edge(e).weight})),n}));return r.zipObject(t.nodes(),e)},intersectRect:function(t,e){var n,r,i=t.x,a=t.y,o=e.x-i,s=e.y-a,c=t.width/2,u=t.height/2;if(!o&&!s)throw new Error("Not possible to find intersection inside of the rectangle");Math.abs(s)*c>Math.abs(o)*u?(s<0&&(u=-u),n=u*o/s,r=u):(o<0&&(c=-c),n=c,r=c*s/o);return{x:i+n,y:a+r}},buildLayerMatrix:function(t){var e=r.map(r.range(o(t)+1),(function(){return[]}));return r.forEach(t.nodes(),(function(n){var i=t.node(n),a=i.rank;r.isUndefined(a)||(e[a][i.order]=n)})),e},normalizeRanks:function(t){var e=r.min(r.map(t.nodes(),(function(e){return t.node(e).rank})));r.forEach(t.nodes(),(function(n){var i=t.node(n);r.has(i,"rank")&&(i.rank-=e)}))},removeEmptyRanks:function(t){var e=r.min(r.map(t.nodes(),(function(e){return t.node(e).rank}))),n=[];r.forEach(t.nodes(),(function(r){var i=t.node(r).rank-e;n[i]||(n[i]=[]),n[i].push(r)}));var i=0,a=t.graph().nodeRankFactor;r.forEach(n,(function(e,n){r.isUndefined(e)&&n%a!=0?--i:i&&r.forEach(e,(function(e){t.node(e).rank+=i}))}))},addBorderNode:function(t,e,n,r){var i={width:0,height:0};arguments.length>=4&&(i.rank=n,i.order=r);return a(t,"border",i,e)},maxRank:o,partition:function(t,e){var n={lhs:[],rhs:[]};return r.forEach(t,(function(t){e(t)?n.lhs.push(t):n.rhs.push(t)})),n},time:function(t,e){var n=r.now();try{return e()}finally{console.log(t+" time: "+(r.now()-n)+"ms")}},notime:function(t,e){return e()}}},function(t,e,n){t.exports={graphlib:n(20),layout:n(313),debug:n(367),util:{time:n(8).time,notime:n(8).notime},version:n(368)}},function(t,e){var n,r,i=t.exports={};function a(){throw new Error("setTimeout has not been defined")}function o(){throw new Error("clearTimeout has not been defined")}function s(t){if(n===setTimeout)return setTimeout(t,0);if((n===a||!n)&&setTimeout)return n=setTimeout,setTimeout(t,0);try{return n(t,0)}catch(e){try{return n.call(null,t,0)}catch(e){return n.call(this,t,0)}}}!function(){try{n="function"==typeof setTimeout?setTimeout:a}catch(t){n=a}try{r="function"==typeof clearTimeout?clearTimeout:o}catch(t){r=o}}();var c,u=[],l=!1,h=-1;function f(){l&&c&&(l=!1,c.length?u=c.concat(u):h=-1,u.length&&d())}function d(){if(!l){var t=s(f);l=!0;for(var e=u.length;e;){for(c=u,u=[];++h<e;)c&&c[h].run();h=-1,e=u.length}c=null,l=!1,function(t){if(r===clearTimeout)return clearTimeout(t);if((r===o||!r)&&clearTimeout)return r=clearTimeout,clearTimeout(t);try{r(t)}catch(e){try{return r.call(null,t)}catch(e){return r.call(this,t)}}}(t)}}function p(t,e){this.fun=t,this.array=e}function y(){}i.nextTick=function(t){var e=new Array(arguments.length-1);if(arguments.length>1)for(var n=1;n<arguments.length;n++)e[n-1]=arguments[n];u.push(new p(t,e)),1!==u.length||l||s(d)},p.prototype.run=function(){this.fun.apply(null,this.array)},i.title="browser",i.browser=!0,i.env={},i.argv=[],i.version="",i.versions={},i.on=y,i.addListener=y,i.once=y,i.off=y,i.removeListener=y,i.removeAllListeners=y,i.emit=y,i.prependListener=y,i.prependOnceListener=y,i.listeners=function(t){return[]},i.binding=function(t){throw new Error("process.binding is not supported")},i.cwd=function(){return"/"},i.chdir=function(t){throw new Error("process.chdir is not supported")},i.umask=function(){return 0}},function(t,e,n){"use strict";Object.defineProperty(e,"__esModule",{value:!0});var r=n(174),i=n(175),a=n(176),o={channel:r.default,lang:i.default,unit:a.default};e.default=o},function(t,e,n){var r;try{r={clone:n(200),constant:n(87),each:n(88),filter:n(129),has:n(94),isArray:n(5),isEmpty:n(277),isFunction:n(38),isUndefined:n(140),keys:n(30),map:n(141),reduce:n(143),size:n(280),transform:n(286),union:n(287),values:n(148)}}catch(t){}r||(r=window._),t.exports=r},function(t,e){t.exports=function(t){var e=typeof t;return null!=t&&("object"==e||"function"==e)}},function(t,e,n){var r=n(44);t.exports={isSubgraph:function(t,e){return!!t.children(e).length},edgeToId:function(t){return a(t.v)+":"+a(t.w)+":"+a(t.name)},applyStyle:function(t,e){e&&t.attr("style",e)},applyClass:function(t,e,n){e&&t.attr("class",e).attr("class",n+" "+t.attr("class"))},applyTransition:function(t,e){var n=e.graph();if(r.isPlainObject(n)){var i=n.transition;if(r.isFunction(i))return i(t)}return t}};var i=/:/g;function a(t){return t?String(t).replace(i,"\\:"):""}},function(t,e,n){(function(t,r){var i=function(){var t=function(t,e,n,r){for(n=n||{},r=t.length;r--;n[t[r]]=e);return n},e=[1,7],n=[1,6],r=[1,14],i=[1,25],a=[1,28],o=[1,26],s=[1,27],c=[1,29],u=[1,30],l=[1,31],h=[1,32],f=[1,35],d=[1,36],p=[1,37],y=[1,38],g=[10,19],v=[1,50],m=[1,51],b=[1,52],_=[1,53],x=[1,54],k=[1,55],w=[10,19,26,33,34,42,45,46,47,48,49,50,55,57],E=[10,19,24,26,33,34,38,42,45,46,47,48,49,50,55,57,72,73,74,75],T=[10,13,17,19],C=[42,72,73,74,75],S=[42,49,50,72,73,74,75],A=[42,45,46,47,48,72,73,74,75],M=[10,19,26],O=[1,87],N={trace:function(){},yy:{},symbols_:{error:2,start:3,mermaidDoc:4,directive:5,graphConfig:6,openDirective:7,typeDirective:8,closeDirective:9,NEWLINE:10,":":11,argDirective:12,open_directive:13,type_directive:14,arg_directive:15,close_directive:16,CLASS_DIAGRAM:17,statements:18,EOF:19,statement:20,className:21,alphaNumToken:22,classLiteralName:23,GENERICTYPE:24,relationStatement:25,LABEL:26,classStatement:27,methodStatement:28,annotationStatement:29,clickStatement:30,cssClassStatement:31,CLASS:32,STYLE_SEPARATOR:33,STRUCT_START:34,members:35,STRUCT_STOP:36,ANNOTATION_START:37,ANNOTATION_END:38,MEMBER:39,SEPARATOR:40,relation:41,STR:42,relationType:43,lineType:44,AGGREGATION:45,EXTENSION:46,COMPOSITION:47,DEPENDENCY:48,LINE:49,DOTTED_LINE:50,CALLBACK:51,LINK:52,LINK_TARGET:53,CLICK:54,CALLBACK_NAME:55,CALLBACK_ARGS:56,HREF:57,CSSCLASS:58,commentToken:59,textToken:60,graphCodeTokens:61,textNoTagsToken:62,TAGSTART:63,TAGEND:64,"==":65,"--":66,PCT:67,DEFAULT:68,SPACE:69,MINUS:70,keywords:71,UNICODE_TEXT:72,NUM:73,ALPHA:74,BQUOTE_STR:75,$accept:0,$end:1},terminals_:{2:"error",10:"NEWLINE",11:":",13:"open_directive",14:"type_directive",15:"arg_directive",16:"close_directive",17:"CLASS_DIAGRAM",19:"EOF",24:"GENERICTYPE",26:"LABEL",32:"CLASS",33:"STYLE_SEPARATOR",34:"STRUCT_START",36:"STRUCT_STOP",37:"ANNOTATION_START",38:"ANNOTATION_END",39:"MEMBER",40:"SEPARATOR",42:"STR",45:"AGGREGATION",46:"EXTENSION",47:"COMPOSITION",48:"DEPENDENCY",49:"LINE",50:"DOTTED_LINE",51:"CALLBACK",52:"LINK",53:"LINK_TARGET",54:"CLICK",55:"CALLBACK_NAME",56:"CALLBACK_ARGS",57:"HREF",58:"CSSCLASS",61:"graphCodeTokens",63:"TAGSTART",64:"TAGEND",65:"==",66:"--",67:"PCT",68:"DEFAULT",69:"SPACE",70:"MINUS",71:"keywords",72:"UNICODE_TEXT",73:"NUM",74:"ALPHA",75:"BQUOTE_STR"},productions_:[0,[3,1],[3,2],[4,1],[5,4],[5,6],[7,1],[8,1],[12,1],[9,1],[6,4],[18,1],[18,2],[18,3],[21,1],[21,1],[21,2],[21,2],[21,2],[20,1],[20,2],[20,1],[20,1],[20,1],[20,1],[20,1],[20,1],[27,2],[27,4],[27,5],[27,7],[29,4],[35,1],[35,2],[28,1],[28,2],[28,1],[28,1],[25,3],[25,4],[25,4],[25,5],[41,3],[41,2],[41,2],[41,1],[43,1],[43,1],[43,1],[43,1],[44,1],[44,1],[30,3],[30,4],[30,3],[30,4],[30,4],[30,5],[30,3],[30,4],[30,4],[30,5],[30,3],[30,4],[30,4],[30,5],[31,3],[59,1],[59,1],[60,1],[60,1],[60,1],[60,1],[60,1],[60,1],[60,1],[62,1],[62,1],[62,1],[62,1],[22,1],[22,1],[22,1],[23,1]],performAction:function(t,e,n,r,i,a,o){var s=a.length-1;switch(i){case 6:r.parseDirective("%%{","open_directive");break;case 7:r.parseDirective(a[s],"type_directive");break;case 8:a[s]=a[s].trim().replace(/'/g,'"'),r.parseDirective(a[s],"arg_directive");break;case 9:r.parseDirective("}%%","close_directive","class");break;case 14:case 15:this.$=a[s];break;case 16:this.$=a[s-1]+a[s];break;case 17:case 18:this.$=a[s-1]+"~"+a[s];break;case 19:r.addRelation(a[s]);break;case 20:a[s-1].title=r.cleanupLabel(a[s]),r.addRelation(a[s-1]);break;case 27:r.addClass(a[s]);break;case 28:r.addClass(a[s-2]),r.setCssClass(a[s-2],a[s]);break;case 29:r.addClass(a[s-3]),r.addMembers(a[s-3],a[s-1]);break;case 30:r.addClass(a[s-5]),r.setCssClass(a[s-5],a[s-3]),r.addMembers(a[s-5],a[s-1]);break;case 31:r.addAnnotation(a[s],a[s-2]);break;case 32:this.$=[a[s]];break;case 33:a[s].push(a[s-1]),this.$=a[s];break;case 34:break;case 35:r.addMember(a[s-1],r.cleanupLabel(a[s]));break;case 36:case 37:break;case 38:this.$={id1:a[s-2],id2:a[s],relation:a[s-1],relationTitle1:"none",relationTitle2:"none"};break;case 39:this.$={id1:a[s-3],id2:a[s],relation:a[s-1],relationTitle1:a[s-2],relationTitle2:"none"};break;case 40:this.$={id1:a[s-3],id2:a[s],relation:a[s-2],relationTitle1:"none",relationTitle2:a[s-1]};break;case 41:this.$={id1:a[s-4],id2:a[s],relation:a[s-2],relationTitle1:a[s-3],relationTitle2:a[s-1]};break;case 42:this.$={type1:a[s-2],type2:a[s],lineType:a[s-1]};break;case 43:this.$={type1:"none",type2:a[s],lineType:a[s-1]};break;case 44:this.$={type1:a[s-1],type2:"none",lineType:a[s]};break;case 45:this.$={type1:"none",type2:"none",lineType:a[s]};break;case 46:this.$=r.relationType.AGGREGATION;break;case 47:this.$=r.relationType.EXTENSION;break;case 48:this.$=r.relationType.COMPOSITION;break;case 49:this.$=r.relationType.DEPENDENCY;break;case 50:this.$=r.lineType.LINE;break;case 51:this.$=r.lineType.DOTTED_LINE;break;case 52:case 58:this.$=a[s-2],r.setClickEvent(a[s-1],a[s]);break;case 53:case 59:this.$=a[s-3],r.setClickEvent(a[s-2],a[s-1]),r.setTooltip(a[s-2],a[s]);break;case 54:case 62:this.$=a[s-2],r.setLink(a[s-1],a[s]);break;case 55:this.$=a[s-3],r.setLink(a[s-2],a[s-1],a[s]);break;case 56:case 64:this.$=a[s-3],r.setLink(a[s-2],a[s-1]),r.setTooltip(a[s-2],a[s]);break;case 57:case 65:this.$=a[s-4],r.setLink(a[s-3],a[s-2],a[s]),r.setTooltip(a[s-3],a[s-1]);break;case 60:this.$=a[s-3],r.setClickEvent(a[s-2],a[s-1],a[s]);break;case 61:this.$=a[s-4],r.setClickEvent(a[s-3],a[s-2],a[s-1]),r.setTooltip(a[s-3],a[s]);break;case 63:this.$=a[s-3],r.setLink(a[s-2],a[s-1],a[s]);break;case 66:r.setCssClass(a[s-1],a[s])}},table:[{3:1,4:2,5:3,6:4,7:5,13:e,17:n},{1:[3]},{1:[2,1]},{3:8,4:2,5:3,6:4,7:5,13:e,17:n},{1:[2,3]},{8:9,14:[1,10]},{10:[1,11]},{14:[2,6]},{1:[2,2]},{9:12,11:[1,13],16:r},t([11,16],[2,7]),{5:23,7:5,13:e,18:15,20:16,21:24,22:33,23:34,25:17,27:18,28:19,29:20,30:21,31:22,32:i,37:a,39:o,40:s,51:c,52:u,54:l,58:h,72:f,73:d,74:p,75:y},{10:[1,39]},{12:40,15:[1,41]},{10:[2,9]},{19:[1,42]},{10:[1,43],19:[2,11]},t(g,[2,19],{26:[1,44]}),t(g,[2,21]),t(g,[2,22]),t(g,[2,23]),t(g,[2,24]),t(g,[2,25]),t(g,[2,26]),t(g,[2,34],{41:45,43:48,44:49,26:[1,47],42:[1,46],45:v,46:m,47:b,48:_,49:x,50:k}),{21:56,22:33,23:34,72:f,73:d,74:p,75:y},t(g,[2,36]),t(g,[2,37]),{22:57,72:f,73:d,74:p},{21:58,22:33,23:34,72:f,73:d,74:p,75:y},{21:59,22:33,23:34,72:f,73:d,74:p,75:y},{21:60,22:33,23:34,72:f,73:d,74:p,75:y},{42:[1,61]},t(w,[2,14],{22:33,23:34,21:62,24:[1,63],72:f,73:d,74:p,75:y}),t(w,[2,15],{24:[1,64]}),t(E,[2,80]),t(E,[2,81]),t(E,[2,82]),t([10,19,24,26,33,34,42,45,46,47,48,49,50,55,57],[2,83]),t(T,[2,4]),{9:65,16:r},{16:[2,8]},{1:[2,10]},{5:23,7:5,13:e,18:66,19:[2,12],20:16,21:24,22:33,23:34,25:17,27:18,28:19,29:20,30:21,31:22,32:i,37:a,39:o,40:s,51:c,52:u,54:l,58:h,72:f,73:d,74:p,75:y},t(g,[2,20]),{21:67,22:33,23:34,42:[1,68],72:f,73:d,74:p,75:y},{41:69,43:48,44:49,45:v,46:m,47:b,48:_,49:x,50:k},t(g,[2,35]),{44:70,49:x,50:k},t(C,[2,45],{43:71,45:v,46:m,47:b,48:_}),t(S,[2,46]),t(S,[2,47]),t(S,[2,48]),t(S,[2,49]),t(A,[2,50]),t(A,[2,51]),t(g,[2,27],{33:[1,72],34:[1,73]}),{38:[1,74]},{42:[1,75]},{42:[1,76]},{55:[1,77],57:[1,78]},{22:79,72:f,73:d,74:p},t(w,[2,16]),t(w,[2,17]),t(w,[2,18]),{10:[1,80]},{19:[2,13]},t(M,[2,38]),{21:81,22:33,23:34,72:f,73:d,74:p,75:y},{21:82,22:33,23:34,42:[1,83],72:f,73:d,74:p,75:y},t(C,[2,44],{43:84,45:v,46:m,47:b,48:_}),t(C,[2,43]),{22:85,72:f,73:d,74:p},{35:86,39:O},{21:88,22:33,23:34,72:f,73:d,74:p,75:y},t(g,[2,52],{42:[1,89]}),t(g,[2,54],{42:[1,91],53:[1,90]}),t(g,[2,58],{42:[1,92],56:[1,93]}),t(g,[2,62],{42:[1,95],53:[1,94]}),t(g,[2,66]),t(T,[2,5]),t(M,[2,40]),t(M,[2,39]),{21:96,22:33,23:34,72:f,73:d,74:p,75:y},t(C,[2,42]),t(g,[2,28],{34:[1,97]}),{36:[1,98]},{35:99,36:[2,32],39:O},t(g,[2,31]),t(g,[2,53]),t(g,[2,55]),t(g,[2,56],{53:[1,100]}),t(g,[2,59]),t(g,[2,60],{42:[1,101]}),t(g,[2,63]),t(g,[2,64],{53:[1,102]}),t(M,[2,41]),{35:103,39:O},t(g,[2,29]),{36:[2,33]},t(g,[2,57]),t(g,[2,61]),t(g,[2,65]),{36:[1,104]},t(g,[2,30])],defaultActions:{2:[2,1],4:[2,3],7:[2,6],8:[2,2],14:[2,9],41:[2,8],42:[2,10],66:[2,13],99:[2,33]},parseError:function(t,e){if(!e.recoverable){var n=new Error(t);throw n.hash=e,n}this.trace(t)},parse:function(t){var e=this,n=[0],r=[],i=[null],a=[],o=this.table,s="",c=0,u=0,l=0,h=2,f=1,d=a.slice.call(arguments,1),p=Object.create(this.lexer),y={yy:{}};for(var g in this.yy)Object.prototype.hasOwnProperty.call(this.yy,g)&&(y.yy[g]=this.yy[g]);p.setInput(t,y.yy),y.yy.lexer=p,y.yy.parser=this,void 0===p.yylloc&&(p.yylloc={});var v=p.yylloc;a.push(v);var m=p.options&&p.options.ranges;function b(){var t;return"number"!=typeof(t=r.pop()||p.lex()||f)&&(t instanceof Array&&(t=(r=t).pop()),t=e.symbols_[t]||t),t}"function"==typeof y.yy.parseError?this.parseError=y.yy.parseError:this.parseError=Object.getPrototypeOf(this).parseError;for(var _,x,k,w,E,T,C,S,A,M={};;){if(k=n[n.length-1],this.defaultActions[k]?w=this.defaultActions[k]:(null==_&&(_=b()),w=o[k]&&o[k][_]),void 0===w||!w.length||!w[0]){var O="";for(T in A=[],o[k])this.terminals_[T]&&T>h&&A.push("'"+this.terminals_[T]+"'");O=p.showPosition?"Parse error on line "+(c+1)+":\n"+p.showPosition()+"\nExpecting "+A.join(", ")+", got '"+(this.terminals_[_]||_)+"'":"Parse error on line "+(c+1)+": Unexpected "+(_==f?"end of input":"'"+(this.terminals_[_]||_)+"'"),this.parseError(O,{text:p.match,token:this.terminals_[_]||_,line:p.yylineno,loc:v,expected:A})}if(w[0]instanceof Array&&w.length>1)throw new Error("Parse Error: multiple actions possible at state: "+k+", token: "+_);switch(w[0]){case 1:n.push(_),i.push(p.yytext),a.push(p.yylloc),n.push(w[1]),_=null,x?(_=x,x=null):(u=p.yyleng,s=p.yytext,c=p.yylineno,v=p.yylloc,l>0&&l--);break;case 2:if(C=this.productions_[w[1]][1],M.$=i[i.length-C],M._$={first_line:a[a.length-(C||1)].first_line,last_line:a[a.length-1].last_line,first_column:a[a.length-(C||1)].first_column,last_column:a[a.length-1].last_column},m&&(M._$.range=[a[a.length-(C||1)].range[0],a[a.length-1].range[1]]),void 0!==(E=this.performAction.apply(M,[s,u,c,y.yy,w[1],i,a].concat(d))))return E;C&&(n=n.slice(0,-1*C*2),i=i.slice(0,-1*C),a=a.slice(0,-1*C)),n.push(this.productions_[w[1]][0]),i.push(M.$),a.push(M._$),S=o[n[n.length-2]][n[n.length-1]],n.push(S);break;case 3:return!0}}return!0}},D={EOF:1,parseError:function(t,e){if(!this.yy.parser)throw new Error(t);this.yy.parser.parseError(t,e)},setInput:function(t,e){return this.yy=e||this.yy||{},this._input=t,this._more=this._backtrack=this.done=!1,this.yylineno=this.yyleng=0,this.yytext=this.matched=this.match="",this.conditionStack=["INITIAL"],this.yylloc={first_line:1,first_column:0,last_line:1,last_column:0},this.options.ranges&&(this.yylloc.range=[0,0]),this.offset=0,this},input:function(){var t=this._input[0];return this.yytext+=t,this.yyleng++,this.offset++,this.match+=t,this.matched+=t,t.match(/(?:\r\n?|\n).*/g)?(this.yylineno++,this.yylloc.last_line++):this.yylloc.last_column++,this.options.ranges&&this.yylloc.range[1]++,this._input=this._input.slice(1),t},unput:function(t){var e=t.length,n=t.split(/(?:\r\n?|\n)/g);this._input=t+this._input,this.yytext=this.yytext.substr(0,this.yytext.length-e),this.offset-=e;var r=this.match.split(/(?:\r\n?|\n)/g);this.match=this.match.substr(0,this.match.length-1),this.matched=this.matched.substr(0,this.matched.length-1),n.length-1&&(this.yylineno-=n.length-1);var i=this.yylloc.range;return this.yylloc={first_line:this.yylloc.first_line,last_line:this.yylineno+1,first_column:this.yylloc.first_column,last_column:n?(n.length===r.length?this.yylloc.first_column:0)+r[r.length-n.length].length-n[0].length:this.yylloc.first_column-e},this.options.ranges&&(this.yylloc.range=[i[0],i[0]+this.yyleng-e]),this.yyleng=this.yytext.length,this},more:function(){return this._more=!0,this},reject:function(){return this.options.backtrack_lexer?(this._backtrack=!0,this):this.parseError("Lexical error on line "+(this.yylineno+1)+". You can only invoke reject() in the lexer when the lexer is of the backtracking persuasion (options.backtrack_lexer = true).\n"+this.showPosition(),{text:"",token:null,line:this.yylineno})},less:function(t){this.unput(this.match.slice(t))},pastInput:function(){var t=this.matched.substr(0,this.matched.length-this.match.length);return(t.length>20?"...":"")+t.substr(-20).replace(/\n/g,"")},upcomingInput:function(){var t=this.match;return t.length<20&&(t+=this._input.substr(0,20-t.length)),(t.substr(0,20)+(t.length>20?"...":"")).replace(/\n/g,"")},showPosition:function(){var t=this.pastInput(),e=new Array(t.length+1).join("-");return t+this.upcomingInput()+"\n"+e+"^"},test_match:function(t,e){var n,r,i;if(this.options.backtrack_lexer&&(i={yylineno:this.yylineno,yylloc:{first_line:this.yylloc.first_line,last_line:this.last_line,first_column:this.yylloc.first_column,last_column:this.yylloc.last_column},yytext:this.yytext,match:this.match,matches:this.matches,matched:this.matched,yyleng:this.yyleng,offset:this.offset,_more:this._more,_input:this._input,yy:this.yy,conditionStack:this.conditionStack.slice(0),done:this.done},this.options.ranges&&(i.yylloc.range=this.yylloc.range.slice(0))),(r=t[0].match(/(?:\r\n?|\n).*/g))&&(this.yylineno+=r.length),this.yylloc={first_line:this.yylloc.last_line,last_line:this.yylineno+1,first_column:this.yylloc.last_column,last_column:r?r[r.length-1].length-r[r.length-1].match(/\r?\n?/)[0].length:this.yylloc.last_column+t[0].length},this.yytext+=t[0],this.match+=t[0],this.matches=t,this.yyleng=this.yytext.length,this.options.ranges&&(this.yylloc.range=[this.offset,this.offset+=this.yyleng]),this._more=!1,this._backtrack=!1,this._input=this._input.slice(t[0].length),this.matched+=t[0],n=this.performAction.call(this,this.yy,this,e,this.conditionStack[this.conditionStack.length-1]),this.done&&this._input&&(this.done=!1),n)return n;if(this._backtrack){for(var a in i)this[a]=i[a];return!1}return!1},next:function(){if(this.done)return this.EOF;var t,e,n,r;this._input||(this.done=!0),this._more||(this.yytext="",this.match="");for(var i=this._currentRules(),a=0;a<i.length;a++)if((n=this._input.match(this.rules[i[a]]))&&(!e||n[0].length>e[0].length)){if(e=n,r=a,this.options.backtrack_lexer){if(!1!==(t=this.test_match(n,i[a])))return t;if(this._backtrack){e=!1;continue}return!1}if(!this.options.flex)break}return e?!1!==(t=this.test_match(e,i[r]))&&t:""===this._input?this.EOF:this.parseError("Lexical error on line "+(this.yylineno+1)+". Unrecognized text.\n"+this.showPosition(),{text:"",token:null,line:this.yylineno})},lex:function(){var t=this.next();return t||this.lex()},begin:function(t){this.conditionStack.push(t)},popState:function(){return this.conditionStack.length-1>0?this.conditionStack.pop():this.conditionStack[0]},_currentRules:function(){return this.conditionStack.length&&this.conditionStack[this.conditionStack.length-1]?this.conditions[this.conditionStack[this.conditionStack.length-1]].rules:this.conditions.INITIAL.rules},topState:function(t){return(t=this.conditionStack.length-1-Math.abs(t||0))>=0?this.conditionStack[t]:"INITIAL"},pushState:function(t){this.begin(t)},stateStackSize:function(){return this.conditionStack.length},options:{},performAction:function(t,e,n,r){switch(n){case 0:return this.begin("open_directive"),13;case 1:return this.begin("type_directive"),14;case 2:return this.popState(),this.begin("arg_directive"),11;case 3:return this.popState(),this.popState(),16;case 4:return 15;case 5:case 6:break;case 7:return 10;case 8:break;case 9:case 10:return 17;case 11:return this.begin("struct"),34;case 12:return"EOF_IN_STRUCT";case 13:return"OPEN_IN_STRUCT";case 14:return this.popState(),36;case 15:break;case 16:return"MEMBER";case 17:return 32;case 18:return 58;case 19:return 51;case 20:return 52;case 21:return 54;case 22:return 37;case 23:return 38;case 24:this.begin("generic");break;case 25:this.popState();break;case 26:return"GENERICTYPE";case 27:this.begin("string");break;case 28:this.popState();break;case 29:return"STR";case 30:this.begin("bqstring");break;case 31:this.popState();break;case 32:return"BQUOTE_STR";case 33:this.begin("href");break;case 34:this.popState();break;case 35:return 57;case 36:this.begin("callback_name");break;case 37:this.popState();break;case 38:this.popState(),this.begin("callback_args");break;case 39:return 55;case 40:this.popState();break;case 41:return 56;case 42:case 43:case 44:case 45:return 53;case 46:case 47:return 46;case 48:case 49:return 48;case 50:return 47;case 51:return 45;case 52:return 49;case 53:return 50;case 54:return 26;case 55:return 33;case 56:return 70;case 57:return"DOT";case 58:return"PLUS";case 59:return 67;case 60:case 61:return"EQUALS";case 62:return 74;case 63:return"PUNCTUATION";case 64:return 73;case 65:return 72;case 66:return 69;case 67:return 19}},rules:[/^(?:%%\{)/,/^(?:((?:(?!\}%%)[^:.])*))/,/^(?::)/,/^(?:\}%%)/,/^(?:((?:(?!\}%%).|\n)*))/,/^(?:%%(?!\{)*[^\n]*(\r?\n?)+)/,/^(?:%%[^\n]*(\r?\n)*)/,/^(?:(\r?\n)+)/,/^(?:\s+)/,/^(?:classDiagram-v2\b)/,/^(?:classDiagram\b)/,/^(?:[{])/,/^(?:$)/,/^(?:[{])/,/^(?:[}])/,/^(?:[\n])/,/^(?:[^{}\n]*)/,/^(?:class\b)/,/^(?:cssClass\b)/,/^(?:callback\b)/,/^(?:link\b)/,/^(?:click\b)/,/^(?:<<)/,/^(?:>>)/,/^(?:[~])/,/^(?:[~])/,/^(?:[^~]*)/,/^(?:["])/,/^(?:["])/,/^(?:[^"]*)/,/^(?:[`])/,/^(?:[`])/,/^(?:[^`]+)/,/^(?:href[\s]+["])/,/^(?:["])/,/^(?:[^"]*)/,/^(?:call[\s]+)/,/^(?:\([\s]*\))/,/^(?:\()/,/^(?:[^(]*)/,/^(?:\))/,/^(?:[^)]*)/,/^(?:_self\b)/,/^(?:_blank\b)/,/^(?:_parent\b)/,/^(?:_top\b)/,/^(?:\s*<\|)/,/^(?:\s*\|>)/,/^(?:\s*>)/,/^(?:\s*<)/,/^(?:\s*\*)/,/^(?:\s*o\b)/,/^(?:--)/,/^(?:\.\.)/,/^(?::{1}[^:\n;]+)/,/^(?::{3})/,/^(?:-)/,/^(?:\.)/,/^(?:\+)/,/^(?:%)/,/^(?:=)/,/^(?:=)/,/^(?:\w+)/,/^(?:[!"#$%&'*+,-.`?\\/])/,/^(?:[0-9]+)/,/^(?:[\u00AA\u00B5\u00BA\u00C0-\u00D6\u00D8-\u00F6]|[\u00F8-\u02C1\u02C6-\u02D1\u02E0-\u02E4\u02EC\u02EE\u0370-\u0374\u0376\u0377]|[\u037A-\u037D\u0386\u0388-\u038A\u038C\u038E-\u03A1\u03A3-\u03F5]|[\u03F7-\u0481\u048A-\u0527\u0531-\u0556\u0559\u0561-\u0587\u05D0-\u05EA]|[\u05F0-\u05F2\u0620-\u064A\u066E\u066F\u0671-\u06D3\u06D5\u06E5\u06E6\u06EE]|[\u06EF\u06FA-\u06FC\u06FF\u0710\u0712-\u072F\u074D-\u07A5\u07B1\u07CA-\u07EA]|[\u07F4\u07F5\u07FA\u0800-\u0815\u081A\u0824\u0828\u0840-\u0858\u08A0]|[\u08A2-\u08AC\u0904-\u0939\u093D\u0950\u0958-\u0961\u0971-\u0977]|[\u0979-\u097F\u0985-\u098C\u098F\u0990\u0993-\u09A8\u09AA-\u09B0\u09B2]|[\u09B6-\u09B9\u09BD\u09CE\u09DC\u09DD\u09DF-\u09E1\u09F0\u09F1\u0A05-\u0A0A]|[\u0A0F\u0A10\u0A13-\u0A28\u0A2A-\u0A30\u0A32\u0A33\u0A35\u0A36\u0A38\u0A39]|[\u0A59-\u0A5C\u0A5E\u0A72-\u0A74\u0A85-\u0A8D\u0A8F-\u0A91\u0A93-\u0AA8]|[\u0AAA-\u0AB0\u0AB2\u0AB3\u0AB5-\u0AB9\u0ABD\u0AD0\u0AE0\u0AE1\u0B05-\u0B0C]|[\u0B0F\u0B10\u0B13-\u0B28\u0B2A-\u0B30\u0B32\u0B33\u0B35-\u0B39\u0B3D\u0B5C]|[\u0B5D\u0B5F-\u0B61\u0B71\u0B83\u0B85-\u0B8A\u0B8E-\u0B90\u0B92-\u0B95\u0B99]|[\u0B9A\u0B9C\u0B9E\u0B9F\u0BA3\u0BA4\u0BA8-\u0BAA\u0BAE-\u0BB9\u0BD0]|[\u0C05-\u0C0C\u0C0E-\u0C10\u0C12-\u0C28\u0C2A-\u0C33\u0C35-\u0C39\u0C3D]|[\u0C58\u0C59\u0C60\u0C61\u0C85-\u0C8C\u0C8E-\u0C90\u0C92-\u0CA8\u0CAA-\u0CB3]|[\u0CB5-\u0CB9\u0CBD\u0CDE\u0CE0\u0CE1\u0CF1\u0CF2\u0D05-\u0D0C\u0D0E-\u0D10]|[\u0D12-\u0D3A\u0D3D\u0D4E\u0D60\u0D61\u0D7A-\u0D7F\u0D85-\u0D96\u0D9A-\u0DB1]|[\u0DB3-\u0DBB\u0DBD\u0DC0-\u0DC6\u0E01-\u0E30\u0E32\u0E33\u0E40-\u0E46\u0E81]|[\u0E82\u0E84\u0E87\u0E88\u0E8A\u0E8D\u0E94-\u0E97\u0E99-\u0E9F\u0EA1-\u0EA3]|[\u0EA5\u0EA7\u0EAA\u0EAB\u0EAD-\u0EB0\u0EB2\u0EB3\u0EBD\u0EC0-\u0EC4\u0EC6]|[\u0EDC-\u0EDF\u0F00\u0F40-\u0F47\u0F49-\u0F6C\u0F88-\u0F8C\u1000-\u102A]|[\u103F\u1050-\u1055\u105A-\u105D\u1061\u1065\u1066\u106E-\u1070\u1075-\u1081]|[\u108E\u10A0-\u10C5\u10C7\u10CD\u10D0-\u10FA\u10FC-\u1248\u124A-\u124D]|[\u1250-\u1256\u1258\u125A-\u125D\u1260-\u1288\u128A-\u128D\u1290-\u12B0]|[\u12B2-\u12B5\u12B8-\u12BE\u12C0\u12C2-\u12C5\u12C8-\u12D6\u12D8-\u1310]|[\u1312-\u1315\u1318-\u135A\u1380-\u138F\u13A0-\u13F4\u1401-\u166C]|[\u166F-\u167F\u1681-\u169A\u16A0-\u16EA\u1700-\u170C\u170E-\u1711]|[\u1720-\u1731\u1740-\u1751\u1760-\u176C\u176E-\u1770\u1780-\u17B3\u17D7]|[\u17DC\u1820-\u1877\u1880-\u18A8\u18AA\u18B0-\u18F5\u1900-\u191C]|[\u1950-\u196D\u1970-\u1974\u1980-\u19AB\u19C1-\u19C7\u1A00-\u1A16]|[\u1A20-\u1A54\u1AA7\u1B05-\u1B33\u1B45-\u1B4B\u1B83-\u1BA0\u1BAE\u1BAF]|[\u1BBA-\u1BE5\u1C00-\u1C23\u1C4D-\u1C4F\u1C5A-\u1C7D\u1CE9-\u1CEC]|[\u1CEE-\u1CF1\u1CF5\u1CF6\u1D00-\u1DBF\u1E00-\u1F15\u1F18-\u1F1D]|[\u1F20-\u1F45\u1F48-\u1F4D\u1F50-\u1F57\u1F59\u1F5B\u1F5D\u1F5F-\u1F7D]|[\u1F80-\u1FB4\u1FB6-\u1FBC\u1FBE\u1FC2-\u1FC4\u1FC6-\u1FCC\u1FD0-\u1FD3]|[\u1FD6-\u1FDB\u1FE0-\u1FEC\u1FF2-\u1FF4\u1FF6-\u1FFC\u2071\u207F]|[\u2090-\u209C\u2102\u2107\u210A-\u2113\u2115\u2119-\u211D\u2124\u2126\u2128]|[\u212A-\u212D\u212F-\u2139\u213C-\u213F\u2145-\u2149\u214E\u2183\u2184]|[\u2C00-\u2C2E\u2C30-\u2C5E\u2C60-\u2CE4\u2CEB-\u2CEE\u2CF2\u2CF3]|[\u2D00-\u2D25\u2D27\u2D2D\u2D30-\u2D67\u2D6F\u2D80-\u2D96\u2DA0-\u2DA6]|[\u2DA8-\u2DAE\u2DB0-\u2DB6\u2DB8-\u2DBE\u2DC0-\u2DC6\u2DC8-\u2DCE]|[\u2DD0-\u2DD6\u2DD8-\u2DDE\u2E2F\u3005\u3006\u3031-\u3035\u303B\u303C]|[\u3041-\u3096\u309D-\u309F\u30A1-\u30FA\u30FC-\u30FF\u3105-\u312D]|[\u3131-\u318E\u31A0-\u31BA\u31F0-\u31FF\u3400-\u4DB5\u4E00-\u9FCC]|[\uA000-\uA48C\uA4D0-\uA4FD\uA500-\uA60C\uA610-\uA61F\uA62A\uA62B]|[\uA640-\uA66E\uA67F-\uA697\uA6A0-\uA6E5\uA717-\uA71F\uA722-\uA788]|[\uA78B-\uA78E\uA790-\uA793\uA7A0-\uA7AA\uA7F8-\uA801\uA803-\uA805]|[\uA807-\uA80A\uA80C-\uA822\uA840-\uA873\uA882-\uA8B3\uA8F2-\uA8F7\uA8FB]|[\uA90A-\uA925\uA930-\uA946\uA960-\uA97C\uA984-\uA9B2\uA9CF\uAA00-\uAA28]|[\uAA40-\uAA42\uAA44-\uAA4B\uAA60-\uAA76\uAA7A\uAA80-\uAAAF\uAAB1\uAAB5]|[\uAAB6\uAAB9-\uAABD\uAAC0\uAAC2\uAADB-\uAADD\uAAE0-\uAAEA\uAAF2-\uAAF4]|[\uAB01-\uAB06\uAB09-\uAB0E\uAB11-\uAB16\uAB20-\uAB26\uAB28-\uAB2E]|[\uABC0-\uABE2\uAC00-\uD7A3\uD7B0-\uD7C6\uD7CB-\uD7FB\uF900-\uFA6D]|[\uFA70-\uFAD9\uFB00-\uFB06\uFB13-\uFB17\uFB1D\uFB1F-\uFB28\uFB2A-\uFB36]|[\uFB38-\uFB3C\uFB3E\uFB40\uFB41\uFB43\uFB44\uFB46-\uFBB1\uFBD3-\uFD3D]|[\uFD50-\uFD8F\uFD92-\uFDC7\uFDF0-\uFDFB\uFE70-\uFE74\uFE76-\uFEFC]|[\uFF21-\uFF3A\uFF41-\uFF5A\uFF66-\uFFBE\uFFC2-\uFFC7\uFFCA-\uFFCF]|[\uFFD2-\uFFD7\uFFDA-\uFFDC])/,/^(?:\s)/,/^(?:$)/],conditions:{arg_directive:{rules:[3,4],inclusive:!1},type_directive:{rules:[2,3],inclusive:!1},open_directive:{rules:[1],inclusive:!1},callback_args:{rules:[40,41],inclusive:!1},callback_name:{rules:[37,38,39],inclusive:!1},href:{rules:[34,35],inclusive:!1},struct:{rules:[12,13,14,15,16],inclusive:!1},generic:{rules:[25,26],inclusive:!1},bqstring:{rules:[31,32],inclusive:!1},string:{rules:[28,29],inclusive:!1},INITIAL:{rules:[0,5,6,7,8,9,10,11,17,18,19,20,21,22,23,24,27,30,33,36,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67],inclusive:!0}}};function B(){this.yy={}}return N.lexer=D,B.prototype=N,N.Parser=B,new B}();e.parser=i,e.Parser=i.Parser,e.parse=function(){return i.parse.apply(i,arguments)},e.main=function(r){r[1]||(console.log("Usage: "+r[0]+" FILE"),t.exit(1));var i=n(16).readFileSync(n(17).normalize(r[1]),"utf8");return e.parser.parse(i)},n.c[n.s]===r&&e.main(t.argv.slice(1))}).call(this,n(10),n(6)(t))},function(t,e){},function(t,e,n){(function(t){function n(t,e){for(var n=0,r=t.length-1;r>=0;r--){var i=t[r];"."===i?t.splice(r,1):".."===i?(t.splice(r,1),n++):n&&(t.splice(r,1),n--)}if(e)for(;n--;n)t.unshift("..");return t}function r(t,e){if(t.filter)return t.filter(e);for(var n=[],r=0;r<t.length;r++)e(t[r],r,t)&&n.push(t[r]);return n}e.resolve=function(){for(var e="",i=!1,a=arguments.length-1;a>=-1&&!i;a--){var o=a>=0?arguments[a]:t.cwd();if("string"!=typeof o)throw new TypeError("Arguments to path.resolve must be strings");o&&(e=o+"/"+e,i="/"===o.charAt(0))}return(i?"/":"")+(e=n(r(e.split("/"),(function(t){return!!t})),!i).join("/"))||"."},e.normalize=function(t){var a=e.isAbsolute(t),o="/"===i(t,-1);return(t=n(r(t.split("/"),(function(t){return!!t})),!a).join("/"))||a||(t="."),t&&o&&(t+="/"),(a?"/":"")+t},e.isAbsolute=function(t){return"/"===t.charAt(0)},e.join=function(){var t=Array.prototype.slice.call(arguments,0);return e.normalize(r(t,(function(t,e){if("string"!=typeof t)throw new TypeError("Arguments to path.join must be strings");return t})).join("/"))},e.relative=function(t,n){function r(t){for(var e=0;e<t.length&&""===t[e];e++);for(var n=t.length-1;n>=0&&""===t[n];n--);return e>n?[]:t.slice(e,n-e+1)}t=e.resolve(t).substr(1),n=e.resolve(n).substr(1);for(var i=r(t.split("/")),a=r(n.split("/")),o=Math.min(i.length,a.length),s=o,c=0;c<o;c++)if(i[c]!==a[c]){s=c;break}var u=[];for(c=s;c<i.length;c++)u.push("..");return(u=u.concat(a.slice(s))).join("/")},e.sep="/",e.delimiter=":",e.dirname=function(t){if("string"!=typeof t&&(t+=""),0===t.length)return".";for(var e=t.charCodeAt(0),n=47===e,r=-1,i=!0,a=t.length-1;a>=1;--a)if(47===(e=t.charCodeAt(a))){if(!i){r=a;break}}else i=!1;return-1===r?n?"/":".":n&&1===r?"/":t.slice(0,r)},e.basename=function(t,e){var n=function(t){"string"!=typeof t&&(t+="");var e,n=0,r=-1,i=!0;for(e=t.length-1;e>=0;--e)if(47===t.charCodeAt(e)){if(!i){n=e+1;break}}else-1===r&&(i=!1,r=e+1);return-1===r?"":t.slice(n,r)}(t);return e&&n.substr(-1*e.length)===e&&(n=n.substr(0,n.length-e.length)),n},e.extname=function(t){"string"!=typeof t&&(t+="");for(var e=-1,n=0,r=-1,i=!0,a=0,o=t.length-1;o>=0;--o){var s=t.charCodeAt(o);if(47!==s)-1===r&&(i=!1,r=o+1),46===s?-1===e?e=o:1!==a&&(a=1):-1!==e&&(a=-1);else if(!i){n=o+1;break}}return-1===e||-1===r||0===a||1===a&&e===r-1&&e===n+1?"":t.slice(e,r)};var i="b"==="ab".substr(-1)?function(t,e,n){return t.substr(e,n)}:function(t,e,n){return e<0&&(e=t.length+e),t.substr(e,n)}}).call(this,n(10))},function(t,e,n){"use strict";Object.defineProperty(e,"__esModule",{value:!0});var r=n(76),i=n(100),a=n(180),o=n(181),s=n(182),c={format:{keyword:a.default,hex:i.default,rgb:o.default,rgba:o.default,hsl:s.default,hsla:s.default},parse:function(t){if("string"!=typeof t)return t;var e=i.default.parse(t)||o.default.parse(t)||s.default.parse(t)||a.default.parse(t);if(e)return e;throw new Error('Unsupported color format: "'+t+'"')},stringify:function(t){return!t.changed&&t.color?t.color:t.type.is(r.TYPE.HSL)||void 0===t.data.r?s.default.stringify(t):t.a<1||!Number.isInteger(t.r)||!Number.isInteger(t.g)||!Number.isInteger(t.b)?o.default.stringify(t):i.default.stringify(t)}};e.default=c},function(t,e,n){var r=n(110),i="object"==typeof self&&self&&self.Object===Object&&self,a=r||i||Function("return this")();t.exports=a},function(t,e,n){var r;try{r=n(3)}catch(t){}r||(r=window.graphlib),t.exports=r},function(t,e){t.exports=function(t){return null!=t&&"object"==typeof t}},function(t,e,n){(function(t,r){var i=function(){var t=function(t,e,n,r){for(n=n||{},r=t.length;r--;n[t[r]]=e);return n},e=[1,2],n=[1,3],r=[1,5],i=[1,7],a=[2,5],o=[1,15],s=[1,17],c=[1,19],u=[1,20],l=[1,21],h=[1,22],f=[1,28],d=[1,23],p=[1,24],y=[1,25],g=[1,26],v=[1,29],m=[1,32],b=[1,4,5,14,15,17,19,20,22,23,24,25,26,36,39],_=[1,4,5,12,13,14,15,17,19,20,22,23,24,25,26,36,39],x=[1,4,5,7,14,15,17,19,20,22,23,24,25,26,36,39],k=[4,5,14,15,17,19,20,22,23,24,25,26,36,39],w={trace:function(){},yy:{},symbols_:{error:2,start:3,SPACE:4,NL:5,directive:6,SD:7,document:8,line:9,statement:10,idStatement:11,DESCR:12,"--\x3e":13,HIDE_EMPTY:14,scale:15,WIDTH:16,COMPOSIT_STATE:17,STRUCT_START:18,STRUCT_STOP:19,STATE_DESCR:20,AS:21,ID:22,FORK:23,JOIN:24,CONCURRENT:25,note:26,notePosition:27,NOTE_TEXT:28,openDirective:29,typeDirective:30,closeDirective:31,":":32,argDirective:33,eol:34,";":35,EDGE_STATE:36,left_of:37,right_of:38,open_directive:39,type_directive:40,arg_directive:41,close_directive:42,$accept:0,$end:1},terminals_:{2:"error",4:"SPACE",5:"NL",7:"SD",12:"DESCR",13:"--\x3e",14:"HIDE_EMPTY",15:"scale",16:"WIDTH",17:"COMPOSIT_STATE",18:"STRUCT_START",19:"STRUCT_STOP",20:"STATE_DESCR",21:"AS",22:"ID",23:"FORK",24:"JOIN",25:"CONCURRENT",26:"note",28:"NOTE_TEXT",32:":",35:";",36:"EDGE_STATE",37:"left_of",38:"right_of",39:"open_directive",40:"type_directive",41:"arg_directive",42:"close_directive"},productions_:[0,[3,2],[3,2],[3,2],[3,2],[8,0],[8,2],[9,2],[9,1],[9,1],[10,1],[10,2],[10,3],[10,4],[10,1],[10,2],[10,1],[10,4],[10,3],[10,6],[10,1],[10,1],[10,1],[10,4],[10,4],[10,1],[6,3],[6,5],[34,1],[34,1],[11,1],[11,1],[27,1],[27,1],[29,1],[30,1],[33,1],[31,1]],performAction:function(t,e,n,r,i,a,o){var s=a.length-1;switch(i){case 4:return r.setRootDoc(a[s]),a[s];case 5:this.$=[];break;case 6:"nl"!=a[s]&&(a[s-1].push(a[s]),this.$=a[s-1]);break;case 7:case 8:this.$=a[s];break;case 9:this.$="nl";break;case 10:this.$={stmt:"state",id:a[s],type:"default",description:""};break;case 11:this.$={stmt:"state",id:a[s-1],type:"default",description:r.trimColon(a[s])};break;case 12:this.$={stmt:"relation",state1:{stmt:"state",id:a[s-2],type:"default",description:""},state2:{stmt:"state",id:a[s],type:"default",description:""}};break;case 13:this.$={stmt:"relation",state1:{stmt:"state",id:a[s-3],type:"default",description:""},state2:{stmt:"state",id:a[s-1],type:"default",description:""},description:a[s].substr(1).trim()};break;case 17:this.$={stmt:"state",id:a[s-3],type:"default",description:"",doc:a[s-1]};break;case 18:var c=a[s],u=a[s-2].trim();if(a[s].match(":")){var l=a[s].split(":");c=l[0],u=[u,l[1]]}this.$={stmt:"state",id:c,type:"default",description:u};break;case 19:this.$={stmt:"state",id:a[s-3],type:"default",description:a[s-5],doc:a[s-1]};break;case 20:this.$={stmt:"state",id:a[s],type:"fork"};break;case 21:this.$={stmt:"state",id:a[s],type:"join"};break;case 22:this.$={stmt:"state",id:r.getDividerId(),type:"divider"};break;case 23:this.$={stmt:"state",id:a[s-1].trim(),note:{position:a[s-2].trim(),text:a[s].trim()}};break;case 30:case 31:this.$=a[s];break;case 34:r.parseDirective("%%{","open_directive");break;case 35:r.parseDirective(a[s],"type_directive");break;case 36:a[s]=a[s].trim().replace(/'/g,'"'),r.parseDirective(a[s],"arg_directive");break;case 37:r.parseDirective("}%%","close_directive","state")}},table:[{3:1,4:e,5:n,6:4,7:r,29:6,39:i},{1:[3]},{3:8,4:e,5:n,6:4,7:r,29:6,39:i},{3:9,4:e,5:n,6:4,7:r,29:6,39:i},{3:10,4:e,5:n,6:4,7:r,29:6,39:i},t([1,4,5,14,15,17,20,22,23,24,25,26,36,39],a,{8:11}),{30:12,40:[1,13]},{40:[2,34]},{1:[2,1]},{1:[2,2]},{1:[2,3]},{1:[2,4],4:o,5:s,6:27,9:14,10:16,11:18,14:c,15:u,17:l,20:h,22:f,23:d,24:p,25:y,26:g,29:6,36:v,39:i},{31:30,32:[1,31],42:m},t([32,42],[2,35]),t(b,[2,6]),{6:27,10:33,11:18,14:c,15:u,17:l,20:h,22:f,23:d,24:p,25:y,26:g,29:6,36:v,39:i},t(b,[2,8]),t(b,[2,9]),t(b,[2,10],{12:[1,34],13:[1,35]}),t(b,[2,14]),{16:[1,36]},t(b,[2,16],{18:[1,37]}),{21:[1,38]},t(b,[2,20]),t(b,[2,21]),t(b,[2,22]),{27:39,28:[1,40],37:[1,41],38:[1,42]},t(b,[2,25]),t(_,[2,30]),t(_,[2,31]),t(x,[2,26]),{33:43,41:[1,44]},t(x,[2,37]),t(b,[2,7]),t(b,[2,11]),{11:45,22:f,36:v},t(b,[2,15]),t(k,a,{8:46}),{22:[1,47]},{22:[1,48]},{21:[1,49]},{22:[2,32]},{22:[2,33]},{31:50,42:m},{42:[2,36]},t(b,[2,12],{12:[1,51]}),{4:o,5:s,6:27,9:14,10:16,11:18,14:c,15:u,17:l,19:[1,52],20:h,22:f,23:d,24:p,25:y,26:g,29:6,36:v,39:i},t(b,[2,18],{18:[1,53]}),{28:[1,54]},{22:[1,55]},t(x,[2,27]),t(b,[2,13]),t(b,[2,17]),t(k,a,{8:56}),t(b,[2,23]),t(b,[2,24]),{4:o,5:s,6:27,9:14,10:16,11:18,14:c,15:u,17:l,19:[1,57],20:h,22:f,23:d,24:p,25:y,26:g,29:6,36:v,39:i},t(b,[2,19])],defaultActions:{7:[2,34],8:[2,1],9:[2,2],10:[2,3],41:[2,32],42:[2,33],44:[2,36]},parseError:function(t,e){if(!e.recoverable){var n=new Error(t);throw n.hash=e,n}this.trace(t)},parse:function(t){var e=this,n=[0],r=[],i=[null],a=[],o=this.table,s="",c=0,u=0,l=0,h=2,f=1,d=a.slice.call(arguments,1),p=Object.create(this.lexer),y={yy:{}};for(var g in this.yy)Object.prototype.hasOwnProperty.call(this.yy,g)&&(y.yy[g]=this.yy[g]);p.setInput(t,y.yy),y.yy.lexer=p,y.yy.parser=this,void 0===p.yylloc&&(p.yylloc={});var v=p.yylloc;a.push(v);var m=p.options&&p.options.ranges;function b(){var t;return"number"!=typeof(t=r.pop()||p.lex()||f)&&(t instanceof Array&&(t=(r=t).pop()),t=e.symbols_[t]||t),t}"function"==typeof y.yy.parseError?this.parseError=y.yy.parseError:this.parseError=Object.getPrototypeOf(this).parseError;for(var _,x,k,w,E,T,C,S,A,M={};;){if(k=n[n.length-1],this.defaultActions[k]?w=this.defaultActions[k]:(null==_&&(_=b()),w=o[k]&&o[k][_]),void 0===w||!w.length||!w[0]){var O="";for(T in A=[],o[k])this.terminals_[T]&&T>h&&A.push("'"+this.terminals_[T]+"'");O=p.showPosition?"Parse error on line "+(c+1)+":\n"+p.showPosition()+"\nExpecting "+A.join(", ")+", got '"+(this.terminals_[_]||_)+"'":"Parse error on line "+(c+1)+": Unexpected "+(_==f?"end of input":"'"+(this.terminals_[_]||_)+"'"),this.parseError(O,{text:p.match,token:this.terminals_[_]||_,line:p.yylineno,loc:v,expected:A})}if(w[0]instanceof Array&&w.length>1)throw new Error("Parse Error: multiple actions possible at state: "+k+", token: "+_);switch(w[0]){case 1:n.push(_),i.push(p.yytext),a.push(p.yylloc),n.push(w[1]),_=null,x?(_=x,x=null):(u=p.yyleng,s=p.yytext,c=p.yylineno,v=p.yylloc,l>0&&l--);break;case 2:if(C=this.productions_[w[1]][1],M.$=i[i.length-C],M._$={first_line:a[a.length-(C||1)].first_line,last_line:a[a.length-1].last_line,first_column:a[a.length-(C||1)].first_column,last_column:a[a.length-1].last_column},m&&(M._$.range=[a[a.length-(C||1)].range[0],a[a.length-1].range[1]]),void 0!==(E=this.performAction.apply(M,[s,u,c,y.yy,w[1],i,a].concat(d))))return E;C&&(n=n.slice(0,-1*C*2),i=i.slice(0,-1*C),a=a.slice(0,-1*C)),n.push(this.productions_[w[1]][0]),i.push(M.$),a.push(M._$),S=o[n[n.length-2]][n[n.length-1]],n.push(S);break;case 3:return!0}}return!0}},E={EOF:1,parseError:function(t,e){if(!this.yy.parser)throw new Error(t);this.yy.parser.parseError(t,e)},setInput:function(t,e){return this.yy=e||this.yy||{},this._input=t,this._more=this._backtrack=this.done=!1,this.yylineno=this.yyleng=0,this.yytext=this.matched=this.match="",this.conditionStack=["INITIAL"],this.yylloc={first_line:1,first_column:0,last_line:1,last_column:0},this.options.ranges&&(this.yylloc.range=[0,0]),this.offset=0,this},input:function(){var t=this._input[0];return this.yytext+=t,this.yyleng++,this.offset++,this.match+=t,this.matched+=t,t.match(/(?:\r\n?|\n).*/g)?(this.yylineno++,this.yylloc.last_line++):this.yylloc.last_column++,this.options.ranges&&this.yylloc.range[1]++,this._input=this._input.slice(1),t},unput:function(t){var e=t.length,n=t.split(/(?:\r\n?|\n)/g);this._input=t+this._input,this.yytext=this.yytext.substr(0,this.yytext.length-e),this.offset-=e;var r=this.match.split(/(?:\r\n?|\n)/g);this.match=this.match.substr(0,this.match.length-1),this.matched=this.matched.substr(0,this.matched.length-1),n.length-1&&(this.yylineno-=n.length-1);var i=this.yylloc.range;return this.yylloc={first_line:this.yylloc.first_line,last_line:this.yylineno+1,first_column:this.yylloc.first_column,last_column:n?(n.length===r.length?this.yylloc.first_column:0)+r[r.length-n.length].length-n[0].length:this.yylloc.first_column-e},this.options.ranges&&(this.yylloc.range=[i[0],i[0]+this.yyleng-e]),this.yyleng=this.yytext.length,this},more:function(){return this._more=!0,this},reject:function(){return this.options.backtrack_lexer?(this._backtrack=!0,this):this.parseError("Lexical error on line "+(this.yylineno+1)+". You can only invoke reject() in the lexer when the lexer is of the backtracking persuasion (options.backtrack_lexer = true).\n"+this.showPosition(),{text:"",token:null,line:this.yylineno})},less:function(t){this.unput(this.match.slice(t))},pastInput:function(){var t=this.matched.substr(0,this.matched.length-this.match.length);return(t.length>20?"...":"")+t.substr(-20).replace(/\n/g,"")},upcomingInput:function(){var t=this.match;return t.length<20&&(t+=this._input.substr(0,20-t.length)),(t.substr(0,20)+(t.length>20?"...":"")).replace(/\n/g,"")},showPosition:function(){var t=this.pastInput(),e=new Array(t.length+1).join("-");return t+this.upcomingInput()+"\n"+e+"^"},test_match:function(t,e){var n,r,i;if(this.options.backtrack_lexer&&(i={yylineno:this.yylineno,yylloc:{first_line:this.yylloc.first_line,last_line:this.last_line,first_column:this.yylloc.first_column,last_column:this.yylloc.last_column},yytext:this.yytext,match:this.match,matches:this.matches,matched:this.matched,yyleng:this.yyleng,offset:this.offset,_more:this._more,_input:this._input,yy:this.yy,conditionStack:this.conditionStack.slice(0),done:this.done},this.options.ranges&&(i.yylloc.range=this.yylloc.range.slice(0))),(r=t[0].match(/(?:\r\n?|\n).*/g))&&(this.yylineno+=r.length),this.yylloc={first_line:this.yylloc.last_line,last_line:this.yylineno+1,first_column:this.yylloc.last_column,last_column:r?r[r.length-1].length-r[r.length-1].match(/\r?\n?/)[0].length:this.yylloc.last_column+t[0].length},this.yytext+=t[0],this.match+=t[0],this.matches=t,this.yyleng=this.yytext.length,this.options.ranges&&(this.yylloc.range=[this.offset,this.offset+=this.yyleng]),this._more=!1,this._backtrack=!1,this._input=this._input.slice(t[0].length),this.matched+=t[0],n=this.performAction.call(this,this.yy,this,e,this.conditionStack[this.conditionStack.length-1]),this.done&&this._input&&(this.done=!1),n)return n;if(this._backtrack){for(var a in i)this[a]=i[a];return!1}return!1},next:function(){if(this.done)return this.EOF;var t,e,n,r;this._input||(this.done=!0),this._more||(this.yytext="",this.match="");for(var i=this._currentRules(),a=0;a<i.length;a++)if((n=this._input.match(this.rules[i[a]]))&&(!e||n[0].length>e[0].length)){if(e=n,r=a,this.options.backtrack_lexer){if(!1!==(t=this.test_match(n,i[a])))return t;if(this._backtrack){e=!1;continue}return!1}if(!this.options.flex)break}return e?!1!==(t=this.test_match(e,i[r]))&&t:""===this._input?this.EOF:this.parseError("Lexical error on line "+(this.yylineno+1)+". Unrecognized text.\n"+this.showPosition(),{text:"",token:null,line:this.yylineno})},lex:function(){var t=this.next();return t||this.lex()},begin:function(t){this.conditionStack.push(t)},popState:function(){return this.conditionStack.length-1>0?this.conditionStack.pop():this.conditionStack[0]},_currentRules:function(){return this.conditionStack.length&&this.conditionStack[this.conditionStack.length-1]?this.conditions[this.conditionStack[this.conditionStack.length-1]].rules:this.conditions.INITIAL.rules},topState:function(t){return(t=this.conditionStack.length-1-Math.abs(t||0))>=0?this.conditionStack[t]:"INITIAL"},pushState:function(t){this.begin(t)},stateStackSize:function(){return this.conditionStack.length},options:{"case-insensitive":!0},performAction:function(t,e,n,r){switch(n){case 0:return this.begin("open_directive"),39;case 1:return this.begin("type_directive"),40;case 2:return this.popState(),this.begin("arg_directive"),32;case 3:return this.popState(),this.popState(),42;case 4:return 41;case 5:break;case 6:console.log("Crap after close");break;case 7:return 5;case 8:case 9:case 10:case 11:break;case 12:return this.pushState("SCALE"),15;case 13:return 16;case 14:this.popState();break;case 15:this.pushState("STATE");break;case 16:return this.popState(),e.yytext=e.yytext.slice(0,-8).trim(),23;case 17:return this.popState(),e.yytext=e.yytext.slice(0,-8).trim(),24;case 18:return this.popState(),e.yytext=e.yytext.slice(0,-8).trim(),23;case 19:return this.popState(),e.yytext=e.yytext.slice(0,-8).trim(),24;case 20:this.begin("STATE_STRING");break;case 21:return this.popState(),this.pushState("STATE_ID"),"AS";case 22:return this.popState(),"ID";case 23:this.popState();break;case 24:return"STATE_DESCR";case 25:return 17;case 26:this.popState();break;case 27:return this.popState(),this.pushState("struct"),18;case 28:return this.popState(),19;case 29:break;case 30:return this.begin("NOTE"),26;case 31:return this.popState(),this.pushState("NOTE_ID"),37;case 32:return this.popState(),this.pushState("NOTE_ID"),38;case 33:this.popState(),this.pushState("FLOATING_NOTE");break;case 34:return this.popState(),this.pushState("FLOATING_NOTE_ID"),"AS";case 35:break;case 36:return"NOTE_TEXT";case 37:return this.popState(),"ID";case 38:return this.popState(),this.pushState("NOTE_TEXT"),22;case 39:return this.popState(),e.yytext=e.yytext.substr(2).trim(),28;case 40:return this.popState(),e.yytext=e.yytext.slice(0,-8).trim(),28;case 41:case 42:return 7;case 43:return 14;case 44:return 36;case 45:return 22;case 46:return e.yytext=e.yytext.trim(),12;case 47:return 13;case 48:return 25;case 49:return 5;case 50:return"INVALID"}},rules:[/^(?:%%\{)/i,/^(?:((?:(?!\}%%)[^:.])*))/i,/^(?::)/i,/^(?:\}%%)/i,/^(?:((?:(?!\}%%).|\n)*))/i,/^(?:%%(?!\{)[^\n]*)/i,/^(?:[^\}]%%[^\n]*)/i,/^(?:[\n]+)/i,/^(?:[\s]+)/i,/^(?:((?!\n)\s)+)/i,/^(?:#[^\n]*)/i,/^(?:%[^\n]*)/i,/^(?:scale\s+)/i,/^(?:\d+)/i,/^(?:\s+width\b)/i,/^(?:state\s+)/i,/^(?:.*<<fork>>)/i,/^(?:.*<<join>>)/i,/^(?:.*\[\[fork\]\])/i,/^(?:.*\[\[join\]\])/i,/^(?:["])/i,/^(?:\s*as\s+)/i,/^(?:[^\n\{]*)/i,/^(?:["])/i,/^(?:[^"]*)/i,/^(?:[^\n\s\{]+)/i,/^(?:\n)/i,/^(?:\{)/i,/^(?:\})/i,/^(?:[\n])/i,/^(?:note\s+)/i,/^(?:left of\b)/i,/^(?:right of\b)/i,/^(?:")/i,/^(?:\s*as\s*)/i,/^(?:["])/i,/^(?:[^"]*)/i,/^(?:[^\n]*)/i,/^(?:\s*[^:\n\s\-]+)/i,/^(?:\s*:[^:\n;]+)/i,/^(?:[\s\S]*?end note\b)/i,/^(?:stateDiagram\s+)/i,/^(?:stateDiagram-v2\s+)/i,/^(?:hide empty description\b)/i,/^(?:\[\*\])/i,/^(?:[^:\n\s\-\{]+)/i,/^(?:\s*:[^:\n;]+)/i,/^(?:-->)/i,/^(?:--)/i,/^(?:$)/i,/^(?:.)/i],conditions:{LINE:{rules:[9,10],inclusive:!1},close_directive:{rules:[9,10],inclusive:!1},arg_directive:{rules:[3,4,9,10],inclusive:!1},type_directive:{rules:[2,3,9,10],inclusive:!1},open_directive:{rules:[1,9,10],inclusive:!1},struct:{rules:[9,10,15,28,29,30,44,45,46,47,48],inclusive:!1},FLOATING_NOTE_ID:{rules:[37],inclusive:!1},FLOATING_NOTE:{rules:[34,35,36],inclusive:!1},NOTE_TEXT:{rules:[39,40],inclusive:!1},NOTE_ID:{rules:[38],inclusive:!1},NOTE:{rules:[31,32,33],inclusive:!1},SCALE:{rules:[13,14],inclusive:!1},ALIAS:{rules:[],inclusive:!1},STATE_ID:{rules:[22],inclusive:!1},STATE_STRING:{rules:[23,24],inclusive:!1},FORK_STATE:{rules:[],inclusive:!1},STATE:{rules:[9,10,16,17,18,19,20,21,25,26,27],inclusive:!1},ID:{rules:[9,10],inclusive:!1},INITIAL:{rules:[0,5,6,7,8,10,11,12,15,27,30,41,42,43,44,45,46,47,49,50],inclusive:!0}}};function T(){this.yy={}}return w.lexer=E,T.prototype=w,w.Parser=T,new T}();e.parser=i,e.Parser=i.Parser,e.parse=function(){return i.parse.apply(i,arguments)},e.main=function(r){r[1]||(console.log("Usage: "+r[0]+" FILE"),t.exit(1));var i=n(16).readFileSync(n(17).normalize(r[1]),"utf8");return e.parser.parse(i)},n.c[n.s]===r&&e.main(t.argv.slice(1))}).call(this,n(10),n(6)(t))},function(t,e,n){(function(t){t.exports=function(){"use strict";var e,r;function i(){return e.apply(null,arguments)}function a(t){return t instanceof Array||"[object Array]"===Object.prototype.toString.call(t)}function o(t){return null!=t&&"[object Object]"===Object.prototype.toString.call(t)}function s(t){return void 0===t}function c(t){return"number"==typeof t||"[object Number]"===Object.prototype.toString.call(t)}function u(t){return t instanceof Date||"[object Date]"===Object.prototype.toString.call(t)}function l(t,e){var n,r=[];for(n=0;n<t.length;++n)r.push(e(t[n],n));return r}function h(t,e){return Object.prototype.hasOwnProperty.call(t,e)}function f(t,e){for(var n in e)h(e,n)&&(t[n]=e[n]);return h(e,"toString")&&(t.toString=e.toString),h(e,"valueOf")&&(t.valueOf=e.valueOf),t}function d(t,e,n,r){return be(t,e,n,r,!0).utc()}function p(t){return null==t._pf&&(t._pf={empty:!1,unusedTokens:[],unusedInput:[],overflow:-2,charsLeftOver:0,nullInput:!1,invalidMonth:null,invalidFormat:!1,userInvalidated:!1,iso:!1,parsedDateParts:[],meridiem:null,rfc2822:!1,weekdayMismatch:!1}),t._pf}function y(t){if(null==t._isValid){var e=p(t),n=r.call(e.parsedDateParts,(function(t){return null!=t})),i=!isNaN(t._d.getTime())&&e.overflow<0&&!e.empty&&!e.invalidMonth&&!e.invalidWeekday&&!e.weekdayMismatch&&!e.nullInput&&!e.invalidFormat&&!e.userInvalidated&&(!e.meridiem||e.meridiem&&n);if(t._strict&&(i=i&&0===e.charsLeftOver&&0===e.unusedTokens.length&&void 0===e.bigHour),null!=Object.isFrozen&&Object.isFrozen(t))return i;t._isValid=i}return t._isValid}function g(t){var e=d(NaN);return null!=t?f(p(e),t):p(e).userInvalidated=!0,e}r=Array.prototype.some?Array.prototype.some:function(t){for(var e=Object(this),n=e.length>>>0,r=0;r<n;r++)if(r in e&&t.call(this,e[r],r,e))return!0;return!1};var v=i.momentProperties=[];function m(t,e){var n,r,i;if(s(e._isAMomentObject)||(t._isAMomentObject=e._isAMomentObject),s(e._i)||(t._i=e._i),s(e._f)||(t._f=e._f),s(e._l)||(t._l=e._l),s(e._strict)||(t._strict=e._strict),s(e._tzm)||(t._tzm=e._tzm),s(e._isUTC)||(t._isUTC=e._isUTC),s(e._offset)||(t._offset=e._offset),s(e._pf)||(t._pf=p(e)),s(e._locale)||(t._locale=e._locale),0<v.length)for(n=0;n<v.length;n++)s(i=e[r=v[n]])||(t[r]=i);return t}var b=!1;function _(t){m(this,t),this._d=new Date(null!=t._d?t._d.getTime():NaN),this.isValid()||(this._d=new Date(NaN)),!1===b&&(b=!0,i.updateOffset(this),b=!1)}function x(t){return t instanceof _||null!=t&&null!=t._isAMomentObject}function k(t){return t<0?Math.ceil(t)||0:Math.floor(t)}function w(t){var e=+t,n=0;return 0!==e&&isFinite(e)&&(n=k(e)),n}function E(t,e,n){var r,i=Math.min(t.length,e.length),a=Math.abs(t.length-e.length),o=0;for(r=0;r<i;r++)(n&&t[r]!==e[r]||!n&&w(t[r])!==w(e[r]))&&o++;return o+a}function T(t){!1===i.suppressDeprecationWarnings&&"undefined"!=typeof console&&console.warn&&console.warn("Deprecation warning: "+t)}function C(t,e){var n=!0;return f((function(){if(null!=i.deprecationHandler&&i.deprecationHandler(null,t),n){for(var r,a=[],o=0;o<arguments.length;o++){if(r="","object"==typeof arguments[o]){for(var s in r+="\n["+o+"] ",arguments[0])r+=s+": "+arguments[0][s]+", ";r=r.slice(0,-2)}else r=arguments[o];a.push(r)}T(t+"\nArguments: "+Array.prototype.slice.call(a).join("")+"\n"+(new Error).stack),n=!1}return e.apply(this,arguments)}),e)}var S,A={};function M(t,e){null!=i.deprecationHandler&&i.deprecationHandler(t,e),A[t]||(T(e),A[t]=!0)}function O(t){return t instanceof Function||"[object Function]"===Object.prototype.toString.call(t)}function N(t,e){var n,r=f({},t);for(n in e)h(e,n)&&(o(t[n])&&o(e[n])?(r[n]={},f(r[n],t[n]),f(r[n],e[n])):null!=e[n]?r[n]=e[n]:delete r[n]);for(n in t)h(t,n)&&!h(e,n)&&o(t[n])&&(r[n]=f({},r[n]));return r}function D(t){null!=t&&this.set(t)}i.suppressDeprecationWarnings=!1,i.deprecationHandler=null,S=Object.keys?Object.keys:function(t){var e,n=[];for(e in t)h(t,e)&&n.push(e);return n};var B={};function L(t,e){var n=t.toLowerCase();B[n]=B[n+"s"]=B[e]=t}function I(t){return"string"==typeof t?B[t]||B[t.toLowerCase()]:void 0}function R(t){var e,n,r={};for(n in t)h(t,n)&&(e=I(n))&&(r[e]=t[n]);return r}var F={};function P(t,e){F[t]=e}function j(t,e,n){var r=""+Math.abs(t),i=e-r.length;return(0<=t?n?"+":"":"-")+Math.pow(10,Math.max(0,i)).toString().substr(1)+r}var Y=/(\[[^\[]*\])|(\\)?([Hh]mm(ss)?|Mo|MM?M?M?|Do|DDDo|DD?D?D?|ddd?d?|do?|w[o|w]?|W[o|W]?|Qo?|YYYYYY|YYYYY|YYYY|YY|gg(ggg?)?|GG(GGG?)?|e|E|a|A|hh?|HH?|kk?|mm?|ss?|S{1,9}|x|X|zz?|ZZ?|.)/g,z=/(\[[^\[]*\])|(\\)?(LTS|LT|LL?L?L?|l{1,4})/g,U={},$={};function W(t,e,n,r){var i=r;"string"==typeof r&&(i=function(){return this[r]()}),t&&($[t]=i),e&&($[e[0]]=function(){return j(i.apply(this,arguments),e[1],e[2])}),n&&($[n]=function(){return this.localeData().ordinal(i.apply(this,arguments),t)})}function V(t,e){return t.isValid()?(e=q(e,t.localeData()),U[e]=U[e]||function(t){var e,n,r,i=t.match(Y);for(e=0,n=i.length;e<n;e++)$[i[e]]?i[e]=$[i[e]]:i[e]=(r=i[e]).match(/\[[\s\S]/)?r.replace(/^\[|\]$/g,""):r.replace(/\\/g,"");return function(e){var r,a="";for(r=0;r<n;r++)a+=O(i[r])?i[r].call(e,t):i[r];return a}}(e),U[e](t)):t.localeData().invalidDate()}function q(t,e){var n=5;function r(t){return e.longDateFormat(t)||t}for(z.lastIndex=0;0<=n&&z.test(t);)t=t.replace(z,r),z.lastIndex=0,n-=1;return t}var H=/\d/,G=/\d\d/,X=/\d{3}/,Z=/\d{4}/,Q=/[+-]?\d{6}/,K=/\d\d?/,J=/\d\d\d\d?/,tt=/\d\d\d\d\d\d?/,et=/\d{1,3}/,nt=/\d{1,4}/,rt=/[+-]?\d{1,6}/,it=/\d+/,at=/[+-]?\d+/,ot=/Z|[+-]\d\d:?\d\d/gi,st=/Z|[+-]\d\d(?::?\d\d)?/gi,ct=/[0-9]{0,256}['a-z\u00A0-\u05FF\u0700-\uD7FF\uF900-\uFDCF\uFDF0-\uFF07\uFF10-\uFFEF]{1,256}|[\u0600-\u06FF\/]{1,256}(\s*?[\u0600-\u06FF]{1,256}){1,2}/i,ut={};function lt(t,e,n){ut[t]=O(e)?e:function(t,r){return t&&n?n:e}}function ht(t,e){return h(ut,t)?ut[t](e._strict,e._locale):new RegExp(ft(t.replace("\\","").replace(/\\(\[)|\\(\])|\[([^\]\[]*)\]|\\(.)/g,(function(t,e,n,r,i){return e||n||r||i}))))}function ft(t){return t.replace(/[-\/\\^$*+?.()|[\]{}]/g,"\\$&")}var dt={};function pt(t,e){var n,r=e;for("string"==typeof t&&(t=[t]),c(e)&&(r=function(t,n){n[e]=w(t)}),n=0;n<t.length;n++)dt[t[n]]=r}function yt(t,e){pt(t,(function(t,n,r,i){r._w=r._w||{},e(t,r._w,r,i)}))}function gt(t){return vt(t)?366:365}function vt(t){return t%4==0&&t%100!=0||t%400==0}W("Y",0,0,(function(){var t=this.year();return t<=9999?""+t:"+"+t})),W(0,["YY",2],0,(function(){return this.year()%100})),W(0,["YYYY",4],0,"year"),W(0,["YYYYY",5],0,"year"),W(0,["YYYYYY",6,!0],0,"year"),L("year","y"),P("year",1),lt("Y",at),lt("YY",K,G),lt("YYYY",nt,Z),lt("YYYYY",rt,Q),lt("YYYYYY",rt,Q),pt(["YYYYY","YYYYYY"],0),pt("YYYY",(function(t,e){e[0]=2===t.length?i.parseTwoDigitYear(t):w(t)})),pt("YY",(function(t,e){e[0]=i.parseTwoDigitYear(t)})),pt("Y",(function(t,e){e[0]=parseInt(t,10)})),i.parseTwoDigitYear=function(t){return w(t)+(68<w(t)?1900:2e3)};var mt,bt=_t("FullYear",!0);function _t(t,e){return function(n){return null!=n?(kt(this,t,n),i.updateOffset(this,e),this):xt(this,t)}}function xt(t,e){return t.isValid()?t._d["get"+(t._isUTC?"UTC":"")+e]():NaN}function kt(t,e,n){t.isValid()&&!isNaN(n)&&("FullYear"===e&&vt(t.year())&&1===t.month()&&29===t.date()?t._d["set"+(t._isUTC?"UTC":"")+e](n,t.month(),wt(n,t.month())):t._d["set"+(t._isUTC?"UTC":"")+e](n))}function wt(t,e){if(isNaN(t)||isNaN(e))return NaN;var n=(e%12+12)%12;return t+=(e-n)/12,1===n?vt(t)?29:28:31-n%7%2}mt=Array.prototype.indexOf?Array.prototype.indexOf:function(t){var e;for(e=0;e<this.length;++e)if(this[e]===t)return e;return-1},W("M",["MM",2],"Mo",(function(){return this.month()+1})),W("MMM",0,0,(function(t){return this.localeData().monthsShort(this,t)})),W("MMMM",0,0,(function(t){return this.localeData().months(this,t)})),L("month","M"),P("month",8),lt("M",K),lt("MM",K,G),lt("MMM",(function(t,e){return e.monthsShortRegex(t)})),lt("MMMM",(function(t,e){return e.monthsRegex(t)})),pt(["M","MM"],(function(t,e){e[1]=w(t)-1})),pt(["MMM","MMMM"],(function(t,e,n,r){var i=n._locale.monthsParse(t,r,n._strict);null!=i?e[1]=i:p(n).invalidMonth=t}));var Et=/D[oD]?(\[[^\[\]]*\]|\s)+MMMM?/,Tt="January_February_March_April_May_June_July_August_September_October_November_December".split("_"),Ct="Jan_Feb_Mar_Apr_May_Jun_Jul_Aug_Sep_Oct_Nov_Dec".split("_");function St(t,e){var n;if(!t.isValid())return t;if("string"==typeof e)if(/^\d+$/.test(e))e=w(e);else if(!c(e=t.localeData().monthsParse(e)))return t;return n=Math.min(t.date(),wt(t.year(),e)),t._d["set"+(t._isUTC?"UTC":"")+"Month"](e,n),t}function At(t){return null!=t?(St(this,t),i.updateOffset(this,!0),this):xt(this,"Month")}var Mt=ct,Ot=ct;function Nt(){function t(t,e){return e.length-t.length}var e,n,r=[],i=[],a=[];for(e=0;e<12;e++)n=d([2e3,e]),r.push(this.monthsShort(n,"")),i.push(this.months(n,"")),a.push(this.months(n,"")),a.push(this.monthsShort(n,""));for(r.sort(t),i.sort(t),a.sort(t),e=0;e<12;e++)r[e]=ft(r[e]),i[e]=ft(i[e]);for(e=0;e<24;e++)a[e]=ft(a[e]);this._monthsRegex=new RegExp("^("+a.join("|")+")","i"),this._monthsShortRegex=this._monthsRegex,this._monthsStrictRegex=new RegExp("^("+i.join("|")+")","i"),this._monthsShortStrictRegex=new RegExp("^("+r.join("|")+")","i")}function Dt(t){var e;if(t<100&&0<=t){var n=Array.prototype.slice.call(arguments);n[0]=t+400,e=new Date(Date.UTC.apply(null,n)),isFinite(e.getUTCFullYear())&&e.setUTCFullYear(t)}else e=new Date(Date.UTC.apply(null,arguments));return e}function Bt(t,e,n){var r=7+e-n;return-(7+Dt(t,0,r).getUTCDay()-e)%7+r-1}function Lt(t,e,n,r,i){var a,o,s=1+7*(e-1)+(7+n-r)%7+Bt(t,r,i);return o=s<=0?gt(a=t-1)+s:s>gt(t)?(a=t+1,s-gt(t)):(a=t,s),{year:a,dayOfYear:o}}function It(t,e,n){var r,i,a=Bt(t.year(),e,n),o=Math.floor((t.dayOfYear()-a-1)/7)+1;return o<1?r=o+Rt(i=t.year()-1,e,n):o>Rt(t.year(),e,n)?(r=o-Rt(t.year(),e,n),i=t.year()+1):(i=t.year(),r=o),{week:r,year:i}}function Rt(t,e,n){var r=Bt(t,e,n),i=Bt(t+1,e,n);return(gt(t)-r+i)/7}function Ft(t,e){return t.slice(e,7).concat(t.slice(0,e))}W("w",["ww",2],"wo","week"),W("W",["WW",2],"Wo","isoWeek"),L("week","w"),L("isoWeek","W"),P("week",5),P("isoWeek",5),lt("w",K),lt("ww",K,G),lt("W",K),lt("WW",K,G),yt(["w","ww","W","WW"],(function(t,e,n,r){e[r.substr(0,1)]=w(t)})),W("d",0,"do","day"),W("dd",0,0,(function(t){return this.localeData().weekdaysMin(this,t)})),W("ddd",0,0,(function(t){return this.localeData().weekdaysShort(this,t)})),W("dddd",0,0,(function(t){return this.localeData().weekdays(this,t)})),W("e",0,0,"weekday"),W("E",0,0,"isoWeekday"),L("day","d"),L("weekday","e"),L("isoWeekday","E"),P("day",11),P("weekday",11),P("isoWeekday",11),lt("d",K),lt("e",K),lt("E",K),lt("dd",(function(t,e){return e.weekdaysMinRegex(t)})),lt("ddd",(function(t,e){return e.weekdaysShortRegex(t)})),lt("dddd",(function(t,e){return e.weekdaysRegex(t)})),yt(["dd","ddd","dddd"],(function(t,e,n,r){var i=n._locale.weekdaysParse(t,r,n._strict);null!=i?e.d=i:p(n).invalidWeekday=t})),yt(["d","e","E"],(function(t,e,n,r){e[r]=w(t)}));var Pt="Sunday_Monday_Tuesday_Wednesday_Thursday_Friday_Saturday".split("_"),jt="Sun_Mon_Tue_Wed_Thu_Fri_Sat".split("_"),Yt="Su_Mo_Tu_We_Th_Fr_Sa".split("_"),zt=ct,Ut=ct,$t=ct;function Wt(){function t(t,e){return e.length-t.length}var e,n,r,i,a,o=[],s=[],c=[],u=[];for(e=0;e<7;e++)n=d([2e3,1]).day(e),r=this.weekdaysMin(n,""),i=this.weekdaysShort(n,""),a=this.weekdays(n,""),o.push(r),s.push(i),c.push(a),u.push(r),u.push(i),u.push(a);for(o.sort(t),s.sort(t),c.sort(t),u.sort(t),e=0;e<7;e++)s[e]=ft(s[e]),c[e]=ft(c[e]),u[e]=ft(u[e]);this._weekdaysRegex=new RegExp("^("+u.join("|")+")","i"),this._weekdaysShortRegex=this._weekdaysRegex,this._weekdaysMinRegex=this._weekdaysRegex,this._weekdaysStrictRegex=new RegExp("^("+c.join("|")+")","i"),this._weekdaysShortStrictRegex=new RegExp("^("+s.join("|")+")","i"),this._weekdaysMinStrictRegex=new RegExp("^("+o.join("|")+")","i")}function Vt(){return this.hours()%12||12}function qt(t,e){W(t,0,0,(function(){return this.localeData().meridiem(this.hours(),this.minutes(),e)}))}function Ht(t,e){return e._meridiemParse}W("H",["HH",2],0,"hour"),W("h",["hh",2],0,Vt),W("k",["kk",2],0,(function(){return this.hours()||24})),W("hmm",0,0,(function(){return""+Vt.apply(this)+j(this.minutes(),2)})),W("hmmss",0,0,(function(){return""+Vt.apply(this)+j(this.minutes(),2)+j(this.seconds(),2)})),W("Hmm",0,0,(function(){return""+this.hours()+j(this.minutes(),2)})),W("Hmmss",0,0,(function(){return""+this.hours()+j(this.minutes(),2)+j(this.seconds(),2)})),qt("a",!0),qt("A",!1),L("hour","h"),P("hour",13),lt("a",Ht),lt("A",Ht),lt("H",K),lt("h",K),lt("k",K),lt("HH",K,G),lt("hh",K,G),lt("kk",K,G),lt("hmm",J),lt("hmmss",tt),lt("Hmm",J),lt("Hmmss",tt),pt(["H","HH"],3),pt(["k","kk"],(function(t,e,n){var r=w(t);e[3]=24===r?0:r})),pt(["a","A"],(function(t,e,n){n._isPm=n._locale.isPM(t),n._meridiem=t})),pt(["h","hh"],(function(t,e,n){e[3]=w(t),p(n).bigHour=!0})),pt("hmm",(function(t,e,n){var r=t.length-2;e[3]=w(t.substr(0,r)),e[4]=w(t.substr(r)),p(n).bigHour=!0})),pt("hmmss",(function(t,e,n){var r=t.length-4,i=t.length-2;e[3]=w(t.substr(0,r)),e[4]=w(t.substr(r,2)),e[5]=w(t.substr(i)),p(n).bigHour=!0})),pt("Hmm",(function(t,e,n){var r=t.length-2;e[3]=w(t.substr(0,r)),e[4]=w(t.substr(r))})),pt("Hmmss",(function(t,e,n){var r=t.length-4,i=t.length-2;e[3]=w(t.substr(0,r)),e[4]=w(t.substr(r,2)),e[5]=w(t.substr(i))}));var Gt,Xt=_t("Hours",!0),Zt={calendar:{sameDay:"[Today at] LT",nextDay:"[Tomorrow at] LT",nextWeek:"dddd [at] LT",lastDay:"[Yesterday at] LT",lastWeek:"[Last] dddd [at] LT",sameElse:"L"},longDateFormat:{LTS:"h:mm:ss A",LT:"h:mm A",L:"MM/DD/YYYY",LL:"MMMM D, YYYY",LLL:"MMMM D, YYYY h:mm A",LLLL:"dddd, MMMM D, YYYY h:mm A"},invalidDate:"Invalid date",ordinal:"%d",dayOfMonthOrdinalParse:/\d{1,2}/,relativeTime:{future:"in %s",past:"%s ago",s:"a few seconds",ss:"%d seconds",m:"a minute",mm:"%d minutes",h:"an hour",hh:"%d hours",d:"a day",dd:"%d days",M:"a month",MM:"%d months",y:"a year",yy:"%d years"},months:Tt,monthsShort:Ct,week:{dow:0,doy:6},weekdays:Pt,weekdaysMin:Yt,weekdaysShort:jt,meridiemParse:/[ap]\.?m?\.?/i},Qt={},Kt={};function Jt(t){return t?t.toLowerCase().replace("_","-"):t}function te(e){var r=null;if(!Qt[e]&&void 0!==t&&t&&t.exports)try{r=Gt._abbr,n(172)("./"+e),ee(r)}catch(e){}return Qt[e]}function ee(t,e){var n;return t&&((n=s(e)?re(t):ne(t,e))?Gt=n:"undefined"!=typeof console&&console.warn&&console.warn("Locale "+t+" not found. Did you forget to load it?")),Gt._abbr}function ne(t,e){if(null===e)return delete Qt[t],null;var n,r=Zt;if(e.abbr=t,null!=Qt[t])M("defineLocaleOverride","use moment.updateLocale(localeName, config) to change an existing locale. moment.defineLocale(localeName, config) should only be used for creating a new locale See http://momentjs.com/guides/#/warnings/define-locale/ for more info."),r=Qt[t]._config;else if(null!=e.parentLocale)if(null!=Qt[e.parentLocale])r=Qt[e.parentLocale]._config;else{if(null==(n=te(e.parentLocale)))return Kt[e.parentLocale]||(Kt[e.parentLocale]=[]),Kt[e.parentLocale].push({name:t,config:e}),null;r=n._config}return Qt[t]=new D(N(r,e)),Kt[t]&&Kt[t].forEach((function(t){ne(t.name,t.config)})),ee(t),Qt[t]}function re(t){var e;if(t&&t._locale&&t._locale._abbr&&(t=t._locale._abbr),!t)return Gt;if(!a(t)){if(e=te(t))return e;t=[t]}return function(t){for(var e,n,r,i,a=0;a<t.length;){for(e=(i=Jt(t[a]).split("-")).length,n=(n=Jt(t[a+1]))?n.split("-"):null;0<e;){if(r=te(i.slice(0,e).join("-")))return r;if(n&&n.length>=e&&E(i,n,!0)>=e-1)break;e--}a++}return Gt}(t)}function ie(t){var e,n=t._a;return n&&-2===p(t).overflow&&(e=n[1]<0||11<n[1]?1:n[2]<1||n[2]>wt(n[0],n[1])?2:n[3]<0||24<n[3]||24===n[3]&&(0!==n[4]||0!==n[5]||0!==n[6])?3:n[4]<0||59<n[4]?4:n[5]<0||59<n[5]?5:n[6]<0||999<n[6]?6:-1,p(t)._overflowDayOfYear&&(e<0||2<e)&&(e=2),p(t)._overflowWeeks&&-1===e&&(e=7),p(t)._overflowWeekday&&-1===e&&(e=8),p(t).overflow=e),t}function ae(t,e,n){return null!=t?t:null!=e?e:n}function oe(t){var e,n,r,a,o,s=[];if(!t._d){var c,u;for(c=t,u=new Date(i.now()),r=c._useUTC?[u.getUTCFullYear(),u.getUTCMonth(),u.getUTCDate()]:[u.getFullYear(),u.getMonth(),u.getDate()],t._w&&null==t._a[2]&&null==t._a[1]&&function(t){var e,n,r,i,a,o,s,c;if(null!=(e=t._w).GG||null!=e.W||null!=e.E)a=1,o=4,n=ae(e.GG,t._a[0],It(_e(),1,4).year),r=ae(e.W,1),((i=ae(e.E,1))<1||7<i)&&(c=!0);else{a=t._locale._week.dow,o=t._locale._week.doy;var u=It(_e(),a,o);n=ae(e.gg,t._a[0],u.year),r=ae(e.w,u.week),null!=e.d?((i=e.d)<0||6<i)&&(c=!0):null!=e.e?(i=e.e+a,(e.e<0||6<e.e)&&(c=!0)):i=a}r<1||r>Rt(n,a,o)?p(t)._overflowWeeks=!0:null!=c?p(t)._overflowWeekday=!0:(s=Lt(n,r,i,a,o),t._a[0]=s.year,t._dayOfYear=s.dayOfYear)}(t),null!=t._dayOfYear&&(o=ae(t._a[0],r[0]),(t._dayOfYear>gt(o)||0===t._dayOfYear)&&(p(t)._overflowDayOfYear=!0),n=Dt(o,0,t._dayOfYear),t._a[1]=n.getUTCMonth(),t._a[2]=n.getUTCDate()),e=0;e<3&&null==t._a[e];++e)t._a[e]=s[e]=r[e];for(;e<7;e++)t._a[e]=s[e]=null==t._a[e]?2===e?1:0:t._a[e];24===t._a[3]&&0===t._a[4]&&0===t._a[5]&&0===t._a[6]&&(t._nextDay=!0,t._a[3]=0),t._d=(t._useUTC?Dt:function(t,e,n,r,i,a,o){var s;return t<100&&0<=t?(s=new Date(t+400,e,n,r,i,a,o),isFinite(s.getFullYear())&&s.setFullYear(t)):s=new Date(t,e,n,r,i,a,o),s}).apply(null,s),a=t._useUTC?t._d.getUTCDay():t._d.getDay(),null!=t._tzm&&t._d.setUTCMinutes(t._d.getUTCMinutes()-t._tzm),t._nextDay&&(t._a[3]=24),t._w&&void 0!==t._w.d&&t._w.d!==a&&(p(t).weekdayMismatch=!0)}}var se=/^\s*((?:[+-]\d{6}|\d{4})-(?:\d\d-\d\d|W\d\d-\d|W\d\d|\d\d\d|\d\d))(?:(T| )(\d\d(?::\d\d(?::\d\d(?:[.,]\d+)?)?)?)([\+\-]\d\d(?::?\d\d)?|\s*Z)?)?$/,ce=/^\s*((?:[+-]\d{6}|\d{4})(?:\d\d\d\d|W\d\d\d|W\d\d|\d\d\d|\d\d))(?:(T| )(\d\d(?:\d\d(?:\d\d(?:[.,]\d+)?)?)?)([\+\-]\d\d(?::?\d\d)?|\s*Z)?)?$/,ue=/Z|[+-]\d\d(?::?\d\d)?/,le=[["YYYYYY-MM-DD",/[+-]\d{6}-\d\d-\d\d/],["YYYY-MM-DD",/\d{4}-\d\d-\d\d/],["GGGG-[W]WW-E",/\d{4}-W\d\d-\d/],["GGGG-[W]WW",/\d{4}-W\d\d/,!1],["YYYY-DDD",/\d{4}-\d{3}/],["YYYY-MM",/\d{4}-\d\d/,!1],["YYYYYYMMDD",/[+-]\d{10}/],["YYYYMMDD",/\d{8}/],["GGGG[W]WWE",/\d{4}W\d{3}/],["GGGG[W]WW",/\d{4}W\d{2}/,!1],["YYYYDDD",/\d{7}/]],he=[["HH:mm:ss.SSSS",/\d\d:\d\d:\d\d\.\d+/],["HH:mm:ss,SSSS",/\d\d:\d\d:\d\d,\d+/],["HH:mm:ss",/\d\d:\d\d:\d\d/],["HH:mm",/\d\d:\d\d/],["HHmmss.SSSS",/\d\d\d\d\d\d\.\d+/],["HHmmss,SSSS",/\d\d\d\d\d\d,\d+/],["HHmmss",/\d\d\d\d\d\d/],["HHmm",/\d\d\d\d/],["HH",/\d\d/]],fe=/^\/?Date\((\-?\d+)/i;function de(t){var e,n,r,i,a,o,s=t._i,c=se.exec(s)||ce.exec(s);if(c){for(p(t).iso=!0,e=0,n=le.length;e<n;e++)if(le[e][1].exec(c[1])){i=le[e][0],r=!1!==le[e][2];break}if(null==i)return void(t._isValid=!1);if(c[3]){for(e=0,n=he.length;e<n;e++)if(he[e][1].exec(c[3])){a=(c[2]||" ")+he[e][0];break}if(null==a)return void(t._isValid=!1)}if(!r&&null!=a)return void(t._isValid=!1);if(c[4]){if(!ue.exec(c[4]))return void(t._isValid=!1);o="Z"}t._f=i+(a||"")+(o||""),ve(t)}else t._isValid=!1}var pe=/^(?:(Mon|Tue|Wed|Thu|Fri|Sat|Sun),?\s)?(\d{1,2})\s(Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec)\s(\d{2,4})\s(\d\d):(\d\d)(?::(\d\d))?\s(?:(UT|GMT|[ECMP][SD]T)|([Zz])|([+-]\d{4}))$/,ye={UT:0,GMT:0,EDT:-240,EST:-300,CDT:-300,CST:-360,MDT:-360,MST:-420,PDT:-420,PST:-480};function ge(t){var e,n,r,i=pe.exec(t._i.replace(/\([^)]*\)|[\n\t]/g," ").replace(/(\s\s+)/g," ").replace(/^\s\s*/,"").replace(/\s\s*$/,""));if(i){var a=function(t,e,n,r,i,a){var o=[function(t){var e=parseInt(t,10);return e<=49?2e3+e:e<=999?1900+e:e}(t),Ct.indexOf(e),parseInt(n,10),parseInt(r,10),parseInt(i,10)];return a&&o.push(parseInt(a,10)),o}(i[4],i[3],i[2],i[5],i[6],i[7]);if(n=a,r=t,(e=i[1])&&jt.indexOf(e)!==new Date(n[0],n[1],n[2]).getDay()&&(p(r).weekdayMismatch=!0,!(r._isValid=!1)))return;t._a=a,t._tzm=function(t,e,n){if(t)return ye[t];if(e)return 0;var r=parseInt(n,10),i=r%100;return(r-i)/100*60+i}(i[8],i[9],i[10]),t._d=Dt.apply(null,t._a),t._d.setUTCMinutes(t._d.getUTCMinutes()-t._tzm),p(t).rfc2822=!0}else t._isValid=!1}function ve(t){if(t._f!==i.ISO_8601)if(t._f!==i.RFC_2822){t._a=[],p(t).empty=!0;var e,n,r,a,o,s,c,u,l=""+t._i,f=l.length,d=0;for(r=q(t._f,t._locale).match(Y)||[],e=0;e<r.length;e++)a=r[e],(n=(l.match(ht(a,t))||[])[0])&&(0<(o=l.substr(0,l.indexOf(n))).length&&p(t).unusedInput.push(o),l=l.slice(l.indexOf(n)+n.length),d+=n.length),$[a]?(n?p(t).empty=!1:p(t).unusedTokens.push(a),s=a,u=t,null!=(c=n)&&h(dt,s)&&dt[s](c,u._a,u,s)):t._strict&&!n&&p(t).unusedTokens.push(a);p(t).charsLeftOver=f-d,0<l.length&&p(t).unusedInput.push(l),t._a[3]<=12&&!0===p(t).bigHour&&0<t._a[3]&&(p(t).bigHour=void 0),p(t).parsedDateParts=t._a.slice(0),p(t).meridiem=t._meridiem,t._a[3]=function(t,e,n){var r;return null==n?e:null!=t.meridiemHour?t.meridiemHour(e,n):(null!=t.isPM&&((r=t.isPM(n))&&e<12&&(e+=12),r||12!==e||(e=0)),e)}(t._locale,t._a[3],t._meridiem),oe(t),ie(t)}else ge(t);else de(t)}function me(t){var e,n,r,h,d=t._i,v=t._f;return t._locale=t._locale||re(t._l),null===d||void 0===v&&""===d?g({nullInput:!0}):("string"==typeof d&&(t._i=d=t._locale.preparse(d)),x(d)?new _(ie(d)):(u(d)?t._d=d:a(v)?function(t){var e,n,r,i,a;if(0===t._f.length)return p(t).invalidFormat=!0,t._d=new Date(NaN);for(i=0;i<t._f.length;i++)a=0,e=m({},t),null!=t._useUTC&&(e._useUTC=t._useUTC),e._f=t._f[i],ve(e),y(e)&&(a+=p(e).charsLeftOver,a+=10*p(e).unusedTokens.length,p(e).score=a,(null==r||a<r)&&(r=a,n=e));f(t,n||e)}(t):v?ve(t):s(n=(e=t)._i)?e._d=new Date(i.now()):u(n)?e._d=new Date(n.valueOf()):"string"==typeof n?(r=e,null===(h=fe.exec(r._i))?(de(r),!1===r._isValid&&(delete r._isValid,ge(r),!1===r._isValid&&(delete r._isValid,i.createFromInputFallback(r)))):r._d=new Date(+h[1])):a(n)?(e._a=l(n.slice(0),(function(t){return parseInt(t,10)})),oe(e)):o(n)?function(t){if(!t._d){var e=R(t._i);t._a=l([e.year,e.month,e.day||e.date,e.hour,e.minute,e.second,e.millisecond],(function(t){return t&&parseInt(t,10)})),oe(t)}}(e):c(n)?e._d=new Date(n):i.createFromInputFallback(e),y(t)||(t._d=null),t))}function be(t,e,n,r,i){var s,c={};return!0!==n&&!1!==n||(r=n,n=void 0),(o(t)&&function(t){if(Object.getOwnPropertyNames)return 0===Object.getOwnPropertyNames(t).length;var e;for(e in t)if(t.hasOwnProperty(e))return!1;return!0}(t)||a(t)&&0===t.length)&&(t=void 0),c._isAMomentObject=!0,c._useUTC=c._isUTC=i,c._l=n,c._i=t,c._f=e,c._strict=r,(s=new _(ie(me(c))))._nextDay&&(s.add(1,"d"),s._nextDay=void 0),s}function _e(t,e,n,r){return be(t,e,n,r,!1)}i.createFromInputFallback=C("value provided is not in a recognized RFC2822 or ISO format. moment construction falls back to js Date(), which is not reliable across all browsers and versions. Non RFC2822/ISO date formats are discouraged and will be removed in an upcoming major release. Please refer to http://momentjs.com/guides/#/warnings/js-date/ for more info.",(function(t){t._d=new Date(t._i+(t._useUTC?" UTC":""))})),i.ISO_8601=function(){},i.RFC_2822=function(){};var xe=C("moment().min is deprecated, use moment.max instead. http://momentjs.com/guides/#/warnings/min-max/",(function(){var t=_e.apply(null,arguments);return this.isValid()&&t.isValid()?t<this?this:t:g()})),ke=C("moment().max is deprecated, use moment.min instead. http://momentjs.com/guides/#/warnings/min-max/",(function(){var t=_e.apply(null,arguments);return this.isValid()&&t.isValid()?this<t?this:t:g()}));function we(t,e){var n,r;if(1===e.length&&a(e[0])&&(e=e[0]),!e.length)return _e();for(n=e[0],r=1;r<e.length;++r)e[r].isValid()&&!e[r][t](n)||(n=e[r]);return n}var Ee=["year","quarter","month","week","day","hour","minute","second","millisecond"];function Te(t){var e=R(t),n=e.year||0,r=e.quarter||0,i=e.month||0,a=e.week||e.isoWeek||0,o=e.day||0,s=e.hour||0,c=e.minute||0,u=e.second||0,l=e.millisecond||0;this._isValid=function(t){for(var e in t)if(-1===mt.call(Ee,e)||null!=t[e]&&isNaN(t[e]))return!1;for(var n=!1,r=0;r<Ee.length;++r)if(t[Ee[r]]){if(n)return!1;parseFloat(t[Ee[r]])!==w(t[Ee[r]])&&(n=!0)}return!0}(e),this._milliseconds=+l+1e3*u+6e4*c+1e3*s*60*60,this._days=+o+7*a,this._months=+i+3*r+12*n,this._data={},this._locale=re(),this._bubble()}function Ce(t){return t instanceof Te}function Se(t){return t<0?-1*Math.round(-1*t):Math.round(t)}function Ae(t,e){W(t,0,0,(function(){var t=this.utcOffset(),n="+";return t<0&&(t=-t,n="-"),n+j(~~(t/60),2)+e+j(~~t%60,2)}))}Ae("Z",":"),Ae("ZZ",""),lt("Z",st),lt("ZZ",st),pt(["Z","ZZ"],(function(t,e,n){n._useUTC=!0,n._tzm=Oe(st,t)}));var Me=/([\+\-]|\d\d)/gi;function Oe(t,e){var n=(e||"").match(t);if(null===n)return null;var r=((n[n.length-1]||[])+"").match(Me)||["-",0,0],i=60*r[1]+w(r[2]);return 0===i?0:"+"===r[0]?i:-i}function Ne(t,e){var n,r;return e._isUTC?(n=e.clone(),r=(x(t)||u(t)?t.valueOf():_e(t).valueOf())-n.valueOf(),n._d.setTime(n._d.valueOf()+r),i.updateOffset(n,!1),n):_e(t).local()}function De(t){return 15*-Math.round(t._d.getTimezoneOffset()/15)}function Be(){return!!this.isValid()&&this._isUTC&&0===this._offset}i.updateOffset=function(){};var Le=/^(\-|\+)?(?:(\d*)[. ])?(\d+)\:(\d+)(?:\:(\d+)(\.\d*)?)?$/,Ie=/^(-|\+)?P(?:([-+]?[0-9,.]*)Y)?(?:([-+]?[0-9,.]*)M)?(?:([-+]?[0-9,.]*)W)?(?:([-+]?[0-9,.]*)D)?(?:T(?:([-+]?[0-9,.]*)H)?(?:([-+]?[0-9,.]*)M)?(?:([-+]?[0-9,.]*)S)?)?$/;function Re(t,e){var n,r,i,a=t,o=null;return Ce(t)?a={ms:t._milliseconds,d:t._days,M:t._months}:c(t)?(a={},e?a[e]=t:a.milliseconds=t):(o=Le.exec(t))?(n="-"===o[1]?-1:1,a={y:0,d:w(o[2])*n,h:w(o[3])*n,m:w(o[4])*n,s:w(o[5])*n,ms:w(Se(1e3*o[6]))*n}):(o=Ie.exec(t))?(n="-"===o[1]?-1:1,a={y:Fe(o[2],n),M:Fe(o[3],n),w:Fe(o[4],n),d:Fe(o[5],n),h:Fe(o[6],n),m:Fe(o[7],n),s:Fe(o[8],n)}):null==a?a={}:"object"==typeof a&&("from"in a||"to"in a)&&(i=function(t,e){var n;return t.isValid()&&e.isValid()?(e=Ne(e,t),t.isBefore(e)?n=Pe(t,e):((n=Pe(e,t)).milliseconds=-n.milliseconds,n.months=-n.months),n):{milliseconds:0,months:0}}(_e(a.from),_e(a.to)),(a={}).ms=i.milliseconds,a.M=i.months),r=new Te(a),Ce(t)&&h(t,"_locale")&&(r._locale=t._locale),r}function Fe(t,e){var n=t&&parseFloat(t.replace(",","."));return(isNaN(n)?0:n)*e}function Pe(t,e){var n={};return n.months=e.month()-t.month()+12*(e.year()-t.year()),t.clone().add(n.months,"M").isAfter(e)&&--n.months,n.milliseconds=+e-+t.clone().add(n.months,"M"),n}function je(t,e){return function(n,r){var i;return null===r||isNaN(+r)||(M(e,"moment()."+e+"(period, number) is deprecated. Please use moment()."+e+"(number, period). See http://momentjs.com/guides/#/warnings/add-inverted-param/ for more info."),i=n,n=r,r=i),Ye(this,Re(n="string"==typeof n?+n:n,r),t),this}}function Ye(t,e,n,r){var a=e._milliseconds,o=Se(e._days),s=Se(e._months);t.isValid()&&(r=null==r||r,s&&St(t,xt(t,"Month")+s*n),o&&kt(t,"Date",xt(t,"Date")+o*n),a&&t._d.setTime(t._d.valueOf()+a*n),r&&i.updateOffset(t,o||s))}Re.fn=Te.prototype,Re.invalid=function(){return Re(NaN)};var ze=je(1,"add"),Ue=je(-1,"subtract");function $e(t,e){var n=12*(e.year()-t.year())+(e.month()-t.month()),r=t.clone().add(n,"months");return-(n+(e-r<0?(e-r)/(r-t.clone().add(n-1,"months")):(e-r)/(t.clone().add(n+1,"months")-r)))||0}function We(t){var e;return void 0===t?this._locale._abbr:(null!=(e=re(t))&&(this._locale=e),this)}i.defaultFormat="YYYY-MM-DDTHH:mm:ssZ",i.defaultFormatUtc="YYYY-MM-DDTHH:mm:ss[Z]";var Ve=C("moment().lang() is deprecated. Instead, use moment().localeData() to get the language configuration. Use moment().locale() to change languages.",(function(t){return void 0===t?this.localeData():this.locale(t)}));function qe(){return this._locale}var He=126227808e5;function Ge(t,e){return(t%e+e)%e}function Xe(t,e,n){return t<100&&0<=t?new Date(t+400,e,n)-He:new Date(t,e,n).valueOf()}function Ze(t,e,n){return t<100&&0<=t?Date.UTC(t+400,e,n)-He:Date.UTC(t,e,n)}function Qe(t,e){W(0,[t,t.length],0,e)}function Ke(t,e,n,r,i){var a;return null==t?It(this,r,i).year:((a=Rt(t,r,i))<e&&(e=a),function(t,e,n,r,i){var a=Lt(t,e,n,r,i),o=Dt(a.year,0,a.dayOfYear);return this.year(o.getUTCFullYear()),this.month(o.getUTCMonth()),this.date(o.getUTCDate()),this}.call(this,t,e,n,r,i))}W(0,["gg",2],0,(function(){return this.weekYear()%100})),W(0,["GG",2],0,(function(){return this.isoWeekYear()%100})),Qe("gggg","weekYear"),Qe("ggggg","weekYear"),Qe("GGGG","isoWeekYear"),Qe("GGGGG","isoWeekYear"),L("weekYear","gg"),L("isoWeekYear","GG"),P("weekYear",1),P("isoWeekYear",1),lt("G",at),lt("g",at),lt("GG",K,G),lt("gg",K,G),lt("GGGG",nt,Z),lt("gggg",nt,Z),lt("GGGGG",rt,Q),lt("ggggg",rt,Q),yt(["gggg","ggggg","GGGG","GGGGG"],(function(t,e,n,r){e[r.substr(0,2)]=w(t)})),yt(["gg","GG"],(function(t,e,n,r){e[r]=i.parseTwoDigitYear(t)})),W("Q",0,"Qo","quarter"),L("quarter","Q"),P("quarter",7),lt("Q",H),pt("Q",(function(t,e){e[1]=3*(w(t)-1)})),W("D",["DD",2],"Do","date"),L("date","D"),P("date",9),lt("D",K),lt("DD",K,G),lt("Do",(function(t,e){return t?e._dayOfMonthOrdinalParse||e._ordinalParse:e._dayOfMonthOrdinalParseLenient})),pt(["D","DD"],2),pt("Do",(function(t,e){e[2]=w(t.match(K)[0])}));var Je=_t("Date",!0);W("DDD",["DDDD",3],"DDDo","dayOfYear"),L("dayOfYear","DDD"),P("dayOfYear",4),lt("DDD",et),lt("DDDD",X),pt(["DDD","DDDD"],(function(t,e,n){n._dayOfYear=w(t)})),W("m",["mm",2],0,"minute"),L("minute","m"),P("minute",14),lt("m",K),lt("mm",K,G),pt(["m","mm"],4);var tn=_t("Minutes",!1);W("s",["ss",2],0,"second"),L("second","s"),P("second",15),lt("s",K),lt("ss",K,G),pt(["s","ss"],5);var en,nn=_t("Seconds",!1);for(W("S",0,0,(function(){return~~(this.millisecond()/100)})),W(0,["SS",2],0,(function(){return~~(this.millisecond()/10)})),W(0,["SSS",3],0,"millisecond"),W(0,["SSSS",4],0,(function(){return 10*this.millisecond()})),W(0,["SSSSS",5],0,(function(){return 100*this.millisecond()})),W(0,["SSSSSS",6],0,(function(){return 1e3*this.millisecond()})),W(0,["SSSSSSS",7],0,(function(){return 1e4*this.millisecond()})),W(0,["SSSSSSSS",8],0,(function(){return 1e5*this.millisecond()})),W(0,["SSSSSSSSS",9],0,(function(){return 1e6*this.millisecond()})),L("millisecond","ms"),P("millisecond",16),lt("S",et,H),lt("SS",et,G),lt("SSS",et,X),en="SSSS";en.length<=9;en+="S")lt(en,it);function rn(t,e){e[6]=w(1e3*("0."+t))}for(en="S";en.length<=9;en+="S")pt(en,rn);var an=_t("Milliseconds",!1);W("z",0,0,"zoneAbbr"),W("zz",0,0,"zoneName");var on=_.prototype;function sn(t){return t}on.add=ze,on.calendar=function(t,e){var n=t||_e(),r=Ne(n,this).startOf("day"),a=i.calendarFormat(this,r)||"sameElse",o=e&&(O(e[a])?e[a].call(this,n):e[a]);return this.format(o||this.localeData().calendar(a,this,_e(n)))},on.clone=function(){return new _(this)},on.diff=function(t,e,n){var r,i,a;if(!this.isValid())return NaN;if(!(r=Ne(t,this)).isValid())return NaN;switch(i=6e4*(r.utcOffset()-this.utcOffset()),e=I(e)){case"year":a=$e(this,r)/12;break;case"month":a=$e(this,r);break;case"quarter":a=$e(this,r)/3;break;case"second":a=(this-r)/1e3;break;case"minute":a=(this-r)/6e4;break;case"hour":a=(this-r)/36e5;break;case"day":a=(this-r-i)/864e5;break;case"week":a=(this-r-i)/6048e5;break;default:a=this-r}return n?a:k(a)},on.endOf=function(t){var e;if(void 0===(t=I(t))||"millisecond"===t||!this.isValid())return this;var n=this._isUTC?Ze:Xe;switch(t){case"year":e=n(this.year()+1,0,1)-1;break;case"quarter":e=n(this.year(),this.month()-this.month()%3+3,1)-1;break;case"month":e=n(this.year(),this.month()+1,1)-1;break;case"week":e=n(this.year(),this.month(),this.date()-this.weekday()+7)-1;break;case"isoWeek":e=n(this.year(),this.month(),this.date()-(this.isoWeekday()-1)+7)-1;break;case"day":case"date":e=n(this.year(),this.month(),this.date()+1)-1;break;case"hour":e=this._d.valueOf(),e+=36e5-Ge(e+(this._isUTC?0:6e4*this.utcOffset()),36e5)-1;break;case"minute":e=this._d.valueOf(),e+=6e4-Ge(e,6e4)-1;break;case"second":e=this._d.valueOf(),e+=1e3-Ge(e,1e3)-1}return this._d.setTime(e),i.updateOffset(this,!0),this},on.format=function(t){t||(t=this.isUtc()?i.defaultFormatUtc:i.defaultFormat);var e=V(this,t);return this.localeData().postformat(e)},on.from=function(t,e){return this.isValid()&&(x(t)&&t.isValid()||_e(t).isValid())?Re({to:this,from:t}).locale(this.locale()).humanize(!e):this.localeData().invalidDate()},on.fromNow=function(t){return this.from(_e(),t)},on.to=function(t,e){return this.isValid()&&(x(t)&&t.isValid()||_e(t).isValid())?Re({from:this,to:t}).locale(this.locale()).humanize(!e):this.localeData().invalidDate()},on.toNow=function(t){return this.to(_e(),t)},on.get=function(t){return O(this[t=I(t)])?this[t]():this},on.invalidAt=function(){return p(this).overflow},on.isAfter=function(t,e){var n=x(t)?t:_e(t);return!(!this.isValid()||!n.isValid())&&("millisecond"===(e=I(e)||"millisecond")?this.valueOf()>n.valueOf():n.valueOf()<this.clone().startOf(e).valueOf())},on.isBefore=function(t,e){var n=x(t)?t:_e(t);return!(!this.isValid()||!n.isValid())&&("millisecond"===(e=I(e)||"millisecond")?this.valueOf()<n.valueOf():this.clone().endOf(e).valueOf()<n.valueOf())},on.isBetween=function(t,e,n,r){var i=x(t)?t:_e(t),a=x(e)?e:_e(e);return!!(this.isValid()&&i.isValid()&&a.isValid())&&("("===(r=r||"()")[0]?this.isAfter(i,n):!this.isBefore(i,n))&&(")"===r[1]?this.isBefore(a,n):!this.isAfter(a,n))},on.isSame=function(t,e){var n,r=x(t)?t:_e(t);return!(!this.isValid()||!r.isValid())&&("millisecond"===(e=I(e)||"millisecond")?this.valueOf()===r.valueOf():(n=r.valueOf(),this.clone().startOf(e).valueOf()<=n&&n<=this.clone().endOf(e).valueOf()))},on.isSameOrAfter=function(t,e){return this.isSame(t,e)||this.isAfter(t,e)},on.isSameOrBefore=function(t,e){return this.isSame(t,e)||this.isBefore(t,e)},on.isValid=function(){return y(this)},on.lang=Ve,on.locale=We,on.localeData=qe,on.max=ke,on.min=xe,on.parsingFlags=function(){return f({},p(this))},on.set=function(t,e){if("object"==typeof t)for(var n=function(t){var e=[];for(var n in t)e.push({unit:n,priority:F[n]});return e.sort((function(t,e){return t.priority-e.priority})),e}(t=R(t)),r=0;r<n.length;r++)this[n[r].unit](t[n[r].unit]);else if(O(this[t=I(t)]))return this[t](e);return this},on.startOf=function(t){var e;if(void 0===(t=I(t))||"millisecond"===t||!this.isValid())return this;var n=this._isUTC?Ze:Xe;switch(t){case"year":e=n(this.year(),0,1);break;case"quarter":e=n(this.year(),this.month()-this.month()%3,1);break;case"month":e=n(this.year(),this.month(),1);break;case"week":e=n(this.year(),this.month(),this.date()-this.weekday());break;case"isoWeek":e=n(this.year(),this.month(),this.date()-(this.isoWeekday()-1));break;case"day":case"date":e=n(this.year(),this.month(),this.date());break;case"hour":e=this._d.valueOf(),e-=Ge(e+(this._isUTC?0:6e4*this.utcOffset()),36e5);break;case"minute":e=this._d.valueOf(),e-=Ge(e,6e4);break;case"second":e=this._d.valueOf(),e-=Ge(e,1e3)}return this._d.setTime(e),i.updateOffset(this,!0),this},on.subtract=Ue,on.toArray=function(){var t=this;return[t.year(),t.month(),t.date(),t.hour(),t.minute(),t.second(),t.millisecond()]},on.toObject=function(){var t=this;return{years:t.year(),months:t.month(),date:t.date(),hours:t.hours(),minutes:t.minutes(),seconds:t.seconds(),milliseconds:t.milliseconds()}},on.toDate=function(){return new Date(this.valueOf())},on.toISOString=function(t){if(!this.isValid())return null;var e=!0!==t,n=e?this.clone().utc():this;return n.year()<0||9999<n.year()?V(n,e?"YYYYYY-MM-DD[T]HH:mm:ss.SSS[Z]":"YYYYYY-MM-DD[T]HH:mm:ss.SSSZ"):O(Date.prototype.toISOString)?e?this.toDate().toISOString():new Date(this.valueOf()+60*this.utcOffset()*1e3).toISOString().replace("Z",V(n,"Z")):V(n,e?"YYYY-MM-DD[T]HH:mm:ss.SSS[Z]":"YYYY-MM-DD[T]HH:mm:ss.SSSZ")},on.inspect=function(){if(!this.isValid())return"moment.invalid(/* "+this._i+" */)";var t="moment",e="";this.isLocal()||(t=0===this.utcOffset()?"moment.utc":"moment.parseZone",e="Z");var n="["+t+'("]',r=0<=this.year()&&this.year()<=9999?"YYYY":"YYYYYY",i=e+'[")]';return this.format(n+r+"-MM-DD[T]HH:mm:ss.SSS"+i)},on.toJSON=function(){return this.isValid()?this.toISOString():null},on.toString=function(){return this.clone().locale("en").format("ddd MMM DD YYYY HH:mm:ss [GMT]ZZ")},on.unix=function(){return Math.floor(this.valueOf()/1e3)},on.valueOf=function(){return this._d.valueOf()-6e4*(this._offset||0)},on.creationData=function(){return{input:this._i,format:this._f,locale:this._locale,isUTC:this._isUTC,strict:this._strict}},on.year=bt,on.isLeapYear=function(){return vt(this.year())},on.weekYear=function(t){return Ke.call(this,t,this.week(),this.weekday(),this.localeData()._week.dow,this.localeData()._week.doy)},on.isoWeekYear=function(t){return Ke.call(this,t,this.isoWeek(),this.isoWeekday(),1,4)},on.quarter=on.quarters=function(t){return null==t?Math.ceil((this.month()+1)/3):this.month(3*(t-1)+this.month()%3)},on.month=At,on.daysInMonth=function(){return wt(this.year(),this.month())},on.week=on.weeks=function(t){var e=this.localeData().week(this);return null==t?e:this.add(7*(t-e),"d")},on.isoWeek=on.isoWeeks=function(t){var e=It(this,1,4).week;return null==t?e:this.add(7*(t-e),"d")},on.weeksInYear=function(){var t=this.localeData()._week;return Rt(this.year(),t.dow,t.doy)},on.isoWeeksInYear=function(){return Rt(this.year(),1,4)},on.date=Je,on.day=on.days=function(t){if(!this.isValid())return null!=t?this:NaN;var e,n,r=this._isUTC?this._d.getUTCDay():this._d.getDay();return null!=t?(e=t,n=this.localeData(),t="string"!=typeof e?e:isNaN(e)?"number"==typeof(e=n.weekdaysParse(e))?e:null:parseInt(e,10),this.add(t-r,"d")):r},on.weekday=function(t){if(!this.isValid())return null!=t?this:NaN;var e=(this.day()+7-this.localeData()._week.dow)%7;return null==t?e:this.add(t-e,"d")},on.isoWeekday=function(t){if(!this.isValid())return null!=t?this:NaN;if(null==t)return this.day()||7;var e,n,r=(e=t,n=this.localeData(),"string"==typeof e?n.weekdaysParse(e)%7||7:isNaN(e)?null:e);return this.day(this.day()%7?r:r-7)},on.dayOfYear=function(t){var e=Math.round((this.clone().startOf("day")-this.clone().startOf("year"))/864e5)+1;return null==t?e:this.add(t-e,"d")},on.hour=on.hours=Xt,on.minute=on.minutes=tn,on.second=on.seconds=nn,on.millisecond=on.milliseconds=an,on.utcOffset=function(t,e,n){var r,a=this._offset||0;if(!this.isValid())return null!=t?this:NaN;if(null==t)return this._isUTC?a:De(this);if("string"==typeof t){if(null===(t=Oe(st,t)))return this}else Math.abs(t)<16&&!n&&(t*=60);return!this._isUTC&&e&&(r=De(this)),this._offset=t,this._isUTC=!0,null!=r&&this.add(r,"m"),a!==t&&(!e||this._changeInProgress?Ye(this,Re(t-a,"m"),1,!1):this._changeInProgress||(this._changeInProgress=!0,i.updateOffset(this,!0),this._changeInProgress=null)),this},on.utc=function(t){return this.utcOffset(0,t)},on.local=function(t){return this._isUTC&&(this.utcOffset(0,t),this._isUTC=!1,t&&this.subtract(De(this),"m")),this},on.parseZone=function(){if(null!=this._tzm)this.utcOffset(this._tzm,!1,!0);else if("string"==typeof this._i){var t=Oe(ot,this._i);null!=t?this.utcOffset(t):this.utcOffset(0,!0)}return this},on.hasAlignedHourOffset=function(t){return!!this.isValid()&&(t=t?_e(t).utcOffset():0,(this.utcOffset()-t)%60==0)},on.isDST=function(){return this.utcOffset()>this.clone().month(0).utcOffset()||this.utcOffset()>this.clone().month(5).utcOffset()},on.isLocal=function(){return!!this.isValid()&&!this._isUTC},on.isUtcOffset=function(){return!!this.isValid()&&this._isUTC},on.isUtc=Be,on.isUTC=Be,on.zoneAbbr=function(){return this._isUTC?"UTC":""},on.zoneName=function(){return this._isUTC?"Coordinated Universal Time":""},on.dates=C("dates accessor is deprecated. Use date instead.",Je),on.months=C("months accessor is deprecated. Use month instead",At),on.years=C("years accessor is deprecated. Use year instead",bt),on.zone=C("moment().zone is deprecated, use moment().utcOffset instead. http://momentjs.com/guides/#/warnings/zone/",(function(t,e){return null!=t?("string"!=typeof t&&(t=-t),this.utcOffset(t,e),this):-this.utcOffset()})),on.isDSTShifted=C("isDSTShifted is deprecated. See http://momentjs.com/guides/#/warnings/dst-shifted/ for more information",(function(){if(!s(this._isDSTShifted))return this._isDSTShifted;var t={};if(m(t,this),(t=me(t))._a){var e=t._isUTC?d(t._a):_e(t._a);this._isDSTShifted=this.isValid()&&0<E(t._a,e.toArray())}else this._isDSTShifted=!1;return this._isDSTShifted}));var cn=D.prototype;function un(t,e,n,r){var i=re(),a=d().set(r,e);return i[n](a,t)}function ln(t,e,n){if(c(t)&&(e=t,t=void 0),t=t||"",null!=e)return un(t,e,n,"month");var r,i=[];for(r=0;r<12;r++)i[r]=un(t,r,n,"month");return i}function hn(t,e,n,r){"boolean"==typeof t?c(e)&&(n=e,e=void 0):(e=t,t=!1,c(n=e)&&(n=e,e=void 0)),e=e||"";var i,a=re(),o=t?a._week.dow:0;if(null!=n)return un(e,(n+o)%7,r,"day");var s=[];for(i=0;i<7;i++)s[i]=un(e,(i+o)%7,r,"day");return s}cn.calendar=function(t,e,n){var r=this._calendar[t]||this._calendar.sameElse;return O(r)?r.call(e,n):r},cn.longDateFormat=function(t){var e=this._longDateFormat[t],n=this._longDateFormat[t.toUpperCase()];return e||!n?e:(this._longDateFormat[t]=n.replace(/MMMM|MM|DD|dddd/g,(function(t){return t.slice(1)})),this._longDateFormat[t])},cn.invalidDate=function(){return this._invalidDate},cn.ordinal=function(t){return this._ordinal.replace("%d",t)},cn.preparse=sn,cn.postformat=sn,cn.relativeTime=function(t,e,n,r){var i=this._relativeTime[n];return O(i)?i(t,e,n,r):i.replace(/%d/i,t)},cn.pastFuture=function(t,e){var n=this._relativeTime[0<t?"future":"past"];return O(n)?n(e):n.replace(/%s/i,e)},cn.set=function(t){var e,n;for(n in t)O(e=t[n])?this[n]=e:this["_"+n]=e;this._config=t,this._dayOfMonthOrdinalParseLenient=new RegExp((this._dayOfMonthOrdinalParse.source||this._ordinalParse.source)+"|"+/\d{1,2}/.source)},cn.months=function(t,e){return t?a(this._months)?this._months[t.month()]:this._months[(this._months.isFormat||Et).test(e)?"format":"standalone"][t.month()]:a(this._months)?this._months:this._months.standalone},cn.monthsShort=function(t,e){return t?a(this._monthsShort)?this._monthsShort[t.month()]:this._monthsShort[Et.test(e)?"format":"standalone"][t.month()]:a(this._monthsShort)?this._monthsShort:this._monthsShort.standalone},cn.monthsParse=function(t,e,n){var r,i,a;if(this._monthsParseExact)return function(t,e,n){var r,i,a,o=t.toLocaleLowerCase();if(!this._monthsParse)for(this._monthsParse=[],this._longMonthsParse=[],this._shortMonthsParse=[],r=0;r<12;++r)a=d([2e3,r]),this._shortMonthsParse[r]=this.monthsShort(a,"").toLocaleLowerCase(),this._longMonthsParse[r]=this.months(a,"").toLocaleLowerCase();return n?"MMM"===e?-1!==(i=mt.call(this._shortMonthsParse,o))?i:null:-1!==(i=mt.call(this._longMonthsParse,o))?i:null:"MMM"===e?-1!==(i=mt.call(this._shortMonthsParse,o))?i:-1!==(i=mt.call(this._longMonthsParse,o))?i:null:-1!==(i=mt.call(this._longMonthsParse,o))?i:-1!==(i=mt.call(this._shortMonthsParse,o))?i:null}.call(this,t,e,n);for(this._monthsParse||(this._monthsParse=[],this._longMonthsParse=[],this._shortMonthsParse=[]),r=0;r<12;r++){if(i=d([2e3,r]),n&&!this._longMonthsParse[r]&&(this._longMonthsParse[r]=new RegExp("^"+this.months(i,"").replace(".","")+"$","i"),this._shortMonthsParse[r]=new RegExp("^"+this.monthsShort(i,"").replace(".","")+"$","i")),n||this._monthsParse[r]||(a="^"+this.months(i,"")+"|^"+this.monthsShort(i,""),this._monthsParse[r]=new RegExp(a.replace(".",""),"i")),n&&"MMMM"===e&&this._longMonthsParse[r].test(t))return r;if(n&&"MMM"===e&&this._shortMonthsParse[r].test(t))return r;if(!n&&this._monthsParse[r].test(t))return r}},cn.monthsRegex=function(t){return this._monthsParseExact?(h(this,"_monthsRegex")||Nt.call(this),t?this._monthsStrictRegex:this._monthsRegex):(h(this,"_monthsRegex")||(this._monthsRegex=Ot),this._monthsStrictRegex&&t?this._monthsStrictRegex:this._monthsRegex)},cn.monthsShortRegex=function(t){return this._monthsParseExact?(h(this,"_monthsRegex")||Nt.call(this),t?this._monthsShortStrictRegex:this._monthsShortRegex):(h(this,"_monthsShortRegex")||(this._monthsShortRegex=Mt),this._monthsShortStrictRegex&&t?this._monthsShortStrictRegex:this._monthsShortRegex)},cn.week=function(t){return It(t,this._week.dow,this._week.doy).week},cn.firstDayOfYear=function(){return this._week.doy},cn.firstDayOfWeek=function(){return this._week.dow},cn.weekdays=function(t,e){var n=a(this._weekdays)?this._weekdays:this._weekdays[t&&!0!==t&&this._weekdays.isFormat.test(e)?"format":"standalone"];return!0===t?Ft(n,this._week.dow):t?n[t.day()]:n},cn.weekdaysMin=function(t){return!0===t?Ft(this._weekdaysMin,this._week.dow):t?this._weekdaysMin[t.day()]:this._weekdaysMin},cn.weekdaysShort=function(t){return!0===t?Ft(this._weekdaysShort,this._week.dow):t?this._weekdaysShort[t.day()]:this._weekdaysShort},cn.weekdaysParse=function(t,e,n){var r,i,a;if(this._weekdaysParseExact)return function(t,e,n){var r,i,a,o=t.toLocaleLowerCase();if(!this._weekdaysParse)for(this._weekdaysParse=[],this._shortWeekdaysParse=[],this._minWeekdaysParse=[],r=0;r<7;++r)a=d([2e3,1]).day(r),this._minWeekdaysParse[r]=this.weekdaysMin(a,"").toLocaleLowerCase(),this._shortWeekdaysParse[r]=this.weekdaysShort(a,"").toLocaleLowerCase(),this._weekdaysParse[r]=this.weekdays(a,"").toLocaleLowerCase();return n?"dddd"===e?-1!==(i=mt.call(this._weekdaysParse,o))?i:null:"ddd"===e?-1!==(i=mt.call(this._shortWeekdaysParse,o))?i:null:-1!==(i=mt.call(this._minWeekdaysParse,o))?i:null:"dddd"===e?-1!==(i=mt.call(this._weekdaysParse,o))?i:-1!==(i=mt.call(this._shortWeekdaysParse,o))?i:-1!==(i=mt.call(this._minWeekdaysParse,o))?i:null:"ddd"===e?-1!==(i=mt.call(this._shortWeekdaysParse,o))?i:-1!==(i=mt.call(this._weekdaysParse,o))?i:-1!==(i=mt.call(this._minWeekdaysParse,o))?i:null:-1!==(i=mt.call(this._minWeekdaysParse,o))?i:-1!==(i=mt.call(this._weekdaysParse,o))?i:-1!==(i=mt.call(this._shortWeekdaysParse,o))?i:null}.call(this,t,e,n);for(this._weekdaysParse||(this._weekdaysParse=[],this._minWeekdaysParse=[],this._shortWeekdaysParse=[],this._fullWeekdaysParse=[]),r=0;r<7;r++){if(i=d([2e3,1]).day(r),n&&!this._fullWeekdaysParse[r]&&(this._fullWeekdaysParse[r]=new RegExp("^"+this.weekdays(i,"").replace(".","\\.?")+"$","i"),this._shortWeekdaysParse[r]=new RegExp("^"+this.weekdaysShort(i,"").replace(".","\\.?")+"$","i"),this._minWeekdaysParse[r]=new RegExp("^"+this.weekdaysMin(i,"").replace(".","\\.?")+"$","i")),this._weekdaysParse[r]||(a="^"+this.weekdays(i,"")+"|^"+this.weekdaysShort(i,"")+"|^"+this.weekdaysMin(i,""),this._weekdaysParse[r]=new RegExp(a.replace(".",""),"i")),n&&"dddd"===e&&this._fullWeekdaysParse[r].test(t))return r;if(n&&"ddd"===e&&this._shortWeekdaysParse[r].test(t))return r;if(n&&"dd"===e&&this._minWeekdaysParse[r].test(t))return r;if(!n&&this._weekdaysParse[r].test(t))return r}},cn.weekdaysRegex=function(t){return this._weekdaysParseExact?(h(this,"_weekdaysRegex")||Wt.call(this),t?this._weekdaysStrictRegex:this._weekdaysRegex):(h(this,"_weekdaysRegex")||(this._weekdaysRegex=zt),this._weekdaysStrictRegex&&t?this._weekdaysStrictRegex:this._weekdaysRegex)},cn.weekdaysShortRegex=function(t){return this._weekdaysParseExact?(h(this,"_weekdaysRegex")||Wt.call(this),t?this._weekdaysShortStrictRegex:this._weekdaysShortRegex):(h(this,"_weekdaysShortRegex")||(this._weekdaysShortRegex=Ut),this._weekdaysShortStrictRegex&&t?this._weekdaysShortStrictRegex:this._weekdaysShortRegex)},cn.weekdaysMinRegex=function(t){return this._weekdaysParseExact?(h(this,"_weekdaysRegex")||Wt.call(this),t?this._weekdaysMinStrictRegex:this._weekdaysMinRegex):(h(this,"_weekdaysMinRegex")||(this._weekdaysMinRegex=$t),this._weekdaysMinStrictRegex&&t?this._weekdaysMinStrictRegex:this._weekdaysMinRegex)},cn.isPM=function(t){return"p"===(t+"").toLowerCase().charAt(0)},cn.meridiem=function(t,e,n){return 11<t?n?"pm":"PM":n?"am":"AM"},ee("en",{dayOfMonthOrdinalParse:/\d{1,2}(th|st|nd|rd)/,ordinal:function(t){var e=t%10;return t+(1===w(t%100/10)?"th":1===e?"st":2===e?"nd":3===e?"rd":"th")}}),i.lang=C("moment.lang is deprecated. Use moment.locale instead.",ee),i.langData=C("moment.langData is deprecated. Use moment.localeData instead.",re);var fn=Math.abs;function dn(t,e,n,r){var i=Re(e,n);return t._milliseconds+=r*i._milliseconds,t._days+=r*i._days,t._months+=r*i._months,t._bubble()}function pn(t){return t<0?Math.floor(t):Math.ceil(t)}function yn(t){return 4800*t/146097}function gn(t){return 146097*t/4800}function vn(t){return function(){return this.as(t)}}var mn=vn("ms"),bn=vn("s"),_n=vn("m"),xn=vn("h"),kn=vn("d"),wn=vn("w"),En=vn("M"),Tn=vn("Q"),Cn=vn("y");function Sn(t){return function(){return this.isValid()?this._data[t]:NaN}}var An=Sn("milliseconds"),Mn=Sn("seconds"),On=Sn("minutes"),Nn=Sn("hours"),Dn=Sn("days"),Bn=Sn("months"),Ln=Sn("years"),In=Math.round,Rn={ss:44,s:45,m:45,h:22,d:26,M:11},Fn=Math.abs;function Pn(t){return(0<t)-(t<0)||+t}function jn(){if(!this.isValid())return this.localeData().invalidDate();var t,e,n=Fn(this._milliseconds)/1e3,r=Fn(this._days),i=Fn(this._months);e=k((t=k(n/60))/60),n%=60,t%=60;var a=k(i/12),o=i%=12,s=r,c=e,u=t,l=n?n.toFixed(3).replace(/\.?0+$/,""):"",h=this.asSeconds();if(!h)return"P0D";var f=h<0?"-":"",d=Pn(this._months)!==Pn(h)?"-":"",p=Pn(this._days)!==Pn(h)?"-":"",y=Pn(this._milliseconds)!==Pn(h)?"-":"";return f+"P"+(a?d+a+"Y":"")+(o?d+o+"M":"")+(s?p+s+"D":"")+(c||u||l?"T":"")+(c?y+c+"H":"")+(u?y+u+"M":"")+(l?y+l+"S":"")}var Yn=Te.prototype;return Yn.isValid=function(){return this._isValid},Yn.abs=function(){var t=this._data;return this._milliseconds=fn(this._milliseconds),this._days=fn(this._days),this._months=fn(this._months),t.milliseconds=fn(t.milliseconds),t.seconds=fn(t.seconds),t.minutes=fn(t.minutes),t.hours=fn(t.hours),t.months=fn(t.months),t.years=fn(t.years),this},Yn.add=function(t,e){return dn(this,t,e,1)},Yn.subtract=function(t,e){return dn(this,t,e,-1)},Yn.as=function(t){if(!this.isValid())return NaN;var e,n,r=this._milliseconds;if("month"===(t=I(t))||"quarter"===t||"year"===t)switch(e=this._days+r/864e5,n=this._months+yn(e),t){case"month":return n;case"quarter":return n/3;case"year":return n/12}else switch(e=this._days+Math.round(gn(this._months)),t){case"week":return e/7+r/6048e5;case"day":return e+r/864e5;case"hour":return 24*e+r/36e5;case"minute":return 1440*e+r/6e4;case"second":return 86400*e+r/1e3;case"millisecond":return Math.floor(864e5*e)+r;default:throw new Error("Unknown unit "+t)}},Yn.asMilliseconds=mn,Yn.asSeconds=bn,Yn.asMinutes=_n,Yn.asHours=xn,Yn.asDays=kn,Yn.asWeeks=wn,Yn.asMonths=En,Yn.asQuarters=Tn,Yn.asYears=Cn,Yn.valueOf=function(){return this.isValid()?this._milliseconds+864e5*this._days+this._months%12*2592e6+31536e6*w(this._months/12):NaN},Yn._bubble=function(){var t,e,n,r,i,a=this._milliseconds,o=this._days,s=this._months,c=this._data;return 0<=a&&0<=o&&0<=s||a<=0&&o<=0&&s<=0||(a+=864e5*pn(gn(s)+o),s=o=0),c.milliseconds=a%1e3,t=k(a/1e3),c.seconds=t%60,e=k(t/60),c.minutes=e%60,n=k(e/60),c.hours=n%24,s+=i=k(yn(o+=k(n/24))),o-=pn(gn(i)),r=k(s/12),s%=12,c.days=o,c.months=s,c.years=r,this},Yn.clone=function(){return Re(this)},Yn.get=function(t){return t=I(t),this.isValid()?this[t+"s"]():NaN},Yn.milliseconds=An,Yn.seconds=Mn,Yn.minutes=On,Yn.hours=Nn,Yn.days=Dn,Yn.weeks=function(){return k(this.days()/7)},Yn.months=Bn,Yn.years=Ln,Yn.humanize=function(t){if(!this.isValid())return this.localeData().invalidDate();var e,n,r,i,a,o,s,c,u,l,h=this.localeData(),f=(e=!t,n=h,r=Re(this).abs(),i=In(r.as("s")),a=In(r.as("m")),o=In(r.as("h")),s=In(r.as("d")),c=In(r.as("M")),u=In(r.as("y")),(l=i<=Rn.ss&&["s",i]||i<Rn.s&&["ss",i]||a<=1&&["m"]||a<Rn.m&&["mm",a]||o<=1&&["h"]||o<Rn.h&&["hh",o]||s<=1&&["d"]||s<Rn.d&&["dd",s]||c<=1&&["M"]||c<Rn.M&&["MM",c]||u<=1&&["y"]||["yy",u])[2]=e,l[3]=0<+this,l[4]=n,function(t,e,n,r,i){return i.relativeTime(e||1,!!n,t,r)}.apply(null,l));return t&&(f=h.pastFuture(+this,f)),h.postformat(f)},Yn.toISOString=jn,Yn.toString=jn,Yn.toJSON=jn,Yn.locale=We,Yn.localeData=qe,Yn.toIsoString=C("toIsoString() is deprecated. Please use toISOString() instead (notice the capitals)",jn),Yn.lang=Ve,W("X",0,0,"unix"),W("x",0,0,"valueOf"),lt("x",at),lt("X",/[+-]?\d+(\.\d{1,3})?/),pt("X",(function(t,e,n){n._d=new Date(1e3*parseFloat(t,10))})),pt("x",(function(t,e,n){n._d=new Date(w(t))})),i.version="2.24.0",e=_e,i.fn=on,i.min=function(){return we("isBefore",[].slice.call(arguments,0))},i.max=function(){return we("isAfter",[].slice.call(arguments,0))},i.now=function(){return Date.now?Date.now():+new Date},i.utc=d,i.unix=function(t){return _e(1e3*t)},i.months=function(t,e){return ln(t,e,"months")},i.isDate=u,i.locale=ee,i.invalid=g,i.duration=Re,i.isMoment=x,i.weekdays=function(t,e,n){return hn(t,e,n,"weekdays")},i.parseZone=function(){return _e.apply(null,arguments).parseZone()},i.localeData=re,i.isDuration=Ce,i.monthsShort=function(t,e){return ln(t,e,"monthsShort")},i.weekdaysMin=function(t,e,n){return hn(t,e,n,"weekdaysMin")},i.defineLocale=ne,i.updateLocale=function(t,e){if(null!=e){var n,r,i=Zt;null!=(r=te(t))&&(i=r._config),(n=new D(e=N(i,e))).parentLocale=Qt[t],Qt[t]=n,ee(t)}else null!=Qt[t]&&(null!=Qt[t].parentLocale?Qt[t]=Qt[t].parentLocale:null!=Qt[t]&&delete Qt[t]);return Qt[t]},i.locales=function(){return S(Qt)},i.weekdaysShort=function(t,e,n){return hn(t,e,n,"weekdaysShort")},i.normalizeUnits=I,i.relativeTimeRounding=function(t){return void 0===t?In:"function"==typeof t&&(In=t,!0)},i.relativeTimeThreshold=function(t,e){return void 0!==Rn[t]&&(void 0===e?Rn[t]:(Rn[t]=e,"s"===t&&(Rn.ss=e-1),!0))},i.calendarFormat=function(t,e){var n=t.diff(e,"days",!0);return n<-6?"sameElse":n<-1?"lastWeek":n<0?"lastDay":n<1?"sameDay":n<2?"nextDay":n<7?"nextWeek":"sameElse"},i.prototype=on,i.HTML5_FMT={DATETIME_LOCAL:"YYYY-MM-DDTHH:mm",DATETIME_LOCAL_SECONDS:"YYYY-MM-DDTHH:mm:ss",DATETIME_LOCAL_MS:"YYYY-MM-DDTHH:mm:ss.SSS",DATE:"YYYY-MM-DD",TIME:"HH:mm",TIME_SECONDS:"HH:mm:ss",TIME_MS:"HH:mm:ss.SSS",WEEK:"GGGG-[W]WW",MONTH:"YYYY-MM"},i}()}).call(this,n(6)(t))},function(t,e,n){var r=n(38),i=n(81);t.exports=function(t){return null!=t&&i(t.length)&&!r(t)}},function(t,e,n){var r=n(257),i=n(267),a=n(35),o=n(5),s=n(274);t.exports=function(t){return"function"==typeof t?t:null==t?a:"object"==typeof t?o(t)?i(t[0],t[1]):r(t):s(t)}},function(t,e,n){(function(t,r){var i=function(){var t=function(t,e,n,r){for(n=n||{},r=t.length;r--;n[t[r]]=e);return n},e=[1,9],n=[1,7],r=[1,6],i=[1,8],a=[1,20,21,22,23,38,46,75,76,77,78,79,80,94,95,98,99,100,102,103,109,110,111,112,113,114],o=[2,10],s=[1,20],c=[1,21],u=[1,22],l=[1,23],h=[1,30],f=[1,54],d=[1,32],p=[1,33],y=[1,34],g=[1,35],v=[1,36],m=[1,48],b=[1,43],_=[1,45],x=[1,40],k=[1,44],w=[1,47],E=[1,51],T=[1,52],C=[1,53],S=[1,42],A=[1,46],M=[1,49],O=[1,50],N=[1,41],D=[1,57],B=[1,62],L=[1,20,21,22,23,38,42,46,75,76,77,78,79,80,94,95,98,99,100,102,103,109,110,111,112,113,114],I=[1,66],R=[1,65],F=[1,67],P=[20,21,23,69,70],j=[1,88],Y=[1,93],z=[1,90],U=[1,95],$=[1,98],W=[1,96],V=[1,97],q=[1,91],H=[1,103],G=[1,102],X=[1,92],Z=[1,94],Q=[1,99],K=[1,100],J=[1,101],tt=[1,104],et=[20,21,22,23,69,70],nt=[20,21,22,23,47,69,70],rt=[20,21,22,23,40,46,47,49,51,53,55,57,59,61,62,64,69,70,80,94,95,98,99,100,102,103,109,110,111,112,113,114],it=[20,21,23],at=[20,21,23,46,69,70,80,94,95,98,99,100,102,103,109,110,111,112,113,114],ot=[1,12,20,21,22,23,24,38,42,46,75,76,77,78,79,80,94,95,98,99,100,102,103,109,110,111,112,113,114],st=[46,80,94,95,98,99,100,102,103,109,110,111,112,113,114],ct=[1,136],ut=[1,144],lt=[1,145],ht=[1,146],ft=[1,147],dt=[1,131],pt=[1,132],yt=[1,128],gt=[1,139],vt=[1,140],mt=[1,141],bt=[1,142],_t=[1,143],xt=[1,148],kt=[1,149],wt=[1,134],Et=[1,137],Tt=[1,133],Ct=[1,130],St=[20,21,22,23,38,42,46,75,76,77,78,79,80,94,95,98,99,100,102,103,109,110,111,112,113,114],At=[1,152],Mt=[20,21,22,23,26,46,80,94,95,98,99,100,102,103,109,110,111,112,113,114],Ot=[20,21,22,23,24,26,38,40,41,42,46,50,52,54,56,58,60,61,63,65,69,70,71,75,76,77,78,79,80,81,84,94,95,98,99,100,102,103,104,105,109,110,111,112,113,114],Nt=[12,21,22,24],Dt=[22,95],Bt=[1,233],Lt=[1,237],It=[1,234],Rt=[1,231],Ft=[1,228],Pt=[1,229],jt=[1,230],Yt=[1,232],zt=[1,235],Ut=[1,236],$t=[1,238],Wt=[1,255],Vt=[20,21,23,95],qt=[20,21,22,23,75,91,94,95,98,99,100,101,102,103,104],Ht={trace:function(){},yy:{},symbols_:{error:2,start:3,mermaidDoc:4,directive:5,openDirective:6,typeDirective:7,closeDirective:8,separator:9,":":10,argDirective:11,open_directive:12,type_directive:13,arg_directive:14,close_directive:15,graphConfig:16,document:17,line:18,statement:19,SEMI:20,NEWLINE:21,SPACE:22,EOF:23,GRAPH:24,NODIR:25,DIR:26,FirstStmtSeperator:27,ending:28,endToken:29,spaceList:30,spaceListNewline:31,verticeStatement:32,styleStatement:33,linkStyleStatement:34,classDefStatement:35,classStatement:36,clickStatement:37,subgraph:38,text:39,SQS:40,SQE:41,end:42,link:43,node:44,vertex:45,AMP:46,STYLE_SEPARATOR:47,idString:48,PS:49,PE:50,"(-":51,"-)":52,STADIUMSTART:53,STADIUMEND:54,SUBROUTINESTART:55,SUBROUTINEEND:56,CYLINDERSTART:57,CYLINDEREND:58,DIAMOND_START:59,DIAMOND_STOP:60,TAGEND:61,TRAPSTART:62,TRAPEND:63,INVTRAPSTART:64,INVTRAPEND:65,linkStatement:66,arrowText:67,TESTSTR:68,START_LINK:69,LINK:70,PIPE:71,textToken:72,STR:73,keywords:74,STYLE:75,LINKSTYLE:76,CLASSDEF:77,CLASS:78,CLICK:79,DOWN:80,UP:81,textNoTags:82,textNoTagsToken:83,DEFAULT:84,stylesOpt:85,alphaNum:86,CALLBACKNAME:87,CALLBACKARGS:88,HREF:89,LINK_TARGET:90,HEX:91,numList:92,INTERPOLATE:93,NUM:94,COMMA:95,style:96,styleComponent:97,ALPHA:98,COLON:99,MINUS:100,UNIT:101,BRKT:102,DOT:103,PCT:104,TAGSTART:105,alphaNumToken:106,idStringToken:107,alphaNumStatement:108,PUNCTUATION:109,UNICODE_TEXT:110,PLUS:111,EQUALS:112,MULT:113,UNDERSCORE:114,graphCodeTokens:115,ARROW_CROSS:116,ARROW_POINT:117,ARROW_CIRCLE:118,ARROW_OPEN:119,QUOTE:120,$accept:0,$end:1},terminals_:{2:"error",10:":",12:"open_directive",13:"type_directive",14:"arg_directive",15:"close_directive",20:"SEMI",21:"NEWLINE",22:"SPACE",23:"EOF",24:"GRAPH",25:"NODIR",26:"DIR",38:"subgraph",40:"SQS",41:"SQE",42:"end",46:"AMP",47:"STYLE_SEPARATOR",49:"PS",50:"PE",51:"(-",52:"-)",53:"STADIUMSTART",54:"STADIUMEND",55:"SUBROUTINESTART",56:"SUBROUTINEEND",57:"CYLINDERSTART",58:"CYLINDEREND",59:"DIAMOND_START",60:"DIAMOND_STOP",61:"TAGEND",62:"TRAPSTART",63:"TRAPEND",64:"INVTRAPSTART",65:"INVTRAPEND",68:"TESTSTR",69:"START_LINK",70:"LINK",71:"PIPE",73:"STR",75:"STYLE",76:"LINKSTYLE",77:"CLASSDEF",78:"CLASS",79:"CLICK",80:"DOWN",81:"UP",84:"DEFAULT",87:"CALLBACKNAME",88:"CALLBACKARGS",89:"HREF",90:"LINK_TARGET",91:"HEX",93:"INTERPOLATE",94:"NUM",95:"COMMA",98:"ALPHA",99:"COLON",100:"MINUS",101:"UNIT",102:"BRKT",103:"DOT",104:"PCT",105:"TAGSTART",109:"PUNCTUATION",110:"UNICODE_TEXT",111:"PLUS",112:"EQUALS",113:"MULT",114:"UNDERSCORE",116:"ARROW_CROSS",117:"ARROW_POINT",118:"ARROW_CIRCLE",119:"ARROW_OPEN",120:"QUOTE"},productions_:[0,[3,1],[3,2],[5,4],[5,6],[6,1],[7,1],[11,1],[8,1],[4,2],[17,0],[17,2],[18,1],[18,1],[18,1],[18,1],[18,1],[16,2],[16,2],[16,2],[16,3],[28,2],[28,1],[29,1],[29,1],[29,1],[27,1],[27,1],[27,2],[31,2],[31,2],[31,1],[31,1],[30,2],[30,1],[19,2],[19,2],[19,2],[19,2],[19,2],[19,2],[19,9],[19,6],[19,4],[9,1],[9,1],[9,1],[32,3],[32,4],[32,2],[32,1],[44,1],[44,5],[44,3],[45,4],[45,6],[45,4],[45,4],[45,4],[45,4],[45,4],[45,4],[45,6],[45,4],[45,4],[45,4],[45,4],[45,4],[45,1],[43,2],[43,3],[43,3],[43,1],[43,3],[66,1],[67,3],[39,1],[39,2],[39,1],[74,1],[74,1],[74,1],[74,1],[74,1],[74,1],[74,1],[74,1],[74,1],[74,1],[74,1],[82,1],[82,2],[35,5],[35,5],[36,5],[37,2],[37,4],[37,3],[37,5],[37,2],[37,4],[37,4],[37,6],[37,2],[37,4],[37,2],[37,4],[37,4],[37,6],[33,5],[33,5],[34,5],[34,5],[34,9],[34,9],[34,7],[34,7],[92,1],[92,3],[85,1],[85,3],[96,1],[96,2],[97,1],[97,1],[97,1],[97,1],[97,1],[97,1],[97,1],[97,1],[97,1],[97,1],[97,1],[72,1],[72,1],[72,1],[72,1],[72,1],[72,1],[83,1],[83,1],[83,1],[83,1],[48,1],[48,2],[86,1],[86,2],[108,1],[108,1],[108,1],[108,1],[106,1],[106,1],[106,1],[106,1],[106,1],[106,1],[106,1],[106,1],[106,1],[106,1],[106,1],[106,1],[106,1],[107,1],[107,1],[107,1],[107,1],[107,1],[107,1],[107,1],[107,1],[107,1],[107,1],[107,1],[107,1],[107,1],[107,1],[107,1],[115,1],[115,1],[115,1],[115,1],[115,1],[115,1],[115,1],[115,1],[115,1],[115,1],[115,1],[115,1],[115,1],[115,1],[115,1],[115,1],[115,1],[115,1],[115,1],[115,1],[115,1],[115,1],[115,1],[115,1],[115,1]],performAction:function(t,e,n,r,i,a,o){var s=a.length-1;switch(i){case 5:r.parseDirective("%%{","open_directive");break;case 6:r.parseDirective(a[s],"type_directive");break;case 7:a[s]=a[s].trim().replace(/'/g,'"'),r.parseDirective(a[s],"arg_directive");break;case 8:r.parseDirective("}%%","close_directive","flowchart");break;case 10:this.$=[];break;case 11:a[s]!==[]&&a[s-1].push(a[s]),this.$=a[s-1];break;case 12:case 76:case 78:case 90:case 146:case 148:case 149:this.$=a[s];break;case 19:r.setDirection("TB"),this.$="TB";break;case 20:r.setDirection(a[s-1]),this.$=a[s-1];break;case 35:this.$=a[s-1].nodes;break;case 36:case 37:case 38:case 39:case 40:this.$=[];break;case 41:this.$=r.addSubGraph(a[s-6],a[s-1],a[s-4]);break;case 42:this.$=r.addSubGraph(a[s-3],a[s-1],a[s-3]);break;case 43:this.$=r.addSubGraph(void 0,a[s-1],void 0);break;case 47:r.addLink(a[s-2].stmt,a[s],a[s-1]),this.$={stmt:a[s],nodes:a[s].concat(a[s-2].nodes)};break;case 48:r.addLink(a[s-3].stmt,a[s-1],a[s-2]),this.$={stmt:a[s-1],nodes:a[s-1].concat(a[s-3].nodes)};break;case 49:this.$={stmt:a[s-1],nodes:a[s-1]};break;case 50:this.$={stmt:a[s],nodes:a[s]};break;case 51:this.$=[a[s]];break;case 52:this.$=a[s-4].concat(a[s]);break;case 53:this.$=[a[s-2]],r.setClass(a[s-2],a[s]);break;case 54:this.$=a[s-3],r.addVertex(a[s-3],a[s-1],"square");break;case 55:this.$=a[s-5],r.addVertex(a[s-5],a[s-2],"circle");break;case 56:this.$=a[s-3],r.addVertex(a[s-3],a[s-1],"ellipse");break;case 57:this.$=a[s-3],r.addVertex(a[s-3],a[s-1],"stadium");break;case 58:this.$=a[s-3],r.addVertex(a[s-3],a[s-1],"subroutine");break;case 59:this.$=a[s-3],r.addVertex(a[s-3],a[s-1],"cylinder");break;case 60:this.$=a[s-3],r.addVertex(a[s-3],a[s-1],"round");break;case 61:this.$=a[s-3],r.addVertex(a[s-3],a[s-1],"diamond");break;case 62:this.$=a[s-5],r.addVertex(a[s-5],a[s-2],"hexagon");break;case 63:this.$=a[s-3],r.addVertex(a[s-3],a[s-1],"odd");break;case 64:this.$=a[s-3],r.addVertex(a[s-3],a[s-1],"trapezoid");break;case 65:this.$=a[s-3],r.addVertex(a[s-3],a[s-1],"inv_trapezoid");break;case 66:this.$=a[s-3],r.addVertex(a[s-3],a[s-1],"lean_right");break;case 67:this.$=a[s-3],r.addVertex(a[s-3],a[s-1],"lean_left");break;case 68:this.$=a[s],r.addVertex(a[s]);break;case 69:a[s-1].text=a[s],this.$=a[s-1];break;case 70:case 71:a[s-2].text=a[s-1],this.$=a[s-2];break;case 72:this.$=a[s];break;case 73:var c=r.destructLink(a[s],a[s-2]);this.$={type:c.type,stroke:c.stroke,length:c.length,text:a[s-1]};break;case 74:c=r.destructLink(a[s]);this.$={type:c.type,stroke:c.stroke,length:c.length};break;case 75:this.$=a[s-1];break;case 77:case 91:case 147:this.$=a[s-1]+""+a[s];break;case 92:case 93:this.$=a[s-4],r.addClass(a[s-2],a[s]);break;case 94:this.$=a[s-4],r.setClass(a[s-2],a[s]);break;case 95:case 103:this.$=a[s-1],r.setClickEvent(a[s-1],a[s]);break;case 96:case 104:this.$=a[s-3],r.setClickEvent(a[s-3],a[s-2]),r.setTooltip(a[s-3],a[s]);break;case 97:this.$=a[s-2],r.setClickEvent(a[s-2],a[s-1],a[s]);break;case 98:this.$=a[s-4],r.setClickEvent(a[s-4],a[s-3],a[s-2]),r.setTooltip(a[s-4],a[s]);break;case 99:case 105:this.$=a[s-1],r.setLink(a[s-1],a[s]);break;case 100:case 106:this.$=a[s-3],r.setLink(a[s-3],a[s-2]),r.setTooltip(a[s-3],a[s]);break;case 101:case 107:this.$=a[s-3],r.setLink(a[s-3],a[s-2],a[s]);break;case 102:case 108:this.$=a[s-5],r.setLink(a[s-5],a[s-4],a[s]),r.setTooltip(a[s-5],a[s-2]);break;case 109:this.$=a[s-4],r.addVertex(a[s-2],void 0,void 0,a[s]);break;case 110:case 112:this.$=a[s-4],r.updateLink(a[s-2],a[s]);break;case 111:this.$=a[s-4],r.updateLink([a[s-2]],a[s]);break;case 113:this.$=a[s-8],r.updateLinkInterpolate([a[s-6]],a[s-2]),r.updateLink([a[s-6]],a[s]);break;case 114:this.$=a[s-8],r.updateLinkInterpolate(a[s-6],a[s-2]),r.updateLink(a[s-6],a[s]);break;case 115:this.$=a[s-6],r.updateLinkInterpolate([a[s-4]],a[s]);break;case 116:this.$=a[s-6],r.updateLinkInterpolate(a[s-4],a[s]);break;case 117:case 119:this.$=[a[s]];break;case 118:case 120:a[s-2].push(a[s]),this.$=a[s-2];break;case 122:this.$=a[s-1]+a[s];break;case 144:this.$=a[s];break;case 145:this.$=a[s-1]+""+a[s];break;case 150:this.$="v";break;case 151:this.$="-"}},table:[{3:1,4:2,5:3,6:5,12:e,16:4,21:n,22:r,24:i},{1:[3]},{1:[2,1]},{3:10,4:2,5:3,6:5,12:e,16:4,21:n,22:r,24:i},t(a,o,{17:11}),{7:12,13:[1,13]},{16:14,21:n,22:r,24:i},{16:15,21:n,22:r,24:i},{25:[1,16],26:[1,17]},{13:[2,5]},{1:[2,2]},{1:[2,9],18:18,19:19,20:s,21:c,22:u,23:l,32:24,33:25,34:26,35:27,36:28,37:29,38:h,44:31,45:37,46:f,48:38,75:d,76:p,77:y,78:g,79:v,80:m,94:b,95:_,98:x,99:k,100:w,102:E,103:T,107:39,109:C,110:S,111:A,112:M,113:O,114:N},{8:55,10:[1,56],15:D},t([10,15],[2,6]),t(a,[2,17]),t(a,[2,18]),t(a,[2,19]),{20:[1,59],21:[1,60],22:B,27:58,30:61},t(L,[2,11]),t(L,[2,12]),t(L,[2,13]),t(L,[2,14]),t(L,[2,15]),t(L,[2,16]),{9:63,20:I,21:R,23:F,43:64,66:68,69:[1,69],70:[1,70]},{9:71,20:I,21:R,23:F},{9:72,20:I,21:R,23:F},{9:73,20:I,21:R,23:F},{9:74,20:I,21:R,23:F},{9:75,20:I,21:R,23:F},{9:77,20:I,21:R,22:[1,76],23:F},t(P,[2,50],{30:78,22:B}),{22:[1,79]},{22:[1,80]},{22:[1,81]},{22:[1,82]},{26:j,46:Y,73:[1,86],80:z,86:85,87:[1,83],89:[1,84],94:U,95:$,98:W,99:V,100:q,102:H,103:G,106:89,108:87,109:X,110:Z,111:Q,112:K,113:J,114:tt},t(et,[2,51],{47:[1,105]}),t(nt,[2,68],{107:116,40:[1,106],46:f,49:[1,107],51:[1,108],53:[1,109],55:[1,110],57:[1,111],59:[1,112],61:[1,113],62:[1,114],64:[1,115],80:m,94:b,95:_,98:x,99:k,100:w,102:E,103:T,109:C,110:S,111:A,112:M,113:O,114:N}),t(rt,[2,144]),t(rt,[2,165]),t(rt,[2,166]),t(rt,[2,167]),t(rt,[2,168]),t(rt,[2,169]),t(rt,[2,170]),t(rt,[2,171]),t(rt,[2,172]),t(rt,[2,173]),t(rt,[2,174]),t(rt,[2,175]),t(rt,[2,176]),t(rt,[2,177]),t(rt,[2,178]),t(rt,[2,179]),{9:117,20:I,21:R,23:F},{11:118,14:[1,119]},t(it,[2,8]),t(a,[2,20]),t(a,[2,26]),t(a,[2,27]),{21:[1,120]},t(at,[2,34],{30:121,22:B}),t(L,[2,35]),{44:122,45:37,46:f,48:38,80:m,94:b,95:_,98:x,99:k,100:w,102:E,103:T,107:39,109:C,110:S,111:A,112:M,113:O,114:N},t(ot,[2,44]),t(ot,[2,45]),t(ot,[2,46]),t(st,[2,72],{67:123,68:[1,124],71:[1,125]}),{22:ct,24:ut,26:lt,38:ht,39:126,42:ft,46:Y,61:dt,69:pt,72:127,73:yt,74:138,75:gt,76:vt,77:mt,78:bt,79:_t,80:xt,81:kt,83:129,84:wt,94:U,95:$,98:W,99:V,100:Et,102:H,103:G,104:Tt,105:Ct,106:135,109:X,110:Z,111:Q,112:K,113:J,114:tt},t([46,68,71,80,94,95,98,99,100,102,103,109,110,111,112,113,114],[2,74]),t(L,[2,36]),t(L,[2,37]),t(L,[2,38]),t(L,[2,39]),t(L,[2,40]),{22:ct,24:ut,26:lt,38:ht,39:150,42:ft,46:Y,61:dt,69:pt,72:127,73:yt,74:138,75:gt,76:vt,77:mt,78:bt,79:_t,80:xt,81:kt,83:129,84:wt,94:U,95:$,98:W,99:V,100:Et,102:H,103:G,104:Tt,105:Ct,106:135,109:X,110:Z,111:Q,112:K,113:J,114:tt},t(St,o,{17:151}),t(P,[2,49],{46:At}),{26:j,46:Y,80:z,86:153,91:[1,154],94:U,95:$,98:W,99:V,100:q,102:H,103:G,106:89,108:87,109:X,110:Z,111:Q,112:K,113:J,114:tt},{84:[1,155],92:156,94:[1,157]},{26:j,46:Y,80:z,84:[1,158],86:159,94:U,95:$,98:W,99:V,100:q,102:H,103:G,106:89,108:87,109:X,110:Z,111:Q,112:K,113:J,114:tt},{26:j,46:Y,80:z,86:160,94:U,95:$,98:W,99:V,100:q,102:H,103:G,106:89,108:87,109:X,110:Z,111:Q,112:K,113:J,114:tt},t(it,[2,95],{22:[1,161],88:[1,162]}),t(it,[2,99],{22:[1,163]}),t(it,[2,103],{106:89,108:165,22:[1,164],26:j,46:Y,80:z,94:U,95:$,98:W,99:V,100:q,102:H,103:G,109:X,110:Z,111:Q,112:K,113:J,114:tt}),t(it,[2,105],{22:[1,166]}),t(Mt,[2,146]),t(Mt,[2,148]),t(Mt,[2,149]),t(Mt,[2,150]),t(Mt,[2,151]),t(Ot,[2,152]),t(Ot,[2,153]),t(Ot,[2,154]),t(Ot,[2,155]),t(Ot,[2,156]),t(Ot,[2,157]),t(Ot,[2,158]),t(Ot,[2,159]),t(Ot,[2,160]),t(Ot,[2,161]),t(Ot,[2,162]),t(Ot,[2,163]),t(Ot,[2,164]),{46:f,48:167,80:m,94:b,95:_,98:x,99:k,100:w,102:E,103:T,107:39,109:C,110:S,111:A,112:M,113:O,114:N},{22:ct,24:ut,26:lt,38:ht,39:168,42:ft,46:Y,61:dt,69:pt,72:127,73:yt,74:138,75:gt,76:vt,77:mt,78:bt,79:_t,80:xt,81:kt,83:129,84:wt,94:U,95:$,98:W,99:V,100:Et,102:H,103:G,104:Tt,105:Ct,106:135,109:X,110:Z,111:Q,112:K,113:J,114:tt},{22:ct,24:ut,26:lt,38:ht,39:170,42:ft,46:Y,49:[1,169],61:dt,69:pt,72:127,73:yt,74:138,75:gt,76:vt,77:mt,78:bt,79:_t,80:xt,81:kt,83:129,84:wt,94:U,95:$,98:W,99:V,100:Et,102:H,103:G,104:Tt,105:Ct,106:135,109:X,110:Z,111:Q,112:K,113:J,114:tt},{22:ct,24:ut,26:lt,38:ht,39:171,42:ft,46:Y,61:dt,69:pt,72:127,73:yt,74:138,75:gt,76:vt,77:mt,78:bt,79:_t,80:xt,81:kt,83:129,84:wt,94:U,95:$,98:W,99:V,100:Et,102:H,103:G,104:Tt,105:Ct,106:135,109:X,110:Z,111:Q,112:K,113:J,114:tt},{22:ct,24:ut,26:lt,38:ht,39:172,42:ft,46:Y,61:dt,69:pt,72:127,73:yt,74:138,75:gt,76:vt,77:mt,78:bt,79:_t,80:xt,81:kt,83:129,84:wt,94:U,95:$,98:W,99:V,100:Et,102:H,103:G,104:Tt,105:Ct,106:135,109:X,110:Z,111:Q,112:K,113:J,114:tt},{22:ct,24:ut,26:lt,38:ht,39:173,42:ft,46:Y,61:dt,69:pt,72:127,73:yt,74:138,75:gt,76:vt,77:mt,78:bt,79:_t,80:xt,81:kt,83:129,84:wt,94:U,95:$,98:W,99:V,100:Et,102:H,103:G,104:Tt,105:Ct,106:135,109:X,110:Z,111:Q,112:K,113:J,114:tt},{22:ct,24:ut,26:lt,38:ht,39:174,42:ft,46:Y,61:dt,69:pt,72:127,73:yt,74:138,75:gt,76:vt,77:mt,78:bt,79:_t,80:xt,81:kt,83:129,84:wt,94:U,95:$,98:W,99:V,100:Et,102:H,103:G,104:Tt,105:Ct,106:135,109:X,110:Z,111:Q,112:K,113:J,114:tt},{22:ct,24:ut,26:lt,38:ht,39:175,42:ft,46:Y,59:[1,176],61:dt,69:pt,72:127,73:yt,74:138,75:gt,76:vt,77:mt,78:bt,79:_t,80:xt,81:kt,83:129,84:wt,94:U,95:$,98:W,99:V,100:Et,102:H,103:G,104:Tt,105:Ct,106:135,109:X,110:Z,111:Q,112:K,113:J,114:tt},{22:ct,24:ut,26:lt,38:ht,39:177,42:ft,46:Y,61:dt,69:pt,72:127,73:yt,74:138,75:gt,76:vt,77:mt,78:bt,79:_t,80:xt,81:kt,83:129,84:wt,94:U,95:$,98:W,99:V,100:Et,102:H,103:G,104:Tt,105:Ct,106:135,109:X,110:Z,111:Q,112:K,113:J,114:tt},{22:ct,24:ut,26:lt,38:ht,39:178,42:ft,46:Y,61:dt,69:pt,72:127,73:yt,74:138,75:gt,76:vt,77:mt,78:bt,79:_t,80:xt,81:kt,83:129,84:wt,94:U,95:$,98:W,99:V,100:Et,102:H,103:G,104:Tt,105:Ct,106:135,109:X,110:Z,111:Q,112:K,113:J,114:tt},{22:ct,24:ut,26:lt,38:ht,39:179,42:ft,46:Y,61:dt,69:pt,72:127,73:yt,74:138,75:gt,76:vt,77:mt,78:bt,79:_t,80:xt,81:kt,83:129,84:wt,94:U,95:$,98:W,99:V,100:Et,102:H,103:G,104:Tt,105:Ct,106:135,109:X,110:Z,111:Q,112:K,113:J,114:tt},t(rt,[2,145]),t(Nt,[2,3]),{8:180,15:D},{15:[2,7]},t(a,[2,28]),t(at,[2,33]),t(P,[2,47],{30:181,22:B}),t(st,[2,69],{22:[1,182]}),{22:[1,183]},{22:ct,24:ut,26:lt,38:ht,39:184,42:ft,46:Y,61:dt,69:pt,72:127,73:yt,74:138,75:gt,76:vt,77:mt,78:bt,79:_t,80:xt,81:kt,83:129,84:wt,94:U,95:$,98:W,99:V,100:Et,102:H,103:G,104:Tt,105:Ct,106:135,109:X,110:Z,111:Q,112:K,113:J,114:tt},{22:ct,24:ut,26:lt,38:ht,42:ft,46:Y,61:dt,69:pt,70:[1,185],72:186,74:138,75:gt,76:vt,77:mt,78:bt,79:_t,80:xt,81:kt,83:129,84:wt,94:U,95:$,98:W,99:V,100:Et,102:H,103:G,104:Tt,105:Ct,106:135,109:X,110:Z,111:Q,112:K,113:J,114:tt},t(Ot,[2,76]),t(Ot,[2,78]),t(Ot,[2,134]),t(Ot,[2,135]),t(Ot,[2,136]),t(Ot,[2,137]),t(Ot,[2,138]),t(Ot,[2,139]),t(Ot,[2,140]),t(Ot,[2,141]),t(Ot,[2,142]),t(Ot,[2,143]),t(Ot,[2,79]),t(Ot,[2,80]),t(Ot,[2,81]),t(Ot,[2,82]),t(Ot,[2,83]),t(Ot,[2,84]),t(Ot,[2,85]),t(Ot,[2,86]),t(Ot,[2,87]),t(Ot,[2,88]),t(Ot,[2,89]),{9:188,20:I,21:R,22:ct,23:F,24:ut,26:lt,38:ht,40:[1,187],42:ft,46:Y,61:dt,69:pt,72:186,74:138,75:gt,76:vt,77:mt,78:bt,79:_t,80:xt,81:kt,83:129,84:wt,94:U,95:$,98:W,99:V,100:Et,102:H,103:G,104:Tt,105:Ct,106:135,109:X,110:Z,111:Q,112:K,113:J,114:tt},{18:18,19:19,20:s,21:c,22:u,23:l,32:24,33:25,34:26,35:27,36:28,37:29,38:h,42:[1,189],44:31,45:37,46:f,48:38,75:d,76:p,77:y,78:g,79:v,80:m,94:b,95:_,98:x,99:k,100:w,102:E,103:T,107:39,109:C,110:S,111:A,112:M,113:O,114:N},{22:B,30:190},{22:[1,191],26:j,46:Y,80:z,94:U,95:$,98:W,99:V,100:q,102:H,103:G,106:89,108:165,109:X,110:Z,111:Q,112:K,113:J,114:tt},{22:[1,192]},{22:[1,193]},{22:[1,194],95:[1,195]},t(Dt,[2,117]),{22:[1,196]},{22:[1,197],26:j,46:Y,80:z,94:U,95:$,98:W,99:V,100:q,102:H,103:G,106:89,108:165,109:X,110:Z,111:Q,112:K,113:J,114:tt},{22:[1,198],26:j,46:Y,80:z,94:U,95:$,98:W,99:V,100:q,102:H,103:G,106:89,108:165,109:X,110:Z,111:Q,112:K,113:J,114:tt},{73:[1,199]},t(it,[2,97],{22:[1,200]}),{73:[1,201],90:[1,202]},{73:[1,203]},t(Mt,[2,147]),{73:[1,204],90:[1,205]},t(et,[2,53],{107:116,46:f,80:m,94:b,95:_,98:x,99:k,100:w,102:E,103:T,109:C,110:S,111:A,112:M,113:O,114:N}),{22:ct,24:ut,26:lt,38:ht,41:[1,206],42:ft,46:Y,61:dt,69:pt,72:186,74:138,75:gt,76:vt,77:mt,78:bt,79:_t,80:xt,81:kt,83:129,84:wt,94:U,95:$,98:W,99:V,100:Et,102:H,103:G,104:Tt,105:Ct,106:135,109:X,110:Z,111:Q,112:K,113:J,114:tt},{22:ct,24:ut,26:lt,38:ht,39:207,42:ft,46:Y,61:dt,69:pt,72:127,73:yt,74:138,75:gt,76:vt,77:mt,78:bt,79:_t,80:xt,81:kt,83:129,84:wt,94:U,95:$,98:W,99:V,100:Et,102:H,103:G,104:Tt,105:Ct,106:135,109:X,110:Z,111:Q,112:K,113:J,114:tt},{22:ct,24:ut,26:lt,38:ht,42:ft,46:Y,50:[1,208],61:dt,69:pt,72:186,74:138,75:gt,76:vt,77:mt,78:bt,79:_t,80:xt,81:kt,83:129,84:wt,94:U,95:$,98:W,99:V,100:Et,102:H,103:G,104:Tt,105:Ct,106:135,109:X,110:Z,111:Q,112:K,113:J,114:tt},{22:ct,24:ut,26:lt,38:ht,42:ft,46:Y,52:[1,209],61:dt,69:pt,72:186,74:138,75:gt,76:vt,77:mt,78:bt,79:_t,80:xt,81:kt,83:129,84:wt,94:U,95:$,98:W,99:V,100:Et,102:H,103:G,104:Tt,105:Ct,106:135,109:X,110:Z,111:Q,112:K,113:J,114:tt},{22:ct,24:ut,26:lt,38:ht,42:ft,46:Y,54:[1,210],61:dt,69:pt,72:186,74:138,75:gt,76:vt,77:mt,78:bt,79:_t,80:xt,81:kt,83:129,84:wt,94:U,95:$,98:W,99:V,100:Et,102:H,103:G,104:Tt,105:Ct,106:135,109:X,110:Z,111:Q,112:K,113:J,114:tt},{22:ct,24:ut,26:lt,38:ht,42:ft,46:Y,56:[1,211],61:dt,69:pt,72:186,74:138,75:gt,76:vt,77:mt,78:bt,79:_t,80:xt,81:kt,83:129,84:wt,94:U,95:$,98:W,99:V,100:Et,102:H,103:G,104:Tt,105:Ct,106:135,109:X,110:Z,111:Q,112:K,113:J,114:tt},{22:ct,24:ut,26:lt,38:ht,42:ft,46:Y,58:[1,212],61:dt,69:pt,72:186,74:138,75:gt,76:vt,77:mt,78:bt,79:_t,80:xt,81:kt,83:129,84:wt,94:U,95:$,98:W,99:V,100:Et,102:H,103:G,104:Tt,105:Ct,106:135,109:X,110:Z,111:Q,112:K,113:J,114:tt},{22:ct,24:ut,26:lt,38:ht,42:ft,46:Y,60:[1,213],61:dt,69:pt,72:186,74:138,75:gt,76:vt,77:mt,78:bt,79:_t,80:xt,81:kt,83:129,84:wt,94:U,95:$,98:W,99:V,100:Et,102:H,103:G,104:Tt,105:Ct,106:135,109:X,110:Z,111:Q,112:K,113:J,114:tt},{22:ct,24:ut,26:lt,38:ht,39:214,42:ft,46:Y,61:dt,69:pt,72:127,73:yt,74:138,75:gt,76:vt,77:mt,78:bt,79:_t,80:xt,81:kt,83:129,84:wt,94:U,95:$,98:W,99:V,100:Et,102:H,103:G,104:Tt,105:Ct,106:135,109:X,110:Z,111:Q,112:K,113:J,114:tt},{22:ct,24:ut,26:lt,38:ht,41:[1,215],42:ft,46:Y,61:dt,69:pt,72:186,74:138,75:gt,76:vt,77:mt,78:bt,79:_t,80:xt,81:kt,83:129,84:wt,94:U,95:$,98:W,99:V,100:Et,102:H,103:G,104:Tt,105:Ct,106:135,109:X,110:Z,111:Q,112:K,113:J,114:tt},{22:ct,24:ut,26:lt,38:ht,42:ft,46:Y,61:dt,63:[1,216],65:[1,217],69:pt,72:186,74:138,75:gt,76:vt,77:mt,78:bt,79:_t,80:xt,81:kt,83:129,84:wt,94:U,95:$,98:W,99:V,100:Et,102:H,103:G,104:Tt,105:Ct,106:135,109:X,110:Z,111:Q,112:K,113:J,114:tt},{22:ct,24:ut,26:lt,38:ht,42:ft,46:Y,61:dt,63:[1,219],65:[1,218],69:pt,72:186,74:138,75:gt,76:vt,77:mt,78:bt,79:_t,80:xt,81:kt,83:129,84:wt,94:U,95:$,98:W,99:V,100:Et,102:H,103:G,104:Tt,105:Ct,106:135,109:X,110:Z,111:Q,112:K,113:J,114:tt},{9:220,20:I,21:R,23:F},t(P,[2,48],{46:At}),t(st,[2,71]),t(st,[2,70]),{22:ct,24:ut,26:lt,38:ht,42:ft,46:Y,61:dt,69:pt,71:[1,221],72:186,74:138,75:gt,76:vt,77:mt,78:bt,79:_t,80:xt,81:kt,83:129,84:wt,94:U,95:$,98:W,99:V,100:Et,102:H,103:G,104:Tt,105:Ct,106:135,109:X,110:Z,111:Q,112:K,113:J,114:tt},t(st,[2,73]),t(Ot,[2,77]),{22:ct,24:ut,26:lt,38:ht,39:222,42:ft,46:Y,61:dt,69:pt,72:127,73:yt,74:138,75:gt,76:vt,77:mt,78:bt,79:_t,80:xt,81:kt,83:129,84:wt,94:U,95:$,98:W,99:V,100:Et,102:H,103:G,104:Tt,105:Ct,106:135,109:X,110:Z,111:Q,112:K,113:J,114:tt},t(St,o,{17:223}),t(L,[2,43]),{45:224,46:f,48:38,80:m,94:b,95:_,98:x,99:k,100:w,102:E,103:T,107:39,109:C,110:S,111:A,112:M,113:O,114:N},{22:Bt,75:Lt,85:225,91:It,94:Rt,96:226,97:227,98:Ft,99:Pt,100:jt,101:Yt,102:zt,103:Ut,104:$t},{22:Bt,75:Lt,85:239,91:It,94:Rt,96:226,97:227,98:Ft,99:Pt,100:jt,101:Yt,102:zt,103:Ut,104:$t},{22:Bt,75:Lt,85:240,91:It,93:[1,241],94:Rt,96:226,97:227,98:Ft,99:Pt,100:jt,101:Yt,102:zt,103:Ut,104:$t},{22:Bt,75:Lt,85:242,91:It,93:[1,243],94:Rt,96:226,97:227,98:Ft,99:Pt,100:jt,101:Yt,102:zt,103:Ut,104:$t},{94:[1,244]},{22:Bt,75:Lt,85:245,91:It,94:Rt,96:226,97:227,98:Ft,99:Pt,100:jt,101:Yt,102:zt,103:Ut,104:$t},{22:Bt,75:Lt,85:246,91:It,94:Rt,96:226,97:227,98:Ft,99:Pt,100:jt,101:Yt,102:zt,103:Ut,104:$t},{26:j,46:Y,80:z,86:247,94:U,95:$,98:W,99:V,100:q,102:H,103:G,106:89,108:87,109:X,110:Z,111:Q,112:K,113:J,114:tt},t(it,[2,96]),{73:[1,248]},t(it,[2,100],{22:[1,249]}),t(it,[2,101]),t(it,[2,104]),t(it,[2,106],{22:[1,250]}),t(it,[2,107]),t(nt,[2,54]),{22:ct,24:ut,26:lt,38:ht,42:ft,46:Y,50:[1,251],61:dt,69:pt,72:186,74:138,75:gt,76:vt,77:mt,78:bt,79:_t,80:xt,81:kt,83:129,84:wt,94:U,95:$,98:W,99:V,100:Et,102:H,103:G,104:Tt,105:Ct,106:135,109:X,110:Z,111:Q,112:K,113:J,114:tt},t(nt,[2,60]),t(nt,[2,56]),t(nt,[2,57]),t(nt,[2,58]),t(nt,[2,59]),t(nt,[2,61]),{22:ct,24:ut,26:lt,38:ht,42:ft,46:Y,60:[1,252],61:dt,69:pt,72:186,74:138,75:gt,76:vt,77:mt,78:bt,79:_t,80:xt,81:kt,83:129,84:wt,94:U,95:$,98:W,99:V,100:Et,102:H,103:G,104:Tt,105:Ct,106:135,109:X,110:Z,111:Q,112:K,113:J,114:tt},t(nt,[2,63]),t(nt,[2,64]),t(nt,[2,66]),t(nt,[2,65]),t(nt,[2,67]),t(Nt,[2,4]),t([22,46,80,94,95,98,99,100,102,103,109,110,111,112,113,114],[2,75]),{22:ct,24:ut,26:lt,38:ht,41:[1,253],42:ft,46:Y,61:dt,69:pt,72:186,74:138,75:gt,76:vt,77:mt,78:bt,79:_t,80:xt,81:kt,83:129,84:wt,94:U,95:$,98:W,99:V,100:Et,102:H,103:G,104:Tt,105:Ct,106:135,109:X,110:Z,111:Q,112:K,113:J,114:tt},{18:18,19:19,20:s,21:c,22:u,23:l,32:24,33:25,34:26,35:27,36:28,37:29,38:h,42:[1,254],44:31,45:37,46:f,48:38,75:d,76:p,77:y,78:g,79:v,80:m,94:b,95:_,98:x,99:k,100:w,102:E,103:T,107:39,109:C,110:S,111:A,112:M,113:O,114:N},t(et,[2,52]),t(it,[2,109],{95:Wt}),t(Vt,[2,119],{97:256,22:Bt,75:Lt,91:It,94:Rt,98:Ft,99:Pt,100:jt,101:Yt,102:zt,103:Ut,104:$t}),t(qt,[2,121]),t(qt,[2,123]),t(qt,[2,124]),t(qt,[2,125]),t(qt,[2,126]),t(qt,[2,127]),t(qt,[2,128]),t(qt,[2,129]),t(qt,[2,130]),t(qt,[2,131]),t(qt,[2,132]),t(qt,[2,133]),t(it,[2,110],{95:Wt}),t(it,[2,111],{95:Wt}),{22:[1,257]},t(it,[2,112],{95:Wt}),{22:[1,258]},t(Dt,[2,118]),t(it,[2,92],{95:Wt}),t(it,[2,93],{95:Wt}),t(it,[2,94],{106:89,108:165,26:j,46:Y,80:z,94:U,95:$,98:W,99:V,100:q,102:H,103:G,109:X,110:Z,111:Q,112:K,113:J,114:tt}),t(it,[2,98]),{90:[1,259]},{90:[1,260]},{50:[1,261]},{60:[1,262]},{9:263,20:I,21:R,23:F},t(L,[2,42]),{22:Bt,75:Lt,91:It,94:Rt,96:264,97:227,98:Ft,99:Pt,100:jt,101:Yt,102:zt,103:Ut,104:$t},t(qt,[2,122]),{26:j,46:Y,80:z,86:265,94:U,95:$,98:W,99:V,100:q,102:H,103:G,106:89,108:87,109:X,110:Z,111:Q,112:K,113:J,114:tt},{26:j,46:Y,80:z,86:266,94:U,95:$,98:W,99:V,100:q,102:H,103:G,106:89,108:87,109:X,110:Z,111:Q,112:K,113:J,114:tt},t(it,[2,102]),t(it,[2,108]),t(nt,[2,55]),t(nt,[2,62]),t(St,o,{17:267}),t(Vt,[2,120],{97:256,22:Bt,75:Lt,91:It,94:Rt,98:Ft,99:Pt,100:jt,101:Yt,102:zt,103:Ut,104:$t}),t(it,[2,115],{106:89,108:165,22:[1,268],26:j,46:Y,80:z,94:U,95:$,98:W,99:V,100:q,102:H,103:G,109:X,110:Z,111:Q,112:K,113:J,114:tt}),t(it,[2,116],{106:89,108:165,22:[1,269],26:j,46:Y,80:z,94:U,95:$,98:W,99:V,100:q,102:H,103:G,109:X,110:Z,111:Q,112:K,113:J,114:tt}),{18:18,19:19,20:s,21:c,22:u,23:l,32:24,33:25,34:26,35:27,36:28,37:29,38:h,42:[1,270],44:31,45:37,46:f,48:38,75:d,76:p,77:y,78:g,79:v,80:m,94:b,95:_,98:x,99:k,100:w,102:E,103:T,107:39,109:C,110:S,111:A,112:M,113:O,114:N},{22:Bt,75:Lt,85:271,91:It,94:Rt,96:226,97:227,98:Ft,99:Pt,100:jt,101:Yt,102:zt,103:Ut,104:$t},{22:Bt,75:Lt,85:272,91:It,94:Rt,96:226,97:227,98:Ft,99:Pt,100:jt,101:Yt,102:zt,103:Ut,104:$t},t(L,[2,41]),t(it,[2,113],{95:Wt}),t(it,[2,114],{95:Wt})],defaultActions:{2:[2,1],9:[2,5],10:[2,2],119:[2,7]},parseError:function(t,e){if(!e.recoverable){var n=new Error(t);throw n.hash=e,n}this.trace(t)},parse:function(t){var e=this,n=[0],r=[],i=[null],a=[],o=this.table,s="",c=0,u=0,l=0,h=2,f=1,d=a.slice.call(arguments,1),p=Object.create(this.lexer),y={yy:{}};for(var g in this.yy)Object.prototype.hasOwnProperty.call(this.yy,g)&&(y.yy[g]=this.yy[g]);p.setInput(t,y.yy),y.yy.lexer=p,y.yy.parser=this,void 0===p.yylloc&&(p.yylloc={});var v=p.yylloc;a.push(v);var m=p.options&&p.options.ranges;function b(){var t;return"number"!=typeof(t=r.pop()||p.lex()||f)&&(t instanceof Array&&(t=(r=t).pop()),t=e.symbols_[t]||t),t}"function"==typeof y.yy.parseError?this.parseError=y.yy.parseError:this.parseError=Object.getPrototypeOf(this).parseError;for(var _,x,k,w,E,T,C,S,A,M={};;){if(k=n[n.length-1],this.defaultActions[k]?w=this.defaultActions[k]:(null==_&&(_=b()),w=o[k]&&o[k][_]),void 0===w||!w.length||!w[0]){var O="";for(T in A=[],o[k])this.terminals_[T]&&T>h&&A.push("'"+this.terminals_[T]+"'");O=p.showPosition?"Parse error on line "+(c+1)+":\n"+p.showPosition()+"\nExpecting "+A.join(", ")+", got '"+(this.terminals_[_]||_)+"'":"Parse error on line "+(c+1)+": Unexpected "+(_==f?"end of input":"'"+(this.terminals_[_]||_)+"'"),this.parseError(O,{text:p.match,token:this.terminals_[_]||_,line:p.yylineno,loc:v,expected:A})}if(w[0]instanceof Array&&w.length>1)throw new Error("Parse Error: multiple actions possible at state: "+k+", token: "+_);switch(w[0]){case 1:n.push(_),i.push(p.yytext),a.push(p.yylloc),n.push(w[1]),_=null,x?(_=x,x=null):(u=p.yyleng,s=p.yytext,c=p.yylineno,v=p.yylloc,l>0&&l--);break;case 2:if(C=this.productions_[w[1]][1],M.$=i[i.length-C],M._$={first_line:a[a.length-(C||1)].first_line,last_line:a[a.length-1].last_line,first_column:a[a.length-(C||1)].first_column,last_column:a[a.length-1].last_column},m&&(M._$.range=[a[a.length-(C||1)].range[0],a[a.length-1].range[1]]),void 0!==(E=this.performAction.apply(M,[s,u,c,y.yy,w[1],i,a].concat(d))))return E;C&&(n=n.slice(0,-1*C*2),i=i.slice(0,-1*C),a=a.slice(0,-1*C)),n.push(this.productions_[w[1]][0]),i.push(M.$),a.push(M._$),S=o[n[n.length-2]][n[n.length-1]],n.push(S);break;case 3:return!0}}return!0}},Gt={EOF:1,parseError:function(t,e){if(!this.yy.parser)throw new Error(t);this.yy.parser.parseError(t,e)},setInput:function(t,e){return this.yy=e||this.yy||{},this._input=t,this._more=this._backtrack=this.done=!1,this.yylineno=this.yyleng=0,this.yytext=this.matched=this.match="",this.conditionStack=["INITIAL"],this.yylloc={first_line:1,first_column:0,last_line:1,last_column:0},this.options.ranges&&(this.yylloc.range=[0,0]),this.offset=0,this},input:function(){var t=this._input[0];return this.yytext+=t,this.yyleng++,this.offset++,this.match+=t,this.matched+=t,t.match(/(?:\r\n?|\n).*/g)?(this.yylineno++,this.yylloc.last_line++):this.yylloc.last_column++,this.options.ranges&&this.yylloc.range[1]++,this._input=this._input.slice(1),t},unput:function(t){var e=t.length,n=t.split(/(?:\r\n?|\n)/g);this._input=t+this._input,this.yytext=this.yytext.substr(0,this.yytext.length-e),this.offset-=e;var r=this.match.split(/(?:\r\n?|\n)/g);this.match=this.match.substr(0,this.match.length-1),this.matched=this.matched.substr(0,this.matched.length-1),n.length-1&&(this.yylineno-=n.length-1);var i=this.yylloc.range;return this.yylloc={first_line:this.yylloc.first_line,last_line:this.yylineno+1,first_column:this.yylloc.first_column,last_column:n?(n.length===r.length?this.yylloc.first_column:0)+r[r.length-n.length].length-n[0].length:this.yylloc.first_column-e},this.options.ranges&&(this.yylloc.range=[i[0],i[0]+this.yyleng-e]),this.yyleng=this.yytext.length,this},more:function(){return this._more=!0,this},reject:function(){return this.options.backtrack_lexer?(this._backtrack=!0,this):this.parseError("Lexical error on line "+(this.yylineno+1)+". You can only invoke reject() in the lexer when the lexer is of the backtracking persuasion (options.backtrack_lexer = true).\n"+this.showPosition(),{text:"",token:null,line:this.yylineno})},less:function(t){this.unput(this.match.slice(t))},pastInput:function(){var t=this.matched.substr(0,this.matched.length-this.match.length);return(t.length>20?"...":"")+t.substr(-20).replace(/\n/g,"")},upcomingInput:function(){var t=this.match;return t.length<20&&(t+=this._input.substr(0,20-t.length)),(t.substr(0,20)+(t.length>20?"...":"")).replace(/\n/g,"")},showPosition:function(){var t=this.pastInput(),e=new Array(t.length+1).join("-");return t+this.upcomingInput()+"\n"+e+"^"},test_match:function(t,e){var n,r,i;if(this.options.backtrack_lexer&&(i={yylineno:this.yylineno,yylloc:{first_line:this.yylloc.first_line,last_line:this.last_line,first_column:this.yylloc.first_column,last_column:this.yylloc.last_column},yytext:this.yytext,match:this.match,matches:this.matches,matched:this.matched,yyleng:this.yyleng,offset:this.offset,_more:this._more,_input:this._input,yy:this.yy,conditionStack:this.conditionStack.slice(0),done:this.done},this.options.ranges&&(i.yylloc.range=this.yylloc.range.slice(0))),(r=t[0].match(/(?:\r\n?|\n).*/g))&&(this.yylineno+=r.length),this.yylloc={first_line:this.yylloc.last_line,last_line:this.yylineno+1,first_column:this.yylloc.last_column,last_column:r?r[r.length-1].length-r[r.length-1].match(/\r?\n?/)[0].length:this.yylloc.last_column+t[0].length},this.yytext+=t[0],this.match+=t[0],this.matches=t,this.yyleng=this.yytext.length,this.options.ranges&&(this.yylloc.range=[this.offset,this.offset+=this.yyleng]),this._more=!1,this._backtrack=!1,this._input=this._input.slice(t[0].length),this.matched+=t[0],n=this.performAction.call(this,this.yy,this,e,this.conditionStack[this.conditionStack.length-1]),this.done&&this._input&&(this.done=!1),n)return n;if(this._backtrack){for(var a in i)this[a]=i[a];return!1}return!1},next:function(){if(this.done)return this.EOF;var t,e,n,r;this._input||(this.done=!0),this._more||(this.yytext="",this.match="");for(var i=this._currentRules(),a=0;a<i.length;a++)if((n=this._input.match(this.rules[i[a]]))&&(!e||n[0].length>e[0].length)){if(e=n,r=a,this.options.backtrack_lexer){if(!1!==(t=this.test_match(n,i[a])))return t;if(this._backtrack){e=!1;continue}return!1}if(!this.options.flex)break}return e?!1!==(t=this.test_match(e,i[r]))&&t:""===this._input?this.EOF:this.parseError("Lexical error on line "+(this.yylineno+1)+". Unrecognized text.\n"+this.showPosition(),{text:"",token:null,line:this.yylineno})},lex:function(){var t=this.next();return t||this.lex()},begin:function(t){this.conditionStack.push(t)},popState:function(){return this.conditionStack.length-1>0?this.conditionStack.pop():this.conditionStack[0]},_currentRules:function(){return this.conditionStack.length&&this.conditionStack[this.conditionStack.length-1]?this.conditions[this.conditionStack[this.conditionStack.length-1]].rules:this.conditions.INITIAL.rules},topState:function(t){return(t=this.conditionStack.length-1-Math.abs(t||0))>=0?this.conditionStack[t]:"INITIAL"},pushState:function(t){this.begin(t)},stateStackSize:function(){return this.conditionStack.length},options:{},performAction:function(t,e,n,r){switch(n){case 0:return this.begin("open_directive"),12;case 1:return this.begin("type_directive"),13;case 2:return this.popState(),this.begin("arg_directive"),10;case 3:return this.popState(),this.popState(),15;case 4:return 14;case 5:case 6:break;case 7:this.begin("string");break;case 8:this.popState();break;case 9:return"STR";case 10:return 75;case 11:return 84;case 12:return 76;case 13:return 93;case 14:return 77;case 15:return 78;case 16:this.begin("href");break;case 17:this.popState();break;case 18:return 89;case 19:this.begin("callbackname");break;case 20:this.popState();break;case 21:this.popState(),this.begin("callbackargs");break;case 22:return 87;case 23:this.popState();break;case 24:return 88;case 25:this.begin("click");break;case 26:this.popState();break;case 27:return 79;case 28:case 29:return t.lex.firstGraph()&&this.begin("dir"),24;case 30:return 38;case 31:return 42;case 32:case 33:case 34:case 35:return 90;case 36:return this.popState(),25;case 37:case 38:case 39:case 40:case 41:case 42:case 43:case 44:case 45:case 46:return this.popState(),26;case 47:return 94;case 48:return 102;case 49:return 47;case 50:return 99;case 51:return 46;case 52:return 20;case 53:return 95;case 54:return 113;case 55:case 56:case 57:return 70;case 58:case 59:case 60:return 69;case 61:return 51;case 62:return 52;case 63:return 53;case 64:return 54;case 65:return 55;case 66:return 56;case 67:return 57;case 68:return 58;case 69:return 100;case 70:return 103;case 71:return 114;case 72:return 111;case 73:return 104;case 74:case 75:return 112;case 76:return 105;case 77:return 61;case 78:return 81;case 79:return"SEP";case 80:return 80;case 81:return 98;case 82:return 63;case 83:return 62;case 84:return 65;case 85:return 64;case 86:return 109;case 87:return 110;case 88:return 71;case 89:return 49;case 90:return 50;case 91:return 40;case 92:return 41;case 93:return 59;case 94:return 60;case 95:return 120;case 96:return 21;case 97:return 22;case 98:return 23}},rules:[/^(?:%%\{)/,/^(?:((?:(?!\}%%)[^:.])*))/,/^(?::)/,/^(?:\}%%)/,/^(?:((?:(?!\}%%).|\n)*))/,/^(?:%%(?!\{)[^\n]*)/,/^(?:[^\}]%%[^\n]*)/,/^(?:["])/,/^(?:["])/,/^(?:[^"]*)/,/^(?:style\b)/,/^(?:default\b)/,/^(?:linkStyle\b)/,/^(?:interpolate\b)/,/^(?:classDef\b)/,/^(?:class\b)/,/^(?:href[\s]+["])/,/^(?:["])/,/^(?:[^"]*)/,/^(?:call[\s]+)/,/^(?:\([\s]*\))/,/^(?:\()/,/^(?:[^(]*)/,/^(?:\))/,/^(?:[^)]*)/,/^(?:click[\s]+)/,/^(?:[\s\n])/,/^(?:[^\s\n]*)/,/^(?:graph\b)/,/^(?:flowchart\b)/,/^(?:subgraph\b)/,/^(?:end\b\s*)/,/^(?:_self\b)/,/^(?:_blank\b)/,/^(?:_parent\b)/,/^(?:_top\b)/,/^(?:(\r?\n)*\s*\n)/,/^(?:\s*LR\b)/,/^(?:\s*RL\b)/,/^(?:\s*TB\b)/,/^(?:\s*BT\b)/,/^(?:\s*TD\b)/,/^(?:\s*BR\b)/,/^(?:\s*<)/,/^(?:\s*>)/,/^(?:\s*\^)/,/^(?:\s*v\b)/,/^(?:[0-9]+)/,/^(?:#)/,/^(?::::)/,/^(?::)/,/^(?:&)/,/^(?:;)/,/^(?:,)/,/^(?:\*)/,/^(?:\s*[xo<]?--+[-xo>]\s*)/,/^(?:\s*[xo<]?==+[=xo>]\s*)/,/^(?:\s*[xo<]?-?\.+-[xo>]?\s*)/,/^(?:\s*[xo<]?--\s*)/,/^(?:\s*[xo<]?==\s*)/,/^(?:\s*[xo<]?-\.\s*)/,/^(?:\(-)/,/^(?:-\))/,/^(?:\(\[)/,/^(?:\]\))/,/^(?:\[\[)/,/^(?:\]\])/,/^(?:\[\()/,/^(?:\)\])/,/^(?:-)/,/^(?:\.)/,/^(?:[\_])/,/^(?:\+)/,/^(?:%)/,/^(?:=)/,/^(?:=)/,/^(?:<)/,/^(?:>)/,/^(?:\^)/,/^(?:\\\|)/,/^(?:v\b)/,/^(?:[A-Za-z]+)/,/^(?:\\\])/,/^(?:\[\/)/,/^(?:\/\])/,/^(?:\[\\)/,/^(?:[!"#$%&'*+,-.`?\\_/])/,/^(?:[\u00AA\u00B5\u00BA\u00C0-\u00D6\u00D8-\u00F6]|[\u00F8-\u02C1\u02C6-\u02D1\u02E0-\u02E4\u02EC\u02EE\u0370-\u0374\u0376\u0377]|[\u037A-\u037D\u0386\u0388-\u038A\u038C\u038E-\u03A1\u03A3-\u03F5]|[\u03F7-\u0481\u048A-\u0527\u0531-\u0556\u0559\u0561-\u0587\u05D0-\u05EA]|[\u05F0-\u05F2\u0620-\u064A\u066E\u066F\u0671-\u06D3\u06D5\u06E5\u06E6\u06EE]|[\u06EF\u06FA-\u06FC\u06FF\u0710\u0712-\u072F\u074D-\u07A5\u07B1\u07CA-\u07EA]|[\u07F4\u07F5\u07FA\u0800-\u0815\u081A\u0824\u0828\u0840-\u0858\u08A0]|[\u08A2-\u08AC\u0904-\u0939\u093D\u0950\u0958-\u0961\u0971-\u0977]|[\u0979-\u097F\u0985-\u098C\u098F\u0990\u0993-\u09A8\u09AA-\u09B0\u09B2]|[\u09B6-\u09B9\u09BD\u09CE\u09DC\u09DD\u09DF-\u09E1\u09F0\u09F1\u0A05-\u0A0A]|[\u0A0F\u0A10\u0A13-\u0A28\u0A2A-\u0A30\u0A32\u0A33\u0A35\u0A36\u0A38\u0A39]|[\u0A59-\u0A5C\u0A5E\u0A72-\u0A74\u0A85-\u0A8D\u0A8F-\u0A91\u0A93-\u0AA8]|[\u0AAA-\u0AB0\u0AB2\u0AB3\u0AB5-\u0AB9\u0ABD\u0AD0\u0AE0\u0AE1\u0B05-\u0B0C]|[\u0B0F\u0B10\u0B13-\u0B28\u0B2A-\u0B30\u0B32\u0B33\u0B35-\u0B39\u0B3D\u0B5C]|[\u0B5D\u0B5F-\u0B61\u0B71\u0B83\u0B85-\u0B8A\u0B8E-\u0B90\u0B92-\u0B95\u0B99]|[\u0B9A\u0B9C\u0B9E\u0B9F\u0BA3\u0BA4\u0BA8-\u0BAA\u0BAE-\u0BB9\u0BD0]|[\u0C05-\u0C0C\u0C0E-\u0C10\u0C12-\u0C28\u0C2A-\u0C33\u0C35-\u0C39\u0C3D]|[\u0C58\u0C59\u0C60\u0C61\u0C85-\u0C8C\u0C8E-\u0C90\u0C92-\u0CA8\u0CAA-\u0CB3]|[\u0CB5-\u0CB9\u0CBD\u0CDE\u0CE0\u0CE1\u0CF1\u0CF2\u0D05-\u0D0C\u0D0E-\u0D10]|[\u0D12-\u0D3A\u0D3D\u0D4E\u0D60\u0D61\u0D7A-\u0D7F\u0D85-\u0D96\u0D9A-\u0DB1]|[\u0DB3-\u0DBB\u0DBD\u0DC0-\u0DC6\u0E01-\u0E30\u0E32\u0E33\u0E40-\u0E46\u0E81]|[\u0E82\u0E84\u0E87\u0E88\u0E8A\u0E8D\u0E94-\u0E97\u0E99-\u0E9F\u0EA1-\u0EA3]|[\u0EA5\u0EA7\u0EAA\u0EAB\u0EAD-\u0EB0\u0EB2\u0EB3\u0EBD\u0EC0-\u0EC4\u0EC6]|[\u0EDC-\u0EDF\u0F00\u0F40-\u0F47\u0F49-\u0F6C\u0F88-\u0F8C\u1000-\u102A]|[\u103F\u1050-\u1055\u105A-\u105D\u1061\u1065\u1066\u106E-\u1070\u1075-\u1081]|[\u108E\u10A0-\u10C5\u10C7\u10CD\u10D0-\u10FA\u10FC-\u1248\u124A-\u124D]|[\u1250-\u1256\u1258\u125A-\u125D\u1260-\u1288\u128A-\u128D\u1290-\u12B0]|[\u12B2-\u12B5\u12B8-\u12BE\u12C0\u12C2-\u12C5\u12C8-\u12D6\u12D8-\u1310]|[\u1312-\u1315\u1318-\u135A\u1380-\u138F\u13A0-\u13F4\u1401-\u166C]|[\u166F-\u167F\u1681-\u169A\u16A0-\u16EA\u1700-\u170C\u170E-\u1711]|[\u1720-\u1731\u1740-\u1751\u1760-\u176C\u176E-\u1770\u1780-\u17B3\u17D7]|[\u17DC\u1820-\u1877\u1880-\u18A8\u18AA\u18B0-\u18F5\u1900-\u191C]|[\u1950-\u196D\u1970-\u1974\u1980-\u19AB\u19C1-\u19C7\u1A00-\u1A16]|[\u1A20-\u1A54\u1AA7\u1B05-\u1B33\u1B45-\u1B4B\u1B83-\u1BA0\u1BAE\u1BAF]|[\u1BBA-\u1BE5\u1C00-\u1C23\u1C4D-\u1C4F\u1C5A-\u1C7D\u1CE9-\u1CEC]|[\u1CEE-\u1CF1\u1CF5\u1CF6\u1D00-\u1DBF\u1E00-\u1F15\u1F18-\u1F1D]|[\u1F20-\u1F45\u1F48-\u1F4D\u1F50-\u1F57\u1F59\u1F5B\u1F5D\u1F5F-\u1F7D]|[\u1F80-\u1FB4\u1FB6-\u1FBC\u1FBE\u1FC2-\u1FC4\u1FC6-\u1FCC\u1FD0-\u1FD3]|[\u1FD6-\u1FDB\u1FE0-\u1FEC\u1FF2-\u1FF4\u1FF6-\u1FFC\u2071\u207F]|[\u2090-\u209C\u2102\u2107\u210A-\u2113\u2115\u2119-\u211D\u2124\u2126\u2128]|[\u212A-\u212D\u212F-\u2139\u213C-\u213F\u2145-\u2149\u214E\u2183\u2184]|[\u2C00-\u2C2E\u2C30-\u2C5E\u2C60-\u2CE4\u2CEB-\u2CEE\u2CF2\u2CF3]|[\u2D00-\u2D25\u2D27\u2D2D\u2D30-\u2D67\u2D6F\u2D80-\u2D96\u2DA0-\u2DA6]|[\u2DA8-\u2DAE\u2DB0-\u2DB6\u2DB8-\u2DBE\u2DC0-\u2DC6\u2DC8-\u2DCE]|[\u2DD0-\u2DD6\u2DD8-\u2DDE\u2E2F\u3005\u3006\u3031-\u3035\u303B\u303C]|[\u3041-\u3096\u309D-\u309F\u30A1-\u30FA\u30FC-\u30FF\u3105-\u312D]|[\u3131-\u318E\u31A0-\u31BA\u31F0-\u31FF\u3400-\u4DB5\u4E00-\u9FCC]|[\uA000-\uA48C\uA4D0-\uA4FD\uA500-\uA60C\uA610-\uA61F\uA62A\uA62B]|[\uA640-\uA66E\uA67F-\uA697\uA6A0-\uA6E5\uA717-\uA71F\uA722-\uA788]|[\uA78B-\uA78E\uA790-\uA793\uA7A0-\uA7AA\uA7F8-\uA801\uA803-\uA805]|[\uA807-\uA80A\uA80C-\uA822\uA840-\uA873\uA882-\uA8B3\uA8F2-\uA8F7\uA8FB]|[\uA90A-\uA925\uA930-\uA946\uA960-\uA97C\uA984-\uA9B2\uA9CF\uAA00-\uAA28]|[\uAA40-\uAA42\uAA44-\uAA4B\uAA60-\uAA76\uAA7A\uAA80-\uAAAF\uAAB1\uAAB5]|[\uAAB6\uAAB9-\uAABD\uAAC0\uAAC2\uAADB-\uAADD\uAAE0-\uAAEA\uAAF2-\uAAF4]|[\uAB01-\uAB06\uAB09-\uAB0E\uAB11-\uAB16\uAB20-\uAB26\uAB28-\uAB2E]|[\uABC0-\uABE2\uAC00-\uD7A3\uD7B0-\uD7C6\uD7CB-\uD7FB\uF900-\uFA6D]|[\uFA70-\uFAD9\uFB00-\uFB06\uFB13-\uFB17\uFB1D\uFB1F-\uFB28\uFB2A-\uFB36]|[\uFB38-\uFB3C\uFB3E\uFB40\uFB41\uFB43\uFB44\uFB46-\uFBB1\uFBD3-\uFD3D]|[\uFD50-\uFD8F\uFD92-\uFDC7\uFDF0-\uFDFB\uFE70-\uFE74\uFE76-\uFEFC]|[\uFF21-\uFF3A\uFF41-\uFF5A\uFF66-\uFFBE\uFFC2-\uFFC7\uFFCA-\uFFCF]|[\uFFD2-\uFFD7\uFFDA-\uFFDC])/,/^(?:\|)/,/^(?:\()/,/^(?:\))/,/^(?:\[)/,/^(?:\])/,/^(?:\{)/,/^(?:\})/,/^(?:")/,/^(?:(\r?\n)+)/,/^(?:\s)/,/^(?:$)/],conditions:{close_directive:{rules:[],inclusive:!1},arg_directive:{rules:[3,4],inclusive:!1},type_directive:{rules:[2,3],inclusive:!1},open_directive:{rules:[1],inclusive:!1},callbackargs:{rules:[23,24],inclusive:!1},callbackname:{rules:[20,21,22],inclusive:!1},href:{rules:[17,18],inclusive:!1},click:{rules:[26,27],inclusive:!1},vertex:{rules:[],inclusive:!1},dir:{rules:[36,37,38,39,40,41,42,43,44,45,46],inclusive:!1},string:{rules:[8,9],inclusive:!1},INITIAL:{rules:[0,5,6,7,10,11,12,13,14,15,16,19,25,28,29,30,31,32,33,34,35,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98],inclusive:!0}}};function Xt(){this.yy={}}return Ht.lexer=Gt,Xt.prototype=Ht,Ht.Parser=Xt,new Xt}();e.parser=i,e.Parser=i.Parser,e.parse=function(){return i.parse.apply(i,arguments)},e.main=function(r){r[1]||(console.log("Usage: "+r[0]+" FILE"),t.exit(1));var i=n(16).readFileSync(n(17).normalize(r[1]),"utf8");return e.parser.parse(i)},n.c[n.s]===r&&e.main(t.argv.slice(1))}).call(this,n(10),n(6)(t))},function(t,e,n){(function(t,r){var i=function(){var t=function(t,e,n,r){for(n=n||{},r=t.length;r--;n[t[r]]=e);return n},e=[1,3],n=[1,5],r=[7,9,11,12,13,14,15,16,17,18,20,27,32],i=[1,15],a=[1,16],o=[1,17],s=[1,18],c=[1,19],u=[1,20],l=[1,21],h=[1,23],f=[1,25],d=[1,28],p=[5,7,9,11,12,13,14,15,16,17,18,20,27,32],y={trace:function(){},yy:{},symbols_:{error:2,start:3,directive:4,gantt:5,document:6,EOF:7,line:8,SPACE:9,statement:10,NL:11,dateFormat:12,inclusiveEndDates:13,axisFormat:14,excludes:15,todayMarker:16,title:17,section:18,clickStatement:19,taskTxt:20,taskData:21,openDirective:22,typeDirective:23,closeDirective:24,":":25,argDirective:26,click:27,callbackname:28,callbackargs:29,href:30,clickStatementDebug:31,open_directive:32,type_directive:33,arg_directive:34,close_directive:35,$accept:0,$end:1},terminals_:{2:"error",5:"gantt",7:"EOF",9:"SPACE",11:"NL",12:"dateFormat",13:"inclusiveEndDates",14:"axisFormat",15:"excludes",16:"todayMarker",17:"title",18:"section",20:"taskTxt",21:"taskData",25:":",27:"click",28:"callbackname",29:"callbackargs",30:"href",32:"open_directive",33:"type_directive",34:"arg_directive",35:"close_directive"},productions_:[0,[3,2],[3,3],[6,0],[6,2],[8,2],[8,1],[8,1],[8,1],[10,1],[10,1],[10,1],[10,1],[10,1],[10,1],[10,1],[10,1],[10,2],[10,1],[4,4],[4,6],[19,2],[19,3],[19,3],[19,4],[19,3],[19,4],[19,2],[31,2],[31,3],[31,3],[31,4],[31,3],[31,4],[31,2],[22,1],[23,1],[26,1],[24,1]],performAction:function(t,e,n,r,i,a,o){var s=a.length-1;switch(i){case 2:return a[s-1];case 3:this.$=[];break;case 4:a[s-1].push(a[s]),this.$=a[s-1];break;case 5:case 6:this.$=a[s];break;case 7:case 8:this.$=[];break;case 9:r.setDateFormat(a[s].substr(11)),this.$=a[s].substr(11);break;case 10:r.enableInclusiveEndDates(),this.$=a[s].substr(18);break;case 11:r.setAxisFormat(a[s].substr(11)),this.$=a[s].substr(11);break;case 12:r.setExcludes(a[s].substr(9)),this.$=a[s].substr(9);break;case 13:r.setTodayMarker(a[s].substr(12)),this.$=a[s].substr(12);break;case 14:r.setTitle(a[s].substr(6)),this.$=a[s].substr(6);break;case 15:r.addSection(a[s].substr(8)),this.$=a[s].substr(8);break;case 17:r.addTask(a[s-1],a[s]),this.$="task";break;case 21:this.$=a[s-1],r.setClickEvent(a[s-1],a[s],null);break;case 22:this.$=a[s-2],r.setClickEvent(a[s-2],a[s-1],a[s]);break;case 23:this.$=a[s-2],r.setClickEvent(a[s-2],a[s-1],null),r.setLink(a[s-2],a[s]);break;case 24:this.$=a[s-3],r.setClickEvent(a[s-3],a[s-2],a[s-1]),r.setLink(a[s-3],a[s]);break;case 25:this.$=a[s-2],r.setClickEvent(a[s-2],a[s],null),r.setLink(a[s-2],a[s-1]);break;case 26:this.$=a[s-3],r.setClickEvent(a[s-3],a[s-1],a[s]),r.setLink(a[s-3],a[s-2]);break;case 27:this.$=a[s-1],r.setLink(a[s-1],a[s]);break;case 28:case 34:this.$=a[s-1]+" "+a[s];break;case 29:case 30:case 32:this.$=a[s-2]+" "+a[s-1]+" "+a[s];break;case 31:case 33:this.$=a[s-3]+" "+a[s-2]+" "+a[s-1]+" "+a[s];break;case 35:r.parseDirective("%%{","open_directive");break;case 36:r.parseDirective(a[s],"type_directive");break;case 37:a[s]=a[s].trim().replace(/'/g,'"'),r.parseDirective(a[s],"arg_directive");break;case 38:r.parseDirective("}%%","close_directive","gantt")}},table:[{3:1,4:2,5:e,22:4,32:n},{1:[3]},{3:6,4:2,5:e,22:4,32:n},t(r,[2,3],{6:7}),{23:8,33:[1,9]},{33:[2,35]},{1:[2,1]},{4:24,7:[1,10],8:11,9:[1,12],10:13,11:[1,14],12:i,13:a,14:o,15:s,16:c,17:u,18:l,19:22,20:h,22:4,27:f,32:n},{24:26,25:[1,27],35:d},t([25,35],[2,36]),t(r,[2,8],{1:[2,2]}),t(r,[2,4]),{4:24,10:29,12:i,13:a,14:o,15:s,16:c,17:u,18:l,19:22,20:h,22:4,27:f,32:n},t(r,[2,6]),t(r,[2,7]),t(r,[2,9]),t(r,[2,10]),t(r,[2,11]),t(r,[2,12]),t(r,[2,13]),t(r,[2,14]),t(r,[2,15]),t(r,[2,16]),{21:[1,30]},t(r,[2,18]),{28:[1,31],30:[1,32]},{11:[1,33]},{26:34,34:[1,35]},{11:[2,38]},t(r,[2,5]),t(r,[2,17]),t(r,[2,21],{29:[1,36],30:[1,37]}),t(r,[2,27],{28:[1,38]}),t(p,[2,19]),{24:39,35:d},{35:[2,37]},t(r,[2,22],{30:[1,40]}),t(r,[2,23]),t(r,[2,25],{29:[1,41]}),{11:[1,42]},t(r,[2,24]),t(r,[2,26]),t(p,[2,20])],defaultActions:{5:[2,35],6:[2,1],28:[2,38],35:[2,37]},parseError:function(t,e){if(!e.recoverable){var n=new Error(t);throw n.hash=e,n}this.trace(t)},parse:function(t){var e=this,n=[0],r=[],i=[null],a=[],o=this.table,s="",c=0,u=0,l=0,h=2,f=1,d=a.slice.call(arguments,1),p=Object.create(this.lexer),y={yy:{}};for(var g in this.yy)Object.prototype.hasOwnProperty.call(this.yy,g)&&(y.yy[g]=this.yy[g]);p.setInput(t,y.yy),y.yy.lexer=p,y.yy.parser=this,void 0===p.yylloc&&(p.yylloc={});var v=p.yylloc;a.push(v);var m=p.options&&p.options.ranges;function b(){var t;return"number"!=typeof(t=r.pop()||p.lex()||f)&&(t instanceof Array&&(t=(r=t).pop()),t=e.symbols_[t]||t),t}"function"==typeof y.yy.parseError?this.parseError=y.yy.parseError:this.parseError=Object.getPrototypeOf(this).parseError;for(var _,x,k,w,E,T,C,S,A,M={};;){if(k=n[n.length-1],this.defaultActions[k]?w=this.defaultActions[k]:(null==_&&(_=b()),w=o[k]&&o[k][_]),void 0===w||!w.length||!w[0]){var O="";for(T in A=[],o[k])this.terminals_[T]&&T>h&&A.push("'"+this.terminals_[T]+"'");O=p.showPosition?"Parse error on line "+(c+1)+":\n"+p.showPosition()+"\nExpecting "+A.join(", ")+", got '"+(this.terminals_[_]||_)+"'":"Parse error on line "+(c+1)+": Unexpected "+(_==f?"end of input":"'"+(this.terminals_[_]||_)+"'"),this.parseError(O,{text:p.match,token:this.terminals_[_]||_,line:p.yylineno,loc:v,expected:A})}if(w[0]instanceof Array&&w.length>1)throw new Error("Parse Error: multiple actions possible at state: "+k+", token: "+_);switch(w[0]){case 1:n.push(_),i.push(p.yytext),a.push(p.yylloc),n.push(w[1]),_=null,x?(_=x,x=null):(u=p.yyleng,s=p.yytext,c=p.yylineno,v=p.yylloc,l>0&&l--);break;case 2:if(C=this.productions_[w[1]][1],M.$=i[i.length-C],M._$={first_line:a[a.length-(C||1)].first_line,last_line:a[a.length-1].last_line,first_column:a[a.length-(C||1)].first_column,last_column:a[a.length-1].last_column},m&&(M._$.range=[a[a.length-(C||1)].range[0],a[a.length-1].range[1]]),void 0!==(E=this.performAction.apply(M,[s,u,c,y.yy,w[1],i,a].concat(d))))return E;C&&(n=n.slice(0,-1*C*2),i=i.slice(0,-1*C),a=a.slice(0,-1*C)),n.push(this.productions_[w[1]][0]),i.push(M.$),a.push(M._$),S=o[n[n.length-2]][n[n.length-1]],n.push(S);break;case 3:return!0}}return!0}},g={EOF:1,parseError:function(t,e){if(!this.yy.parser)throw new Error(t);this.yy.parser.parseError(t,e)},setInput:function(t,e){return this.yy=e||this.yy||{},this._input=t,this._more=this._backtrack=this.done=!1,this.yylineno=this.yyleng=0,this.yytext=this.matched=this.match="",this.conditionStack=["INITIAL"],this.yylloc={first_line:1,first_column:0,last_line:1,last_column:0},this.options.ranges&&(this.yylloc.range=[0,0]),this.offset=0,this},input:function(){var t=this._input[0];return this.yytext+=t,this.yyleng++,this.offset++,this.match+=t,this.matched+=t,t.match(/(?:\r\n?|\n).*/g)?(this.yylineno++,this.yylloc.last_line++):this.yylloc.last_column++,this.options.ranges&&this.yylloc.range[1]++,this._input=this._input.slice(1),t},unput:function(t){var e=t.length,n=t.split(/(?:\r\n?|\n)/g);this._input=t+this._input,this.yytext=this.yytext.substr(0,this.yytext.length-e),this.offset-=e;var r=this.match.split(/(?:\r\n?|\n)/g);this.match=this.match.substr(0,this.match.length-1),this.matched=this.matched.substr(0,this.matched.length-1),n.length-1&&(this.yylineno-=n.length-1);var i=this.yylloc.range;return this.yylloc={first_line:this.yylloc.first_line,last_line:this.yylineno+1,first_column:this.yylloc.first_column,last_column:n?(n.length===r.length?this.yylloc.first_column:0)+r[r.length-n.length].length-n[0].length:this.yylloc.first_column-e},this.options.ranges&&(this.yylloc.range=[i[0],i[0]+this.yyleng-e]),this.yyleng=this.yytext.length,this},more:function(){return this._more=!0,this},reject:function(){return this.options.backtrack_lexer?(this._backtrack=!0,this):this.parseError("Lexical error on line "+(this.yylineno+1)+". You can only invoke reject() in the lexer when the lexer is of the backtracking persuasion (options.backtrack_lexer = true).\n"+this.showPosition(),{text:"",token:null,line:this.yylineno})},less:function(t){this.unput(this.match.slice(t))},pastInput:function(){var t=this.matched.substr(0,this.matched.length-this.match.length);return(t.length>20?"...":"")+t.substr(-20).replace(/\n/g,"")},upcomingInput:function(){var t=this.match;return t.length<20&&(t+=this._input.substr(0,20-t.length)),(t.substr(0,20)+(t.length>20?"...":"")).replace(/\n/g,"")},showPosition:function(){var t=this.pastInput(),e=new Array(t.length+1).join("-");return t+this.upcomingInput()+"\n"+e+"^"},test_match:function(t,e){var n,r,i;if(this.options.backtrack_lexer&&(i={yylineno:this.yylineno,yylloc:{first_line:this.yylloc.first_line,last_line:this.last_line,first_column:this.yylloc.first_column,last_column:this.yylloc.last_column},yytext:this.yytext,match:this.match,matches:this.matches,matched:this.matched,yyleng:this.yyleng,offset:this.offset,_more:this._more,_input:this._input,yy:this.yy,conditionStack:this.conditionStack.slice(0),done:this.done},this.options.ranges&&(i.yylloc.range=this.yylloc.range.slice(0))),(r=t[0].match(/(?:\r\n?|\n).*/g))&&(this.yylineno+=r.length),this.yylloc={first_line:this.yylloc.last_line,last_line:this.yylineno+1,first_column:this.yylloc.last_column,last_column:r?r[r.length-1].length-r[r.length-1].match(/\r?\n?/)[0].length:this.yylloc.last_column+t[0].length},this.yytext+=t[0],this.match+=t[0],this.matches=t,this.yyleng=this.yytext.length,this.options.ranges&&(this.yylloc.range=[this.offset,this.offset+=this.yyleng]),this._more=!1,this._backtrack=!1,this._input=this._input.slice(t[0].length),this.matched+=t[0],n=this.performAction.call(this,this.yy,this,e,this.conditionStack[this.conditionStack.length-1]),this.done&&this._input&&(this.done=!1),n)return n;if(this._backtrack){for(var a in i)this[a]=i[a];return!1}return!1},next:function(){if(this.done)return this.EOF;var t,e,n,r;this._input||(this.done=!0),this._more||(this.yytext="",this.match="");for(var i=this._currentRules(),a=0;a<i.length;a++)if((n=this._input.match(this.rules[i[a]]))&&(!e||n[0].length>e[0].length)){if(e=n,r=a,this.options.backtrack_lexer){if(!1!==(t=this.test_match(n,i[a])))return t;if(this._backtrack){e=!1;continue}return!1}if(!this.options.flex)break}return e?!1!==(t=this.test_match(e,i[r]))&&t:""===this._input?this.EOF:this.parseError("Lexical error on line "+(this.yylineno+1)+". Unrecognized text.\n"+this.showPosition(),{text:"",token:null,line:this.yylineno})},lex:function(){var t=this.next();return t||this.lex()},begin:function(t){this.conditionStack.push(t)},popState:function(){return this.conditionStack.length-1>0?this.conditionStack.pop():this.conditionStack[0]},_currentRules:function(){return this.conditionStack.length&&this.conditionStack[this.conditionStack.length-1]?this.conditions[this.conditionStack[this.conditionStack.length-1]].rules:this.conditions.INITIAL.rules},topState:function(t){return(t=this.conditionStack.length-1-Math.abs(t||0))>=0?this.conditionStack[t]:"INITIAL"},pushState:function(t){this.begin(t)},stateStackSize:function(){return this.conditionStack.length},options:{"case-insensitive":!0},performAction:function(t,e,n,r){switch(n){case 0:return this.begin("open_directive"),32;case 1:return this.begin("type_directive"),33;case 2:return this.popState(),this.begin("arg_directive"),25;case 3:return this.popState(),this.popState(),35;case 4:return 34;case 5:case 6:case 7:break;case 8:return 11;case 9:case 10:case 11:break;case 12:this.begin("href");break;case 13:this.popState();break;case 14:return 30;case 15:this.begin("callbackname");break;case 16:this.popState();break;case 17:this.popState(),this.begin("callbackargs");break;case 18:return 28;case 19:this.popState();break;case 20:return 29;case 21:this.begin("click");break;case 22:this.popState();break;case 23:return 27;case 24:return 5;case 25:return 12;case 26:return 13;case 27:return 14;case 28:return 15;case 29:return 16;case 30:return"date";case 31:return 17;case 32:return 18;case 33:return 20;case 34:return 21;case 35:return 25;case 36:return 7;case 37:return"INVALID"}},rules:[/^(?:%%\{)/i,/^(?:((?:(?!\}%%)[^:.])*))/i,/^(?::)/i,/^(?:\}%%)/i,/^(?:((?:(?!\}%%).|\n)*))/i,/^(?:%%(?!\{)*[^\n]*)/i,/^(?:[^\}]%%*[^\n]*)/i,/^(?:%%*[^\n]*[\n]*)/i,/^(?:[\n]+)/i,/^(?:\s+)/i,/^(?:#[^\n]*)/i,/^(?:%[^\n]*)/i,/^(?:href[\s]+["])/i,/^(?:["])/i,/^(?:[^"]*)/i,/^(?:call[\s]+)/i,/^(?:\([\s]*\))/i,/^(?:\()/i,/^(?:[^(]*)/i,/^(?:\))/i,/^(?:[^)]*)/i,/^(?:click[\s]+)/i,/^(?:[\s\n])/i,/^(?:[^\s\n]*)/i,/^(?:gantt\b)/i,/^(?:dateFormat\s[^#\n;]+)/i,/^(?:inclusiveEndDates\b)/i,/^(?:axisFormat\s[^#\n;]+)/i,/^(?:excludes\s[^#\n;]+)/i,/^(?:todayMarker\s[^\n;]+)/i,/^(?:\d\d\d\d-\d\d-\d\d\b)/i,/^(?:title\s[^#\n;]+)/i,/^(?:section\s[^#:\n;]+)/i,/^(?:[^#:\n;]+)/i,/^(?::[^#\n;]+)/i,/^(?::)/i,/^(?:$)/i,/^(?:.)/i],conditions:{close_directive:{rules:[],inclusive:!1},arg_directive:{rules:[3,4],inclusive:!1},type_directive:{rules:[2,3],inclusive:!1},open_directive:{rules:[1],inclusive:!1},callbackargs:{rules:[19,20],inclusive:!1},callbackname:{rules:[16,17,18],inclusive:!1},href:{rules:[13,14],inclusive:!1},click:{rules:[22,23],inclusive:!1},INITIAL:{rules:[0,5,6,7,8,9,10,11,12,15,21,24,25,26,27,28,29,30,31,32,33,34,35,36,37],inclusive:!0}}};function v(){this.yy={}}return y.lexer=g,v.prototype=y,y.Parser=v,new v}();e.parser=i,e.Parser=i.Parser,e.parse=function(){return i.parse.apply(i,arguments)},e.main=function(r){r[1]||(console.log("Usage: "+r[0]+" FILE"),t.exit(1));var i=n(16).readFileSync(n(17).normalize(r[1]),"utf8");return e.parser.parse(i)},n.c[n.s]===r&&e.main(t.argv.slice(1))}).call(this,n(10),n(6)(t))},function(t,e,n){(function(t,r){var i=function(){var t=function(t,e,n,r){for(n=n||{},r=t.length;r--;n[t[r]]=e);return n},e=[1,2],n=[1,5],r=[6,9,11,17,18,19,21],i=[1,15],a=[1,16],o=[1,17],s=[1,21],c=[4,6,9,11,17,18,19,21],u={trace:function(){},yy:{},symbols_:{error:2,start:3,journey:4,document:5,EOF:6,directive:7,line:8,SPACE:9,statement:10,NEWLINE:11,openDirective:12,typeDirective:13,closeDirective:14,":":15,argDirective:16,title:17,section:18,taskName:19,taskData:20,open_directive:21,type_directive:22,arg_directive:23,close_directive:24,$accept:0,$end:1},terminals_:{2:"error",4:"journey",6:"EOF",9:"SPACE",11:"NEWLINE",15:":",17:"title",18:"section",19:"taskName",20:"taskData",21:"open_directive",22:"type_directive",23:"arg_directive",24:"close_directive"},productions_:[0,[3,3],[3,2],[5,0],[5,2],[8,2],[8,1],[8,1],[8,1],[7,4],[7,6],[10,1],[10,1],[10,2],[10,1],[12,1],[13,1],[16,1],[14,1]],performAction:function(t,e,n,r,i,a,o){var s=a.length-1;switch(i){case 1:return a[s-1];case 3:this.$=[];break;case 4:a[s-1].push(a[s]),this.$=a[s-1];break;case 5:case 6:this.$=a[s];break;case 7:case 8:this.$=[];break;case 11:r.setTitle(a[s].substr(6)),this.$=a[s].substr(6);break;case 12:r.addSection(a[s].substr(8)),this.$=a[s].substr(8);break;case 13:r.addTask(a[s-1],a[s]),this.$="task";break;case 15:r.parseDirective("%%{","open_directive");break;case 16:r.parseDirective(a[s],"type_directive");break;case 17:a[s]=a[s].trim().replace(/'/g,'"'),r.parseDirective(a[s],"arg_directive");break;case 18:r.parseDirective("}%%","close_directive","journey")}},table:[{3:1,4:e,7:3,12:4,21:n},{1:[3]},t(r,[2,3],{5:6}),{3:7,4:e,7:3,12:4,21:n},{13:8,22:[1,9]},{22:[2,15]},{6:[1,10],7:18,8:11,9:[1,12],10:13,11:[1,14],12:4,17:i,18:a,19:o,21:n},{1:[2,2]},{14:19,15:[1,20],24:s},t([15,24],[2,16]),t(r,[2,8],{1:[2,1]}),t(r,[2,4]),{7:18,10:22,12:4,17:i,18:a,19:o,21:n},t(r,[2,6]),t(r,[2,7]),t(r,[2,11]),t(r,[2,12]),{20:[1,23]},t(r,[2,14]),{11:[1,24]},{16:25,23:[1,26]},{11:[2,18]},t(r,[2,5]),t(r,[2,13]),t(c,[2,9]),{14:27,24:s},{24:[2,17]},{11:[1,28]},t(c,[2,10])],defaultActions:{5:[2,15],7:[2,2],21:[2,18],26:[2,17]},parseError:function(t,e){if(!e.recoverable){var n=new Error(t);throw n.hash=e,n}this.trace(t)},parse:function(t){var e=this,n=[0],r=[],i=[null],a=[],o=this.table,s="",c=0,u=0,l=0,h=2,f=1,d=a.slice.call(arguments,1),p=Object.create(this.lexer),y={yy:{}};for(var g in this.yy)Object.prototype.hasOwnProperty.call(this.yy,g)&&(y.yy[g]=this.yy[g]);p.setInput(t,y.yy),y.yy.lexer=p,y.yy.parser=this,void 0===p.yylloc&&(p.yylloc={});var v=p.yylloc;a.push(v);var m=p.options&&p.options.ranges;function b(){var t;return"number"!=typeof(t=r.pop()||p.lex()||f)&&(t instanceof Array&&(t=(r=t).pop()),t=e.symbols_[t]||t),t}"function"==typeof y.yy.parseError?this.parseError=y.yy.parseError:this.parseError=Object.getPrototypeOf(this).parseError;for(var _,x,k,w,E,T,C,S,A,M={};;){if(k=n[n.length-1],this.defaultActions[k]?w=this.defaultActions[k]:(null==_&&(_=b()),w=o[k]&&o[k][_]),void 0===w||!w.length||!w[0]){var O="";for(T in A=[],o[k])this.terminals_[T]&&T>h&&A.push("'"+this.terminals_[T]+"'");O=p.showPosition?"Parse error on line "+(c+1)+":\n"+p.showPosition()+"\nExpecting "+A.join(", ")+", got '"+(this.terminals_[_]||_)+"'":"Parse error on line "+(c+1)+": Unexpected "+(_==f?"end of input":"'"+(this.terminals_[_]||_)+"'"),this.parseError(O,{text:p.match,token:this.terminals_[_]||_,line:p.yylineno,loc:v,expected:A})}if(w[0]instanceof Array&&w.length>1)throw new Error("Parse Error: multiple actions possible at state: "+k+", token: "+_);switch(w[0]){case 1:n.push(_),i.push(p.yytext),a.push(p.yylloc),n.push(w[1]),_=null,x?(_=x,x=null):(u=p.yyleng,s=p.yytext,c=p.yylineno,v=p.yylloc,l>0&&l--);break;case 2:if(C=this.productions_[w[1]][1],M.$=i[i.length-C],M._$={first_line:a[a.length-(C||1)].first_line,last_line:a[a.length-1].last_line,first_column:a[a.length-(C||1)].first_column,last_column:a[a.length-1].last_column},m&&(M._$.range=[a[a.length-(C||1)].range[0],a[a.length-1].range[1]]),void 0!==(E=this.performAction.apply(M,[s,u,c,y.yy,w[1],i,a].concat(d))))return E;C&&(n=n.slice(0,-1*C*2),i=i.slice(0,-1*C),a=a.slice(0,-1*C)),n.push(this.productions_[w[1]][0]),i.push(M.$),a.push(M._$),S=o[n[n.length-2]][n[n.length-1]],n.push(S);break;case 3:return!0}}return!0}},l={EOF:1,parseError:function(t,e){if(!this.yy.parser)throw new Error(t);this.yy.parser.parseError(t,e)},setInput:function(t,e){return this.yy=e||this.yy||{},this._input=t,this._more=this._backtrack=this.done=!1,this.yylineno=this.yyleng=0,this.yytext=this.matched=this.match="",this.conditionStack=["INITIAL"],this.yylloc={first_line:1,first_column:0,last_line:1,last_column:0},this.options.ranges&&(this.yylloc.range=[0,0]),this.offset=0,this},input:function(){var t=this._input[0];return this.yytext+=t,this.yyleng++,this.offset++,this.match+=t,this.matched+=t,t.match(/(?:\r\n?|\n).*/g)?(this.yylineno++,this.yylloc.last_line++):this.yylloc.last_column++,this.options.ranges&&this.yylloc.range[1]++,this._input=this._input.slice(1),t},unput:function(t){var e=t.length,n=t.split(/(?:\r\n?|\n)/g);this._input=t+this._input,this.yytext=this.yytext.substr(0,this.yytext.length-e),this.offset-=e;var r=this.match.split(/(?:\r\n?|\n)/g);this.match=this.match.substr(0,this.match.length-1),this.matched=this.matched.substr(0,this.matched.length-1),n.length-1&&(this.yylineno-=n.length-1);var i=this.yylloc.range;return this.yylloc={first_line:this.yylloc.first_line,last_line:this.yylineno+1,first_column:this.yylloc.first_column,last_column:n?(n.length===r.length?this.yylloc.first_column:0)+r[r.length-n.length].length-n[0].length:this.yylloc.first_column-e},this.options.ranges&&(this.yylloc.range=[i[0],i[0]+this.yyleng-e]),this.yyleng=this.yytext.length,this},more:function(){return this._more=!0,this},reject:function(){return this.options.backtrack_lexer?(this._backtrack=!0,this):this.parseError("Lexical error on line "+(this.yylineno+1)+". You can only invoke reject() in the lexer when the lexer is of the backtracking persuasion (options.backtrack_lexer = true).\n"+this.showPosition(),{text:"",token:null,line:this.yylineno})},less:function(t){this.unput(this.match.slice(t))},pastInput:function(){var t=this.matched.substr(0,this.matched.length-this.match.length);return(t.length>20?"...":"")+t.substr(-20).replace(/\n/g,"")},upcomingInput:function(){var t=this.match;return t.length<20&&(t+=this._input.substr(0,20-t.length)),(t.substr(0,20)+(t.length>20?"...":"")).replace(/\n/g,"")},showPosition:function(){var t=this.pastInput(),e=new Array(t.length+1).join("-");return t+this.upcomingInput()+"\n"+e+"^"},test_match:function(t,e){var n,r,i;if(this.options.backtrack_lexer&&(i={yylineno:this.yylineno,yylloc:{first_line:this.yylloc.first_line,last_line:this.last_line,first_column:this.yylloc.first_column,last_column:this.yylloc.last_column},yytext:this.yytext,match:this.match,matches:this.matches,matched:this.matched,yyleng:this.yyleng,offset:this.offset,_more:this._more,_input:this._input,yy:this.yy,conditionStack:this.conditionStack.slice(0),done:this.done},this.options.ranges&&(i.yylloc.range=this.yylloc.range.slice(0))),(r=t[0].match(/(?:\r\n?|\n).*/g))&&(this.yylineno+=r.length),this.yylloc={first_line:this.yylloc.last_line,last_line:this.yylineno+1,first_column:this.yylloc.last_column,last_column:r?r[r.length-1].length-r[r.length-1].match(/\r?\n?/)[0].length:this.yylloc.last_column+t[0].length},this.yytext+=t[0],this.match+=t[0],this.matches=t,this.yyleng=this.yytext.length,this.options.ranges&&(this.yylloc.range=[this.offset,this.offset+=this.yyleng]),this._more=!1,this._backtrack=!1,this._input=this._input.slice(t[0].length),this.matched+=t[0],n=this.performAction.call(this,this.yy,this,e,this.conditionStack[this.conditionStack.length-1]),this.done&&this._input&&(this.done=!1),n)return n;if(this._backtrack){for(var a in i)this[a]=i[a];return!1}return!1},next:function(){if(this.done)return this.EOF;var t,e,n,r;this._input||(this.done=!0),this._more||(this.yytext="",this.match="");for(var i=this._currentRules(),a=0;a<i.length;a++)if((n=this._input.match(this.rules[i[a]]))&&(!e||n[0].length>e[0].length)){if(e=n,r=a,this.options.backtrack_lexer){if(!1!==(t=this.test_match(n,i[a])))return t;if(this._backtrack){e=!1;continue}return!1}if(!this.options.flex)break}return e?!1!==(t=this.test_match(e,i[r]))&&t:""===this._input?this.EOF:this.parseError("Lexical error on line "+(this.yylineno+1)+". Unrecognized text.\n"+this.showPosition(),{text:"",token:null,line:this.yylineno})},lex:function(){var t=this.next();return t||this.lex()},begin:function(t){this.conditionStack.push(t)},popState:function(){return this.conditionStack.length-1>0?this.conditionStack.pop():this.conditionStack[0]},_currentRules:function(){return this.conditionStack.length&&this.conditionStack[this.conditionStack.length-1]?this.conditions[this.conditionStack[this.conditionStack.length-1]].rules:this.conditions.INITIAL.rules},topState:function(t){return(t=this.conditionStack.length-1-Math.abs(t||0))>=0?this.conditionStack[t]:"INITIAL"},pushState:function(t){this.begin(t)},stateStackSize:function(){return this.conditionStack.length},options:{"case-insensitive":!0},performAction:function(t,e,n,r){switch(n){case 0:return this.begin("open_directive"),21;case 1:return this.begin("type_directive"),22;case 2:return this.popState(),this.begin("arg_directive"),15;case 3:return this.popState(),this.popState(),24;case 4:return 23;case 5:case 6:break;case 7:return 11;case 8:case 9:break;case 10:return 4;case 11:return 17;case 12:return 18;case 13:return 19;case 14:return 20;case 15:return 15;case 16:return 6;case 17:return"INVALID"}},rules:[/^(?:%%\{)/i,/^(?:((?:(?!\}%%)[^:.])*))/i,/^(?::)/i,/^(?:\}%%)/i,/^(?:((?:(?!\}%%).|\n)*))/i,/^(?:%(?!\{)[^\n]*)/i,/^(?:[^\}]%%[^\n]*)/i,/^(?:[\n]+)/i,/^(?:\s+)/i,/^(?:#[^\n]*)/i,/^(?:journey\b)/i,/^(?:title\s[^#\n;]+)/i,/^(?:section\s[^#:\n;]+)/i,/^(?:[^#:\n;]+)/i,/^(?::[^#\n;]+)/i,/^(?::)/i,/^(?:$)/i,/^(?:.)/i],conditions:{open_directive:{rules:[1],inclusive:!1},type_directive:{rules:[2,3],inclusive:!1},arg_directive:{rules:[3,4],inclusive:!1},INITIAL:{rules:[0,5,6,7,8,9,10,11,12,13,14,15,16,17],inclusive:!0}}};function h(){this.yy={}}return u.lexer=l,h.prototype=u,u.Parser=h,new h}();e.parser=i,e.Parser=i.Parser,e.parse=function(){return i.parse.apply(i,arguments)},e.main=function(r){r[1]||(console.log("Usage: "+r[0]+" FILE"),t.exit(1));var i=n(16).readFileSync(n(17).normalize(r[1]),"utf8");return e.parser.parse(i)},n.c[n.s]===r&&e.main(t.argv.slice(1))}).call(this,n(10),n(6)(t))},function(t,e,n){"use strict";Object.defineProperty(e,"__esModule",{value:!0});var r=n(11),i=n(18);e.default=function(t,e){return r.default.lang.round(i.default.parse(t)[e])}},function(t,e,n){var r=n(113),i=n(83),a=n(24);t.exports=function(t){return a(t)?r(t):i(t)}},function(t,e,n){var r;if(!r)try{r=n(0)}catch(t){}r||(r=window.d3),t.exports=r},function(t,e,n){"use strict";Object.defineProperty(e,"__esModule",{value:!0});var r=n(11),i=n(18);e.default=function(t,e,n){var a=i.default.parse(t),o=a[e],s=r.default.channel.clamp[e](o+n);return o!==s&&(a[e]=s),i.default.stringify(a)}},function(t,e,n){var r=n(211),i=n(217);t.exports=function(t,e){var n=i(t,e);return r(n)?n:void 0}},function(t,e,n){var r=n(39),i=n(213),a=n(214),o=r?r.toStringTag:void 0;t.exports=function(t){return null==t?void 0===t?"[object Undefined]":"[object Null]":o&&o in Object(t)?i(t):a(t)}},function(t,e){t.exports=function(t){return t}},function(t){t.exports=JSON.parse('{"name":"mermaid","version":"8.9.2","description":"Markdownish syntax for generating flowcharts, sequence diagrams, class diagrams, gantt charts and git graphs.","main":"dist/mermaid.core.js","keywords":["diagram","markdown","flowchart","sequence diagram","gantt","class diagram","git graph"],"scripts":{"build:development":"webpack --progress --colors","build:production":"yarn build:development -p --config webpack.config.prod.babel.js","build":"yarn build:development && yarn build:production","postbuild":"documentation build src/mermaidAPI.js src/config.js src/defaultConfig.js --shallow -f md --markdown-toc false > docs/Setup.md","build:watch":"yarn build --watch","minify":"minify ./dist/mermaid.js > ./dist/mermaid.min.js","release":"yarn build","lint":"eslint src","e2e:depr":"yarn lint && jest e2e --config e2e/jest.config.js","cypress":"percy exec -- cypress run","e2e":"start-server-and-test dev http://localhost:9000/ cypress","e2e-upd":"yarn lint && jest e2e -u --config e2e/jest.config.js","dev":"webpack-dev-server --config webpack.config.e2e.js","test":"yarn lint && jest src/.*","test:watch":"jest --watch src","prepublishOnly":"yarn build && yarn test","prepare":"yarn build"},"repository":{"type":"git","url":"https://github.com/knsv/mermaid"},"author":"Knut Sveidqvist","license":"MIT","standard":{"ignore":["**/parser/*.js","dist/**/*.js","cypress/**/*.js"],"globals":["page"]},"dependencies":{"@braintree/sanitize-url":"^3.1.0","d3":"^5.7.0","dagre":"^0.8.4","dagre-d3":"^0.6.4","entity-decode":"^2.0.2","graphlib":"^2.1.7","he":"^1.2.0","khroma":"^1.1.0","minify":"^4.1.1","moment-mini":"^2.22.1","stylis":"^3.5.2"},"devDependencies":{"@babel/core":"^7.2.2","@babel/preset-env":"^7.8.4","@babel/register":"^7.0.0","@percy/cypress":"*","babel-core":"7.0.0-bridge.0","babel-eslint":"^10.1.0","babel-jest":"^24.9.0","babel-loader":"^8.0.4","coveralls":"^3.0.2","css-loader":"^2.0.1","css-to-string-loader":"^0.1.3","cypress":"4.0.1","documentation":"^12.0.1","eslint":"^6.3.0","eslint-config-prettier":"^6.3.0","eslint-plugin-prettier":"^3.1.0","husky":"^1.2.1","identity-obj-proxy":"^3.0.0","jest":"^24.9.0","jison":"^0.4.18","moment":"^2.23.0","node-sass":"^5.0.0","prettier":"^1.18.2","puppeteer":"^1.17.0","sass-loader":"^7.1.0","start-server-and-test":"^1.10.6","terser-webpack-plugin":"^2.2.2","webpack":"^4.41.2","webpack-bundle-analyzer":"^3.7.0","webpack-cli":"^3.1.2","webpack-dev-server":"^3.4.1","webpack-node-externals":"^1.7.2","yarn-upgrade-all":"^0.5.0"},"files":["dist"],"yarn-upgrade-all":{"ignore":["babel-core"]},"sideEffects":["**/*.css","**/*.scss"],"husky":{"hooks":{"pre-push":"yarn test"}}}')},function(t,e){t.exports=function(t,e){return t===e||t!=t&&e!=e}},function(t,e,n){var r=n(34),i=n(13);t.exports=function(t){if(!i(t))return!1;var e=r(t);return"[object Function]"==e||"[object GeneratorFunction]"==e||"[object AsyncFunction]"==e||"[object Proxy]"==e}},function(t,e,n){var r=n(19).Symbol;t.exports=r},function(t,e,n){(function(t){var r=n(19),i=n(233),a=e&&!e.nodeType&&e,o=a&&"object"==typeof t&&t&&!t.nodeType&&t,s=o&&o.exports===a?r.Buffer:void 0,c=(s?s.isBuffer:void 0)||i;t.exports=c}).call(this,n(6)(t))},function(t,e,n){var r=n(113),i=n(237),a=n(24);t.exports=function(t){return a(t)?r(t,!0):i(t)}},function(t,e,n){var r=n(242),i=n(78),a=n(243),o=n(122),s=n(244),c=n(34),u=n(111),l=u(r),h=u(i),f=u(a),d=u(o),p=u(s),y=c;(r&&"[object DataView]"!=y(new r(new ArrayBuffer(1)))||i&&"[object Map]"!=y(new i)||a&&"[object Promise]"!=y(a.resolve())||o&&"[object Set]"!=y(new o)||s&&"[object WeakMap]"!=y(new s))&&(y=function(t){var e=c(t),n="[object Object]"==e?t.constructor:void 0,r=n?u(n):"";if(r)switch(r){case l:return"[object DataView]";case h:return"[object Map]";case f:return"[object Promise]";case d:return"[object Set]";case p:return"[object WeakMap]"}return e}),t.exports=y},function(t,e,n){var r=n(34),i=n(21);t.exports=function(t){return"symbol"==typeof t||i(t)&&"[object Symbol]"==r(t)}},function(t,e,n){var r;try{r={defaults:n(155),each:n(88),isFunction:n(38),isPlainObject:n(159),pick:n(162),has:n(94),range:n(163),uniqueId:n(164)}}catch(t){}r||(r=window._),t.exports=r},function(t,e,n){"use strict";Object.defineProperty(e,"__esModule",{value:!0});var r=new(n(177).default)({r:0,g:0,b:0,a:0},"transparent");e.default=r},function(t,e,n){var r=n(59),i=n(60);t.exports=function(t,e,n,a){var o=!n;n||(n={});for(var s=-1,c=e.length;++s<c;){var u=e[s],l=a?a(n[u],t[u],u,n,t):void 0;void 0===l&&(l=t[u]),o?i(n,u,l):r(n,u,l)}return n}},function(t,e,n){var r=n(232),i=n(21),a=Object.prototype,o=a.hasOwnProperty,s=a.propertyIsEnumerable,c=r(function(){return arguments}())?r:function(t){return i(t)&&o.call(t,"callee")&&!s.call(t,"callee")};t.exports=c},function(t,e,n){var r=n(234),i=n(62),a=n(82),o=a&&a.isTypedArray,s=o?i(o):r;t.exports=s},function(t,e,n){var r=n(43);t.exports=function(t){if("string"==typeof t||r(t))return t;var e=t+"";return"0"==e&&1/t==-1/0?"-0":e}},function(t,e,n){var r=n(14);t.exports=function(t,e){var n=t.append("foreignObject").attr("width","100000"),i=n.append("xhtml:div");i.attr("xmlns","http://www.w3.org/1999/xhtml");var a=e.label;switch(typeof a){case"function":i.insert(a);break;case"object":i.insert((function(){return a}));break;default:i.html(a)}r.applyStyle(i,e.labelStyle),i.style("display","inline-block"),i.style("white-space","nowrap");var o=i.node().getBoundingClientRect();return n.attr("width",o.width).attr("height",o.height),n}},function(t,e,n){(function(t,r){var i=function(){var t=function(t,e,n,r){for(n=n||{},r=t.length;r--;n[t[r]]=e);return n},e=[1,3],n=[1,5],r=[1,14],i=[2,9],a=[1,18],o=[1,19],s=[1,20],c=[1,21],u=[1,22],l=[1,23],h=[1,16],f=[1,24],d=[1,25],p=[1,28],y=[66,67],g=[6,8,35,36,37,38,39,40,48,55,57,66,67],v=[5,14],m=[1,47],b=[1,48],_=[1,49],x=[1,50],k=[1,51],w=[1,52],E=[1,53],T=[57,58],C=[1,65],S=[1,61],A=[1,62],M=[1,63],O=[1,64],N=[1,66],D=[1,70],B=[1,71],L=[1,68],I=[1,69],R=[6,8,35,36,37,38,39,40,48,66,67],F={trace:function(){},yy:{},symbols_:{error:2,start:3,directive:4,RD:5,NEWLINE:6,diagram:7,EOF:8,openDirective:9,typeDirective:10,closeDirective:11,":":12,argDirective:13,open_directive:14,type_directive:15,arg_directive:16,close_directive:17,requirementDef:18,elementDef:19,relationshipDef:20,requirementType:21,requirementName:22,STRUCT_START:23,requirementBody:24,ID:25,COLONSEP:26,id:27,TEXT:28,text:29,RISK:30,riskLevel:31,VERIFYMTHD:32,verifyType:33,STRUCT_STOP:34,REQUIREMENT:35,FUNCTIONAL_REQUIREMENT:36,INTERFACE_REQUIREMENT:37,PERFORMANCE_REQUIREMENT:38,PHYSICAL_REQUIREMENT:39,DESIGN_CONSTRAINT:40,LOW_RISK:41,MED_RISK:42,HIGH_RISK:43,VERIFY_ANALYSIS:44,VERIFY_DEMONSTRATION:45,VERIFY_INSPECTION:46,VERIFY_TEST:47,ELEMENT:48,elementName:49,elementBody:50,TYPE:51,type:52,DOCREF:53,ref:54,END_ARROW_L:55,relationship:56,LINE:57,END_ARROW_R:58,CONTAINS:59,COPIES:60,DERIVES:61,SATISFIES:62,VERIFIES:63,REFINES:64,TRACES:65,unqString:66,qString:67,$accept:0,$end:1},terminals_:{2:"error",5:"RD",6:"NEWLINE",8:"EOF",12:":",14:"open_directive",15:"type_directive",16:"arg_directive",17:"close_directive",23:"STRUCT_START",25:"ID",26:"COLONSEP",28:"TEXT",30:"RISK",32:"VERIFYMTHD",34:"STRUCT_STOP",35:"REQUIREMENT",36:"FUNCTIONAL_REQUIREMENT",37:"INTERFACE_REQUIREMENT",38:"PERFORMANCE_REQUIREMENT",39:"PHYSICAL_REQUIREMENT",40:"DESIGN_CONSTRAINT",41:"LOW_RISK",42:"MED_RISK",43:"HIGH_RISK",44:"VERIFY_ANALYSIS",45:"VERIFY_DEMONSTRATION",46:"VERIFY_INSPECTION",47:"VERIFY_TEST",48:"ELEMENT",51:"TYPE",53:"DOCREF",55:"END_ARROW_L",57:"LINE",58:"END_ARROW_R",59:"CONTAINS",60:"COPIES",61:"DERIVES",62:"SATISFIES",63:"VERIFIES",64:"REFINES",65:"TRACES",66:"unqString",67:"qString"},productions_:[0,[3,2],[3,4],[4,3],[4,5],[9,1],[10,1],[13,1],[11,1],[7,0],[7,2],[7,2],[7,2],[7,2],[18,5],[24,5],[24,5],[24,5],[24,5],[24,2],[24,1],[21,1],[21,1],[21,1],[21,1],[21,1],[21,1],[31,1],[31,1],[31,1],[33,1],[33,1],[33,1],[33,1],[19,5],[50,5],[50,5],[50,2],[50,1],[20,5],[20,5],[56,1],[56,1],[56,1],[56,1],[56,1],[56,1],[56,1],[22,1],[22,1],[27,1],[27,1],[29,1],[29,1],[49,1],[49,1],[52,1],[52,1],[54,1],[54,1]],performAction:function(t,e,n,r,i,a,o){var s=a.length-1;switch(i){case 5:r.parseDirective("%%{","open_directive");break;case 6:r.parseDirective(a[s],"type_directive");break;case 7:a[s]=a[s].trim().replace(/'/g,'"'),r.parseDirective(a[s],"arg_directive");break;case 8:r.parseDirective("}%%","close_directive","pie");break;case 9:this.$=[];break;case 14:r.addRequirement(a[s-3],a[s-4]);break;case 15:r.setNewReqId(a[s-2]);break;case 16:r.setNewReqText(a[s-2]);break;case 17:r.setNewReqRisk(a[s-2]);break;case 18:r.setNewReqVerifyMethod(a[s-2]);break;case 21:this.$=r.RequirementType.REQUIREMENT;break;case 22:this.$=r.RequirementType.FUNCTIONAL_REQUIREMENT;break;case 23:this.$=r.RequirementType.INTERFACE_REQUIREMENT;break;case 24:this.$=r.RequirementType.PERFORMANCE_REQUIREMENT;break;case 25:this.$=r.RequirementType.PHYSICAL_REQUIREMENT;break;case 26:this.$=r.RequirementType.DESIGN_CONSTRAINT;break;case 27:this.$=r.RiskLevel.LOW_RISK;break;case 28:this.$=r.RiskLevel.MED_RISK;break;case 29:this.$=r.RiskLevel.HIGH_RISK;break;case 30:this.$=r.VerifyType.VERIFY_ANALYSIS;break;case 31:this.$=r.VerifyType.VERIFY_DEMONSTRATION;break;case 32:this.$=r.VerifyType.VERIFY_INSPECTION;break;case 33:this.$=r.VerifyType.VERIFY_TEST;break;case 34:r.addElement(a[s-3]);break;case 35:r.setNewElementType(a[s-2]);break;case 36:r.setNewElementDocRef(a[s-2]);break;case 39:r.addRelationship(a[s-2],a[s],a[s-4]);break;case 40:r.addRelationship(a[s-2],a[s-4],a[s]);break;case 41:this.$=r.Relationships.CONTAINS;break;case 42:this.$=r.Relationships.COPIES;break;case 43:this.$=r.Relationships.DERIVES;break;case 44:this.$=r.Relationships.SATISFIES;break;case 45:this.$=r.Relationships.VERIFIES;break;case 46:this.$=r.Relationships.REFINES;break;case 47:this.$=r.Relationships.TRACES}},table:[{3:1,4:2,5:e,9:4,14:n},{1:[3]},{3:6,4:2,5:e,9:4,14:n},{6:[1,7]},{10:8,15:[1,9]},{15:[2,5]},{1:[2,1]},{6:r,7:10,8:i,18:11,19:12,20:13,21:15,27:17,35:a,36:o,37:s,38:c,39:u,40:l,48:h,66:f,67:d},{11:26,12:[1,27],17:p},t([12,17],[2,6]),{8:[1,29]},{6:r,7:30,8:i,18:11,19:12,20:13,21:15,27:17,35:a,36:o,37:s,38:c,39:u,40:l,48:h,66:f,67:d},{6:r,7:31,8:i,18:11,19:12,20:13,21:15,27:17,35:a,36:o,37:s,38:c,39:u,40:l,48:h,66:f,67:d},{6:r,7:32,8:i,18:11,19:12,20:13,21:15,27:17,35:a,36:o,37:s,38:c,39:u,40:l,48:h,66:f,67:d},{6:r,7:33,8:i,18:11,19:12,20:13,21:15,27:17,35:a,36:o,37:s,38:c,39:u,40:l,48:h,66:f,67:d},{22:34,66:[1,35],67:[1,36]},{49:37,66:[1,38],67:[1,39]},{55:[1,40],57:[1,41]},t(y,[2,21]),t(y,[2,22]),t(y,[2,23]),t(y,[2,24]),t(y,[2,25]),t(y,[2,26]),t(g,[2,50]),t(g,[2,51]),t(v,[2,3]),{13:42,16:[1,43]},t(v,[2,8]),{1:[2,2]},{8:[2,10]},{8:[2,11]},{8:[2,12]},{8:[2,13]},{23:[1,44]},{23:[2,48]},{23:[2,49]},{23:[1,45]},{23:[2,54]},{23:[2,55]},{56:46,59:m,60:b,61:_,62:x,63:k,64:w,65:E},{56:54,59:m,60:b,61:_,62:x,63:k,64:w,65:E},{11:55,17:p},{17:[2,7]},{6:[1,56]},{6:[1,57]},{57:[1,58]},t(T,[2,41]),t(T,[2,42]),t(T,[2,43]),t(T,[2,44]),t(T,[2,45]),t(T,[2,46]),t(T,[2,47]),{58:[1,59]},t(v,[2,4]),{6:C,24:60,25:S,28:A,30:M,32:O,34:N},{6:D,34:B,50:67,51:L,53:I},{27:72,66:f,67:d},{27:73,66:f,67:d},t(R,[2,14]),{26:[1,74]},{26:[1,75]},{26:[1,76]},{26:[1,77]},{6:C,24:78,25:S,28:A,30:M,32:O,34:N},t(R,[2,20]),t(R,[2,34]),{26:[1,79]},{26:[1,80]},{6:D,34:B,50:81,51:L,53:I},t(R,[2,38]),t(R,[2,39]),t(R,[2,40]),{27:82,66:f,67:d},{29:83,66:[1,84],67:[1,85]},{31:86,41:[1,87],42:[1,88],43:[1,89]},{33:90,44:[1,91],45:[1,92],46:[1,93],47:[1,94]},t(R,[2,19]),{52:95,66:[1,96],67:[1,97]},{54:98,66:[1,99],67:[1,100]},t(R,[2,37]),{6:[1,101]},{6:[1,102]},{6:[2,52]},{6:[2,53]},{6:[1,103]},{6:[2,27]},{6:[2,28]},{6:[2,29]},{6:[1,104]},{6:[2,30]},{6:[2,31]},{6:[2,32]},{6:[2,33]},{6:[1,105]},{6:[2,56]},{6:[2,57]},{6:[1,106]},{6:[2,58]},{6:[2,59]},{6:C,24:107,25:S,28:A,30:M,32:O,34:N},{6:C,24:108,25:S,28:A,30:M,32:O,34:N},{6:C,24:109,25:S,28:A,30:M,32:O,34:N},{6:C,24:110,25:S,28:A,30:M,32:O,34:N},{6:D,34:B,50:111,51:L,53:I},{6:D,34:B,50:112,51:L,53:I},t(R,[2,15]),t(R,[2,16]),t(R,[2,17]),t(R,[2,18]),t(R,[2,35]),t(R,[2,36])],defaultActions:{5:[2,5],6:[2,1],29:[2,2],30:[2,10],31:[2,11],32:[2,12],33:[2,13],35:[2,48],36:[2,49],38:[2,54],39:[2,55],43:[2,7],84:[2,52],85:[2,53],87:[2,27],88:[2,28],89:[2,29],91:[2,30],92:[2,31],93:[2,32],94:[2,33],96:[2,56],97:[2,57],99:[2,58],100:[2,59]},parseError:function(t,e){if(!e.recoverable){var n=new Error(t);throw n.hash=e,n}this.trace(t)},parse:function(t){var e=this,n=[0],r=[],i=[null],a=[],o=this.table,s="",c=0,u=0,l=0,h=2,f=1,d=a.slice.call(arguments,1),p=Object.create(this.lexer),y={yy:{}};for(var g in this.yy)Object.prototype.hasOwnProperty.call(this.yy,g)&&(y.yy[g]=this.yy[g]);p.setInput(t,y.yy),y.yy.lexer=p,y.yy.parser=this,void 0===p.yylloc&&(p.yylloc={});var v=p.yylloc;a.push(v);var m=p.options&&p.options.ranges;function b(){var t;return"number"!=typeof(t=r.pop()||p.lex()||f)&&(t instanceof Array&&(t=(r=t).pop()),t=e.symbols_[t]||t),t}"function"==typeof y.yy.parseError?this.parseError=y.yy.parseError:this.parseError=Object.getPrototypeOf(this).parseError;for(var _,x,k,w,E,T,C,S,A,M={};;){if(k=n[n.length-1],this.defaultActions[k]?w=this.defaultActions[k]:(null==_&&(_=b()),w=o[k]&&o[k][_]),void 0===w||!w.length||!w[0]){var O="";for(T in A=[],o[k])this.terminals_[T]&&T>h&&A.push("'"+this.terminals_[T]+"'");O=p.showPosition?"Parse error on line "+(c+1)+":\n"+p.showPosition()+"\nExpecting "+A.join(", ")+", got '"+(this.terminals_[_]||_)+"'":"Parse error on line "+(c+1)+": Unexpected "+(_==f?"end of input":"'"+(this.terminals_[_]||_)+"'"),this.parseError(O,{text:p.match,token:this.terminals_[_]||_,line:p.yylineno,loc:v,expected:A})}if(w[0]instanceof Array&&w.length>1)throw new Error("Parse Error: multiple actions possible at state: "+k+", token: "+_);switch(w[0]){case 1:n.push(_),i.push(p.yytext),a.push(p.yylloc),n.push(w[1]),_=null,x?(_=x,x=null):(u=p.yyleng,s=p.yytext,c=p.yylineno,v=p.yylloc,l>0&&l--);break;case 2:if(C=this.productions_[w[1]][1],M.$=i[i.length-C],M._$={first_line:a[a.length-(C||1)].first_line,last_line:a[a.length-1].last_line,first_column:a[a.length-(C||1)].first_column,last_column:a[a.length-1].last_column},m&&(M._$.range=[a[a.length-(C||1)].range[0],a[a.length-1].range[1]]),void 0!==(E=this.performAction.apply(M,[s,u,c,y.yy,w[1],i,a].concat(d))))return E;C&&(n=n.slice(0,-1*C*2),i=i.slice(0,-1*C),a=a.slice(0,-1*C)),n.push(this.productions_[w[1]][0]),i.push(M.$),a.push(M._$),S=o[n[n.length-2]][n[n.length-1]],n.push(S);break;case 3:return!0}}return!0}},P={EOF:1,parseError:function(t,e){if(!this.yy.parser)throw new Error(t);this.yy.parser.parseError(t,e)},setInput:function(t,e){return this.yy=e||this.yy||{},this._input=t,this._more=this._backtrack=this.done=!1,this.yylineno=this.yyleng=0,this.yytext=this.matched=this.match="",this.conditionStack=["INITIAL"],this.yylloc={first_line:1,first_column:0,last_line:1,last_column:0},this.options.ranges&&(this.yylloc.range=[0,0]),this.offset=0,this},input:function(){var t=this._input[0];return this.yytext+=t,this.yyleng++,this.offset++,this.match+=t,this.matched+=t,t.match(/(?:\r\n?|\n).*/g)?(this.yylineno++,this.yylloc.last_line++):this.yylloc.last_column++,this.options.ranges&&this.yylloc.range[1]++,this._input=this._input.slice(1),t},unput:function(t){var e=t.length,n=t.split(/(?:\r\n?|\n)/g);this._input=t+this._input,this.yytext=this.yytext.substr(0,this.yytext.length-e),this.offset-=e;var r=this.match.split(/(?:\r\n?|\n)/g);this.match=this.match.substr(0,this.match.length-1),this.matched=this.matched.substr(0,this.matched.length-1),n.length-1&&(this.yylineno-=n.length-1);var i=this.yylloc.range;return this.yylloc={first_line:this.yylloc.first_line,last_line:this.yylineno+1,first_column:this.yylloc.first_column,last_column:n?(n.length===r.length?this.yylloc.first_column:0)+r[r.length-n.length].length-n[0].length:this.yylloc.first_column-e},this.options.ranges&&(this.yylloc.range=[i[0],i[0]+this.yyleng-e]),this.yyleng=this.yytext.length,this},more:function(){return this._more=!0,this},reject:function(){return this.options.backtrack_lexer?(this._backtrack=!0,this):this.parseError("Lexical error on line "+(this.yylineno+1)+". You can only invoke reject() in the lexer when the lexer is of the backtracking persuasion (options.backtrack_lexer = true).\n"+this.showPosition(),{text:"",token:null,line:this.yylineno})},less:function(t){this.unput(this.match.slice(t))},pastInput:function(){var t=this.matched.substr(0,this.matched.length-this.match.length);return(t.length>20?"...":"")+t.substr(-20).replace(/\n/g,"")},upcomingInput:function(){var t=this.match;return t.length<20&&(t+=this._input.substr(0,20-t.length)),(t.substr(0,20)+(t.length>20?"...":"")).replace(/\n/g,"")},showPosition:function(){var t=this.pastInput(),e=new Array(t.length+1).join("-");return t+this.upcomingInput()+"\n"+e+"^"},test_match:function(t,e){var n,r,i;if(this.options.backtrack_lexer&&(i={yylineno:this.yylineno,yylloc:{first_line:this.yylloc.first_line,last_line:this.last_line,first_column:this.yylloc.first_column,last_column:this.yylloc.last_column},yytext:this.yytext,match:this.match,matches:this.matches,matched:this.matched,yyleng:this.yyleng,offset:this.offset,_more:this._more,_input:this._input,yy:this.yy,conditionStack:this.conditionStack.slice(0),done:this.done},this.options.ranges&&(i.yylloc.range=this.yylloc.range.slice(0))),(r=t[0].match(/(?:\r\n?|\n).*/g))&&(this.yylineno+=r.length),this.yylloc={first_line:this.yylloc.last_line,last_line:this.yylineno+1,first_column:this.yylloc.last_column,last_column:r?r[r.length-1].length-r[r.length-1].match(/\r?\n?/)[0].length:this.yylloc.last_column+t[0].length},this.yytext+=t[0],this.match+=t[0],this.matches=t,this.yyleng=this.yytext.length,this.options.ranges&&(this.yylloc.range=[this.offset,this.offset+=this.yyleng]),this._more=!1,this._backtrack=!1,this._input=this._input.slice(t[0].length),this.matched+=t[0],n=this.performAction.call(this,this.yy,this,e,this.conditionStack[this.conditionStack.length-1]),this.done&&this._input&&(this.done=!1),n)return n;if(this._backtrack){for(var a in i)this[a]=i[a];return!1}return!1},next:function(){if(this.done)return this.EOF;var t,e,n,r;this._input||(this.done=!0),this._more||(this.yytext="",this.match="");for(var i=this._currentRules(),a=0;a<i.length;a++)if((n=this._input.match(this.rules[i[a]]))&&(!e||n[0].length>e[0].length)){if(e=n,r=a,this.options.backtrack_lexer){if(!1!==(t=this.test_match(n,i[a])))return t;if(this._backtrack){e=!1;continue}return!1}if(!this.options.flex)break}return e?!1!==(t=this.test_match(e,i[r]))&&t:""===this._input?this.EOF:this.parseError("Lexical error on line "+(this.yylineno+1)+". Unrecognized text.\n"+this.showPosition(),{text:"",token:null,line:this.yylineno})},lex:function(){var t=this.next();return t||this.lex()},begin:function(t){this.conditionStack.push(t)},popState:function(){return this.conditionStack.length-1>0?this.conditionStack.pop():this.conditionStack[0]},_currentRules:function(){return this.conditionStack.length&&this.conditionStack[this.conditionStack.length-1]?this.conditions[this.conditionStack[this.conditionStack.length-1]].rules:this.conditions.INITIAL.rules},topState:function(t){return(t=this.conditionStack.length-1-Math.abs(t||0))>=0?this.conditionStack[t]:"INITIAL"},pushState:function(t){this.begin(t)},stateStackSize:function(){return this.conditionStack.length},options:{"case-insensitive":!0},performAction:function(t,e,n,r){switch(n){case 0:return this.begin("open_directive"),14;case 1:return this.begin("type_directive"),15;case 2:return this.popState(),this.begin("arg_directive"),12;case 3:return this.popState(),this.popState(),17;case 4:return 16;case 5:return 6;case 6:case 7:case 8:break;case 9:return 8;case 10:return 5;case 11:return 23;case 12:return 34;case 13:return 26;case 14:return 25;case 15:return 28;case 16:return 30;case 17:return 32;case 18:return 35;case 19:return 36;case 20:return 37;case 21:return 38;case 22:return 39;case 23:return 40;case 24:return 41;case 25:return 42;case 26:return 43;case 27:return 44;case 28:return 45;case 29:return 46;case 30:return 47;case 31:return 48;case 32:return 59;case 33:return 60;case 34:return 61;case 35:return 62;case 36:return 63;case 37:return 64;case 38:return 65;case 39:return 51;case 40:return 53;case 41:return 55;case 42:return 58;case 43:return 57;case 44:this.begin("string");break;case 45:this.popState();break;case 46:return"qString";case 47:return e.yytext=e.yytext.trim(),66}},rules:[/^(?:%%\{)/i,/^(?:((?:(?!\}%%)[^:.])*))/i,/^(?::)/i,/^(?:\}%%)/i,/^(?:((?:(?!\}%%).|\n)*))/i,/^(?:(\r?\n)+)/i,/^(?:\s+)/i,/^(?:#[^\n]*)/i,/^(?:%[^\n]*)/i,/^(?:$)/i,/^(?:requirementDiagram\b)/i,/^(?:\{)/i,/^(?:\})/i,/^(?::)/i,/^(?:id\b)/i,/^(?:text\b)/i,/^(?:risk\b)/i,/^(?:verifyMethod\b)/i,/^(?:requirement\b)/i,/^(?:functionalRequirement\b)/i,/^(?:interfaceRequirement\b)/i,/^(?:performanceRequirement\b)/i,/^(?:physicalRequirement\b)/i,/^(?:designConstraint\b)/i,/^(?:low\b)/i,/^(?:medium\b)/i,/^(?:high\b)/i,/^(?:analysis\b)/i,/^(?:demonstration\b)/i,/^(?:inspection\b)/i,/^(?:test\b)/i,/^(?:element\b)/i,/^(?:contains\b)/i,/^(?:copies\b)/i,/^(?:derives\b)/i,/^(?:satisfies\b)/i,/^(?:verifies\b)/i,/^(?:refines\b)/i,/^(?:traces\b)/i,/^(?:type\b)/i,/^(?:docref\b)/i,/^(?:<-)/i,/^(?:->)/i,/^(?:-)/i,/^(?:["])/i,/^(?:["])/i,/^(?:[^"]*)/i,/^(?:[\w][^\r\n\{\<\>\-\=]*)/i],conditions:{close_directive:{rules:[],inclusive:!1},arg_directive:{rules:[3,4],inclusive:!1},type_directive:{rules:[2,3],inclusive:!1},open_directive:{rules:[1],inclusive:!1},unqString:{rules:[],inclusive:!1},token:{rules:[],inclusive:!1},string:{rules:[45,46],inclusive:!1},INITIAL:{rules:[0,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,47],inclusive:!0}}};function j(){this.yy={}}return F.lexer=P,j.prototype=F,F.Parser=j,new j}();e.parser=i,e.Parser=i.Parser,e.parse=function(){return i.parse.apply(i,arguments)},e.main=function(r){r[1]||(console.log("Usage: "+r[0]+" FILE"),t.exit(1));var i=n(16).readFileSync(n(17).normalize(r[1]),"utf8");return e.parser.parse(i)},n.c[n.s]===r&&e.main(t.argv.slice(1))}).call(this,n(10),n(6)(t))},function(t,e,n){"use strict";Object.defineProperty(e,"__esModule",{value:!0});var r=n(11),i=n(45),a=n(18),o=n(53);e.default=function(t,e,n,s){if(void 0===n&&(n=0),void 0===s&&(s=1),"number"!=typeof t)return o.default(t,{a:e});var c=i.default.set({r:r.default.channel.clamp.r(t),g:r.default.channel.clamp.g(e),b:r.default.channel.clamp.b(n),a:r.default.channel.clamp.a(s)});return a.default.stringify(c)}},function(t,e,n){"use strict";Object.defineProperty(e,"__esModule",{value:!0});var r=n(11),i=n(18);e.default=function(t,e){var n=i.default.parse(t);for(var a in e)n[a]=r.default.channel.clamp[a](e[a]);return i.default.stringify(n)}},function(t,e,n){var r=n(55),i=n(206),a=n(207),o=n(208),s=n(209),c=n(210);function u(t){var e=this.__data__=new r(t);this.size=e.size}u.prototype.clear=i,u.prototype.delete=a,u.prototype.get=o,u.prototype.has=s,u.prototype.set=c,t.exports=u},function(t,e,n){var r=n(201),i=n(202),a=n(203),o=n(204),s=n(205);function c(t){var e=-1,n=null==t?0:t.length;for(this.clear();++e<n;){var r=t[e];this.set(r[0],r[1])}}c.prototype.clear=r,c.prototype.delete=i,c.prototype.get=a,c.prototype.has=o,c.prototype.set=s,t.exports=c},function(t,e,n){var r=n(37);t.exports=function(t,e){for(var n=t.length;n--;)if(r(t[n][0],e))return n;return-1}},function(t,e,n){var r=n(33)(Object,"create");t.exports=r},function(t,e,n){var r=n(226);t.exports=function(t,e){var n=t.__data__;return r(e)?n["string"==typeof e?"string":"hash"]:n.map}},function(t,e,n){var r=n(60),i=n(37),a=Object.prototype.hasOwnProperty;t.exports=function(t,e,n){var o=t[e];a.call(t,e)&&i(o,n)&&(void 0!==n||e in t)||r(t,e,n)}},function(t,e,n){var r=n(112);t.exports=function(t,e,n){"__proto__"==e&&r?r(t,e,{configurable:!0,enumerable:!0,value:n,writable:!0}):t[e]=n}},function(t,e){var n=/^(?:0|[1-9]\d*)$/;t.exports=function(t,e){var r=typeof t;return!!(e=null==e?9007199254740991:e)&&("number"==r||"symbol"!=r&&n.test(t))&&t>-1&&t%1==0&&t<e}},function(t,e){t.exports=function(t){return function(e){return t(e)}}},function(t,e){var n=Object.prototype;t.exports=function(t){var e=t&&t.constructor;return t===("function"==typeof e&&e.prototype||n)}},function(t,e,n){var r=n(114)(Object.getPrototypeOf,Object);t.exports=r},function(t,e,n){var r=n(89),i=n(255)(r);t.exports=i},function(t,e,n){var r=n(5),i=n(93),a=n(269),o=n(136);t.exports=function(t,e){return r(t)?t:i(t,e)?[t]:a(o(t))}},function(t,e){t.exports=function(t,e){for(var n=-1,r=null==t?0:t.length,i=Array(r);++n<r;)i[n]=e(t[n],n,t);return i}},function(t,e,n){var r=n(35),i=n(144),a=n(145);t.exports=function(t,e){return a(i(t,e,r),t+"")}},function(t,e,n){var r=n(37),i=n(24),a=n(61),o=n(13);t.exports=function(t,e,n){if(!o(n))return!1;var s=typeof e;return!!("number"==s?i(n)&&a(e,n.length):"string"==s&&e in n)&&r(n[e],t)}},function(t,e,n){"use strict";var r=n(4);t.exports={longestPath:function(t){var e={};r.forEach(t.sources(),(function n(i){var a=t.node(i);if(r.has(e,i))return a.rank;e[i]=!0;var o=r.min(r.map(t.outEdges(i),(function(e){return n(e.w)-t.edge(e).minlen})));return o!==Number.POSITIVE_INFINITY&&null!=o||(o=0),a.rank=o}))},slack:function(t,e){return t.node(e.w).rank-t.node(e.v).rank-t.edge(e).minlen}}},function(t,e,n){"use strict";var r=/^(%20|\s)*(javascript|data)/im,i=/[^\x20-\x7E]/gim,a=/^([^:]+):/gm,o=[".","/"];t.exports={sanitizeUrl:function(t){if(!t)return"about:blank";var e,n,s=t.replace(i,"").trim();return function(t){return o.indexOf(t[0])>-1}(s)?s:(n=s.match(a))?(e=n[0],r.test(e)?"about:blank":s):"about:blank"}}},function(t,e,n){(function(t,r){var i=function(){var t=function(t,e,n,r){for(n=n||{},r=t.length;r--;n[t[r]]=e);return n},e=[2,3],n=[1,7],r=[7,12,15,17,19,20,21],i=[7,11,12,15,17,19,20,21],a=[2,20],o=[1,32],s={trace:function(){},yy:{},symbols_:{error:2,start:3,GG:4,":":5,document:6,EOF:7,DIR:8,options:9,body:10,OPT:11,NL:12,line:13,statement:14,COMMIT:15,commit_arg:16,BRANCH:17,ID:18,CHECKOUT:19,MERGE:20,RESET:21,reset_arg:22,STR:23,HEAD:24,reset_parents:25,CARET:26,$accept:0,$end:1},terminals_:{2:"error",4:"GG",5:":",7:"EOF",8:"DIR",11:"OPT",12:"NL",15:"COMMIT",17:"BRANCH",18:"ID",19:"CHECKOUT",20:"MERGE",21:"RESET",23:"STR",24:"HEAD",26:"CARET"},productions_:[0,[3,4],[3,5],[6,0],[6,2],[9,2],[9,1],[10,0],[10,2],[13,2],[13,1],[14,2],[14,2],[14,2],[14,2],[14,2],[16,0],[16,1],[22,2],[22,2],[25,0],[25,2]],performAction:function(t,e,n,r,i,a,o){var s=a.length-1;switch(i){case 1:return a[s-1];case 2:return r.setDirection(a[s-3]),a[s-1];case 4:r.setOptions(a[s-1]),this.$=a[s];break;case 5:a[s-1]+=a[s],this.$=a[s-1];break;case 7:this.$=[];break;case 8:a[s-1].push(a[s]),this.$=a[s-1];break;case 9:this.$=a[s-1];break;case 11:r.commit(a[s]);break;case 12:r.branch(a[s]);break;case 13:r.checkout(a[s]);break;case 14:r.merge(a[s]);break;case 15:r.reset(a[s]);break;case 16:this.$="";break;case 17:this.$=a[s];break;case 18:this.$=a[s-1]+":"+a[s];break;case 19:this.$=a[s-1]+":"+r.count,r.count=0;break;case 20:r.count=0;break;case 21:r.count+=1}},table:[{3:1,4:[1,2]},{1:[3]},{5:[1,3],8:[1,4]},{6:5,7:e,9:6,12:n},{5:[1,8]},{7:[1,9]},t(r,[2,7],{10:10,11:[1,11]}),t(i,[2,6]),{6:12,7:e,9:6,12:n},{1:[2,1]},{7:[2,4],12:[1,15],13:13,14:14,15:[1,16],17:[1,17],19:[1,18],20:[1,19],21:[1,20]},t(i,[2,5]),{7:[1,21]},t(r,[2,8]),{12:[1,22]},t(r,[2,10]),{12:[2,16],16:23,23:[1,24]},{18:[1,25]},{18:[1,26]},{18:[1,27]},{18:[1,30],22:28,24:[1,29]},{1:[2,2]},t(r,[2,9]),{12:[2,11]},{12:[2,17]},{12:[2,12]},{12:[2,13]},{12:[2,14]},{12:[2,15]},{12:a,25:31,26:o},{12:a,25:33,26:o},{12:[2,18]},{12:a,25:34,26:o},{12:[2,19]},{12:[2,21]}],defaultActions:{9:[2,1],21:[2,2],23:[2,11],24:[2,17],25:[2,12],26:[2,13],27:[2,14],28:[2,15],31:[2,18],33:[2,19],34:[2,21]},parseError:function(t,e){if(!e.recoverable){var n=new Error(t);throw n.hash=e,n}this.trace(t)},parse:function(t){var e=this,n=[0],r=[],i=[null],a=[],o=this.table,s="",c=0,u=0,l=0,h=2,f=1,d=a.slice.call(arguments,1),p=Object.create(this.lexer),y={yy:{}};for(var g in this.yy)Object.prototype.hasOwnProperty.call(this.yy,g)&&(y.yy[g]=this.yy[g]);p.setInput(t,y.yy),y.yy.lexer=p,y.yy.parser=this,void 0===p.yylloc&&(p.yylloc={});var v=p.yylloc;a.push(v);var m=p.options&&p.options.ranges;function b(){var t;return"number"!=typeof(t=r.pop()||p.lex()||f)&&(t instanceof Array&&(t=(r=t).pop()),t=e.symbols_[t]||t),t}"function"==typeof y.yy.parseError?this.parseError=y.yy.parseError:this.parseError=Object.getPrototypeOf(this).parseError;for(var _,x,k,w,E,T,C,S,A,M={};;){if(k=n[n.length-1],this.defaultActions[k]?w=this.defaultActions[k]:(null==_&&(_=b()),w=o[k]&&o[k][_]),void 0===w||!w.length||!w[0]){var O="";for(T in A=[],o[k])this.terminals_[T]&&T>h&&A.push("'"+this.terminals_[T]+"'");O=p.showPosition?"Parse error on line "+(c+1)+":\n"+p.showPosition()+"\nExpecting "+A.join(", ")+", got '"+(this.terminals_[_]||_)+"'":"Parse error on line "+(c+1)+": Unexpected "+(_==f?"end of input":"'"+(this.terminals_[_]||_)+"'"),this.parseError(O,{text:p.match,token:this.terminals_[_]||_,line:p.yylineno,loc:v,expected:A})}if(w[0]instanceof Array&&w.length>1)throw new Error("Parse Error: multiple actions possible at state: "+k+", token: "+_);switch(w[0]){case 1:n.push(_),i.push(p.yytext),a.push(p.yylloc),n.push(w[1]),_=null,x?(_=x,x=null):(u=p.yyleng,s=p.yytext,c=p.yylineno,v=p.yylloc,l>0&&l--);break;case 2:if(C=this.productions_[w[1]][1],M.$=i[i.length-C],M._$={first_line:a[a.length-(C||1)].first_line,last_line:a[a.length-1].last_line,first_column:a[a.length-(C||1)].first_column,last_column:a[a.length-1].last_column},m&&(M._$.range=[a[a.length-(C||1)].range[0],a[a.length-1].range[1]]),void 0!==(E=this.performAction.apply(M,[s,u,c,y.yy,w[1],i,a].concat(d))))return E;C&&(n=n.slice(0,-1*C*2),i=i.slice(0,-1*C),a=a.slice(0,-1*C)),n.push(this.productions_[w[1]][0]),i.push(M.$),a.push(M._$),S=o[n[n.length-2]][n[n.length-1]],n.push(S);break;case 3:return!0}}return!0}},c={EOF:1,parseError:function(t,e){if(!this.yy.parser)throw new Error(t);this.yy.parser.parseError(t,e)},setInput:function(t,e){return this.yy=e||this.yy||{},this._input=t,this._more=this._backtrack=this.done=!1,this.yylineno=this.yyleng=0,this.yytext=this.matched=this.match="",this.conditionStack=["INITIAL"],this.yylloc={first_line:1,first_column:0,last_line:1,last_column:0},this.options.ranges&&(this.yylloc.range=[0,0]),this.offset=0,this},input:function(){var t=this._input[0];return this.yytext+=t,this.yyleng++,this.offset++,this.match+=t,this.matched+=t,t.match(/(?:\r\n?|\n).*/g)?(this.yylineno++,this.yylloc.last_line++):this.yylloc.last_column++,this.options.ranges&&this.yylloc.range[1]++,this._input=this._input.slice(1),t},unput:function(t){var e=t.length,n=t.split(/(?:\r\n?|\n)/g);this._input=t+this._input,this.yytext=this.yytext.substr(0,this.yytext.length-e),this.offset-=e;var r=this.match.split(/(?:\r\n?|\n)/g);this.match=this.match.substr(0,this.match.length-1),this.matched=this.matched.substr(0,this.matched.length-1),n.length-1&&(this.yylineno-=n.length-1);var i=this.yylloc.range;return this.yylloc={first_line:this.yylloc.first_line,last_line:this.yylineno+1,first_column:this.yylloc.first_column,last_column:n?(n.length===r.length?this.yylloc.first_column:0)+r[r.length-n.length].length-n[0].length:this.yylloc.first_column-e},this.options.ranges&&(this.yylloc.range=[i[0],i[0]+this.yyleng-e]),this.yyleng=this.yytext.length,this},more:function(){return this._more=!0,this},reject:function(){return this.options.backtrack_lexer?(this._backtrack=!0,this):this.parseError("Lexical error on line "+(this.yylineno+1)+". You can only invoke reject() in the lexer when the lexer is of the backtracking persuasion (options.backtrack_lexer = true).\n"+this.showPosition(),{text:"",token:null,line:this.yylineno})},less:function(t){this.unput(this.match.slice(t))},pastInput:function(){var t=this.matched.substr(0,this.matched.length-this.match.length);return(t.length>20?"...":"")+t.substr(-20).replace(/\n/g,"")},upcomingInput:function(){var t=this.match;return t.length<20&&(t+=this._input.substr(0,20-t.length)),(t.substr(0,20)+(t.length>20?"...":"")).replace(/\n/g,"")},showPosition:function(){var t=this.pastInput(),e=new Array(t.length+1).join("-");return t+this.upcomingInput()+"\n"+e+"^"},test_match:function(t,e){var n,r,i;if(this.options.backtrack_lexer&&(i={yylineno:this.yylineno,yylloc:{first_line:this.yylloc.first_line,last_line:this.last_line,first_column:this.yylloc.first_column,last_column:this.yylloc.last_column},yytext:this.yytext,match:this.match,matches:this.matches,matched:this.matched,yyleng:this.yyleng,offset:this.offset,_more:this._more,_input:this._input,yy:this.yy,conditionStack:this.conditionStack.slice(0),done:this.done},this.options.ranges&&(i.yylloc.range=this.yylloc.range.slice(0))),(r=t[0].match(/(?:\r\n?|\n).*/g))&&(this.yylineno+=r.length),this.yylloc={first_line:this.yylloc.last_line,last_line:this.yylineno+1,first_column:this.yylloc.last_column,last_column:r?r[r.length-1].length-r[r.length-1].match(/\r?\n?/)[0].length:this.yylloc.last_column+t[0].length},this.yytext+=t[0],this.match+=t[0],this.matches=t,this.yyleng=this.yytext.length,this.options.ranges&&(this.yylloc.range=[this.offset,this.offset+=this.yyleng]),this._more=!1,this._backtrack=!1,this._input=this._input.slice(t[0].length),this.matched+=t[0],n=this.performAction.call(this,this.yy,this,e,this.conditionStack[this.conditionStack.length-1]),this.done&&this._input&&(this.done=!1),n)return n;if(this._backtrack){for(var a in i)this[a]=i[a];return!1}return!1},next:function(){if(this.done)return this.EOF;var t,e,n,r;this._input||(this.done=!0),this._more||(this.yytext="",this.match="");for(var i=this._currentRules(),a=0;a<i.length;a++)if((n=this._input.match(this.rules[i[a]]))&&(!e||n[0].length>e[0].length)){if(e=n,r=a,this.options.backtrack_lexer){if(!1!==(t=this.test_match(n,i[a])))return t;if(this._backtrack){e=!1;continue}return!1}if(!this.options.flex)break}return e?!1!==(t=this.test_match(e,i[r]))&&t:""===this._input?this.EOF:this.parseError("Lexical error on line "+(this.yylineno+1)+". Unrecognized text.\n"+this.showPosition(),{text:"",token:null,line:this.yylineno})},lex:function(){var t=this.next();return t||this.lex()},begin:function(t){this.conditionStack.push(t)},popState:function(){return this.conditionStack.length-1>0?this.conditionStack.pop():this.conditionStack[0]},_currentRules:function(){return this.conditionStack.length&&this.conditionStack[this.conditionStack.length-1]?this.conditions[this.conditionStack[this.conditionStack.length-1]].rules:this.conditions.INITIAL.rules},topState:function(t){return(t=this.conditionStack.length-1-Math.abs(t||0))>=0?this.conditionStack[t]:"INITIAL"},pushState:function(t){this.begin(t)},stateStackSize:function(){return this.conditionStack.length},options:{"case-insensitive":!0},performAction:function(t,e,n,r){switch(n){case 0:return 12;case 1:case 2:case 3:break;case 4:return 4;case 5:return 15;case 6:return 17;case 7:return 20;case 8:return 21;case 9:return 19;case 10:case 11:return 8;case 12:return 5;case 13:return 26;case 14:this.begin("options");break;case 15:this.popState();break;case 16:return 11;case 17:this.begin("string");break;case 18:this.popState();break;case 19:return 23;case 20:return 18;case 21:return 7}},rules:[/^(?:(\r?\n)+)/i,/^(?:\s+)/i,/^(?:#[^\n]*)/i,/^(?:%[^\n]*)/i,/^(?:gitGraph\b)/i,/^(?:commit\b)/i,/^(?:branch\b)/i,/^(?:merge\b)/i,/^(?:reset\b)/i,/^(?:checkout\b)/i,/^(?:LR\b)/i,/^(?:BT\b)/i,/^(?::)/i,/^(?:\^)/i,/^(?:options\r?\n)/i,/^(?:end\r?\n)/i,/^(?:[^\n]+\r?\n)/i,/^(?:["])/i,/^(?:["])/i,/^(?:[^"]*)/i,/^(?:[a-zA-Z][-_\.a-zA-Z0-9]*[-_a-zA-Z0-9])/i,/^(?:$)/i],conditions:{options:{rules:[15,16],inclusive:!1},string:{rules:[18,19],inclusive:!1},INITIAL:{rules:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,17,20,21],inclusive:!0}}};function u(){this.yy={}}return s.lexer=c,u.prototype=s,s.Parser=u,new u}();e.parser=i,e.Parser=i.Parser,e.parse=function(){return i.parse.apply(i,arguments)},e.main=function(r){r[1]||(console.log("Usage: "+r[0]+" FILE"),t.exit(1));var i=n(16).readFileSync(n(17).normalize(r[1]),"utf8");return e.parser.parse(i)},n.c[n.s]===r&&e.main(t.argv.slice(1))}).call(this,n(10),n(6)(t))},function(t,e,n){(function(t,r){var i=function(){var t=function(t,e,n,r){for(n=n||{},r=t.length;r--;n[t[r]]=e);return n},e=[6,9,10],n={trace:function(){},yy:{},symbols_:{error:2,start:3,info:4,document:5,EOF:6,line:7,statement:8,NL:9,showInfo:10,$accept:0,$end:1},terminals_:{2:"error",4:"info",6:"EOF",9:"NL",10:"showInfo"},productions_:[0,[3,3],[5,0],[5,2],[7,1],[7,1],[8,1]],performAction:function(t,e,n,r,i,a,o){a.length;switch(i){case 1:return r;case 4:break;case 6:r.setInfo(!0)}},table:[{3:1,4:[1,2]},{1:[3]},t(e,[2,2],{5:3}),{6:[1,4],7:5,8:6,9:[1,7],10:[1,8]},{1:[2,1]},t(e,[2,3]),t(e,[2,4]),t(e,[2,5]),t(e,[2,6])],defaultActions:{4:[2,1]},parseError:function(t,e){if(!e.recoverable){var n=new Error(t);throw n.hash=e,n}this.trace(t)},parse:function(t){var e=this,n=[0],r=[],i=[null],a=[],o=this.table,s="",c=0,u=0,l=0,h=2,f=1,d=a.slice.call(arguments,1),p=Object.create(this.lexer),y={yy:{}};for(var g in this.yy)Object.prototype.hasOwnProperty.call(this.yy,g)&&(y.yy[g]=this.yy[g]);p.setInput(t,y.yy),y.yy.lexer=p,y.yy.parser=this,void 0===p.yylloc&&(p.yylloc={});var v=p.yylloc;a.push(v);var m=p.options&&p.options.ranges;function b(){var t;return"number"!=typeof(t=r.pop()||p.lex()||f)&&(t instanceof Array&&(t=(r=t).pop()),t=e.symbols_[t]||t),t}"function"==typeof y.yy.parseError?this.parseError=y.yy.parseError:this.parseError=Object.getPrototypeOf(this).parseError;for(var _,x,k,w,E,T,C,S,A,M={};;){if(k=n[n.length-1],this.defaultActions[k]?w=this.defaultActions[k]:(null==_&&(_=b()),w=o[k]&&o[k][_]),void 0===w||!w.length||!w[0]){var O="";for(T in A=[],o[k])this.terminals_[T]&&T>h&&A.push("'"+this.terminals_[T]+"'");O=p.showPosition?"Parse error on line "+(c+1)+":\n"+p.showPosition()+"\nExpecting "+A.join(", ")+", got '"+(this.terminals_[_]||_)+"'":"Parse error on line "+(c+1)+": Unexpected "+(_==f?"end of input":"'"+(this.terminals_[_]||_)+"'"),this.parseError(O,{text:p.match,token:this.terminals_[_]||_,line:p.yylineno,loc:v,expected:A})}if(w[0]instanceof Array&&w.length>1)throw new Error("Parse Error: multiple actions possible at state: "+k+", token: "+_);switch(w[0]){case 1:n.push(_),i.push(p.yytext),a.push(p.yylloc),n.push(w[1]),_=null,x?(_=x,x=null):(u=p.yyleng,s=p.yytext,c=p.yylineno,v=p.yylloc,l>0&&l--);break;case 2:if(C=this.productions_[w[1]][1],M.$=i[i.length-C],M._$={first_line:a[a.length-(C||1)].first_line,last_line:a[a.length-1].last_line,first_column:a[a.length-(C||1)].first_column,last_column:a[a.length-1].last_column},m&&(M._$.range=[a[a.length-(C||1)].range[0],a[a.length-1].range[1]]),void 0!==(E=this.performAction.apply(M,[s,u,c,y.yy,w[1],i,a].concat(d))))return E;C&&(n=n.slice(0,-1*C*2),i=i.slice(0,-1*C),a=a.slice(0,-1*C)),n.push(this.productions_[w[1]][0]),i.push(M.$),a.push(M._$),S=o[n[n.length-2]][n[n.length-1]],n.push(S);break;case 3:return!0}}return!0}},r={EOF:1,parseError:function(t,e){if(!this.yy.parser)throw new Error(t);this.yy.parser.parseError(t,e)},setInput:function(t,e){return this.yy=e||this.yy||{},this._input=t,this._more=this._backtrack=this.done=!1,this.yylineno=this.yyleng=0,this.yytext=this.matched=this.match="",this.conditionStack=["INITIAL"],this.yylloc={first_line:1,first_column:0,last_line:1,last_column:0},this.options.ranges&&(this.yylloc.range=[0,0]),this.offset=0,this},input:function(){var t=this._input[0];return this.yytext+=t,this.yyleng++,this.offset++,this.match+=t,this.matched+=t,t.match(/(?:\r\n?|\n).*/g)?(this.yylineno++,this.yylloc.last_line++):this.yylloc.last_column++,this.options.ranges&&this.yylloc.range[1]++,this._input=this._input.slice(1),t},unput:function(t){var e=t.length,n=t.split(/(?:\r\n?|\n)/g);this._input=t+this._input,this.yytext=this.yytext.substr(0,this.yytext.length-e),this.offset-=e;var r=this.match.split(/(?:\r\n?|\n)/g);this.match=this.match.substr(0,this.match.length-1),this.matched=this.matched.substr(0,this.matched.length-1),n.length-1&&(this.yylineno-=n.length-1);var i=this.yylloc.range;return this.yylloc={first_line:this.yylloc.first_line,last_line:this.yylineno+1,first_column:this.yylloc.first_column,last_column:n?(n.length===r.length?this.yylloc.first_column:0)+r[r.length-n.length].length-n[0].length:this.yylloc.first_column-e},this.options.ranges&&(this.yylloc.range=[i[0],i[0]+this.yyleng-e]),this.yyleng=this.yytext.length,this},more:function(){return this._more=!0,this},reject:function(){return this.options.backtrack_lexer?(this._backtrack=!0,this):this.parseError("Lexical error on line "+(this.yylineno+1)+". You can only invoke reject() in the lexer when the lexer is of the backtracking persuasion (options.backtrack_lexer = true).\n"+this.showPosition(),{text:"",token:null,line:this.yylineno})},less:function(t){this.unput(this.match.slice(t))},pastInput:function(){var t=this.matched.substr(0,this.matched.length-this.match.length);return(t.length>20?"...":"")+t.substr(-20).replace(/\n/g,"")},upcomingInput:function(){var t=this.match;return t.length<20&&(t+=this._input.substr(0,20-t.length)),(t.substr(0,20)+(t.length>20?"...":"")).replace(/\n/g,"")},showPosition:function(){var t=this.pastInput(),e=new Array(t.length+1).join("-");return t+this.upcomingInput()+"\n"+e+"^"},test_match:function(t,e){var n,r,i;if(this.options.backtrack_lexer&&(i={yylineno:this.yylineno,yylloc:{first_line:this.yylloc.first_line,last_line:this.last_line,first_column:this.yylloc.first_column,last_column:this.yylloc.last_column},yytext:this.yytext,match:this.match,matches:this.matches,matched:this.matched,yyleng:this.yyleng,offset:this.offset,_more:this._more,_input:this._input,yy:this.yy,conditionStack:this.conditionStack.slice(0),done:this.done},this.options.ranges&&(i.yylloc.range=this.yylloc.range.slice(0))),(r=t[0].match(/(?:\r\n?|\n).*/g))&&(this.yylineno+=r.length),this.yylloc={first_line:this.yylloc.last_line,last_line:this.yylineno+1,first_column:this.yylloc.last_column,last_column:r?r[r.length-1].length-r[r.length-1].match(/\r?\n?/)[0].length:this.yylloc.last_column+t[0].length},this.yytext+=t[0],this.match+=t[0],this.matches=t,this.yyleng=this.yytext.length,this.options.ranges&&(this.yylloc.range=[this.offset,this.offset+=this.yyleng]),this._more=!1,this._backtrack=!1,this._input=this._input.slice(t[0].length),this.matched+=t[0],n=this.performAction.call(this,this.yy,this,e,this.conditionStack[this.conditionStack.length-1]),this.done&&this._input&&(this.done=!1),n)return n;if(this._backtrack){for(var a in i)this[a]=i[a];return!1}return!1},next:function(){if(this.done)return this.EOF;var t,e,n,r;this._input||(this.done=!0),this._more||(this.yytext="",this.match="");for(var i=this._currentRules(),a=0;a<i.length;a++)if((n=this._input.match(this.rules[i[a]]))&&(!e||n[0].length>e[0].length)){if(e=n,r=a,this.options.backtrack_lexer){if(!1!==(t=this.test_match(n,i[a])))return t;if(this._backtrack){e=!1;continue}return!1}if(!this.options.flex)break}return e?!1!==(t=this.test_match(e,i[r]))&&t:""===this._input?this.EOF:this.parseError("Lexical error on line "+(this.yylineno+1)+". Unrecognized text.\n"+this.showPosition(),{text:"",token:null,line:this.yylineno})},lex:function(){var t=this.next();return t||this.lex()},begin:function(t){this.conditionStack.push(t)},popState:function(){return this.conditionStack.length-1>0?this.conditionStack.pop():this.conditionStack[0]},_currentRules:function(){return this.conditionStack.length&&this.conditionStack[this.conditionStack.length-1]?this.conditions[this.conditionStack[this.conditionStack.length-1]].rules:this.conditions.INITIAL.rules},topState:function(t){return(t=this.conditionStack.length-1-Math.abs(t||0))>=0?this.conditionStack[t]:"INITIAL"},pushState:function(t){this.begin(t)},stateStackSize:function(){return this.conditionStack.length},options:{"case-insensitive":!0},performAction:function(t,e,n,r){switch(n){case 0:return 4;case 1:return 9;case 2:return"space";case 3:return 10;case 4:return 6;case 5:return"TXT"}},rules:[/^(?:info\b)/i,/^(?:[\s\n\r]+)/i,/^(?:[\s]+)/i,/^(?:showInfo\b)/i,/^(?:$)/i,/^(?:.)/i],conditions:{INITIAL:{rules:[0,1,2,3,4,5],inclusive:!0}}};function i(){this.yy={}}return n.lexer=r,i.prototype=n,n.Parser=i,new i}();e.parser=i,e.Parser=i.Parser,e.parse=function(){return i.parse.apply(i,arguments)},e.main=function(r){r[1]||(console.log("Usage: "+r[0]+" FILE"),t.exit(1));var i=n(16).readFileSync(n(17).normalize(r[1]),"utf8");return e.parser.parse(i)},n.c[n.s]===r&&e.main(t.argv.slice(1))}).call(this,n(10),n(6)(t))},function(t,e,n){(function(t,r){var i=function(){var t=function(t,e,n,r){for(n=n||{},r=t.length;r--;n[t[r]]=e);return n},e=[1,4],n=[1,5],r=[1,6],i=[1,7],a=[1,9],o=[1,10,12,19,20,21,22],s=[1,6,10,12,19,20,21,22],c=[19,20,21],u=[1,22],l=[6,19,20,21,22],h={trace:function(){},yy:{},symbols_:{error:2,start:3,eol:4,directive:5,PIE:6,document:7,line:8,statement:9,txt:10,value:11,title:12,title_value:13,openDirective:14,typeDirective:15,closeDirective:16,":":17,argDirective:18,NEWLINE:19,";":20,EOF:21,open_directive:22,type_directive:23,arg_directive:24,close_directive:25,$accept:0,$end:1},terminals_:{2:"error",6:"PIE",10:"txt",11:"value",12:"title",13:"title_value",17:":",19:"NEWLINE",20:";",21:"EOF",22:"open_directive",23:"type_directive",24:"arg_directive",25:"close_directive"},productions_:[0,[3,2],[3,2],[3,2],[7,0],[7,2],[8,2],[9,0],[9,2],[9,2],[9,1],[5,3],[5,5],[4,1],[4,1],[4,1],[14,1],[15,1],[18,1],[16,1]],performAction:function(t,e,n,r,i,a,o){var s=a.length-1;switch(i){case 6:this.$=a[s-1];break;case 8:r.addSection(a[s-1],r.cleanupValue(a[s]));break;case 9:this.$=a[s].trim(),r.setTitle(this.$);break;case 16:r.parseDirective("%%{","open_directive");break;case 17:r.parseDirective(a[s],"type_directive");break;case 18:a[s]=a[s].trim().replace(/'/g,'"'),r.parseDirective(a[s],"arg_directive");break;case 19:r.parseDirective("}%%","close_directive","pie")}},table:[{3:1,4:2,5:3,6:e,14:8,19:n,20:r,21:i,22:a},{1:[3]},{3:10,4:2,5:3,6:e,14:8,19:n,20:r,21:i,22:a},{3:11,4:2,5:3,6:e,14:8,19:n,20:r,21:i,22:a},t(o,[2,4],{7:12}),t(s,[2,13]),t(s,[2,14]),t(s,[2,15]),{15:13,23:[1,14]},{23:[2,16]},{1:[2,1]},{1:[2,2]},t(c,[2,7],{14:8,8:15,9:16,5:19,1:[2,3],10:[1,17],12:[1,18],22:a}),{16:20,17:[1,21],25:u},t([17,25],[2,17]),t(o,[2,5]),{4:23,19:n,20:r,21:i},{11:[1,24]},{13:[1,25]},t(c,[2,10]),t(l,[2,11]),{18:26,24:[1,27]},t(l,[2,19]),t(o,[2,6]),t(c,[2,8]),t(c,[2,9]),{16:28,25:u},{25:[2,18]},t(l,[2,12])],defaultActions:{9:[2,16],10:[2,1],11:[2,2],27:[2,18]},parseError:function(t,e){if(!e.recoverable){var n=new Error(t);throw n.hash=e,n}this.trace(t)},parse:function(t){var e=this,n=[0],r=[],i=[null],a=[],o=this.table,s="",c=0,u=0,l=0,h=2,f=1,d=a.slice.call(arguments,1),p=Object.create(this.lexer),y={yy:{}};for(var g in this.yy)Object.prototype.hasOwnProperty.call(this.yy,g)&&(y.yy[g]=this.yy[g]);p.setInput(t,y.yy),y.yy.lexer=p,y.yy.parser=this,void 0===p.yylloc&&(p.yylloc={});var v=p.yylloc;a.push(v);var m=p.options&&p.options.ranges;function b(){var t;return"number"!=typeof(t=r.pop()||p.lex()||f)&&(t instanceof Array&&(t=(r=t).pop()),t=e.symbols_[t]||t),t}"function"==typeof y.yy.parseError?this.parseError=y.yy.parseError:this.parseError=Object.getPrototypeOf(this).parseError;for(var _,x,k,w,E,T,C,S,A,M={};;){if(k=n[n.length-1],this.defaultActions[k]?w=this.defaultActions[k]:(null==_&&(_=b()),w=o[k]&&o[k][_]),void 0===w||!w.length||!w[0]){var O="";for(T in A=[],o[k])this.terminals_[T]&&T>h&&A.push("'"+this.terminals_[T]+"'");O=p.showPosition?"Parse error on line "+(c+1)+":\n"+p.showPosition()+"\nExpecting "+A.join(", ")+", got '"+(this.terminals_[_]||_)+"'":"Parse error on line "+(c+1)+": Unexpected "+(_==f?"end of input":"'"+(this.terminals_[_]||_)+"'"),this.parseError(O,{text:p.match,token:this.terminals_[_]||_,line:p.yylineno,loc:v,expected:A})}if(w[0]instanceof Array&&w.length>1)throw new Error("Parse Error: multiple actions possible at state: "+k+", token: "+_);switch(w[0]){case 1:n.push(_),i.push(p.yytext),a.push(p.yylloc),n.push(w[1]),_=null,x?(_=x,x=null):(u=p.yyleng,s=p.yytext,c=p.yylineno,v=p.yylloc,l>0&&l--);break;case 2:if(C=this.productions_[w[1]][1],M.$=i[i.length-C],M._$={first_line:a[a.length-(C||1)].first_line,last_line:a[a.length-1].last_line,first_column:a[a.length-(C||1)].first_column,last_column:a[a.length-1].last_column},m&&(M._$.range=[a[a.length-(C||1)].range[0],a[a.length-1].range[1]]),void 0!==(E=this.performAction.apply(M,[s,u,c,y.yy,w[1],i,a].concat(d))))return E;C&&(n=n.slice(0,-1*C*2),i=i.slice(0,-1*C),a=a.slice(0,-1*C)),n.push(this.productions_[w[1]][0]),i.push(M.$),a.push(M._$),S=o[n[n.length-2]][n[n.length-1]],n.push(S);break;case 3:return!0}}return!0}},f={EOF:1,parseError:function(t,e){if(!this.yy.parser)throw new Error(t);this.yy.parser.parseError(t,e)},setInput:function(t,e){return this.yy=e||this.yy||{},this._input=t,this._more=this._backtrack=this.done=!1,this.yylineno=this.yyleng=0,this.yytext=this.matched=this.match="",this.conditionStack=["INITIAL"],this.yylloc={first_line:1,first_column:0,last_line:1,last_column:0},this.options.ranges&&(this.yylloc.range=[0,0]),this.offset=0,this},input:function(){var t=this._input[0];return this.yytext+=t,this.yyleng++,this.offset++,this.match+=t,this.matched+=t,t.match(/(?:\r\n?|\n).*/g)?(this.yylineno++,this.yylloc.last_line++):this.yylloc.last_column++,this.options.ranges&&this.yylloc.range[1]++,this._input=this._input.slice(1),t},unput:function(t){var e=t.length,n=t.split(/(?:\r\n?|\n)/g);this._input=t+this._input,this.yytext=this.yytext.substr(0,this.yytext.length-e),this.offset-=e;var r=this.match.split(/(?:\r\n?|\n)/g);this.match=this.match.substr(0,this.match.length-1),this.matched=this.matched.substr(0,this.matched.length-1),n.length-1&&(this.yylineno-=n.length-1);var i=this.yylloc.range;return this.yylloc={first_line:this.yylloc.first_line,last_line:this.yylineno+1,first_column:this.yylloc.first_column,last_column:n?(n.length===r.length?this.yylloc.first_column:0)+r[r.length-n.length].length-n[0].length:this.yylloc.first_column-e},this.options.ranges&&(this.yylloc.range=[i[0],i[0]+this.yyleng-e]),this.yyleng=this.yytext.length,this},more:function(){return this._more=!0,this},reject:function(){return this.options.backtrack_lexer?(this._backtrack=!0,this):this.parseError("Lexical error on line "+(this.yylineno+1)+". You can only invoke reject() in the lexer when the lexer is of the backtracking persuasion (options.backtrack_lexer = true).\n"+this.showPosition(),{text:"",token:null,line:this.yylineno})},less:function(t){this.unput(this.match.slice(t))},pastInput:function(){var t=this.matched.substr(0,this.matched.length-this.match.length);return(t.length>20?"...":"")+t.substr(-20).replace(/\n/g,"")},upcomingInput:function(){var t=this.match;return t.length<20&&(t+=this._input.substr(0,20-t.length)),(t.substr(0,20)+(t.length>20?"...":"")).replace(/\n/g,"")},showPosition:function(){var t=this.pastInput(),e=new Array(t.length+1).join("-");return t+this.upcomingInput()+"\n"+e+"^"},test_match:function(t,e){var n,r,i;if(this.options.backtrack_lexer&&(i={yylineno:this.yylineno,yylloc:{first_line:this.yylloc.first_line,last_line:this.last_line,first_column:this.yylloc.first_column,last_column:this.yylloc.last_column},yytext:this.yytext,match:this.match,matches:this.matches,matched:this.matched,yyleng:this.yyleng,offset:this.offset,_more:this._more,_input:this._input,yy:this.yy,conditionStack:this.conditionStack.slice(0),done:this.done},this.options.ranges&&(i.yylloc.range=this.yylloc.range.slice(0))),(r=t[0].match(/(?:\r\n?|\n).*/g))&&(this.yylineno+=r.length),this.yylloc={first_line:this.yylloc.last_line,last_line:this.yylineno+1,first_column:this.yylloc.last_column,last_column:r?r[r.length-1].length-r[r.length-1].match(/\r?\n?/)[0].length:this.yylloc.last_column+t[0].length},this.yytext+=t[0],this.match+=t[0],this.matches=t,this.yyleng=this.yytext.length,this.options.ranges&&(this.yylloc.range=[this.offset,this.offset+=this.yyleng]),this._more=!1,this._backtrack=!1,this._input=this._input.slice(t[0].length),this.matched+=t[0],n=this.performAction.call(this,this.yy,this,e,this.conditionStack[this.conditionStack.length-1]),this.done&&this._input&&(this.done=!1),n)return n;if(this._backtrack){for(var a in i)this[a]=i[a];return!1}return!1},next:function(){if(this.done)return this.EOF;var t,e,n,r;this._input||(this.done=!0),this._more||(this.yytext="",this.match="");for(var i=this._currentRules(),a=0;a<i.length;a++)if((n=this._input.match(this.rules[i[a]]))&&(!e||n[0].length>e[0].length)){if(e=n,r=a,this.options.backtrack_lexer){if(!1!==(t=this.test_match(n,i[a])))return t;if(this._backtrack){e=!1;continue}return!1}if(!this.options.flex)break}return e?!1!==(t=this.test_match(e,i[r]))&&t:""===this._input?this.EOF:this.parseError("Lexical error on line "+(this.yylineno+1)+". Unrecognized text.\n"+this.showPosition(),{text:"",token:null,line:this.yylineno})},lex:function(){var t=this.next();return t||this.lex()},begin:function(t){this.conditionStack.push(t)},popState:function(){return this.conditionStack.length-1>0?this.conditionStack.pop():this.conditionStack[0]},_currentRules:function(){return this.conditionStack.length&&this.conditionStack[this.conditionStack.length-1]?this.conditions[this.conditionStack[this.conditionStack.length-1]].rules:this.conditions.INITIAL.rules},topState:function(t){return(t=this.conditionStack.length-1-Math.abs(t||0))>=0?this.conditionStack[t]:"INITIAL"},pushState:function(t){this.begin(t)},stateStackSize:function(){return this.conditionStack.length},options:{"case-insensitive":!0},performAction:function(t,e,n,r){switch(n){case 0:return this.begin("open_directive"),22;case 1:return this.begin("type_directive"),23;case 2:return this.popState(),this.begin("arg_directive"),17;case 3:return this.popState(),this.popState(),25;case 4:return 24;case 5:case 6:break;case 7:return 19;case 8:case 9:break;case 10:return this.begin("title"),12;case 11:return this.popState(),"title_value";case 12:this.begin("string");break;case 13:this.popState();break;case 14:return"txt";case 15:return 6;case 16:return"value";case 17:return 21}},rules:[/^(?:%%\{)/i,/^(?:((?:(?!\}%%)[^:.])*))/i,/^(?::)/i,/^(?:\}%%)/i,/^(?:((?:(?!\}%%).|\n)*))/i,/^(?:%%(?!\{)[^\n]*)/i,/^(?:[^\}]%%[^\n]*)/i,/^(?:[\n\r]+)/i,/^(?:%%[^\n]*)/i,/^(?:[\s]+)/i,/^(?:title\b)/i,/^(?:(?!\n||)*[^\n]*)/i,/^(?:["])/i,/^(?:["])/i,/^(?:[^"]*)/i,/^(?:pie\b)/i,/^(?::[\s]*[\d]+(?:\.[\d]+)?)/i,/^(?:$)/i],conditions:{close_directive:{rules:[],inclusive:!1},arg_directive:{rules:[3,4],inclusive:!1},type_directive:{rules:[2,3],inclusive:!1},open_directive:{rules:[1],inclusive:!1},title:{rules:[11],inclusive:!1},string:{rules:[13,14],inclusive:!1},INITIAL:{rules:[0,5,6,7,8,9,10,12,15,16,17],inclusive:!0}}};function d(){this.yy={}}return h.lexer=f,d.prototype=h,h.Parser=d,new d}();e.parser=i,e.Parser=i.Parser,e.parse=function(){return i.parse.apply(i,arguments)},e.main=function(r){r[1]||(console.log("Usage: "+r[0]+" FILE"),t.exit(1));var i=n(16).readFileSync(n(17).normalize(r[1]),"utf8");return e.parser.parse(i)},n.c[n.s]===r&&e.main(t.argv.slice(1))}).call(this,n(10),n(6)(t))},function(t,e,n){(function(t,r){var i=function(){var t=function(t,e,n,r){for(n=n||{},r=t.length;r--;n[t[r]]=e);return n},e=[1,2],n=[1,5],r=[6,9,11,23,37],i=[1,17],a=[1,20],o=[1,25],s=[1,26],c=[1,27],u=[1,28],l=[1,37],h=[23,34,35],f=[4,6,9,11,23,37],d=[30,31,32,33],p=[22,27],y={trace:function(){},yy:{},symbols_:{error:2,start:3,ER_DIAGRAM:4,document:5,EOF:6,directive:7,line:8,SPACE:9,statement:10,NEWLINE:11,openDirective:12,typeDirective:13,closeDirective:14,":":15,argDirective:16,entityName:17,relSpec:18,role:19,BLOCK_START:20,attributes:21,BLOCK_STOP:22,ALPHANUM:23,attribute:24,attributeType:25,attributeName:26,ATTRIBUTE_WORD:27,cardinality:28,relType:29,ZERO_OR_ONE:30,ZERO_OR_MORE:31,ONE_OR_MORE:32,ONLY_ONE:33,NON_IDENTIFYING:34,IDENTIFYING:35,WORD:36,open_directive:37,type_directive:38,arg_directive:39,close_directive:40,$accept:0,$end:1},terminals_:{2:"error",4:"ER_DIAGRAM",6:"EOF",9:"SPACE",11:"NEWLINE",15:":",20:"BLOCK_START",22:"BLOCK_STOP",23:"ALPHANUM",27:"ATTRIBUTE_WORD",30:"ZERO_OR_ONE",31:"ZERO_OR_MORE",32:"ONE_OR_MORE",33:"ONLY_ONE",34:"NON_IDENTIFYING",35:"IDENTIFYING",36:"WORD",37:"open_directive",38:"type_directive",39:"arg_directive",40:"close_directive"},productions_:[0,[3,3],[3,2],[5,0],[5,2],[8,2],[8,1],[8,1],[8,1],[7,4],[7,6],[10,1],[10,5],[10,4],[10,3],[10,1],[17,1],[21,1],[21,2],[24,2],[25,1],[26,1],[18,3],[28,1],[28,1],[28,1],[28,1],[29,1],[29,1],[19,1],[19,1],[12,1],[13,1],[16,1],[14,1]],performAction:function(t,e,n,r,i,a,o){var s=a.length-1;switch(i){case 1:break;case 3:this.$=[];break;case 4:a[s-1].push(a[s]),this.$=a[s-1];break;case 5:case 6:this.$=a[s];break;case 7:case 8:this.$=[];break;case 12:r.addEntity(a[s-4]),r.addEntity(a[s-2]),r.addRelationship(a[s-4],a[s],a[s-2],a[s-3]);break;case 13:r.addEntity(a[s-3]),r.addAttributes(a[s-3],a[s-1]);break;case 14:r.addEntity(a[s-2]);break;case 15:r.addEntity(a[s]);break;case 16:this.$=a[s];break;case 17:this.$=[a[s]];break;case 18:a[s].push(a[s-1]),this.$=a[s];break;case 19:this.$={attributeType:a[s-1],attributeName:a[s]};break;case 20:case 21:this.$=a[s];break;case 22:this.$={cardA:a[s],relType:a[s-1],cardB:a[s-2]};break;case 23:this.$=r.Cardinality.ZERO_OR_ONE;break;case 24:this.$=r.Cardinality.ZERO_OR_MORE;break;case 25:this.$=r.Cardinality.ONE_OR_MORE;break;case 26:this.$=r.Cardinality.ONLY_ONE;break;case 27:this.$=r.Identification.NON_IDENTIFYING;break;case 28:this.$=r.Identification.IDENTIFYING;break;case 29:this.$=a[s].replace(/"/g,"");break;case 30:this.$=a[s];break;case 31:r.parseDirective("%%{","open_directive");break;case 32:r.parseDirective(a[s],"type_directive");break;case 33:a[s]=a[s].trim().replace(/'/g,'"'),r.parseDirective(a[s],"arg_directive");break;case 34:r.parseDirective("}%%","close_directive","er")}},table:[{3:1,4:e,7:3,12:4,37:n},{1:[3]},t(r,[2,3],{5:6}),{3:7,4:e,7:3,12:4,37:n},{13:8,38:[1,9]},{38:[2,31]},{6:[1,10],7:15,8:11,9:[1,12],10:13,11:[1,14],12:4,17:16,23:i,37:n},{1:[2,2]},{14:18,15:[1,19],40:a},t([15,40],[2,32]),t(r,[2,8],{1:[2,1]}),t(r,[2,4]),{7:15,10:21,12:4,17:16,23:i,37:n},t(r,[2,6]),t(r,[2,7]),t(r,[2,11]),t(r,[2,15],{18:22,28:24,20:[1,23],30:o,31:s,32:c,33:u}),t([6,9,11,15,20,23,30,31,32,33,37],[2,16]),{11:[1,29]},{16:30,39:[1,31]},{11:[2,34]},t(r,[2,5]),{17:32,23:i},{21:33,22:[1,34],24:35,25:36,27:l},{29:38,34:[1,39],35:[1,40]},t(h,[2,23]),t(h,[2,24]),t(h,[2,25]),t(h,[2,26]),t(f,[2,9]),{14:41,40:a},{40:[2,33]},{15:[1,42]},{22:[1,43]},t(r,[2,14]),{21:44,22:[2,17],24:35,25:36,27:l},{26:45,27:[1,46]},{27:[2,20]},{28:47,30:o,31:s,32:c,33:u},t(d,[2,27]),t(d,[2,28]),{11:[1,48]},{19:49,23:[1,51],36:[1,50]},t(r,[2,13]),{22:[2,18]},t(p,[2,19]),t(p,[2,21]),{23:[2,22]},t(f,[2,10]),t(r,[2,12]),t(r,[2,29]),t(r,[2,30])],defaultActions:{5:[2,31],7:[2,2],20:[2,34],31:[2,33],37:[2,20],44:[2,18],47:[2,22]},parseError:function(t,e){if(!e.recoverable){var n=new Error(t);throw n.hash=e,n}this.trace(t)},parse:function(t){var e=this,n=[0],r=[],i=[null],a=[],o=this.table,s="",c=0,u=0,l=0,h=2,f=1,d=a.slice.call(arguments,1),p=Object.create(this.lexer),y={yy:{}};for(var g in this.yy)Object.prototype.hasOwnProperty.call(this.yy,g)&&(y.yy[g]=this.yy[g]);p.setInput(t,y.yy),y.yy.lexer=p,y.yy.parser=this,void 0===p.yylloc&&(p.yylloc={});var v=p.yylloc;a.push(v);var m=p.options&&p.options.ranges;function b(){var t;return"number"!=typeof(t=r.pop()||p.lex()||f)&&(t instanceof Array&&(t=(r=t).pop()),t=e.symbols_[t]||t),t}"function"==typeof y.yy.parseError?this.parseError=y.yy.parseError:this.parseError=Object.getPrototypeOf(this).parseError;for(var _,x,k,w,E,T,C,S,A,M={};;){if(k=n[n.length-1],this.defaultActions[k]?w=this.defaultActions[k]:(null==_&&(_=b()),w=o[k]&&o[k][_]),void 0===w||!w.length||!w[0]){var O="";for(T in A=[],o[k])this.terminals_[T]&&T>h&&A.push("'"+this.terminals_[T]+"'");O=p.showPosition?"Parse error on line "+(c+1)+":\n"+p.showPosition()+"\nExpecting "+A.join(", ")+", got '"+(this.terminals_[_]||_)+"'":"Parse error on line "+(c+1)+": Unexpected "+(_==f?"end of input":"'"+(this.terminals_[_]||_)+"'"),this.parseError(O,{text:p.match,token:this.terminals_[_]||_,line:p.yylineno,loc:v,expected:A})}if(w[0]instanceof Array&&w.length>1)throw new Error("Parse Error: multiple actions possible at state: "+k+", token: "+_);switch(w[0]){case 1:n.push(_),i.push(p.yytext),a.push(p.yylloc),n.push(w[1]),_=null,x?(_=x,x=null):(u=p.yyleng,s=p.yytext,c=p.yylineno,v=p.yylloc,l>0&&l--);break;case 2:if(C=this.productions_[w[1]][1],M.$=i[i.length-C],M._$={first_line:a[a.length-(C||1)].first_line,last_line:a[a.length-1].last_line,first_column:a[a.length-(C||1)].first_column,last_column:a[a.length-1].last_column},m&&(M._$.range=[a[a.length-(C||1)].range[0],a[a.length-1].range[1]]),void 0!==(E=this.performAction.apply(M,[s,u,c,y.yy,w[1],i,a].concat(d))))return E;C&&(n=n.slice(0,-1*C*2),i=i.slice(0,-1*C),a=a.slice(0,-1*C)),n.push(this.productions_[w[1]][0]),i.push(M.$),a.push(M._$),S=o[n[n.length-2]][n[n.length-1]],n.push(S);break;case 3:return!0}}return!0}},g={EOF:1,parseError:function(t,e){if(!this.yy.parser)throw new Error(t);this.yy.parser.parseError(t,e)},setInput:function(t,e){return this.yy=e||this.yy||{},this._input=t,this._more=this._backtrack=this.done=!1,this.yylineno=this.yyleng=0,this.yytext=this.matched=this.match="",this.conditionStack=["INITIAL"],this.yylloc={first_line:1,first_column:0,last_line:1,last_column:0},this.options.ranges&&(this.yylloc.range=[0,0]),this.offset=0,this},input:function(){var t=this._input[0];return this.yytext+=t,this.yyleng++,this.offset++,this.match+=t,this.matched+=t,t.match(/(?:\r\n?|\n).*/g)?(this.yylineno++,this.yylloc.last_line++):this.yylloc.last_column++,this.options.ranges&&this.yylloc.range[1]++,this._input=this._input.slice(1),t},unput:function(t){var e=t.length,n=t.split(/(?:\r\n?|\n)/g);this._input=t+this._input,this.yytext=this.yytext.substr(0,this.yytext.length-e),this.offset-=e;var r=this.match.split(/(?:\r\n?|\n)/g);this.match=this.match.substr(0,this.match.length-1),this.matched=this.matched.substr(0,this.matched.length-1),n.length-1&&(this.yylineno-=n.length-1);var i=this.yylloc.range;return this.yylloc={first_line:this.yylloc.first_line,last_line:this.yylineno+1,first_column:this.yylloc.first_column,last_column:n?(n.length===r.length?this.yylloc.first_column:0)+r[r.length-n.length].length-n[0].length:this.yylloc.first_column-e},this.options.ranges&&(this.yylloc.range=[i[0],i[0]+this.yyleng-e]),this.yyleng=this.yytext.length,this},more:function(){return this._more=!0,this},reject:function(){return this.options.backtrack_lexer?(this._backtrack=!0,this):this.parseError("Lexical error on line "+(this.yylineno+1)+". You can only invoke reject() in the lexer when the lexer is of the backtracking persuasion (options.backtrack_lexer = true).\n"+this.showPosition(),{text:"",token:null,line:this.yylineno})},less:function(t){this.unput(this.match.slice(t))},pastInput:function(){var t=this.matched.substr(0,this.matched.length-this.match.length);return(t.length>20?"...":"")+t.substr(-20).replace(/\n/g,"")},upcomingInput:function(){var t=this.match;return t.length<20&&(t+=this._input.substr(0,20-t.length)),(t.substr(0,20)+(t.length>20?"...":"")).replace(/\n/g,"")},showPosition:function(){var t=this.pastInput(),e=new Array(t.length+1).join("-");return t+this.upcomingInput()+"\n"+e+"^"},test_match:function(t,e){var n,r,i;if(this.options.backtrack_lexer&&(i={yylineno:this.yylineno,yylloc:{first_line:this.yylloc.first_line,last_line:this.last_line,first_column:this.yylloc.first_column,last_column:this.yylloc.last_column},yytext:this.yytext,match:this.match,matches:this.matches,matched:this.matched,yyleng:this.yyleng,offset:this.offset,_more:this._more,_input:this._input,yy:this.yy,conditionStack:this.conditionStack.slice(0),done:this.done},this.options.ranges&&(i.yylloc.range=this.yylloc.range.slice(0))),(r=t[0].match(/(?:\r\n?|\n).*/g))&&(this.yylineno+=r.length),this.yylloc={first_line:this.yylloc.last_line,last_line:this.yylineno+1,first_column:this.yylloc.last_column,last_column:r?r[r.length-1].length-r[r.length-1].match(/\r?\n?/)[0].length:this.yylloc.last_column+t[0].length},this.yytext+=t[0],this.match+=t[0],this.matches=t,this.yyleng=this.yytext.length,this.options.ranges&&(this.yylloc.range=[this.offset,this.offset+=this.yyleng]),this._more=!1,this._backtrack=!1,this._input=this._input.slice(t[0].length),this.matched+=t[0],n=this.performAction.call(this,this.yy,this,e,this.conditionStack[this.conditionStack.length-1]),this.done&&this._input&&(this.done=!1),n)return n;if(this._backtrack){for(var a in i)this[a]=i[a];return!1}return!1},next:function(){if(this.done)return this.EOF;var t,e,n,r;this._input||(this.done=!0),this._more||(this.yytext="",this.match="");for(var i=this._currentRules(),a=0;a<i.length;a++)if((n=this._input.match(this.rules[i[a]]))&&(!e||n[0].length>e[0].length)){if(e=n,r=a,this.options.backtrack_lexer){if(!1!==(t=this.test_match(n,i[a])))return t;if(this._backtrack){e=!1;continue}return!1}if(!this.options.flex)break}return e?!1!==(t=this.test_match(e,i[r]))&&t:""===this._input?this.EOF:this.parseError("Lexical error on line "+(this.yylineno+1)+". Unrecognized text.\n"+this.showPosition(),{text:"",token:null,line:this.yylineno})},lex:function(){var t=this.next();return t||this.lex()},begin:function(t){this.conditionStack.push(t)},popState:function(){return this.conditionStack.length-1>0?this.conditionStack.pop():this.conditionStack[0]},_currentRules:function(){return this.conditionStack.length&&this.conditionStack[this.conditionStack.length-1]?this.conditions[this.conditionStack[this.conditionStack.length-1]].rules:this.conditions.INITIAL.rules},topState:function(t){return(t=this.conditionStack.length-1-Math.abs(t||0))>=0?this.conditionStack[t]:"INITIAL"},pushState:function(t){this.begin(t)},stateStackSize:function(){return this.conditionStack.length},options:{"case-insensitive":!0},performAction:function(t,e,n,r){switch(n){case 0:return this.begin("open_directive"),37;case 1:return this.begin("type_directive"),38;case 2:return this.popState(),this.begin("arg_directive"),15;case 3:return this.popState(),this.popState(),40;case 4:return 39;case 5:case 6:break;case 7:return 11;case 8:break;case 9:return 9;case 10:return 36;case 11:return 4;case 12:return this.begin("block"),20;case 13:break;case 14:return 27;case 15:break;case 16:return this.popState(),22;case 17:return e.yytext[0];case 18:return 30;case 19:return 31;case 20:return 32;case 21:return 33;case 22:return 30;case 23:return 31;case 24:return 32;case 25:return 34;case 26:return 35;case 27:case 28:return 34;case 29:return 23;case 30:return e.yytext[0];case 31:return 6}},rules:[/^(?:%%\{)/i,/^(?:((?:(?!\}%%)[^:.])*))/i,/^(?::)/i,/^(?:\}%%)/i,/^(?:((?:(?!\}%%).|\n)*))/i,/^(?:%(?!\{)[^\n]*)/i,/^(?:[^\}]%%[^\n]*)/i,/^(?:[\n]+)/i,/^(?:\s+)/i,/^(?:[\s]+)/i,/^(?:"[^"]*")/i,/^(?:erDiagram\b)/i,/^(?:\{)/i,/^(?:\s+)/i,/^(?:[A-Za-z][A-Za-z0-9\-_]*)/i,/^(?:[\n]+)/i,/^(?:\})/i,/^(?:.)/i,/^(?:\|o\b)/i,/^(?:\}o\b)/i,/^(?:\}\|)/i,/^(?:\|\|)/i,/^(?:o\|)/i,/^(?:o\{)/i,/^(?:\|\{)/i,/^(?:\.\.)/i,/^(?:--)/i,/^(?:\.-)/i,/^(?:-\.)/i,/^(?:[A-Za-z][A-Za-z0-9\-_]*)/i,/^(?:.)/i,/^(?:$)/i],conditions:{open_directive:{rules:[1],inclusive:!1},type_directive:{rules:[2,3],inclusive:!1},arg_directive:{rules:[3,4],inclusive:!1},block:{rules:[13,14,15,16,17],inclusive:!1},INITIAL:{rules:[0,5,6,7,8,9,10,11,12,18,19,20,21,22,23,24,25,26,27,28,29,30,31],inclusive:!0}}};function v(){this.yy={}}return y.lexer=g,v.prototype=y,y.Parser=v,new v}();e.parser=i,e.Parser=i.Parser,e.parse=function(){return i.parse.apply(i,arguments)},e.main=function(r){r[1]||(console.log("Usage: "+r[0]+" FILE"),t.exit(1));var i=n(16).readFileSync(n(17).normalize(r[1]),"utf8");return e.parser.parse(i)},n.c[n.s]===r&&e.main(t.argv.slice(1))}).call(this,n(10),n(6)(t))},function(t,e,n){"use strict";var r;Object.defineProperty(e,"__esModule",{value:!0}),function(t){t[t.ALL=0]="ALL",t[t.RGB=1]="RGB",t[t.HSL=2]="HSL"}(r||(r={})),e.TYPE=r},function(t,e,n){"use strict";var r=n(12);t.exports=i;function i(t){this._isDirected=!r.has(t,"directed")||t.directed,this._isMultigraph=!!r.has(t,"multigraph")&&t.multigraph,this._isCompound=!!r.has(t,"compound")&&t.compound,this._label=void 0,this._defaultNodeLabelFn=r.constant(void 0),this._defaultEdgeLabelFn=r.constant(void 0),this._nodes={},this._isCompound&&(this._parent={},this._children={},this._children["\0"]={}),this._in={},this._preds={},this._out={},this._sucs={},this._edgeObjs={},this._edgeLabels={}}function a(t,e){t[e]?t[e]++:t[e]=1}function o(t,e){--t[e]||delete t[e]}function s(t,e,n,i){var a=""+e,o=""+n;if(!t&&a>o){var s=a;a=o,o=s}return a+"
"+o+"
"+(r.isUndefined(i)?"\0":i)}function c(t,e,n,r){var i=""+e,a=""+n;if(!t&&i>a){var o=i;i=a,a=o}var s={v:i,w:a};return r&&(s.name=r),s}function u(t,e){return s(t,e.v,e.w,e.name)}i.prototype._nodeCount=0,i.prototype._edgeCount=0,i.prototype.isDirected=function(){return this._isDirected},i.prototype.isMultigraph=function(){return this._isMultigraph},i.prototype.isCompound=function(){return this._isCompound},i.prototype.setGraph=function(t){return this._label=t,this},i.prototype.graph=function(){return this._label},i.prototype.setDefaultNodeLabel=function(t){return r.isFunction(t)||(t=r.constant(t)),this._defaultNodeLabelFn=t,this},i.prototype.nodeCount=function(){return this._nodeCount},i.prototype.nodes=function(){return r.keys(this._nodes)},i.prototype.sources=function(){var t=this;return r.filter(this.nodes(),(function(e){return r.isEmpty(t._in[e])}))},i.prototype.sinks=function(){var t=this;return r.filter(this.nodes(),(function(e){return r.isEmpty(t._out[e])}))},i.prototype.setNodes=function(t,e){var n=arguments,i=this;return r.each(t,(function(t){n.length>1?i.setNode(t,e):i.setNode(t)})),this},i.prototype.setNode=function(t,e){return r.has(this._nodes,t)?(arguments.length>1&&(this._nodes[t]=e),this):(this._nodes[t]=arguments.length>1?e:this._defaultNodeLabelFn(t),this._isCompound&&(this._parent[t]="\0",this._children[t]={},this._children["\0"][t]=!0),this._in[t]={},this._preds[t]={},this._out[t]={},this._sucs[t]={},++this._nodeCount,this)},i.prototype.node=function(t){return this._nodes[t]},i.prototype.hasNode=function(t){return r.has(this._nodes,t)},i.prototype.removeNode=function(t){var e=this;if(r.has(this._nodes,t)){var n=function(t){e.removeEdge(e._edgeObjs[t])};delete this._nodes[t],this._isCompound&&(this._removeFromParentsChildList(t),delete this._parent[t],r.each(this.children(t),(function(t){e.setParent(t)})),delete this._children[t]),r.each(r.keys(this._in[t]),n),delete this._in[t],delete this._preds[t],r.each(r.keys(this._out[t]),n),delete this._out[t],delete this._sucs[t],--this._nodeCount}return this},i.prototype.setParent=function(t,e){if(!this._isCompound)throw new Error("Cannot set parent in a non-compound graph");if(r.isUndefined(e))e="\0";else{for(var n=e+="";!r.isUndefined(n);n=this.parent(n))if(n===t)throw new Error("Setting "+e+" as parent of "+t+" would create a cycle");this.setNode(e)}return this.setNode(t),this._removeFromParentsChildList(t),this._parent[t]=e,this._children[e][t]=!0,this},i.prototype._removeFromParentsChildList=function(t){delete this._children[this._parent[t]][t]},i.prototype.parent=function(t){if(this._isCompound){var e=this._parent[t];if("\0"!==e)return e}},i.prototype.children=function(t){if(r.isUndefined(t)&&(t="\0"),this._isCompound){var e=this._children[t];if(e)return r.keys(e)}else{if("\0"===t)return this.nodes();if(this.hasNode(t))return[]}},i.prototype.predecessors=function(t){var e=this._preds[t];if(e)return r.keys(e)},i.prototype.successors=function(t){var e=this._sucs[t];if(e)return r.keys(e)},i.prototype.neighbors=function(t){var e=this.predecessors(t);if(e)return r.union(e,this.successors(t))},i.prototype.isLeaf=function(t){return 0===(this.isDirected()?this.successors(t):this.neighbors(t)).length},i.prototype.filterNodes=function(t){var e=new this.constructor({directed:this._isDirected,multigraph:this._isMultigraph,compound:this._isCompound});e.setGraph(this.graph());var n=this;r.each(this._nodes,(function(n,r){t(r)&&e.setNode(r,n)})),r.each(this._edgeObjs,(function(t){e.hasNode(t.v)&&e.hasNode(t.w)&&e.setEdge(t,n.edge(t))}));var i={};return this._isCompound&&r.each(e.nodes(),(function(t){e.setParent(t,function t(r){var a=n.parent(r);return void 0===a||e.hasNode(a)?(i[r]=a,a):a in i?i[a]:t(a)}(t))})),e},i.prototype.setDefaultEdgeLabel=function(t){return r.isFunction(t)||(t=r.constant(t)),this._defaultEdgeLabelFn=t,this},i.prototype.edgeCount=function(){return this._edgeCount},i.prototype.edges=function(){return r.values(this._edgeObjs)},i.prototype.setPath=function(t,e){var n=this,i=arguments;return r.reduce(t,(function(t,r){return i.length>1?n.setEdge(t,r,e):n.setEdge(t,r),r})),this},i.prototype.setEdge=function(){var t,e,n,i,o=!1,u=arguments[0];"object"==typeof u&&null!==u&&"v"in u?(t=u.v,e=u.w,n=u.name,2===arguments.length&&(i=arguments[1],o=!0)):(t=u,e=arguments[1],n=arguments[3],arguments.length>2&&(i=arguments[2],o=!0)),t=""+t,e=""+e,r.isUndefined(n)||(n=""+n);var l=s(this._isDirected,t,e,n);if(r.has(this._edgeLabels,l))return o&&(this._edgeLabels[l]=i),this;if(!r.isUndefined(n)&&!this._isMultigraph)throw new Error("Cannot set a named edge when isMultigraph = false");this.setNode(t),this.setNode(e),this._edgeLabels[l]=o?i:this._defaultEdgeLabelFn(t,e,n);var h=c(this._isDirected,t,e,n);return t=h.v,e=h.w,Object.freeze(h),this._edgeObjs[l]=h,a(this._preds[e],t),a(this._sucs[t],e),this._in[e][l]=h,this._out[t][l]=h,this._edgeCount++,this},i.prototype.edge=function(t,e,n){var r=1===arguments.length?u(this._isDirected,arguments[0]):s(this._isDirected,t,e,n);return this._edgeLabels[r]},i.prototype.hasEdge=function(t,e,n){var i=1===arguments.length?u(this._isDirected,arguments[0]):s(this._isDirected,t,e,n);return r.has(this._edgeLabels,i)},i.prototype.removeEdge=function(t,e,n){var r=1===arguments.length?u(this._isDirected,arguments[0]):s(this._isDirected,t,e,n),i=this._edgeObjs[r];return i&&(t=i.v,e=i.w,delete this._edgeLabels[r],delete this._edgeObjs[r],o(this._preds[e],t),o(this._sucs[t],e),delete this._in[e][r],delete this._out[t][r],this._edgeCount--),this},i.prototype.inEdges=function(t,e){var n=this._in[t];if(n){var i=r.values(n);return e?r.filter(i,(function(t){return t.v===e})):i}},i.prototype.outEdges=function(t,e){var n=this._out[t];if(n){var i=r.values(n);return e?r.filter(i,(function(t){return t.w===e})):i}},i.prototype.nodeEdges=function(t,e){var n=this.inEdges(t,e);if(n)return n.concat(this.outEdges(t,e))}},function(t,e,n){var r=n(33)(n(19),"Map");t.exports=r},function(t,e,n){var r=n(218),i=n(225),a=n(227),o=n(228),s=n(229);function c(t){var e=-1,n=null==t?0:t.length;for(this.clear();++e<n;){var r=t[e];this.set(r[0],r[1])}}c.prototype.clear=r,c.prototype.delete=i,c.prototype.get=a,c.prototype.has=o,c.prototype.set=s,t.exports=c},function(t,e){t.exports=function(t,e){for(var n=-1,r=null==t?0:t.length;++n<r&&!1!==e(t[n],n,t););return t}},function(t,e){t.exports=function(t){return"number"==typeof t&&t>-1&&t%1==0&&t<=9007199254740991}},function(t,e,n){(function(t){var r=n(110),i=e&&!e.nodeType&&e,a=i&&"object"==typeof t&&t&&!t.nodeType&&t,o=a&&a.exports===i&&r.process,s=function(){try{var t=a&&a.require&&a.require("util").types;return t||o&&o.binding&&o.binding("util")}catch(t){}}();t.exports=s}).call(this,n(6)(t))},function(t,e,n){var r=n(63),i=n(235),a=Object.prototype.hasOwnProperty;t.exports=function(t){if(!r(t))return i(t);var e=[];for(var n in Object(t))a.call(t,n)&&"constructor"!=n&&e.push(n);return e}},function(t,e,n){var r=n(117),i=n(118),a=Object.prototype.propertyIsEnumerable,o=Object.getOwnPropertySymbols,s=o?function(t){return null==t?[]:(t=Object(t),r(o(t),(function(e){return a.call(t,e)})))}:i;t.exports=s},function(t,e){t.exports=function(t,e){for(var n=-1,r=e.length,i=t.length;++n<r;)t[i+n]=e[n];return t}},function(t,e,n){var r=n(123);t.exports=function(t){var e=new t.constructor(t.byteLength);return new r(e).set(new r(t)),e}},function(t,e){t.exports=function(t){return function(){return t}}},function(t,e,n){t.exports=n(127)},function(t,e,n){var r=n(90),i=n(30);t.exports=function(t,e){return t&&r(t,e,i)}},function(t,e,n){var r=n(254)();t.exports=r},function(t,e){t.exports=function(t){var e=-1,n=Array(t.size);return t.forEach((function(t){n[++e]=t})),n}},function(t,e,n){var r=n(66),i=n(49);t.exports=function(t,e){for(var n=0,a=(e=r(e,t)).length;null!=t&&n<a;)t=t[i(e[n++])];return n&&n==a?t:void 0}},function(t,e,n){var r=n(5),i=n(43),a=/\.|\[(?:[^[\]]*|(["'])(?:(?!\1)[^\\]|\\.)*?\1)\]/,o=/^\w*$/;t.exports=function(t,e){if(r(t))return!1;var n=typeof t;return!("number"!=n&&"symbol"!=n&&"boolean"!=n&&null!=t&&!i(t))||(o.test(t)||!a.test(t)||null!=e&&t in Object(e))}},function(t,e,n){var r=n(276),i=n(138);t.exports=function(t,e){return null!=t&&i(t,e,r)}},function(t,e,n){var r=n(85),i=n(288);t.exports=function t(e,n,a,o,s){var c=-1,u=e.length;for(a||(a=i),s||(s=[]);++c<u;){var l=e[c];n>0&&a(l)?n>1?t(l,n-1,a,o,s):r(s,l):o||(s[s.length]=l)}return s}},function(t,e,n){var r=n(43);t.exports=function(t,e,n){for(var i=-1,a=t.length;++i<a;){var o=t[i],s=e(o);if(null!=s&&(void 0===c?s==s&&!r(s):n(s,c)))var c=s,u=o}return u}},function(t,e){t.exports=function(t,e,n,r){var i=t.x,a=t.y,o=i-r.x,s=a-r.y,c=Math.sqrt(e*e*s*s+n*n*o*o),u=Math.abs(e*n*o/c);r.x<i&&(u=-u);var l=Math.abs(e*n*s/c);r.y<a&&(l=-l);return{x:i+u,y:a+l}}},function(t,e,n){var r=n(373),i=n(50),a=n(374);t.exports=function(t,e,n){var o=e.label,s=t.append("g");"svg"===e.labelType?a(s,e):"string"!=typeof o||"html"===e.labelType?i(s,e):r(s,e);var c,u=s.node().getBBox();switch(n){case"top":c=-e.height/2;break;case"bottom":c=e.height/2-u.height;break;default:c=-u.height/2}return s.attr("transform","translate("+-u.width/2+","+c+")"),s}},function(t,e){},function(t,e,n){"use strict";Object.defineProperty(e,"__esModule",{value:!0});var r=n(11),i=n(45),a=n(179),o={re:/^#((?:[a-f0-9]{2}){2,4}|[a-f0-9]{3})$/i,parse:function(t){if(35===t.charCodeAt(0)){var e=t.match(o.re);if(e){var n=e[1],r=parseInt(n,16),a=n.length,s=a%4==0,c=a>4,u=c?1:17,l=c?8:4,h=s?0:-1,f=c?255:15;return i.default.set({r:(r>>l*(h+3)&f)*u,g:(r>>l*(h+2)&f)*u,b:(r>>l*(h+1)&f)*u,a:s?(r&f)*u/255:1},t)}}},stringify:function(t){return t.a<1?"#"+a.DEC2HEX[Math.round(t.r)]+a.DEC2HEX[Math.round(t.g)]+a.DEC2HEX[Math.round(t.b)]+r.default.unit.frac2hex(t.a):"#"+a.DEC2HEX[Math.round(t.r)]+a.DEC2HEX[Math.round(t.g)]+a.DEC2HEX[Math.round(t.b)]}};e.default=o},function(t,e,n){"use strict";Object.defineProperty(e,"__esModule",{value:!0});var r=n(11),i=n(45),a=n(18);e.default=function(t,e,n,o){void 0===o&&(o=1);var s=i.default.set({h:r.default.channel.clamp.h(t),s:r.default.channel.clamp.s(e),l:r.default.channel.clamp.l(n),a:r.default.channel.clamp.a(o)});return a.default.stringify(s)}},function(t,e,n){"use strict";Object.defineProperty(e,"__esModule",{value:!0});var r=n(29);e.default=function(t){return r.default(t,"a")}},function(t,e,n){"use strict";Object.defineProperty(e,"__esModule",{value:!0});var r=n(11),i=n(18);e.default=function(t){var e=i.default.parse(t),n=e.r,a=e.g,o=e.b,s=.2126*r.default.channel.toLinear(n)+.7152*r.default.channel.toLinear(a)+.0722*r.default.channel.toLinear(o);return r.default.lang.round(s)}},function(t,e,n){"use strict";Object.defineProperty(e,"__esModule",{value:!0});var r=n(103);e.default=function(t){return r.default(t)>=.5}},function(t,e,n){"use strict";Object.defineProperty(e,"__esModule",{value:!0});var r=n(32);e.default=function(t,e){return r.default(t,"a",e)}},function(t,e,n){"use strict";Object.defineProperty(e,"__esModule",{value:!0});var r=n(32);e.default=function(t,e){return r.default(t,"a",-e)}},function(t,e,n){"use strict";Object.defineProperty(e,"__esModule",{value:!0});var r=n(18),i=n(53);e.default=function(t,e){var n=r.default.parse(t),a={};for(var o in e)e[o]&&(a[o]=n[o]+e[o]);return i.default(t,a)}},function(t,e,n){"use strict";Object.defineProperty(e,"__esModule",{value:!0});var r=n(18),i=n(52);e.default=function(t,e,n){void 0===n&&(n=50);var a=r.default.parse(t),o=a.r,s=a.g,c=a.b,u=a.a,l=r.default.parse(e),h=l.r,f=l.g,d=l.b,p=l.a,y=n/100,g=2*y-1,v=u-p,m=((g*v==-1?g:(g+v)/(1+g*v))+1)/2,b=1-m,_=o*m+h*b,x=s*m+f*b,k=c*m+d*b,w=u*y+p*(1-y);return i.default(_,x,k,w)}},function(t,e,n){var r=n(54),i=n(80),a=n(59),o=n(230),s=n(236),c=n(115),u=n(116),l=n(239),h=n(240),f=n(120),d=n(241),p=n(42),y=n(245),g=n(246),v=n(125),m=n(5),b=n(40),_=n(250),x=n(13),k=n(252),w=n(30),E={};E["[object Arguments]"]=E["[object Array]"]=E["[object ArrayBuffer]"]=E["[object DataView]"]=E["[object Boolean]"]=E["[object Date]"]=E["[object Float32Array]"]=E["[object Float64Array]"]=E["[object Int8Array]"]=E["[object Int16Array]"]=E["[object Int32Array]"]=E["[object Map]"]=E["[object Number]"]=E["[object Object]"]=E["[object RegExp]"]=E["[object Set]"]=E["[object String]"]=E["[object Symbol]"]=E["[object Uint8Array]"]=E["[object Uint8ClampedArray]"]=E["[object Uint16Array]"]=E["[object Uint32Array]"]=!0,E["[object Error]"]=E["[object Function]"]=E["[object WeakMap]"]=!1,t.exports=function t(e,n,T,C,S,A){var M,O=1&n,N=2&n,D=4&n;if(T&&(M=S?T(e,C,S,A):T(e)),void 0!==M)return M;if(!x(e))return e;var B=m(e);if(B){if(M=y(e),!O)return u(e,M)}else{var L=p(e),I="[object Function]"==L||"[object GeneratorFunction]"==L;if(b(e))return c(e,O);if("[object Object]"==L||"[object Arguments]"==L||I&&!S){if(M=N||I?{}:v(e),!O)return N?h(e,s(M,e)):l(e,o(M,e))}else{if(!E[L])return S?e:{};M=g(e,L,O)}}A||(A=new r);var R=A.get(e);if(R)return R;A.set(e,M),k(e)?e.forEach((function(r){M.add(t(r,n,T,r,e,A))})):_(e)&&e.forEach((function(r,i){M.set(i,t(r,n,T,i,e,A))}));var F=D?N?d:f:N?keysIn:w,P=B?void 0:F(e);return i(P||e,(function(r,i){P&&(r=e[i=r]),a(M,i,t(r,n,T,i,e,A))})),M}},function(t,e,n){(function(e){var n="object"==typeof e&&e&&e.Object===Object&&e;t.exports=n}).call(this,n(212))},function(t,e){var n=Function.prototype.toString;t.exports=function(t){if(null!=t){try{return n.call(t)}catch(t){}try{return t+""}catch(t){}}return""}},function(t,e,n){var r=n(33),i=function(){try{var t=r(Object,"defineProperty");return t({},"",{}),t}catch(t){}}();t.exports=i},function(t,e,n){var r=n(231),i=n(47),a=n(5),o=n(40),s=n(61),c=n(48),u=Object.prototype.hasOwnProperty;t.exports=function(t,e){var n=a(t),l=!n&&i(t),h=!n&&!l&&o(t),f=!n&&!l&&!h&&c(t),d=n||l||h||f,p=d?r(t.length,String):[],y=p.length;for(var g in t)!e&&!u.call(t,g)||d&&("length"==g||h&&("offset"==g||"parent"==g)||f&&("buffer"==g||"byteLength"==g||"byteOffset"==g)||s(g,y))||p.push(g);return p}},function(t,e){t.exports=function(t,e){return function(n){return t(e(n))}}},function(t,e,n){(function(t){var r=n(19),i=e&&!e.nodeType&&e,a=i&&"object"==typeof t&&t&&!t.nodeType&&t,o=a&&a.exports===i?r.Buffer:void 0,s=o?o.allocUnsafe:void 0;t.exports=function(t,e){if(e)return t.slice();var n=t.length,r=s?s(n):new t.constructor(n);return t.copy(r),r}}).call(this,n(6)(t))},function(t,e){t.exports=function(t,e){var n=-1,r=t.length;for(e||(e=Array(r));++n<r;)e[n]=t[n];return e}},function(t,e){t.exports=function(t,e){for(var n=-1,r=null==t?0:t.length,i=0,a=[];++n<r;){var o=t[n];e(o,n,t)&&(a[i++]=o)}return a}},function(t,e){t.exports=function(){return[]}},function(t,e,n){var r=n(85),i=n(64),a=n(84),o=n(118),s=Object.getOwnPropertySymbols?function(t){for(var e=[];t;)r(e,a(t)),t=i(t);return e}:o;t.exports=s},function(t,e,n){var r=n(121),i=n(84),a=n(30);t.exports=function(t){return r(t,a,i)}},function(t,e,n){var r=n(85),i=n(5);t.exports=function(t,e,n){var a=e(t);return i(t)?a:r(a,n(t))}},function(t,e,n){var r=n(33)(n(19),"Set");t.exports=r},function(t,e,n){var r=n(19).Uint8Array;t.exports=r},function(t,e,n){var r=n(86);t.exports=function(t,e){var n=e?r(t.buffer):t.buffer;return new t.constructor(n,t.byteOffset,t.length)}},function(t,e,n){var r=n(126),i=n(64),a=n(63);t.exports=function(t){return"function"!=typeof t.constructor||a(t)?{}:r(i(t))}},function(t,e,n){var r=n(13),i=Object.create,a=function(){function t(){}return function(e){if(!r(e))return{};if(i)return i(e);t.prototype=e;var n=new t;return t.prototype=void 0,n}}();t.exports=a},function(t,e,n){var r=n(80),i=n(65),a=n(128),o=n(5);t.exports=function(t,e){return(o(t)?r:i)(t,a(e))}},function(t,e,n){var r=n(35);t.exports=function(t){return"function"==typeof t?t:r}},function(t,e,n){var r=n(117),i=n(256),a=n(25),o=n(5);t.exports=function(t,e){return(o(t)?r:i)(t,a(e,3))}},function(t,e,n){var r=n(259),i=n(21);t.exports=function t(e,n,a,o,s){return e===n||(null==e||null==n||!i(e)&&!i(n)?e!=e&&n!=n:r(e,n,a,o,t,s))}},function(t,e,n){var r=n(132),i=n(262),a=n(133);t.exports=function(t,e,n,o,s,c){var u=1&n,l=t.length,h=e.length;if(l!=h&&!(u&&h>l))return!1;var f=c.get(t);if(f&&c.get(e))return f==e;var d=-1,p=!0,y=2&n?new r:void 0;for(c.set(t,e),c.set(e,t);++d<l;){var g=t[d],v=e[d];if(o)var m=u?o(v,g,d,e,t,c):o(g,v,d,t,e,c);if(void 0!==m){if(m)continue;p=!1;break}if(y){if(!i(e,(function(t,e){if(!a(y,e)&&(g===t||s(g,t,n,o,c)))return y.push(e)}))){p=!1;break}}else if(g!==v&&!s(g,v,n,o,c)){p=!1;break}}return c.delete(t),c.delete(e),p}},function(t,e,n){var r=n(79),i=n(260),a=n(261);function o(t){var e=-1,n=null==t?0:t.length;for(this.__data__=new r;++e<n;)this.add(t[e])}o.prototype.add=o.prototype.push=i,o.prototype.has=a,t.exports=o},function(t,e){t.exports=function(t,e){return t.has(e)}},function(t,e,n){var r=n(13);t.exports=function(t){return t==t&&!r(t)}},function(t,e){t.exports=function(t,e){return function(n){return null!=n&&(n[t]===e&&(void 0!==e||t in Object(n)))}}},function(t,e,n){var r=n(272);t.exports=function(t){return null==t?"":r(t)}},function(t,e,n){var r=n(273),i=n(138);t.exports=function(t,e){return null!=t&&i(t,e,r)}},function(t,e,n){var r=n(66),i=n(47),a=n(5),o=n(61),s=n(81),c=n(49);t.exports=function(t,e,n){for(var u=-1,l=(e=r(e,t)).length,h=!1;++u<l;){var f=c(e[u]);if(!(h=null!=t&&n(t,f)))break;t=t[f]}return h||++u!=l?h:!!(l=null==t?0:t.length)&&s(l)&&o(f,l)&&(a(t)||i(t))}},function(t,e){t.exports=function(t){return function(e){return null==e?void 0:e[t]}}},function(t,e){t.exports=function(t){return void 0===t}},function(t,e,n){var r=n(67),i=n(25),a=n(142),o=n(5);t.exports=function(t,e){return(o(t)?r:a)(t,i(e,3))}},function(t,e,n){var r=n(65),i=n(24);t.exports=function(t,e){var n=-1,a=i(t)?Array(t.length):[];return r(t,(function(t,r,i){a[++n]=e(t,r,i)})),a}},function(t,e,n){var r=n(278),i=n(65),a=n(25),o=n(279),s=n(5);t.exports=function(t,e,n){var c=s(t)?r:o,u=arguments.length<3;return c(t,a(e,4),n,u,i)}},function(t,e,n){var r=n(289),i=Math.max;t.exports=function(t,e,n){return e=i(void 0===e?t.length-1:e,0),function(){for(var a=arguments,o=-1,s=i(a.length-e,0),c=Array(s);++o<s;)c[o]=a[e+o];o=-1;for(var u=Array(e+1);++o<e;)u[o]=a[o];return u[e]=n(c),r(t,this,u)}}},function(t,e,n){var r=n(290),i=n(291)(r);t.exports=i},function(t,e){t.exports=function(t,e,n,r){for(var i=t.length,a=n+(r?1:-1);r?a--:++a<i;)if(e(t[a],a,t))return a;return-1}},function(t,e,n){var r=n(24),i=n(21);t.exports=function(t){return i(t)&&r(t)}},function(t,e,n){var r=n(300),i=n(30);t.exports=function(t){return null==t?[]:r(t,i(t))}},function(t,e,n){var r=n(12),i=n(150);t.exports=function(t,e,n,r){return function(t,e,n,r){var a,o,s={},c=new i,u=function(t){var e=t.v!==a?t.v:t.w,r=s[e],i=n(t),u=o.distance+i;if(i<0)throw new Error("dijkstra does not allow negative edge weights. Bad edge: "+t+" Weight: "+i);u<r.distance&&(r.distance=u,r.predecessor=a,c.decrease(e,u))};t.nodes().forEach((function(t){var n=t===e?0:Number.POSITIVE_INFINITY;s[t]={distance:n},c.add(t,n)}));for(;c.size()>0&&(a=c.removeMin(),(o=s[a]).distance!==Number.POSITIVE_INFINITY);)r(a).forEach(u);return s}(t,String(e),n||a,r||function(e){return t.outEdges(e)})};var a=r.constant(1)},function(t,e,n){var r=n(12);function i(){this._arr=[],this._keyIndices={}}t.exports=i,i.prototype.size=function(){return this._arr.length},i.prototype.keys=function(){return this._arr.map((function(t){return t.key}))},i.prototype.has=function(t){return r.has(this._keyIndices,t)},i.prototype.priority=function(t){var e=this._keyIndices[t];if(void 0!==e)return this._arr[e].priority},i.prototype.min=function(){if(0===this.size())throw new Error("Queue underflow");return this._arr[0].key},i.prototype.add=function(t,e){var n=this._keyIndices;if(t=String(t),!r.has(n,t)){var i=this._arr,a=i.length;return n[t]=a,i.push({key:t,priority:e}),this._decrease(a),!0}return!1},i.prototype.removeMin=function(){this._swap(0,this._arr.length-1);var t=this._arr.pop();return delete this._keyIndices[t.key],this._heapify(0),t.key},i.prototype.decrease=function(t,e){var n=this._keyIndices[t];if(e>this._arr[n].priority)throw new Error("New priority is greater than current priority. Key: "+t+" Old: "+this._arr[n].priority+" New: "+e);this._arr[n].priority=e,this._decrease(n)},i.prototype._heapify=function(t){var e=this._arr,n=2*t,r=n+1,i=t;n<e.length&&(i=e[n].priority<e[i].priority?n:i,r<e.length&&(i=e[r].priority<e[i].priority?r:i),i!==t&&(this._swap(t,i),this._heapify(i)))},i.prototype._decrease=function(t){for(var e,n=this._arr,r=n[t].priority;0!==t&&!(n[e=t>>1].priority<r);)this._swap(t,e),t=e},i.prototype._swap=function(t,e){var n=this._arr,r=this._keyIndices,i=n[t],a=n[e];n[t]=a,n[e]=i,r[a.key]=t,r[i.key]=e}},function(t,e,n){var r=n(12);t.exports=function(t){var e=0,n=[],i={},a=[];return t.nodes().forEach((function(o){r.has(i,o)||function o(s){var c=i[s]={onStack:!0,lowlink:e,index:e++};if(n.push(s),t.successors(s).forEach((function(t){r.has(i,t)?i[t].onStack&&(c.lowlink=Math.min(c.lowlink,i[t].index)):(o(t),c.lowlink=Math.min(c.lowlink,i[t].lowlink))})),c.lowlink===c.index){var u,l=[];do{u=n.pop(),i[u].onStack=!1,l.push(u)}while(s!==u);a.push(l)}}(o)})),a}},function(t,e,n){var r=n(12);function i(t){var e={},n={},i=[];if(r.each(t.sinks(),(function o(s){if(r.has(n,s))throw new a;r.has(e,s)||(n[s]=!0,e[s]=!0,r.each(t.predecessors(s),o),delete n[s],i.push(s))})),r.size(e)!==t.nodeCount())throw new a;return i}function a(){}t.exports=i,i.CycleException=a,a.prototype=new Error},function(t,e,n){var r=n(12);t.exports=function(t,e,n){r.isArray(e)||(e=[e]);var i=(t.isDirected()?t.successors:t.neighbors).bind(t),a=[],o={};return r.each(e,(function(e){if(!t.hasNode(e))throw new Error("Graph does not have node: "+e);!function t(e,n,i,a,o,s){r.has(a,n)||(a[n]=!0,i||s.push(n),r.each(o(n),(function(n){t(e,n,i,a,o,s)})),i&&s.push(n))}(t,e,"post"===n,o,i,a)})),a}},function(t,e,n){var r;try{r=n(9)}catch(t){}r||(r=window.dagre),t.exports=r},function(t,e,n){var r=n(68),i=n(37),a=n(69),o=n(41),s=Object.prototype,c=s.hasOwnProperty,u=r((function(t,e){t=Object(t);var n=-1,r=e.length,u=r>2?e[2]:void 0;for(u&&a(e[0],e[1],u)&&(r=1);++n<r;)for(var l=e[n],h=o(l),f=-1,d=h.length;++f<d;){var p=h[f],y=t[p];(void 0===y||i(y,s[p])&&!c.call(t,p))&&(t[p]=l[p])}return t}));t.exports=u},function(t,e,n){var r=n(319);t.exports=function(t){return t?(t=r(t))===1/0||t===-1/0?17976931348623157e292*(t<0?-1:1):t==t?t:0:0===t?t:0}},function(t,e,n){var r=n(95);t.exports=function(t){return(null==t?0:t.length)?r(t,1):[]}},function(t,e,n){var r=n(60),i=n(37);t.exports=function(t,e,n){(void 0===n||i(t[e],n))&&(void 0!==n||e in t)||r(t,e,n)}},function(t,e,n){var r=n(34),i=n(64),a=n(21),o=Function.prototype,s=Object.prototype,c=o.toString,u=s.hasOwnProperty,l=c.call(Object);t.exports=function(t){if(!a(t)||"[object Object]"!=r(t))return!1;var e=i(t);if(null===e)return!0;var n=u.call(e,"constructor")&&e.constructor;return"function"==typeof n&&n instanceof n&&c.call(n)==l}},function(t,e){t.exports=function(t,e){if(("constructor"!==e||"function"!=typeof t[e])&&"__proto__"!=e)return t[e]}},function(t,e){t.exports=function(t,e){return t<e}},function(t,e,n){var r=n(333),i=n(336)((function(t,e){return null==t?{}:r(t,e)}));t.exports=i},function(t,e,n){var r=n(337)();t.exports=r},function(t,e,n){var r=n(136),i=0;t.exports=function(t){var e=++i;return r(t)+e}},function(t,e,n){"use strict";var r=n(4),i=n(20).Graph,a=n(70).slack;function o(t,e){return r.forEach(t.nodes(),(function n(i){r.forEach(e.nodeEdges(i),(function(r){var o=r.v,s=i===o?r.w:o;t.hasNode(s)||a(e,r)||(t.setNode(s,{}),t.setEdge(i,s,{}),n(s))}))})),t.nodeCount()}function s(t,e){return r.minBy(e.edges(),(function(n){if(t.hasNode(n.v)!==t.hasNode(n.w))return a(e,n)}))}function c(t,e,n){r.forEach(t.nodes(),(function(t){e.node(t).rank+=n}))}t.exports=function(t){var e,n,r=new i({directed:!1}),u=t.nodes()[0],l=t.nodeCount();r.setNode(u,{});for(;o(r,t)<l;)e=s(r,t),n=r.hasNode(e.v)?a(t,e):-a(t,e),c(r,t,n);return r}},function(t,e){t.exports=function(t,e){return t.intersect(e)}},function(t,e,n){var r=n(97);t.exports=function(t,e,n){return r(t,e,e,n)}},function(t,e,n){var r=n(370);t.exports=function(t,e,n){var i=t.x,a=t.y,o=[],s=Number.POSITIVE_INFINITY,c=Number.POSITIVE_INFINITY;e.forEach((function(t){s=Math.min(s,t.x),c=Math.min(c,t.y)}));for(var u=i-t.width/2-s,l=a-t.height/2-c,h=0;h<e.length;h++){var f=e[h],d=e[h<e.length-1?h+1:0],p=r(t,n,{x:u+f.x,y:l+f.y},{x:u+d.x,y:l+d.y});p&&o.push(p)}if(!o.length)return console.log("NO INTERSECTION FOUND, RETURN NODE CENTER",t),t;o.length>1&&o.sort((function(t,e){var r=t.x-n.x,i=t.y-n.y,a=Math.sqrt(r*r+i*i),o=e.x-n.x,s=e.y-n.y,c=Math.sqrt(o*o+s*s);return a<c?-1:a===c?0:1}));return o[0]}},function(t,e){t.exports=function(t,e){var n,r,i=t.x,a=t.y,o=e.x-i,s=e.y-a,c=t.width/2,u=t.height/2;Math.abs(s)*c>Math.abs(o)*u?(s<0&&(u=-u),n=0===s?0:u*o/s,r=u):(o<0&&(c=-c),n=c,r=0===o?0:c*s/o);return{x:i+n,y:a+r}}},function(t,e,n){t.exports=function t(e){"use strict";var n=/^\0+/g,r=/[\0\r\f]/g,i=/: */g,a=/zoo|gra/,o=/([,: ])(transform)/g,s=/,+\s*(?![^(]*[)])/g,c=/ +\s*(?![^(]*[)])/g,u=/ *[\0] */g,l=/,\r+?/g,h=/([\t\r\n ])*\f?&/g,f=/:global\(((?:[^\(\)\[\]]*|\[.*\]|\([^\(\)]*\))*)\)/g,d=/\W+/g,p=/@(k\w+)\s*(\S*)\s*/,y=/::(place)/g,g=/:(read-only)/g,v=/\s+(?=[{\];=:>])/g,m=/([[}=:>])\s+/g,b=/(\{[^{]+?);(?=\})/g,_=/\s{2,}/g,x=/([^\(])(:+) */g,k=/[svh]\w+-[tblr]{2}/,w=/\(\s*(.*)\s*\)/g,E=/([\s\S]*?);/g,T=/-self|flex-/g,C=/[^]*?(:[rp][el]a[\w-]+)[^]*/,S=/stretch|:\s*\w+\-(?:conte|avail)/,A=/([^-])(image-set\()/,M="-webkit-",O="-moz-",N="-ms-",D=1,B=1,L=0,I=1,R=1,F=1,P=0,j=0,Y=0,z=[],U=[],$=0,W=null,V=0,q=1,H="",G="",X="";function Z(t,e,i,a,o){for(var s,c,l=0,h=0,f=0,d=0,v=0,m=0,b=0,_=0,k=0,E=0,T=0,C=0,S=0,A=0,O=0,N=0,P=0,U=0,W=0,K=i.length,it=K-1,at="",ot="",st="",ct="",ut="",lt="";O<K;){if(b=i.charCodeAt(O),O===it&&h+d+f+l!==0&&(0!==h&&(b=47===h?10:47),d=f=l=0,K++,it++),h+d+f+l===0){if(O===it&&(N>0&&(ot=ot.replace(r,"")),ot.trim().length>0)){switch(b){case 32:case 9:case 59:case 13:case 10:break;default:ot+=i.charAt(O)}b=59}if(1===P)switch(b){case 123:case 125:case 59:case 34:case 39:case 40:case 41:case 44:P=0;case 9:case 13:case 10:case 32:break;default:for(P=0,W=O,v=b,O--,b=59;W<K;)switch(i.charCodeAt(W++)){case 10:case 13:case 59:++O,b=v,W=K;break;case 58:N>0&&(++O,b=v);case 123:W=K}}switch(b){case 123:for(v=(ot=ot.trim()).charCodeAt(0),T=1,W=++O;O<K;){switch(b=i.charCodeAt(O)){case 123:T++;break;case 125:T--;break;case 47:switch(m=i.charCodeAt(O+1)){case 42:case 47:O=rt(m,O,it,i)}break;case 91:b++;case 40:b++;case 34:case 39:for(;O++<it&&i.charCodeAt(O)!==b;);}if(0===T)break;O++}switch(st=i.substring(W,O),0===v&&(v=(ot=ot.replace(n,"").trim()).charCodeAt(0)),v){case 64:switch(N>0&&(ot=ot.replace(r,"")),m=ot.charCodeAt(1)){case 100:case 109:case 115:case 45:s=e;break;default:s=z}if(W=(st=Z(e,s,st,m,o+1)).length,Y>0&&0===W&&(W=ot.length),$>0&&(c=nt(3,st,s=Q(z,ot,U),e,B,D,W,m,o,a),ot=s.join(""),void 0!==c&&0===(W=(st=c.trim()).length)&&(m=0,st="")),W>0)switch(m){case 115:ot=ot.replace(w,et);case 100:case 109:case 45:st=ot+"{"+st+"}";break;case 107:st=(ot=ot.replace(p,"$1 $2"+(q>0?H:"")))+"{"+st+"}",st=1===R||2===R&&tt("@"+st,3)?"@"+M+st+"@"+st:"@"+st;break;default:st=ot+st,112===a&&(ct+=st,st="")}else st="";break;default:st=Z(e,Q(e,ot,U),st,a,o+1)}ut+=st,C=0,P=0,A=0,N=0,U=0,S=0,ot="",st="",b=i.charCodeAt(++O);break;case 125:case 59:if((W=(ot=(N>0?ot.replace(r,""):ot).trim()).length)>1)switch(0===A&&(45===(v=ot.charCodeAt(0))||v>96&&v<123)&&(W=(ot=ot.replace(" ",":")).length),$>0&&void 0!==(c=nt(1,ot,e,t,B,D,ct.length,a,o,a))&&0===(W=(ot=c.trim()).length)&&(ot="\0\0"),v=ot.charCodeAt(0),m=ot.charCodeAt(1),v){case 0:break;case 64:if(105===m||99===m){lt+=ot+i.charAt(O);break}default:if(58===ot.charCodeAt(W-1))break;ct+=J(ot,v,m,ot.charCodeAt(2))}C=0,P=0,A=0,N=0,U=0,ot="",b=i.charCodeAt(++O)}}switch(b){case 13:case 10:if(h+d+f+l+j===0)switch(E){case 41:case 39:case 34:case 64:case 126:case 62:case 42:case 43:case 47:case 45:case 58:case 44:case 59:case 123:case 125:break;default:A>0&&(P=1)}47===h?h=0:I+C===0&&107!==a&&ot.length>0&&(N=1,ot+="\0"),$*V>0&&nt(0,ot,e,t,B,D,ct.length,a,o,a),D=1,B++;break;case 59:case 125:if(h+d+f+l===0){D++;break}default:switch(D++,at=i.charAt(O),b){case 9:case 32:if(d+l+h===0)switch(_){case 44:case 58:case 9:case 32:at="";break;default:32!==b&&(at=" ")}break;case 0:at="\\0";break;case 12:at="\\f";break;case 11:at="\\v";break;case 38:d+h+l===0&&I>0&&(U=1,N=1,at="\f"+at);break;case 108:if(d+h+l+L===0&&A>0)switch(O-A){case 2:112===_&&58===i.charCodeAt(O-3)&&(L=_);case 8:111===k&&(L=k)}break;case 58:d+h+l===0&&(A=O);break;case 44:h+f+d+l===0&&(N=1,at+="\r");break;case 34:case 39:0===h&&(d=d===b?0:0===d?b:d);break;case 91:d+h+f===0&&l++;break;case 93:d+h+f===0&&l--;break;case 41:d+h+l===0&&f--;break;case 40:if(d+h+l===0){if(0===C)switch(2*_+3*k){case 533:break;default:T=0,C=1}f++}break;case 64:h+f+d+l+A+S===0&&(S=1);break;case 42:case 47:if(d+l+f>0)break;switch(h){case 0:switch(2*b+3*i.charCodeAt(O+1)){case 235:h=47;break;case 220:W=O,h=42}break;case 42:47===b&&42===_&&W+2!==O&&(33===i.charCodeAt(W+2)&&(ct+=i.substring(W,O+1)),at="",h=0)}}if(0===h){if(I+d+l+S===0&&107!==a&&59!==b)switch(b){case 44:case 126:case 62:case 43:case 41:case 40:if(0===C){switch(_){case 9:case 32:case 10:case 13:at+="\0";break;default:at="\0"+at+(44===b?"":"\0")}N=1}else switch(b){case 40:A+7===O&&108===_&&(A=0),C=++T;break;case 41:0==(C=--T)&&(N=1,at+="\0")}break;case 9:case 32:switch(_){case 0:case 123:case 125:case 59:case 44:case 12:case 9:case 32:case 10:case 13:break;default:0===C&&(N=1,at+="\0")}}ot+=at,32!==b&&9!==b&&(E=b)}}k=_,_=b,O++}if(W=ct.length,Y>0&&0===W&&0===ut.length&&0===e[0].length==0&&(109!==a||1===e.length&&(I>0?G:X)===e[0])&&(W=e.join(",").length+2),W>0){if(s=0===I&&107!==a?function(t){for(var e,n,i=0,a=t.length,o=Array(a);i<a;++i){for(var s=t[i].split(u),c="",l=0,h=0,f=0,d=0,p=s.length;l<p;++l)if(!(0===(h=(n=s[l]).length)&&p>1)){if(f=c.charCodeAt(c.length-1),d=n.charCodeAt(0),e="",0!==l)switch(f){case 42:case 126:case 62:case 43:case 32:case 40:break;default:e=" "}switch(d){case 38:n=e+G;case 126:case 62:case 43:case 32:case 41:case 40:break;case 91:n=e+n+G;break;case 58:switch(2*n.charCodeAt(1)+3*n.charCodeAt(2)){case 530:if(F>0){n=e+n.substring(8,h-1);break}default:(l<1||s[l-1].length<1)&&(n=e+G+n)}break;case 44:e="";default:n=h>1&&n.indexOf(":")>0?e+n.replace(x,"$1"+G+"$2"):e+n+G}c+=n}o[i]=c.replace(r,"").trim()}return o}(e):e,$>0&&void 0!==(c=nt(2,ct,s,t,B,D,W,a,o,a))&&0===(ct=c).length)return lt+ct+ut;if(ct=s.join(",")+"{"+ct+"}",R*L!=0){switch(2!==R||tt(ct,2)||(L=0),L){case 111:ct=ct.replace(g,":-moz-$1")+ct;break;case 112:ct=ct.replace(y,"::-webkit-input-$1")+ct.replace(y,"::-moz-$1")+ct.replace(y,":-ms-input-$1")+ct}L=0}}return lt+ct+ut}function Q(t,e,n){var r=e.trim().split(l),i=r,a=r.length,o=t.length;switch(o){case 0:case 1:for(var s=0,c=0===o?"":t[0]+" ";s<a;++s)i[s]=K(c,i[s],n,o).trim();break;default:s=0;var u=0;for(i=[];s<a;++s)for(var h=0;h<o;++h)i[u++]=K(t[h]+" ",r[s],n,o).trim()}return i}function K(t,e,n,r){var i=e,a=i.charCodeAt(0);switch(a<33&&(a=(i=i.trim()).charCodeAt(0)),a){case 38:switch(I+r){case 0:case 1:if(0===t.trim().length)break;default:return i.replace(h,"$1"+t.trim())}break;case 58:switch(i.charCodeAt(1)){case 103:if(F>0&&I>0)return i.replace(f,"$1").replace(h,"$1"+X);break;default:return t.trim()+i.replace(h,"$1"+t.trim())}default:if(n*I>0&&i.indexOf("\f")>0)return i.replace(h,(58===t.charCodeAt(0)?"":"$1")+t.trim())}return t+i}function J(t,e,n,r){var u,l=0,h=t+";",f=2*e+3*n+4*r;if(944===f)return function(t){var e=t.length,n=t.indexOf(":",9)+1,r=t.substring(0,n).trim(),i=t.substring(n,e-1).trim();switch(t.charCodeAt(9)*q){case 0:break;case 45:if(110!==t.charCodeAt(10))break;default:var a=i.split((i="",s)),o=0;for(n=0,e=a.length;o<e;n=0,++o){for(var u=a[o],l=u.split(c);u=l[n];){var h=u.charCodeAt(0);if(1===q&&(h>64&&h<90||h>96&&h<123||95===h||45===h&&45!==u.charCodeAt(1)))switch(isNaN(parseFloat(u))+(-1!==u.indexOf("("))){case 1:switch(u){case"infinite":case"alternate":case"backwards":case"running":case"normal":case"forwards":case"both":case"none":case"linear":case"ease":case"ease-in":case"ease-out":case"ease-in-out":case"paused":case"reverse":case"alternate-reverse":case"inherit":case"initial":case"unset":case"step-start":case"step-end":break;default:u+=H}}l[n++]=u}i+=(0===o?"":",")+l.join(" ")}}return i=r+i+";",1===R||2===R&&tt(i,1)?M+i+i:i}(h);if(0===R||2===R&&!tt(h,1))return h;switch(f){case 1015:return 97===h.charCodeAt(10)?M+h+h:h;case 951:return 116===h.charCodeAt(3)?M+h+h:h;case 963:return 110===h.charCodeAt(5)?M+h+h:h;case 1009:if(100!==h.charCodeAt(4))break;case 969:case 942:return M+h+h;case 978:return M+h+O+h+h;case 1019:case 983:return M+h+O+h+N+h+h;case 883:return 45===h.charCodeAt(8)?M+h+h:h.indexOf("image-set(",11)>0?h.replace(A,"$1-webkit-$2")+h:h;case 932:if(45===h.charCodeAt(4))switch(h.charCodeAt(5)){case 103:return M+"box-"+h.replace("-grow","")+M+h+N+h.replace("grow","positive")+h;case 115:return M+h+N+h.replace("shrink","negative")+h;case 98:return M+h+N+h.replace("basis","preferred-size")+h}return M+h+N+h+h;case 964:return M+h+N+"flex-"+h+h;case 1023:if(99!==h.charCodeAt(8))break;return u=h.substring(h.indexOf(":",15)).replace("flex-","").replace("space-between","justify"),M+"box-pack"+u+M+h+N+"flex-pack"+u+h;case 1005:return a.test(h)?h.replace(i,":"+M)+h.replace(i,":"+O)+h:h;case 1e3:switch(l=(u=h.substring(13).trim()).indexOf("-")+1,u.charCodeAt(0)+u.charCodeAt(l)){case 226:u=h.replace(k,"tb");break;case 232:u=h.replace(k,"tb-rl");break;case 220:u=h.replace(k,"lr");break;default:return h}return M+h+N+u+h;case 1017:if(-1===h.indexOf("sticky",9))return h;case 975:switch(l=(h=t).length-10,f=(u=(33===h.charCodeAt(l)?h.substring(0,l):h).substring(t.indexOf(":",7)+1).trim()).charCodeAt(0)+(0|u.charCodeAt(7))){case 203:if(u.charCodeAt(8)<111)break;case 115:h=h.replace(u,M+u)+";"+h;break;case 207:case 102:h=h.replace(u,M+(f>102?"inline-":"")+"box")+";"+h.replace(u,M+u)+";"+h.replace(u,N+u+"box")+";"+h}return h+";";case 938:if(45===h.charCodeAt(5))switch(h.charCodeAt(6)){case 105:return u=h.replace("-items",""),M+h+M+"box-"+u+N+"flex-"+u+h;case 115:return M+h+N+"flex-item-"+h.replace(T,"")+h;default:return M+h+N+"flex-line-pack"+h.replace("align-content","").replace(T,"")+h}break;case 973:case 989:if(45!==h.charCodeAt(3)||122===h.charCodeAt(4))break;case 931:case 953:if(!0===S.test(t))return 115===(u=t.substring(t.indexOf(":")+1)).charCodeAt(0)?J(t.replace("stretch","fill-available"),e,n,r).replace(":fill-available",":stretch"):h.replace(u,M+u)+h.replace(u,O+u.replace("fill-",""))+h;break;case 962:if(h=M+h+(102===h.charCodeAt(5)?N+h:"")+h,n+r===211&&105===h.charCodeAt(13)&&h.indexOf("transform",10)>0)return h.substring(0,h.indexOf(";",27)+1).replace(o,"$1-webkit-$2")+h}return h}function tt(t,e){var n=t.indexOf(1===e?":":"{"),r=t.substring(0,3!==e?n:10),i=t.substring(n+1,t.length-1);return W(2!==e?r:r.replace(C,"$1"),i,e)}function et(t,e){var n=J(e,e.charCodeAt(0),e.charCodeAt(1),e.charCodeAt(2));return n!==e+";"?n.replace(E," or ($1)").substring(4):"("+e+")"}function nt(t,e,n,r,i,a,o,s,c,u){for(var l,h=0,f=e;h<$;++h)switch(l=U[h].call(at,t,f,n,r,i,a,o,s,c,u)){case void 0:case!1:case!0:case null:break;default:f=l}if(f!==e)return f}function rt(t,e,n,r){for(var i=e+1;i<n;++i)switch(r.charCodeAt(i)){case 47:if(42===t&&42===r.charCodeAt(i-1)&&e+2!==i)return i+1;break;case 10:if(47===t)return i+1}return i}function it(t){for(var e in t){var n=t[e];switch(e){case"keyframe":q=0|n;break;case"global":F=0|n;break;case"cascade":I=0|n;break;case"compress":P=0|n;break;case"semicolon":j=0|n;break;case"preserve":Y=0|n;break;case"prefix":W=null,n?"function"!=typeof n?R=1:(R=2,W=n):R=0}}return it}function at(e,n){if(void 0!==this&&this.constructor===at)return t(e);var i=e,a=i.charCodeAt(0);a<33&&(a=(i=i.trim()).charCodeAt(0)),q>0&&(H=i.replace(d,91===a?"":"-")),a=1,1===I?X=i:G=i;var o,s=[X];$>0&&void 0!==(o=nt(-1,n,s,s,B,D,0,0,0,0))&&"string"==typeof o&&(n=o);var c=Z(z,s,n,0,0);return $>0&&void 0!==(o=nt(-2,c,s,s,B,D,c.length,0,0,0))&&"string"!=typeof(c=o)&&(a=0),H="",X="",G="",L=0,B=1,D=1,P*a==0?c:function(t){return t.replace(r,"").replace(v,"").replace(m,"$1").replace(b,"$1").replace(_," ")}(c)}return at.use=function t(e){switch(e){case void 0:case null:$=U.length=0;break;default:if("function"==typeof e)U[$++]=e;else if("object"==typeof e)for(var n=0,r=e.length;n<r;++n)t(e[n]);else V=0|!!e}return t},at.set=it,void 0!==e&&it(e),at}(null)},function(t,e){t.exports=function(t,e){return t.intersect(e)}},function(t,e,n){var r={"./locale":99,"./locale.js":99};function i(t){var e=a(t);return n(e)}function a(t){if(!n.o(r,t)){var e=new Error("Cannot find module '"+t+"'");throw e.code="MODULE_NOT_FOUND",e}return r[t]}i.keys=function(){return Object.keys(r)},i.resolve=a,t.exports=i,i.id=172},function(t,e,n){"use strict";Object.defineProperty(e,"__esModule",{value:!0});var r=n(52);e.hex=r.default;var i=n(52);e.rgb=i.default;var a=n(52);e.rgba=a.default;var o=n(101);e.hsl=o.default;var s=n(101);e.hsla=s.default;var c=n(29);e.channel=c.default;var u=n(183);e.red=u.default;var l=n(184);e.green=l.default;var h=n(185);e.blue=h.default;var f=n(186);e.hue=f.default;var d=n(187);e.saturation=d.default;var p=n(188);e.lightness=p.default;var y=n(102);e.alpha=y.default;var g=n(102);e.opacity=g.default;var v=n(103);e.luminance=v.default;var m=n(189);e.isDark=m.default;var b=n(104);e.isLight=b.default;var _=n(190);e.isValid=_.default;var x=n(191);e.saturate=x.default;var k=n(192);e.desaturate=k.default;var w=n(193);e.lighten=w.default;var E=n(194);e.darken=E.default;var T=n(105);e.opacify=T.default;var C=n(105);e.fadeIn=C.default;var S=n(106);e.transparentize=S.default;var A=n(106);e.fadeOut=A.default;var M=n(195);e.complement=M.default;var O=n(196);e.grayscale=O.default;var N=n(107);e.adjust=N.default;var D=n(53);e.change=D.default;var B=n(197);e.invert=B.default;var L=n(108);e.mix=L.default;var I=n(198);e.scale=I.default},function(t,e,n){"use strict";Object.defineProperty(e,"__esModule",{value:!0});var r={min:{r:0,g:0,b:0,s:0,l:0,a:0},max:{r:255,g:255,b:255,h:360,s:100,l:100,a:1},clamp:{r:function(t){return t>=255?255:t<0?0:t},g:function(t){return t>=255?255:t<0?0:t},b:function(t){return t>=255?255:t<0?0:t},h:function(t){return t%360},s:function(t){return t>=100?100:t<0?0:t},l:function(t){return t>=100?100:t<0?0:t},a:function(t){return t>=1?1:t<0?0:t}},toLinear:function(t){var e=t/255;return t>.03928?Math.pow((e+.055)/1.055,2.4):e/12.92},hue2rgb:function(t,e,n){return n<0&&(n+=1),n>1&&(n-=1),n<1/6?t+6*(e-t)*n:n<.5?e:n<2/3?t+(e-t)*(2/3-n)*6:t},hsl2rgb:function(t,e){var n=t.h,i=t.s,a=t.l;if(100===i)return 2.55*a;n/=360,i/=100;var o=(a/=100)<.5?a*(1+i):a+i-a*i,s=2*a-o;switch(e){case"r":return 255*r.hue2rgb(s,o,n+1/3);case"g":return 255*r.hue2rgb(s,o,n);case"b":return 255*r.hue2rgb(s,o,n-1/3)}},rgb2hsl:function(t,e){var n=t.r,r=t.g,i=t.b;n/=255,r/=255,i/=255;var a=Math.max(n,r,i),o=Math.min(n,r,i),s=(a+o)/2;if("l"===e)return 100*s;if(a===o)return 0;var c=a-o;if("s"===e)return 100*(s>.5?c/(2-a-o):c/(a+o));switch(a){case n:return 60*((r-i)/c+(r<i?6:0));case r:return 60*((i-n)/c+2);case i:return 60*((n-r)/c+4);default:return-1}}};e.default=r},function(t,e,n){"use strict";Object.defineProperty(e,"__esModule",{value:!0});var r={round:function(t){return Math.round(1e10*t)/1e10}};e.default=r},function(t,e,n){"use strict";Object.defineProperty(e,"__esModule",{value:!0});var r={frac2hex:function(t){var e=Math.round(255*t).toString(16);return e.length>1?e:"0"+e},dec2hex:function(t){var e=Math.round(t).toString(16);return e.length>1?e:"0"+e}};e.default=r},function(t,e,n){"use strict";Object.defineProperty(e,"__esModule",{value:!0});var r=n(11),i=n(76),a=n(178),o=function(){function t(t,e){this.color=e,this.changed=!1,this.data=t,this.type=new a.default}return t.prototype.set=function(t,e){return this.color=e,this.changed=!1,this.data=t,this.type.type=i.TYPE.ALL,this},t.prototype._ensureHSL=function(){void 0===this.data.h&&(this.data.h=r.default.channel.rgb2hsl(this.data,"h")),void 0===this.data.s&&(this.data.s=r.default.channel.rgb2hsl(this.data,"s")),void 0===this.data.l&&(this.data.l=r.default.channel.rgb2hsl(this.data,"l"))},t.prototype._ensureRGB=function(){void 0===this.data.r&&(this.data.r=r.default.channel.hsl2rgb(this.data,"r")),void 0===this.data.g&&(this.data.g=r.default.channel.hsl2rgb(this.data,"g")),void 0===this.data.b&&(this.data.b=r.default.channel.hsl2rgb(this.data,"b"))},Object.defineProperty(t.prototype,"r",{get:function(){return this.type.is(i.TYPE.HSL)||void 0===this.data.r?(this._ensureHSL(),r.default.channel.hsl2rgb(this.data,"r")):this.data.r},set:function(t){this.type.set(i.TYPE.RGB),this.changed=!0,this.data.r=t},enumerable:!0,configurable:!0}),Object.defineProperty(t.prototype,"g",{get:function(){return this.type.is(i.TYPE.HSL)||void 0===this.data.g?(this._ensureHSL(),r.default.channel.hsl2rgb(this.data,"g")):this.data.g},set:function(t){this.type.set(i.TYPE.RGB),this.changed=!0,this.data.g=t},enumerable:!0,configurable:!0}),Object.defineProperty(t.prototype,"b",{get:function(){return this.type.is(i.TYPE.HSL)||void 0===this.data.b?(this._ensureHSL(),r.default.channel.hsl2rgb(this.data,"b")):this.data.b},set:function(t){this.type.set(i.TYPE.RGB),this.changed=!0,this.data.b=t},enumerable:!0,configurable:!0}),Object.defineProperty(t.prototype,"h",{get:function(){return this.type.is(i.TYPE.RGB)||void 0===this.data.h?(this._ensureRGB(),r.default.channel.rgb2hsl(this.data,"h")):this.data.h},set:function(t){this.type.set(i.TYPE.HSL),this.changed=!0,this.data.h=t},enumerable:!0,configurable:!0}),Object.defineProperty(t.prototype,"s",{get:function(){return this.type.is(i.TYPE.RGB)||void 0===this.data.s?(this._ensureRGB(),r.default.channel.rgb2hsl(this.data,"s")):this.data.s},set:function(t){this.type.set(i.TYPE.HSL),this.changed=!0,this.data.s=t},enumerable:!0,configurable:!0}),Object.defineProperty(t.prototype,"l",{get:function(){return this.type.is(i.TYPE.RGB)||void 0===this.data.l?(this._ensureRGB(),r.default.channel.rgb2hsl(this.data,"l")):this.data.l},set:function(t){this.type.set(i.TYPE.HSL),this.changed=!0,this.data.l=t},enumerable:!0,configurable:!0}),Object.defineProperty(t.prototype,"a",{get:function(){return this.data.a},set:function(t){this.changed=!0,this.data.a=t},enumerable:!0,configurable:!0}),t}();e.default=o},function(t,e,n){"use strict";Object.defineProperty(e,"__esModule",{value:!0});var r=n(76),i=function(){function t(){this.type=r.TYPE.ALL}return t.prototype.get=function(){return this.type},t.prototype.set=function(t){if(this.type&&this.type!==t)throw new Error("Cannot change both RGB and HSL channels at the same time");this.type=t},t.prototype.reset=function(){this.type=r.TYPE.ALL},t.prototype.is=function(t){return this.type===t},t}();e.default=i},function(t,e,n){"use strict";Object.defineProperty(e,"__esModule",{value:!0});var r=n(11),i={};e.DEC2HEX=i;for(var a=0;a<=255;a++)i[a]=r.default.unit.dec2hex(a)},function(t,e,n){"use strict";Object.defineProperty(e,"__esModule",{value:!0});var r=n(100),i={colors:{aliceblue:"#f0f8ff",antiquewhite:"#faebd7",aqua:"#00ffff",aquamarine:"#7fffd4",azure:"#f0ffff",beige:"#f5f5dc",bisque:"#ffe4c4",black:"#000000",blanchedalmond:"#ffebcd",blue:"#0000ff",blueviolet:"#8a2be2",brown:"#a52a2a",burlywood:"#deb887",cadetblue:"#5f9ea0",chartreuse:"#7fff00",chocolate:"#d2691e",coral:"#ff7f50",cornflowerblue:"#6495ed",cornsilk:"#fff8dc",crimson:"#dc143c",cyanaqua:"#00ffff",darkblue:"#00008b",darkcyan:"#008b8b",darkgoldenrod:"#b8860b",darkgray:"#a9a9a9",darkgreen:"#006400",darkgrey:"#a9a9a9",darkkhaki:"#bdb76b",darkmagenta:"#8b008b",darkolivegreen:"#556b2f",darkorange:"#ff8c00",darkorchid:"#9932cc",darkred:"#8b0000",darksalmon:"#e9967a",darkseagreen:"#8fbc8f",darkslateblue:"#483d8b",darkslategray:"#2f4f4f",darkslategrey:"#2f4f4f",darkturquoise:"#00ced1",darkviolet:"#9400d3",deeppink:"#ff1493",deepskyblue:"#00bfff",dimgray:"#696969",dimgrey:"#696969",dodgerblue:"#1e90ff",firebrick:"#b22222",floralwhite:"#fffaf0",forestgreen:"#228b22",fuchsia:"#ff00ff",gainsboro:"#dcdcdc",ghostwhite:"#f8f8ff",gold:"#ffd700",goldenrod:"#daa520",gray:"#808080",green:"#008000",greenyellow:"#adff2f",grey:"#808080",honeydew:"#f0fff0",hotpink:"#ff69b4",indianred:"#cd5c5c",indigo:"#4b0082",ivory:"#fffff0",khaki:"#f0e68c",lavender:"#e6e6fa",lavenderblush:"#fff0f5",lawngreen:"#7cfc00",lemonchiffon:"#fffacd",lightblue:"#add8e6",lightcoral:"#f08080",lightcyan:"#e0ffff",lightgoldenrodyellow:"#fafad2",lightgray:"#d3d3d3",lightgreen:"#90ee90",lightgrey:"#d3d3d3",lightpink:"#ffb6c1",lightsalmon:"#ffa07a",lightseagreen:"#20b2aa",lightskyblue:"#87cefa",lightslategray:"#778899",lightslategrey:"#778899",lightsteelblue:"#b0c4de",lightyellow:"#ffffe0",lime:"#00ff00",limegreen:"#32cd32",linen:"#faf0e6",magenta:"#ff00ff",maroon:"#800000",mediumaquamarine:"#66cdaa",mediumblue:"#0000cd",mediumorchid:"#ba55d3",mediumpurple:"#9370db",mediumseagreen:"#3cb371",mediumslateblue:"#7b68ee",mediumspringgreen:"#00fa9a",mediumturquoise:"#48d1cc",mediumvioletred:"#c71585",midnightblue:"#191970",mintcream:"#f5fffa",mistyrose:"#ffe4e1",moccasin:"#ffe4b5",navajowhite:"#ffdead",navy:"#000080",oldlace:"#fdf5e6",olive:"#808000",olivedrab:"#6b8e23",orange:"#ffa500",orangered:"#ff4500",orchid:"#da70d6",palegoldenrod:"#eee8aa",palegreen:"#98fb98",paleturquoise:"#afeeee",palevioletred:"#db7093",papayawhip:"#ffefd5",peachpuff:"#ffdab9",peru:"#cd853f",pink:"#ffc0cb",plum:"#dda0dd",powderblue:"#b0e0e6",purple:"#800080",rebeccapurple:"#663399",red:"#ff0000",rosybrown:"#bc8f8f",royalblue:"#4169e1",saddlebrown:"#8b4513",salmon:"#fa8072",sandybrown:"#f4a460",seagreen:"#2e8b57",seashell:"#fff5ee",sienna:"#a0522d",silver:"#c0c0c0",skyblue:"#87ceeb",slateblue:"#6a5acd",slategray:"#708090",slategrey:"#708090",snow:"#fffafa",springgreen:"#00ff7f",tan:"#d2b48c",teal:"#008080",thistle:"#d8bfd8",transparent:"#00000000",turquoise:"#40e0d0",violet:"#ee82ee",wheat:"#f5deb3",white:"#ffffff",whitesmoke:"#f5f5f5",yellow:"#ffff00",yellowgreen:"#9acd32"},parse:function(t){t=t.toLowerCase();var e=i.colors[t];if(e)return r.default.parse(e)},stringify:function(t){var e=r.default.stringify(t);for(var n in i.colors)if(i.colors[n]===e)return n}};e.default=i},function(t,e,n){"use strict";Object.defineProperty(e,"__esModule",{value:!0});var r=n(11),i=n(45),a={re:/^rgba?\(\s*?(-?(?:\d+(?:\.\d+)?|(?:\.\d+))(?:e\d+)?(%?))\s*?(?:,|\s)\s*?(-?(?:\d+(?:\.\d+)?|(?:\.\d+))(?:e\d+)?(%?))\s*?(?:,|\s)\s*?(-?(?:\d+(?:\.\d+)?|(?:\.\d+))(?:e\d+)?(%?))(?:\s*?(?:,|\/)\s*?\+?(-?(?:\d+(?:\.\d+)?|(?:\.\d+))(?:e\d+)?(%?)))?\s*?\)$/i,parse:function(t){var e=t.charCodeAt(0);if(114===e||82===e){var n=t.match(a.re);if(n){var o=n[1],s=n[2],c=n[3],u=n[4],l=n[5],h=n[6],f=n[7],d=n[8];return i.default.set({r:r.default.channel.clamp.r(s?2.55*parseFloat(o):parseFloat(o)),g:r.default.channel.clamp.g(u?2.55*parseFloat(c):parseFloat(c)),b:r.default.channel.clamp.b(h?2.55*parseFloat(l):parseFloat(l)),a:f?r.default.channel.clamp.a(d?parseFloat(f)/100:parseFloat(f)):1},t)}}},stringify:function(t){return t.a<1?"rgba("+r.default.lang.round(t.r)+", "+r.default.lang.round(t.g)+", "+r.default.lang.round(t.b)+", "+r.default.lang.round(t.a)+")":"rgb("+r.default.lang.round(t.r)+", "+r.default.lang.round(t.g)+", "+r.default.lang.round(t.b)+")"}};e.default=a},function(t,e,n){"use strict";Object.defineProperty(e,"__esModule",{value:!0});var r=n(11),i=n(45),a={re:/^hsla?\(\s*?(-?(?:\d+(?:\.\d+)?|(?:\.\d+))(?:e-?\d+)?(?:deg|grad|rad|turn)?)\s*?(?:,|\s)\s*?(-?(?:\d+(?:\.\d+)?|(?:\.\d+))(?:e-?\d+)?%)\s*?(?:,|\s)\s*?(-?(?:\d+(?:\.\d+)?|(?:\.\d+))(?:e-?\d+)?%)(?:\s*?(?:,|\/)\s*?\+?(-?(?:\d+(?:\.\d+)?|(?:\.\d+))(?:e-?\d+)?(%)?))?\s*?\)$/i,hueRe:/^(.+?)(deg|grad|rad|turn)$/i,_hue2deg:function(t){var e=t.match(a.hueRe);if(e){var n=e[1];switch(e[2]){case"grad":return r.default.channel.clamp.h(.9*parseFloat(n));case"rad":return r.default.channel.clamp.h(180*parseFloat(n)/Math.PI);case"turn":return r.default.channel.clamp.h(360*parseFloat(n))}}return r.default.channel.clamp.h(parseFloat(t))},parse:function(t){var e=t.charCodeAt(0);if(104===e||72===e){var n=t.match(a.re);if(n){var o=n[1],s=n[2],c=n[3],u=n[4],l=n[5];return i.default.set({h:a._hue2deg(o),s:r.default.channel.clamp.s(parseFloat(s)),l:r.default.channel.clamp.l(parseFloat(c)),a:u?r.default.channel.clamp.a(l?parseFloat(u)/100:parseFloat(u)):1},t)}}},stringify:function(t){return t.a<1?"hsla("+r.default.lang.round(t.h)+", "+r.default.lang.round(t.s)+"%, "+r.default.lang.round(t.l)+"%, "+t.a+")":"hsl("+r.default.lang.round(t.h)+", "+r.default.lang.round(t.s)+"%, "+r.default.lang.round(t.l)+"%)"}};e.default=a},function(t,e,n){"use strict";Object.defineProperty(e,"__esModule",{value:!0});var r=n(29);e.default=function(t){return r.default(t,"r")}},function(t,e,n){"use strict";Object.defineProperty(e,"__esModule",{value:!0});var r=n(29);e.default=function(t){return r.default(t,"g")}},function(t,e,n){"use strict";Object.defineProperty(e,"__esModule",{value:!0});var r=n(29);e.default=function(t){return r.default(t,"b")}},function(t,e,n){"use strict";Object.defineProperty(e,"__esModule",{value:!0});var r=n(29);e.default=function(t){return r.default(t,"h")}},function(t,e,n){"use strict";Object.defineProperty(e,"__esModule",{value:!0});var r=n(29);e.default=function(t){return r.default(t,"s")}},function(t,e,n){"use strict";Object.defineProperty(e,"__esModule",{value:!0});var r=n(29);e.default=function(t){return r.default(t,"l")}},function(t,e,n){"use strict";Object.defineProperty(e,"__esModule",{value:!0});var r=n(104);e.default=function(t){return!r.default(t)}},function(t,e,n){"use strict";Object.defineProperty(e,"__esModule",{value:!0});var r=n(18);e.default=function(t){try{return r.default.parse(t),!0}catch(t){return!1}}},function(t,e,n){"use strict";Object.defineProperty(e,"__esModule",{value:!0});var r=n(32);e.default=function(t,e){return r.default(t,"s",e)}},function(t,e,n){"use strict";Object.defineProperty(e,"__esModule",{value:!0});var r=n(32);e.default=function(t,e){return r.default(t,"s",-e)}},function(t,e,n){"use strict";Object.defineProperty(e,"__esModule",{value:!0});var r=n(32);e.default=function(t,e){return r.default(t,"l",e)}},function(t,e,n){"use strict";Object.defineProperty(e,"__esModule",{value:!0});var r=n(32);e.default=function(t,e){return r.default(t,"l",-e)}},function(t,e,n){"use strict";Object.defineProperty(e,"__esModule",{value:!0});var r=n(32);e.default=function(t){return r.default(t,"h",180)}},function(t,e,n){"use strict";Object.defineProperty(e,"__esModule",{value:!0});var r=n(53);e.default=function(t){return r.default(t,{s:0})}},function(t,e,n){"use strict";Object.defineProperty(e,"__esModule",{value:!0});var r=n(18),i=n(108);e.default=function(t,e){void 0===e&&(e=100);var n=r.default.parse(t);return n.r=255-n.r,n.g=255-n.g,n.b=255-n.b,i.default(n,t,e)}},function(t,e,n){"use strict";Object.defineProperty(e,"__esModule",{value:!0});var r=n(11),i=n(18),a=n(107);e.default=function(t,e){var n,o,s,c=i.default.parse(t),u={};for(var l in e)u[l]=(n=c[l],o=e[l],s=r.default.channel.max[l],o>0?(s-n)*o/100:n*o/100);return a.default(t,u)}},function(t,e,n){t.exports={Graph:n(77),version:n(301)}},function(t,e,n){var r=n(109);t.exports=function(t){return r(t,4)}},function(t,e){t.exports=function(){this.__data__=[],this.size=0}},function(t,e,n){var r=n(56),i=Array.prototype.splice;t.exports=function(t){var e=this.__data__,n=r(e,t);return!(n<0)&&(n==e.length-1?e.pop():i.call(e,n,1),--this.size,!0)}},function(t,e,n){var r=n(56);t.exports=function(t){var e=this.__data__,n=r(e,t);return n<0?void 0:e[n][1]}},function(t,e,n){var r=n(56);t.exports=function(t){return r(this.__data__,t)>-1}},function(t,e,n){var r=n(56);t.exports=function(t,e){var n=this.__data__,i=r(n,t);return i<0?(++this.size,n.push([t,e])):n[i][1]=e,this}},function(t,e,n){var r=n(55);t.exports=function(){this.__data__=new r,this.size=0}},function(t,e){t.exports=function(t){var e=this.__data__,n=e.delete(t);return this.size=e.size,n}},function(t,e){t.exports=function(t){return this.__data__.get(t)}},function(t,e){t.exports=function(t){return this.__data__.has(t)}},function(t,e,n){var r=n(55),i=n(78),a=n(79);t.exports=function(t,e){var n=this.__data__;if(n instanceof r){var o=n.__data__;if(!i||o.length<199)return o.push([t,e]),this.size=++n.size,this;n=this.__data__=new a(o)}return n.set(t,e),this.size=n.size,this}},function(t,e,n){var r=n(38),i=n(215),a=n(13),o=n(111),s=/^\[object .+?Constructor\]$/,c=Function.prototype,u=Object.prototype,l=c.toString,h=u.hasOwnProperty,f=RegExp("^"+l.call(h).replace(/[\\^$.*+?()[\]{}|]/g,"\\$&").replace(/hasOwnProperty|(function).*?(?=\\\()| for .+?(?=\\\])/g,"$1.*?")+"$");t.exports=function(t){return!(!a(t)||i(t))&&(r(t)?f:s).test(o(t))}},function(t,e){var n;n=function(){return this}();try{n=n||new Function("return this")()}catch(t){"object"==typeof window&&(n=window)}t.exports=n},function(t,e,n){var r=n(39),i=Object.prototype,a=i.hasOwnProperty,o=i.toString,s=r?r.toStringTag:void 0;t.exports=function(t){var e=a.call(t,s),n=t[s];try{t[s]=void 0;var r=!0}catch(t){}var i=o.call(t);return r&&(e?t[s]=n:delete t[s]),i}},function(t,e){var n=Object.prototype.toString;t.exports=function(t){return n.call(t)}},function(t,e,n){var r,i=n(216),a=(r=/[^.]+$/.exec(i&&i.keys&&i.keys.IE_PROTO||""))?"Symbol(src)_1."+r:"";t.exports=function(t){return!!a&&a in t}},function(t,e,n){var r=n(19)["__core-js_shared__"];t.exports=r},function(t,e){t.exports=function(t,e){return null==t?void 0:t[e]}},function(t,e,n){var r=n(219),i=n(55),a=n(78);t.exports=function(){this.size=0,this.__data__={hash:new r,map:new(a||i),string:new r}}},function(t,e,n){var r=n(220),i=n(221),a=n(222),o=n(223),s=n(224);function c(t){var e=-1,n=null==t?0:t.length;for(this.clear();++e<n;){var r=t[e];this.set(r[0],r[1])}}c.prototype.clear=r,c.prototype.delete=i,c.prototype.get=a,c.prototype.has=o,c.prototype.set=s,t.exports=c},function(t,e,n){var r=n(57);t.exports=function(){this.__data__=r?r(null):{},this.size=0}},function(t,e){t.exports=function(t){var e=this.has(t)&&delete this.__data__[t];return this.size-=e?1:0,e}},function(t,e,n){var r=n(57),i=Object.prototype.hasOwnProperty;t.exports=function(t){var e=this.__data__;if(r){var n=e[t];return"__lodash_hash_undefined__"===n?void 0:n}return i.call(e,t)?e[t]:void 0}},function(t,e,n){var r=n(57),i=Object.prototype.hasOwnProperty;t.exports=function(t){var e=this.__data__;return r?void 0!==e[t]:i.call(e,t)}},function(t,e,n){var r=n(57);t.exports=function(t,e){var n=this.__data__;return this.size+=this.has(t)?0:1,n[t]=r&&void 0===e?"__lodash_hash_undefined__":e,this}},function(t,e,n){var r=n(58);t.exports=function(t){var e=r(this,t).delete(t);return this.size-=e?1:0,e}},function(t,e){t.exports=function(t){var e=typeof t;return"string"==e||"number"==e||"symbol"==e||"boolean"==e?"__proto__"!==t:null===t}},function(t,e,n){var r=n(58);t.exports=function(t){return r(this,t).get(t)}},function(t,e,n){var r=n(58);t.exports=function(t){return r(this,t).has(t)}},function(t,e,n){var r=n(58);t.exports=function(t,e){var n=r(this,t),i=n.size;return n.set(t,e),this.size+=n.size==i?0:1,this}},function(t,e,n){var r=n(46),i=n(30);t.exports=function(t,e){return t&&r(e,i(e),t)}},function(t,e){t.exports=function(t,e){for(var n=-1,r=Array(t);++n<t;)r[n]=e(n);return r}},function(t,e,n){var r=n(34),i=n(21);t.exports=function(t){return i(t)&&"[object Arguments]"==r(t)}},function(t,e){t.exports=function(){return!1}},function(t,e,n){var r=n(34),i=n(81),a=n(21),o={};o["[object Float32Array]"]=o["[object Float64Array]"]=o["[object Int8Array]"]=o["[object Int16Array]"]=o["[object Int32Array]"]=o["[object Uint8Array]"]=o["[object Uint8ClampedArray]"]=o["[object Uint16Array]"]=o["[object Uint32Array]"]=!0,o["[object Arguments]"]=o["[object Array]"]=o["[object ArrayBuffer]"]=o["[object Boolean]"]=o["[object DataView]"]=o["[object Date]"]=o["[object Error]"]=o["[object Function]"]=o["[object Map]"]=o["[object Number]"]=o["[object Object]"]=o["[object RegExp]"]=o["[object Set]"]=o["[object String]"]=o["[object WeakMap]"]=!1,t.exports=function(t){return a(t)&&i(t.length)&&!!o[r(t)]}},function(t,e,n){var r=n(114)(Object.keys,Object);t.exports=r},function(t,e,n){var r=n(46),i=n(41);t.exports=function(t,e){return t&&r(e,i(e),t)}},function(t,e,n){var r=n(13),i=n(63),a=n(238),o=Object.prototype.hasOwnProperty;t.exports=function(t){if(!r(t))return a(t);var e=i(t),n=[];for(var s in t)("constructor"!=s||!e&&o.call(t,s))&&n.push(s);return n}},function(t,e){t.exports=function(t){var e=[];if(null!=t)for(var n in Object(t))e.push(n);return e}},function(t,e,n){var r=n(46),i=n(84);t.exports=function(t,e){return r(t,i(t),e)}},function(t,e,n){var r=n(46),i=n(119);t.exports=function(t,e){return r(t,i(t),e)}},function(t,e,n){var r=n(121),i=n(119),a=n(41);t.exports=function(t){return r(t,a,i)}},function(t,e,n){var r=n(33)(n(19),"DataView");t.exports=r},function(t,e,n){var r=n(33)(n(19),"Promise");t.exports=r},function(t,e,n){var r=n(33)(n(19),"WeakMap");t.exports=r},function(t,e){var n=Object.prototype.hasOwnProperty;t.exports=function(t){var e=t.length,r=new t.constructor(e);return e&&"string"==typeof t[0]&&n.call(t,"index")&&(r.index=t.index,r.input=t.input),r}},function(t,e,n){var r=n(86),i=n(247),a=n(248),o=n(249),s=n(124);t.exports=function(t,e,n){var c=t.constructor;switch(e){case"[object ArrayBuffer]":return r(t);case"[object Boolean]":case"[object Date]":return new c(+t);case"[object DataView]":return i(t,n);case"[object Float32Array]":case"[object Float64Array]":case"[object Int8Array]":case"[object Int16Array]":case"[object Int32Array]":case"[object Uint8Array]":case"[object Uint8ClampedArray]":case"[object Uint16Array]":case"[object Uint32Array]":return s(t,n);case"[object Map]":return new c;case"[object Number]":case"[object String]":return new c(t);case"[object RegExp]":return a(t);case"[object Set]":return new c;case"[object Symbol]":return o(t)}}},function(t,e,n){var r=n(86);t.exports=function(t,e){var n=e?r(t.buffer):t.buffer;return new t.constructor(n,t.byteOffset,t.byteLength)}},function(t,e){var n=/\w*$/;t.exports=function(t){var e=new t.constructor(t.source,n.exec(t));return e.lastIndex=t.lastIndex,e}},function(t,e,n){var r=n(39),i=r?r.prototype:void 0,a=i?i.valueOf:void 0;t.exports=function(t){return a?Object(a.call(t)):{}}},function(t,e,n){var r=n(251),i=n(62),a=n(82),o=a&&a.isMap,s=o?i(o):r;t.exports=s},function(t,e,n){var r=n(42),i=n(21);t.exports=function(t){return i(t)&&"[object Map]"==r(t)}},function(t,e,n){var r=n(253),i=n(62),a=n(82),o=a&&a.isSet,s=o?i(o):r;t.exports=s},function(t,e,n){var r=n(42),i=n(21);t.exports=function(t){return i(t)&&"[object Set]"==r(t)}},function(t,e){t.exports=function(t){return function(e,n,r){for(var i=-1,a=Object(e),o=r(e),s=o.length;s--;){var c=o[t?s:++i];if(!1===n(a[c],c,a))break}return e}}},function(t,e,n){var r=n(24);t.exports=function(t,e){return function(n,i){if(null==n)return n;if(!r(n))return t(n,i);for(var a=n.length,o=e?a:-1,s=Object(n);(e?o--:++o<a)&&!1!==i(s[o],o,s););return n}}},function(t,e,n){var r=n(65);t.exports=function(t,e){var n=[];return r(t,(function(t,r,i){e(t,r,i)&&n.push(t)})),n}},function(t,e,n){var r=n(258),i=n(266),a=n(135);t.exports=function(t){var e=i(t);return 1==e.length&&e[0][2]?a(e[0][0],e[0][1]):function(n){return n===t||r(n,t,e)}}},function(t,e,n){var r=n(54),i=n(130);t.exports=function(t,e,n,a){var o=n.length,s=o,c=!a;if(null==t)return!s;for(t=Object(t);o--;){var u=n[o];if(c&&u[2]?u[1]!==t[u[0]]:!(u[0]in t))return!1}for(;++o<s;){var l=(u=n[o])[0],h=t[l],f=u[1];if(c&&u[2]){if(void 0===h&&!(l in t))return!1}else{var d=new r;if(a)var p=a(h,f,l,t,e,d);if(!(void 0===p?i(f,h,3,a,d):p))return!1}}return!0}},function(t,e,n){var r=n(54),i=n(131),a=n(263),o=n(265),s=n(42),c=n(5),u=n(40),l=n(48),h="[object Object]",f=Object.prototype.hasOwnProperty;t.exports=function(t,e,n,d,p,y){var g=c(t),v=c(e),m=g?"[object Array]":s(t),b=v?"[object Array]":s(e),_=(m="[object Arguments]"==m?h:m)==h,x=(b="[object Arguments]"==b?h:b)==h,k=m==b;if(k&&u(t)){if(!u(e))return!1;g=!0,_=!1}if(k&&!_)return y||(y=new r),g||l(t)?i(t,e,n,d,p,y):a(t,e,m,n,d,p,y);if(!(1&n)){var w=_&&f.call(t,"__wrapped__"),E=x&&f.call(e,"__wrapped__");if(w||E){var T=w?t.value():t,C=E?e.value():e;return y||(y=new r),p(T,C,n,d,y)}}return!!k&&(y||(y=new r),o(t,e,n,d,p,y))}},function(t,e){t.exports=function(t){return this.__data__.set(t,"__lodash_hash_undefined__"),this}},function(t,e){t.exports=function(t){return this.__data__.has(t)}},function(t,e){t.exports=function(t,e){for(var n=-1,r=null==t?0:t.length;++n<r;)if(e(t[n],n,t))return!0;return!1}},function(t,e,n){var r=n(39),i=n(123),a=n(37),o=n(131),s=n(264),c=n(91),u=r?r.prototype:void 0,l=u?u.valueOf:void 0;t.exports=function(t,e,n,r,u,h,f){switch(n){case"[object DataView]":if(t.byteLength!=e.byteLength||t.byteOffset!=e.byteOffset)return!1;t=t.buffer,e=e.buffer;case"[object ArrayBuffer]":return!(t.byteLength!=e.byteLength||!h(new i(t),new i(e)));case"[object Boolean]":case"[object Date]":case"[object Number]":return a(+t,+e);case"[object Error]":return t.name==e.name&&t.message==e.message;case"[object RegExp]":case"[object String]":return t==e+"";case"[object Map]":var d=s;case"[object Set]":var p=1&r;if(d||(d=c),t.size!=e.size&&!p)return!1;var y=f.get(t);if(y)return y==e;r|=2,f.set(t,e);var g=o(d(t),d(e),r,u,h,f);return f.delete(t),g;case"[object Symbol]":if(l)return l.call(t)==l.call(e)}return!1}},function(t,e){t.exports=function(t){var e=-1,n=Array(t.size);return t.forEach((function(t,r){n[++e]=[r,t]})),n}},function(t,e,n){var r=n(120),i=Object.prototype.hasOwnProperty;t.exports=function(t,e,n,a,o,s){var c=1&n,u=r(t),l=u.length;if(l!=r(e).length&&!c)return!1;for(var h=l;h--;){var f=u[h];if(!(c?f in e:i.call(e,f)))return!1}var d=s.get(t);if(d&&s.get(e))return d==e;var p=!0;s.set(t,e),s.set(e,t);for(var y=c;++h<l;){var g=t[f=u[h]],v=e[f];if(a)var m=c?a(v,g,f,e,t,s):a(g,v,f,t,e,s);if(!(void 0===m?g===v||o(g,v,n,a,s):m)){p=!1;break}y||(y="constructor"==f)}if(p&&!y){var b=t.constructor,_=e.constructor;b!=_&&"constructor"in t&&"constructor"in e&&!("function"==typeof b&&b instanceof b&&"function"==typeof _&&_ instanceof _)&&(p=!1)}return s.delete(t),s.delete(e),p}},function(t,e,n){var r=n(134),i=n(30);t.exports=function(t){for(var e=i(t),n=e.length;n--;){var a=e[n],o=t[a];e[n]=[a,o,r(o)]}return e}},function(t,e,n){var r=n(130),i=n(268),a=n(137),o=n(93),s=n(134),c=n(135),u=n(49);t.exports=function(t,e){return o(t)&&s(e)?c(u(t),e):function(n){var o=i(n,t);return void 0===o&&o===e?a(n,t):r(e,o,3)}}},function(t,e,n){var r=n(92);t.exports=function(t,e,n){var i=null==t?void 0:r(t,e);return void 0===i?n:i}},function(t,e,n){var r=n(270),i=/[^.[\]]+|\[(?:(-?\d+(?:\.\d+)?)|(["'])((?:(?!\2)[^\\]|\\.)*?)\2)\]|(?=(?:\.|\[\])(?:\.|\[\]|$))/g,a=/\\(\\)?/g,o=r((function(t){var e=[];return 46===t.charCodeAt(0)&&e.push(""),t.replace(i,(function(t,n,r,i){e.push(r?i.replace(a,"$1"):n||t)})),e}));t.exports=o},function(t,e,n){var r=n(271);t.exports=function(t){var e=r(t,(function(t){return 500===n.size&&n.clear(),t})),n=e.cache;return e}},function(t,e,n){var r=n(79);function i(t,e){if("function"!=typeof t||null!=e&&"function"!=typeof e)throw new TypeError("Expected a function");var n=function(){var r=arguments,i=e?e.apply(this,r):r[0],a=n.cache;if(a.has(i))return a.get(i);var o=t.apply(this,r);return n.cache=a.set(i,o)||a,o};return n.cache=new(i.Cache||r),n}i.Cache=r,t.exports=i},function(t,e,n){var r=n(39),i=n(67),a=n(5),o=n(43),s=r?r.prototype:void 0,c=s?s.toString:void 0;t.exports=function t(e){if("string"==typeof e)return e;if(a(e))return i(e,t)+"";if(o(e))return c?c.call(e):"";var n=e+"";return"0"==n&&1/e==-1/0?"-0":n}},function(t,e){t.exports=function(t,e){return null!=t&&e in Object(t)}},function(t,e,n){var r=n(139),i=n(275),a=n(93),o=n(49);t.exports=function(t){return a(t)?r(o(t)):i(t)}},function(t,e,n){var r=n(92);t.exports=function(t){return function(e){return r(e,t)}}},function(t,e){var n=Object.prototype.hasOwnProperty;t.exports=function(t,e){return null!=t&&n.call(t,e)}},function(t,e,n){var r=n(83),i=n(42),a=n(47),o=n(5),s=n(24),c=n(40),u=n(63),l=n(48),h=Object.prototype.hasOwnProperty;t.exports=function(t){if(null==t)return!0;if(s(t)&&(o(t)||"string"==typeof t||"function"==typeof t.splice||c(t)||l(t)||a(t)))return!t.length;var e=i(t);if("[object Map]"==e||"[object Set]"==e)return!t.size;if(u(t))return!r(t).length;for(var n in t)if(h.call(t,n))return!1;return!0}},function(t,e){t.exports=function(t,e,n,r){var i=-1,a=null==t?0:t.length;for(r&&a&&(n=t[++i]);++i<a;)n=e(n,t[i],i,t);return n}},function(t,e){t.exports=function(t,e,n,r,i){return i(t,(function(t,i,a){n=r?(r=!1,t):e(n,t,i,a)})),n}},function(t,e,n){var r=n(83),i=n(42),a=n(24),o=n(281),s=n(282);t.exports=function(t){if(null==t)return 0;if(a(t))return o(t)?s(t):t.length;var e=i(t);return"[object Map]"==e||"[object Set]"==e?t.size:r(t).length}},function(t,e,n){var r=n(34),i=n(5),a=n(21);t.exports=function(t){return"string"==typeof t||!i(t)&&a(t)&&"[object String]"==r(t)}},function(t,e,n){var r=n(283),i=n(284),a=n(285);t.exports=function(t){return i(t)?a(t):r(t)}},function(t,e,n){var r=n(139)("length");t.exports=r},function(t,e){var n=RegExp("[\\u200d\\ud800-\\udfff\\u0300-\\u036f\\ufe20-\\ufe2f\\u20d0-\\u20ff\\ufe0e\\ufe0f]");t.exports=function(t){return n.test(t)}},function(t,e){var n="[\\ud800-\\udfff]",r="[\\u0300-\\u036f\\ufe20-\\ufe2f\\u20d0-\\u20ff]",i="\\ud83c[\\udffb-\\udfff]",a="[^\\ud800-\\udfff]",o="(?:\\ud83c[\\udde6-\\uddff]){2}",s="[\\ud800-\\udbff][\\udc00-\\udfff]",c="(?:"+r+"|"+i+")"+"?",u="[\\ufe0e\\ufe0f]?"+c+("(?:\\u200d(?:"+[a,o,s].join("|")+")[\\ufe0e\\ufe0f]?"+c+")*"),l="(?:"+[a+r+"?",r,o,s,n].join("|")+")",h=RegExp(i+"(?="+i+")|"+l+u,"g");t.exports=function(t){for(var e=h.lastIndex=0;h.test(t);)++e;return e}},function(t,e,n){var r=n(80),i=n(126),a=n(89),o=n(25),s=n(64),c=n(5),u=n(40),l=n(38),h=n(13),f=n(48);t.exports=function(t,e,n){var d=c(t),p=d||u(t)||f(t);if(e=o(e,4),null==n){var y=t&&t.constructor;n=p?d?new y:[]:h(t)&&l(y)?i(s(t)):{}}return(p?r:a)(t,(function(t,r,i){return e(n,t,r,i)})),n}},function(t,e,n){var r=n(95),i=n(68),a=n(292),o=n(147),s=i((function(t){return a(r(t,1,o,!0))}));t.exports=s},function(t,e,n){var r=n(39),i=n(47),a=n(5),o=r?r.isConcatSpreadable:void 0;t.exports=function(t){return a(t)||i(t)||!!(o&&t&&t[o])}},function(t,e){t.exports=function(t,e,n){switch(n.length){case 0:return t.call(e);case 1:return t.call(e,n[0]);case 2:return t.call(e,n[0],n[1]);case 3:return t.call(e,n[0],n[1],n[2])}return t.apply(e,n)}},function(t,e,n){var r=n(87),i=n(112),a=n(35),o=i?function(t,e){return i(t,"toString",{configurable:!0,enumerable:!1,value:r(e),writable:!0})}:a;t.exports=o},function(t,e){var n=Date.now;t.exports=function(t){var e=0,r=0;return function(){var i=n(),a=16-(i-r);if(r=i,a>0){if(++e>=800)return arguments[0]}else e=0;return t.apply(void 0,arguments)}}},function(t,e,n){var r=n(132),i=n(293),a=n(297),o=n(133),s=n(298),c=n(91);t.exports=function(t,e,n){var u=-1,l=i,h=t.length,f=!0,d=[],p=d;if(n)f=!1,l=a;else if(h>=200){var y=e?null:s(t);if(y)return c(y);f=!1,l=o,p=new r}else p=e?[]:d;t:for(;++u<h;){var g=t[u],v=e?e(g):g;if(g=n||0!==g?g:0,f&&v==v){for(var m=p.length;m--;)if(p[m]===v)continue t;e&&p.push(v),d.push(g)}else l(p,v,n)||(p!==d&&p.push(v),d.push(g))}return d}},function(t,e,n){var r=n(294);t.exports=function(t,e){return!!(null==t?0:t.length)&&r(t,e,0)>-1}},function(t,e,n){var r=n(146),i=n(295),a=n(296);t.exports=function(t,e,n){return e==e?a(t,e,n):r(t,i,n)}},function(t,e){t.exports=function(t){return t!=t}},function(t,e){t.exports=function(t,e,n){for(var r=n-1,i=t.length;++r<i;)if(t[r]===e)return r;return-1}},function(t,e){t.exports=function(t,e,n){for(var r=-1,i=null==t?0:t.length;++r<i;)if(n(e,t[r]))return!0;return!1}},function(t,e,n){var r=n(122),i=n(299),a=n(91),o=r&&1/a(new r([,-0]))[1]==1/0?function(t){return new r(t)}:i;t.exports=o},function(t,e){t.exports=function(){}},function(t,e,n){var r=n(67);t.exports=function(t,e){return r(e,(function(e){return t[e]}))}},function(t,e){t.exports="2.1.8"},function(t,e,n){var r=n(12),i=n(77);function a(t){return r.map(t.nodes(),(function(e){var n=t.node(e),i=t.parent(e),a={v:e};return r.isUndefined(n)||(a.value=n),r.isUndefined(i)||(a.parent=i),a}))}function o(t){return r.map(t.edges(),(function(e){var n=t.edge(e),i={v:e.v,w:e.w};return r.isUndefined(e.name)||(i.name=e.name),r.isUndefined(n)||(i.value=n),i}))}t.exports={write:function(t){var e={options:{directed:t.isDirected(),multigraph:t.isMultigraph(),compound:t.isCompound()},nodes:a(t),edges:o(t)};r.isUndefined(t.graph())||(e.value=r.clone(t.graph()));return e},read:function(t){var e=new i(t.options).setGraph(t.value);return r.each(t.nodes,(function(t){e.setNode(t.v,t.value),t.parent&&e.setParent(t.v,t.parent)})),r.each(t.edges,(function(t){e.setEdge({v:t.v,w:t.w,name:t.name},t.value)})),e}}},function(t,e,n){t.exports={components:n(304),dijkstra:n(149),dijkstraAll:n(305),findCycles:n(306),floydWarshall:n(307),isAcyclic:n(308),postorder:n(309),preorder:n(310),prim:n(311),tarjan:n(151),topsort:n(152)}},function(t,e,n){var r=n(12);t.exports=function(t){var e,n={},i=[];function a(i){r.has(n,i)||(n[i]=!0,e.push(i),r.each(t.successors(i),a),r.each(t.predecessors(i),a))}return r.each(t.nodes(),(function(t){e=[],a(t),e.length&&i.push(e)})),i}},function(t,e,n){var r=n(149),i=n(12);t.exports=function(t,e,n){return i.transform(t.nodes(),(function(i,a){i[a]=r(t,a,e,n)}),{})}},function(t,e,n){var r=n(12),i=n(151);t.exports=function(t){return r.filter(i(t),(function(e){return e.length>1||1===e.length&&t.hasEdge(e[0],e[0])}))}},function(t,e,n){var r=n(12);t.exports=function(t,e,n){return function(t,e,n){var r={},i=t.nodes();return i.forEach((function(t){r[t]={},r[t][t]={distance:0},i.forEach((function(e){t!==e&&(r[t][e]={distance:Number.POSITIVE_INFINITY})})),n(t).forEach((function(n){var i=n.v===t?n.w:n.v,a=e(n);r[t][i]={distance:a,predecessor:t}}))})),i.forEach((function(t){var e=r[t];i.forEach((function(n){var a=r[n];i.forEach((function(n){var r=a[t],i=e[n],o=a[n],s=r.distance+i.distance;s<o.distance&&(o.distance=s,o.predecessor=i.predecessor)}))}))})),r}(t,e||i,n||function(e){return t.outEdges(e)})};var i=r.constant(1)},function(t,e,n){var r=n(152);t.exports=function(t){try{r(t)}catch(t){if(t instanceof r.CycleException)return!1;throw t}return!0}},function(t,e,n){var r=n(153);t.exports=function(t,e){return r(t,e,"post")}},function(t,e,n){var r=n(153);t.exports=function(t,e){return r(t,e,"pre")}},function(t,e,n){var r=n(12),i=n(77),a=n(150);t.exports=function(t,e){var n,o=new i,s={},c=new a;function u(t){var r=t.v===n?t.w:t.v,i=c.priority(r);if(void 0!==i){var a=e(t);a<i&&(s[r]=n,c.decrease(r,a))}}if(0===t.nodeCount())return o;r.each(t.nodes(),(function(t){c.add(t,Number.POSITIVE_INFINITY),o.setNode(t)})),c.decrease(t.nodes()[0],0);var l=!1;for(;c.size()>0;){if(n=c.removeMin(),r.has(s,n))o.setEdge(n,s[n]);else{if(l)throw new Error("Input graph is not connected: "+t);l=!0}t.nodeEdges(n).forEach(u)}return o}},function(t,e,n){var r;try{r=n(3)}catch(t){}r||(r=window.graphlib),t.exports=r},function(t,e,n){"use strict";var r=n(4),i=n(346),a=n(349),o=n(350),s=n(8).normalizeRanks,c=n(352),u=n(8).removeEmptyRanks,l=n(353),h=n(354),f=n(355),d=n(356),p=n(365),y=n(8),g=n(20).Graph;t.exports=function(t,e){var n=e&&e.debugTiming?y.time:y.notime;n("layout",(function(){var e=n("  buildLayoutGraph",(function(){return function(t){var e=new g({multigraph:!0,compound:!0}),n=C(t.graph());return e.setGraph(r.merge({},m,T(n,v),r.pick(n,b))),r.forEach(t.nodes(),(function(n){var i=C(t.node(n));e.setNode(n,r.defaults(T(i,_),x)),e.setParent(n,t.parent(n))})),r.forEach(t.edges(),(function(n){var i=C(t.edge(n));e.setEdge(n,r.merge({},w,T(i,k),r.pick(i,E)))})),e}(t)}));n("  runLayout",(function(){!function(t,e){e("    makeSpaceForEdgeLabels",(function(){!function(t){var e=t.graph();e.ranksep/=2,r.forEach(t.edges(),(function(n){var r=t.edge(n);r.minlen*=2,"c"!==r.labelpos.toLowerCase()&&("TB"===e.rankdir||"BT"===e.rankdir?r.width+=r.labeloffset:r.height+=r.labeloffset)}))}(t)})),e("    removeSelfEdges",(function(){!function(t){r.forEach(t.edges(),(function(e){if(e.v===e.w){var n=t.node(e.v);n.selfEdges||(n.selfEdges=[]),n.selfEdges.push({e:e,label:t.edge(e)}),t.removeEdge(e)}}))}(t)})),e("    acyclic",(function(){i.run(t)})),e("    nestingGraph.run",(function(){l.run(t)})),e("    rank",(function(){o(y.asNonCompoundGraph(t))})),e("    injectEdgeLabelProxies",(function(){!function(t){r.forEach(t.edges(),(function(e){var n=t.edge(e);if(n.width&&n.height){var r=t.node(e.v),i={rank:(t.node(e.w).rank-r.rank)/2+r.rank,e:e};y.addDummyNode(t,"edge-proxy",i,"_ep")}}))}(t)})),e("    removeEmptyRanks",(function(){u(t)})),e("    nestingGraph.cleanup",(function(){l.cleanup(t)})),e("    normalizeRanks",(function(){s(t)})),e("    assignRankMinMax",(function(){!function(t){var e=0;r.forEach(t.nodes(),(function(n){var i=t.node(n);i.borderTop&&(i.minRank=t.node(i.borderTop).rank,i.maxRank=t.node(i.borderBottom).rank,e=r.max(e,i.maxRank))})),t.graph().maxRank=e}(t)})),e("    removeEdgeLabelProxies",(function(){!function(t){r.forEach(t.nodes(),(function(e){var n=t.node(e);"edge-proxy"===n.dummy&&(t.edge(n.e).labelRank=n.rank,t.removeNode(e))}))}(t)})),e("    normalize.run",(function(){a.run(t)})),e("    parentDummyChains",(function(){c(t)})),e("    addBorderSegments",(function(){h(t)})),e("    order",(function(){d(t)})),e("    insertSelfEdges",(function(){!function(t){var e=y.buildLayerMatrix(t);r.forEach(e,(function(e){var n=0;r.forEach(e,(function(e,i){var a=t.node(e);a.order=i+n,r.forEach(a.selfEdges,(function(e){y.addDummyNode(t,"selfedge",{width:e.label.width,height:e.label.height,rank:a.rank,order:i+ ++n,e:e.e,label:e.label},"_se")})),delete a.selfEdges}))}))}(t)})),e("    adjustCoordinateSystem",(function(){f.adjust(t)})),e("    position",(function(){p(t)})),e("    positionSelfEdges",(function(){!function(t){r.forEach(t.nodes(),(function(e){var n=t.node(e);if("selfedge"===n.dummy){var r=t.node(n.e.v),i=r.x+r.width/2,a=r.y,o=n.x-i,s=r.height/2;t.setEdge(n.e,n.label),t.removeNode(e),n.label.points=[{x:i+2*o/3,y:a-s},{x:i+5*o/6,y:a-s},{x:i+o,y:a},{x:i+5*o/6,y:a+s},{x:i+2*o/3,y:a+s}],n.label.x=n.x,n.label.y=n.y}}))}(t)})),e("    removeBorderNodes",(function(){!function(t){r.forEach(t.nodes(),(function(e){if(t.children(e).length){var n=t.node(e),i=t.node(n.borderTop),a=t.node(n.borderBottom),o=t.node(r.last(n.borderLeft)),s=t.node(r.last(n.borderRight));n.width=Math.abs(s.x-o.x),n.height=Math.abs(a.y-i.y),n.x=o.x+n.width/2,n.y=i.y+n.height/2}})),r.forEach(t.nodes(),(function(e){"border"===t.node(e).dummy&&t.removeNode(e)}))}(t)})),e("    normalize.undo",(function(){a.undo(t)})),e("    fixupEdgeLabelCoords",(function(){!function(t){r.forEach(t.edges(),(function(e){var n=t.edge(e);if(r.has(n,"x"))switch("l"!==n.labelpos&&"r"!==n.labelpos||(n.width-=n.labeloffset),n.labelpos){case"l":n.x-=n.width/2+n.labeloffset;break;case"r":n.x+=n.width/2+n.labeloffset}}))}(t)})),e("    undoCoordinateSystem",(function(){f.undo(t)})),e("    translateGraph",(function(){!function(t){var e=Number.POSITIVE_INFINITY,n=0,i=Number.POSITIVE_INFINITY,a=0,o=t.graph(),s=o.marginx||0,c=o.marginy||0;function u(t){var r=t.x,o=t.y,s=t.width,c=t.height;e=Math.min(e,r-s/2),n=Math.max(n,r+s/2),i=Math.min(i,o-c/2),a=Math.max(a,o+c/2)}r.forEach(t.nodes(),(function(e){u(t.node(e))})),r.forEach(t.edges(),(function(e){var n=t.edge(e);r.has(n,"x")&&u(n)})),e-=s,i-=c,r.forEach(t.nodes(),(function(n){var r=t.node(n);r.x-=e,r.y-=i})),r.forEach(t.edges(),(function(n){var a=t.edge(n);r.forEach(a.points,(function(t){t.x-=e,t.y-=i})),r.has(a,"x")&&(a.x-=e),r.has(a,"y")&&(a.y-=i)})),o.width=n-e+s,o.height=a-i+c}(t)})),e("    assignNodeIntersects",(function(){!function(t){r.forEach(t.edges(),(function(e){var n,r,i=t.edge(e),a=t.node(e.v),o=t.node(e.w);i.points?(n=i.points[0],r=i.points[i.points.length-1]):(i.points=[],n=o,r=a),i.points.unshift(y.intersectRect(a,n)),i.points.push(y.intersectRect(o,r))}))}(t)})),e("    reversePoints",(function(){!function(t){r.forEach(t.edges(),(function(e){var n=t.edge(e);n.reversed&&n.points.reverse()}))}(t)})),e("    acyclic.undo",(function(){i.undo(t)}))}(e,n)})),n("  updateInputGraph",(function(){!function(t,e){r.forEach(t.nodes(),(function(n){var r=t.node(n),i=e.node(n);r&&(r.x=i.x,r.y=i.y,e.children(n).length&&(r.width=i.width,r.height=i.height))})),r.forEach(t.edges(),(function(n){var i=t.edge(n),a=e.edge(n);i.points=a.points,r.has(a,"x")&&(i.x=a.x,i.y=a.y)})),t.graph().width=e.graph().width,t.graph().height=e.graph().height}(t,e)}))}))};var v=["nodesep","edgesep","ranksep","marginx","marginy"],m={ranksep:50,edgesep:20,nodesep:50,rankdir:"tb"},b=["acyclicer","ranker","rankdir","align"],_=["width","height"],x={width:0,height:0},k=["minlen","weight","width","height","labeloffset"],w={minlen:1,weight:1,width:0,height:0,labeloffset:10,labelpos:"r"},E=["labelpos"];function T(t,e){return r.mapValues(r.pick(t,e),Number)}function C(t){var e={};return r.forEach(t,(function(t,n){e[n.toLowerCase()]=t})),e}},function(t,e,n){var r=n(109);t.exports=function(t){return r(t,5)}},function(t,e,n){var r=n(316)(n(317));t.exports=r},function(t,e,n){var r=n(25),i=n(24),a=n(30);t.exports=function(t){return function(e,n,o){var s=Object(e);if(!i(e)){var c=r(n,3);e=a(e),n=function(t){return c(s[t],t,s)}}var u=t(e,n,o);return u>-1?s[c?e[u]:u]:void 0}}},function(t,e,n){var r=n(146),i=n(25),a=n(318),o=Math.max;t.exports=function(t,e,n){var s=null==t?0:t.length;if(!s)return-1;var c=null==n?0:a(n);return c<0&&(c=o(s+c,0)),r(t,i(e,3),c)}},function(t,e,n){var r=n(156);t.exports=function(t){var e=r(t),n=e%1;return e==e?n?e-n:e:0}},function(t,e,n){var r=n(13),i=n(43),a=/^\s+|\s+$/g,o=/^[-+]0x[0-9a-f]+$/i,s=/^0b[01]+$/i,c=/^0o[0-7]+$/i,u=parseInt;t.exports=function(t){if("number"==typeof t)return t;if(i(t))return NaN;if(r(t)){var e="function"==typeof t.valueOf?t.valueOf():t;t=r(e)?e+"":e}if("string"!=typeof t)return 0===t?t:+t;t=t.replace(a,"");var n=s.test(t);return n||c.test(t)?u(t.slice(2),n?2:8):o.test(t)?NaN:+t}},function(t,e,n){var r=n(90),i=n(128),a=n(41);t.exports=function(t,e){return null==t?t:r(t,i(e),a)}},function(t,e){t.exports=function(t){var e=null==t?0:t.length;return e?t[e-1]:void 0}},function(t,e,n){var r=n(60),i=n(89),a=n(25);t.exports=function(t,e){var n={};return e=a(e,3),i(t,(function(t,i,a){r(n,i,e(t,i,a))})),n}},function(t,e,n){var r=n(96),i=n(324),a=n(35);t.exports=function(t){return t&&t.length?r(t,a,i):void 0}},function(t,e){t.exports=function(t,e){return t>e}},function(t,e,n){var r=n(326),i=n(329)((function(t,e,n){r(t,e,n)}));t.exports=i},function(t,e,n){var r=n(54),i=n(158),a=n(90),o=n(327),s=n(13),c=n(41),u=n(160);t.exports=function t(e,n,l,h,f){e!==n&&a(n,(function(a,c){if(f||(f=new r),s(a))o(e,n,c,l,t,h,f);else{var d=h?h(u(e,c),a,c+"",e,n,f):void 0;void 0===d&&(d=a),i(e,c,d)}}),c)}},function(t,e,n){var r=n(158),i=n(115),a=n(124),o=n(116),s=n(125),c=n(47),u=n(5),l=n(147),h=n(40),f=n(38),d=n(13),p=n(159),y=n(48),g=n(160),v=n(328);t.exports=function(t,e,n,m,b,_,x){var k=g(t,n),w=g(e,n),E=x.get(w);if(E)r(t,n,E);else{var T=_?_(k,w,n+"",t,e,x):void 0,C=void 0===T;if(C){var S=u(w),A=!S&&h(w),M=!S&&!A&&y(w);T=w,S||A||M?u(k)?T=k:l(k)?T=o(k):A?(C=!1,T=i(w,!0)):M?(C=!1,T=a(w,!0)):T=[]:p(w)||c(w)?(T=k,c(k)?T=v(k):d(k)&&!f(k)||(T=s(w))):C=!1}C&&(x.set(w,T),b(T,w,m,_,x),x.delete(w)),r(t,n,T)}}},function(t,e,n){var r=n(46),i=n(41);t.exports=function(t){return r(t,i(t))}},function(t,e,n){var r=n(68),i=n(69);t.exports=function(t){return r((function(e,n){var r=-1,a=n.length,o=a>1?n[a-1]:void 0,s=a>2?n[2]:void 0;for(o=t.length>3&&"function"==typeof o?(a--,o):void 0,s&&i(n[0],n[1],s)&&(o=a<3?void 0:o,a=1),e=Object(e);++r<a;){var c=n[r];c&&t(e,c,r,o)}return e}))}},function(t,e,n){var r=n(96),i=n(161),a=n(35);t.exports=function(t){return t&&t.length?r(t,a,i):void 0}},function(t,e,n){var r=n(96),i=n(25),a=n(161);t.exports=function(t,e){return t&&t.length?r(t,i(e,2),a):void 0}},function(t,e,n){var r=n(19);t.exports=function(){return r.Date.now()}},function(t,e,n){var r=n(334),i=n(137);t.exports=function(t,e){return r(t,e,(function(e,n){return i(t,n)}))}},function(t,e,n){var r=n(92),i=n(335),a=n(66);t.exports=function(t,e,n){for(var o=-1,s=e.length,c={};++o<s;){var u=e[o],l=r(t,u);n(l,u)&&i(c,a(u,t),l)}return c}},function(t,e,n){var r=n(59),i=n(66),a=n(61),o=n(13),s=n(49);t.exports=function(t,e,n,c){if(!o(t))return t;for(var u=-1,l=(e=i(e,t)).length,h=l-1,f=t;null!=f&&++u<l;){var d=s(e[u]),p=n;if(u!=h){var y=f[d];void 0===(p=c?c(y,d,f):void 0)&&(p=o(y)?y:a(e[u+1])?[]:{})}r(f,d,p),f=f[d]}return t}},function(t,e,n){var r=n(157),i=n(144),a=n(145);t.exports=function(t){return a(i(t,void 0,r),t+"")}},function(t,e,n){var r=n(338),i=n(69),a=n(156);t.exports=function(t){return function(e,n,o){return o&&"number"!=typeof o&&i(e,n,o)&&(n=o=void 0),e=a(e),void 0===n?(n=e,e=0):n=a(n),o=void 0===o?e<n?1:-1:a(o),r(e,n,o,t)}}},function(t,e){var n=Math.ceil,r=Math.max;t.exports=function(t,e,i,a){for(var o=-1,s=r(n((e-t)/(i||1)),0),c=Array(s);s--;)c[a?s:++o]=t,t+=i;return c}},function(t,e,n){var r=n(95),i=n(340),a=n(68),o=n(69),s=a((function(t,e){if(null==t)return[];var n=e.length;return n>1&&o(t,e[0],e[1])?e=[]:n>2&&o(e[0],e[1],e[2])&&(e=[e[0]]),i(t,r(e,1),[])}));t.exports=s},function(t,e,n){var r=n(67),i=n(25),a=n(142),o=n(341),s=n(62),c=n(342),u=n(35);t.exports=function(t,e,n){var l=-1;e=r(e.length?e:[u],s(i));var h=a(t,(function(t,n,i){return{criteria:r(e,(function(e){return e(t)})),index:++l,value:t}}));return o(h,(function(t,e){return c(t,e,n)}))}},function(t,e){t.exports=function(t,e){var n=t.length;for(t.sort(e);n--;)t[n]=t[n].value;return t}},function(t,e,n){var r=n(343);t.exports=function(t,e,n){for(var i=-1,a=t.criteria,o=e.criteria,s=a.length,c=n.length;++i<s;){var u=r(a[i],o[i]);if(u)return i>=c?u:u*("desc"==n[i]?-1:1)}return t.index-e.index}},function(t,e,n){var r=n(43);t.exports=function(t,e){if(t!==e){var n=void 0!==t,i=null===t,a=t==t,o=r(t),s=void 0!==e,c=null===e,u=e==e,l=r(e);if(!c&&!l&&!o&&t>e||o&&s&&u&&!c&&!l||i&&s&&u||!n&&u||!a)return 1;if(!i&&!o&&!l&&t<e||l&&n&&a&&!i&&!o||c&&n&&a||!s&&a||!u)return-1}return 0}},function(t,e,n){var r=n(59),i=n(345);t.exports=function(t,e){return i(t||[],e||[],r)}},function(t,e){t.exports=function(t,e,n){for(var r=-1,i=t.length,a=e.length,o={};++r<i;){var s=r<a?e[r]:void 0;n(o,t[r],s)}return o}},function(t,e,n){"use strict";var r=n(4),i=n(347);t.exports={run:function(t){var e="greedy"===t.graph().acyclicer?i(t,function(t){return function(e){return t.edge(e).weight}}(t)):function(t){var e=[],n={},i={};function a(o){r.has(i,o)||(i[o]=!0,n[o]=!0,r.forEach(t.outEdges(o),(function(t){r.has(n,t.w)?e.push(t):a(t.w)})),delete n[o])}return r.forEach(t.nodes(),a),e}(t);r.forEach(e,(function(e){var n=t.edge(e);t.removeEdge(e),n.forwardName=e.name,n.reversed=!0,t.setEdge(e.w,e.v,n,r.uniqueId("rev"))}))},undo:function(t){r.forEach(t.edges(),(function(e){var n=t.edge(e);if(n.reversed){t.removeEdge(e);var r=n.forwardName;delete n.reversed,delete n.forwardName,t.setEdge(e.w,e.v,n,r)}}))}}},function(t,e,n){var r=n(4),i=n(20).Graph,a=n(348);t.exports=function(t,e){if(t.nodeCount()<=1)return[];var n=function(t,e){var n=new i,o=0,s=0;r.forEach(t.nodes(),(function(t){n.setNode(t,{v:t,in:0,out:0})})),r.forEach(t.edges(),(function(t){var r=n.edge(t.v,t.w)||0,i=e(t),a=r+i;n.setEdge(t.v,t.w,a),s=Math.max(s,n.node(t.v).out+=i),o=Math.max(o,n.node(t.w).in+=i)}));var u=r.range(s+o+3).map((function(){return new a})),l=o+1;return r.forEach(n.nodes(),(function(t){c(u,l,n.node(t))})),{graph:n,buckets:u,zeroIdx:l}}(t,e||o),u=function(t,e,n){var r,i=[],a=e[e.length-1],o=e[0];for(;t.nodeCount();){for(;r=o.dequeue();)s(t,e,n,r);for(;r=a.dequeue();)s(t,e,n,r);if(t.nodeCount())for(var c=e.length-2;c>0;--c)if(r=e[c].dequeue()){i=i.concat(s(t,e,n,r,!0));break}}return i}(n.graph,n.buckets,n.zeroIdx);return r.flatten(r.map(u,(function(e){return t.outEdges(e.v,e.w)})),!0)};var o=r.constant(1);function s(t,e,n,i,a){var o=a?[]:void 0;return r.forEach(t.inEdges(i.v),(function(r){var i=t.edge(r),s=t.node(r.v);a&&o.push({v:r.v,w:r.w}),s.out-=i,c(e,n,s)})),r.forEach(t.outEdges(i.v),(function(r){var i=t.edge(r),a=r.w,o=t.node(a);o.in-=i,c(e,n,o)})),t.removeNode(i.v),o}function c(t,e,n){n.out?n.in?t[n.out-n.in+e].enqueue(n):t[t.length-1].enqueue(n):t[0].enqueue(n)}},function(t,e){function n(){var t={};t._next=t._prev=t,this._sentinel=t}function r(t){t._prev._next=t._next,t._next._prev=t._prev,delete t._next,delete t._prev}function i(t,e){if("_next"!==t&&"_prev"!==t)return e}t.exports=n,n.prototype.dequeue=function(){var t=this._sentinel,e=t._prev;if(e!==t)return r(e),e},n.prototype.enqueue=function(t){var e=this._sentinel;t._prev&&t._next&&r(t),t._next=e._next,e._next._prev=t,e._next=t,t._prev=e},n.prototype.toString=function(){for(var t=[],e=this._sentinel,n=e._prev;n!==e;)t.push(JSON.stringify(n,i)),n=n._prev;return"["+t.join(", ")+"]"}},function(t,e,n){"use strict";var r=n(4),i=n(8);t.exports={run:function(t){t.graph().dummyChains=[],r.forEach(t.edges(),(function(e){!function(t,e){var n,r,a,o=e.v,s=t.node(o).rank,c=e.w,u=t.node(c).rank,l=e.name,h=t.edge(e),f=h.labelRank;if(u===s+1)return;for(t.removeEdge(e),a=0,++s;s<u;++a,++s)h.points=[],r={width:0,height:0,edgeLabel:h,edgeObj:e,rank:s},n=i.addDummyNode(t,"edge",r,"_d"),s===f&&(r.width=h.width,r.height=h.height,r.dummy="edge-label",r.labelpos=h.labelpos),t.setEdge(o,n,{weight:h.weight},l),0===a&&t.graph().dummyChains.push(n),o=n;t.setEdge(o,c,{weight:h.weight},l)}(t,e)}))},undo:function(t){r.forEach(t.graph().dummyChains,(function(e){var n,r=t.node(e),i=r.edgeLabel;for(t.setEdge(r.edgeObj,i);r.dummy;)n=t.successors(e)[0],t.removeNode(e),i.points.push({x:r.x,y:r.y}),"edge-label"===r.dummy&&(i.x=r.x,i.y=r.y,i.width=r.width,i.height=r.height),e=n,r=t.node(e)}))}}},function(t,e,n){"use strict";var r=n(70).longestPath,i=n(165),a=n(351);t.exports=function(t){switch(t.graph().ranker){case"network-simplex":s(t);break;case"tight-tree":!function(t){r(t),i(t)}(t);break;case"longest-path":o(t);break;default:s(t)}};var o=r;function s(t){a(t)}},function(t,e,n){"use strict";var r=n(4),i=n(165),a=n(70).slack,o=n(70).longestPath,s=n(20).alg.preorder,c=n(20).alg.postorder,u=n(8).simplify;function l(t){t=u(t),o(t);var e,n=i(t);for(d(n),h(n,t);e=y(n);)v(n,t,e,g(n,t,e))}function h(t,e){var n=c(t,t.nodes());n=n.slice(0,n.length-1),r.forEach(n,(function(n){!function(t,e,n){var r=t.node(n).parent;t.edge(n,r).cutvalue=f(t,e,n)}(t,e,n)}))}function f(t,e,n){var i=t.node(n).parent,a=!0,o=e.edge(n,i),s=0;return o||(a=!1,o=e.edge(i,n)),s=o.weight,r.forEach(e.nodeEdges(n),(function(r){var o,c,u=r.v===n,l=u?r.w:r.v;if(l!==i){var h=u===a,f=e.edge(r).weight;if(s+=h?f:-f,o=n,c=l,t.hasEdge(o,c)){var d=t.edge(n,l).cutvalue;s+=h?-d:d}}})),s}function d(t,e){arguments.length<2&&(e=t.nodes()[0]),p(t,{},1,e)}function p(t,e,n,i,a){var o=n,s=t.node(i);return e[i]=!0,r.forEach(t.neighbors(i),(function(a){r.has(e,a)||(n=p(t,e,n,a,i))})),s.low=o,s.lim=n++,a?s.parent=a:delete s.parent,n}function y(t){return r.find(t.edges(),(function(e){return t.edge(e).cutvalue<0}))}function g(t,e,n){var i=n.v,o=n.w;e.hasEdge(i,o)||(i=n.w,o=n.v);var s=t.node(i),c=t.node(o),u=s,l=!1;s.lim>c.lim&&(u=c,l=!0);var h=r.filter(e.edges(),(function(e){return l===m(t,t.node(e.v),u)&&l!==m(t,t.node(e.w),u)}));return r.minBy(h,(function(t){return a(e,t)}))}function v(t,e,n,i){var a=n.v,o=n.w;t.removeEdge(a,o),t.setEdge(i.v,i.w,{}),d(t),h(t,e),function(t,e){var n=r.find(t.nodes(),(function(t){return!e.node(t).parent})),i=s(t,n);i=i.slice(1),r.forEach(i,(function(n){var r=t.node(n).parent,i=e.edge(n,r),a=!1;i||(i=e.edge(r,n),a=!0),e.node(n).rank=e.node(r).rank+(a?i.minlen:-i.minlen)}))}(t,e)}function m(t,e,n){return n.low<=e.lim&&e.lim<=n.lim}t.exports=l,l.initLowLimValues=d,l.initCutValues=h,l.calcCutValue=f,l.leaveEdge=y,l.enterEdge=g,l.exchangeEdges=v},function(t,e,n){var r=n(4);t.exports=function(t){var e=function(t){var e={},n=0;function i(a){var o=n;r.forEach(t.children(a),i),e[a]={low:o,lim:n++}}return r.forEach(t.children(),i),e}(t);r.forEach(t.graph().dummyChains,(function(n){for(var r=t.node(n),i=r.edgeObj,a=function(t,e,n,r){var i,a,o=[],s=[],c=Math.min(e[n].low,e[r].low),u=Math.max(e[n].lim,e[r].lim);i=n;do{i=t.parent(i),o.push(i)}while(i&&(e[i].low>c||u>e[i].lim));a=i,i=r;for(;(i=t.parent(i))!==a;)s.push(i);return{path:o.concat(s.reverse()),lca:a}}(t,e,i.v,i.w),o=a.path,s=a.lca,c=0,u=o[c],l=!0;n!==i.w;){if(r=t.node(n),l){for(;(u=o[c])!==s&&t.node(u).maxRank<r.rank;)c++;u===s&&(l=!1)}if(!l){for(;c<o.length-1&&t.node(u=o[c+1]).minRank<=r.rank;)c++;u=o[c]}t.setParent(n,u),n=t.successors(n)[0]}}))}},function(t,e,n){var r=n(4),i=n(8);t.exports={run:function(t){var e=i.addDummyNode(t,"root",{},"_root"),n=function(t){var e={};return r.forEach(t.children(),(function(n){!function n(i,a){var o=t.children(i);o&&o.length&&r.forEach(o,(function(t){n(t,a+1)}));e[i]=a}(n,1)})),e}(t),a=r.max(r.values(n))-1,o=2*a+1;t.graph().nestingRoot=e,r.forEach(t.edges(),(function(e){t.edge(e).minlen*=o}));var s=function(t){return r.reduce(t.edges(),(function(e,n){return e+t.edge(n).weight}),0)}(t)+1;r.forEach(t.children(),(function(c){!function t(e,n,a,o,s,c,u){var l=e.children(u);if(!l.length)return void(u!==n&&e.setEdge(n,u,{weight:0,minlen:a}));var h=i.addBorderNode(e,"_bt"),f=i.addBorderNode(e,"_bb"),d=e.node(u);e.setParent(h,u),d.borderTop=h,e.setParent(f,u),d.borderBottom=f,r.forEach(l,(function(r){t(e,n,a,o,s,c,r);var i=e.node(r),l=i.borderTop?i.borderTop:r,d=i.borderBottom?i.borderBottom:r,p=i.borderTop?o:2*o,y=l!==d?1:s-c[u]+1;e.setEdge(h,l,{weight:p,minlen:y,nestingEdge:!0}),e.setEdge(d,f,{weight:p,minlen:y,nestingEdge:!0})})),e.parent(u)||e.setEdge(n,h,{weight:0,minlen:s+c[u]})}(t,e,o,s,a,n,c)})),t.graph().nodeRankFactor=o},cleanup:function(t){var e=t.graph();t.removeNode(e.nestingRoot),delete e.nestingRoot,r.forEach(t.edges(),(function(e){t.edge(e).nestingEdge&&t.removeEdge(e)}))}}},function(t,e,n){var r=n(4),i=n(8);function a(t,e,n,r,a,o){var s={width:0,height:0,rank:o,borderType:e},c=a[e][o-1],u=i.addDummyNode(t,"border",s,n);a[e][o]=u,t.setParent(u,r),c&&t.setEdge(c,u,{weight:1})}t.exports=function(t){r.forEach(t.children(),(function e(n){var i=t.children(n),o=t.node(n);if(i.length&&r.forEach(i,e),r.has(o,"minRank")){o.borderLeft=[],o.borderRight=[];for(var s=o.minRank,c=o.maxRank+1;s<c;++s)a(t,"borderLeft","_bl",n,o,s),a(t,"borderRight","_br",n,o,s)}}))}},function(t,e,n){"use strict";var r=n(4);function i(t){r.forEach(t.nodes(),(function(e){a(t.node(e))})),r.forEach(t.edges(),(function(e){a(t.edge(e))}))}function a(t){var e=t.width;t.width=t.height,t.height=e}function o(t){t.y=-t.y}function s(t){var e=t.x;t.x=t.y,t.y=e}t.exports={adjust:function(t){var e=t.graph().rankdir.toLowerCase();"lr"!==e&&"rl"!==e||i(t)},undo:function(t){var e=t.graph().rankdir.toLowerCase();"bt"!==e&&"rl"!==e||function(t){r.forEach(t.nodes(),(function(e){o(t.node(e))})),r.forEach(t.edges(),(function(e){var n=t.edge(e);r.forEach(n.points,o),r.has(n,"y")&&o(n)}))}(t);"lr"!==e&&"rl"!==e||(!function(t){r.forEach(t.nodes(),(function(e){s(t.node(e))})),r.forEach(t.edges(),(function(e){var n=t.edge(e);r.forEach(n.points,s),r.has(n,"x")&&s(n)}))}(t),i(t))}}},function(t,e,n){"use strict";var r=n(4),i=n(357),a=n(358),o=n(359),s=n(363),c=n(364),u=n(20).Graph,l=n(8);function h(t,e,n){return r.map(e,(function(e){return s(t,e,n)}))}function f(t,e){var n=new u;r.forEach(t,(function(t){var i=t.graph().root,a=o(t,i,n,e);r.forEach(a.vs,(function(e,n){t.node(e).order=n})),c(t,n,a.vs)}))}function d(t,e){r.forEach(e,(function(e){r.forEach(e,(function(e,n){t.node(e).order=n}))}))}t.exports=function(t){var e=l.maxRank(t),n=h(t,r.range(1,e+1),"inEdges"),o=h(t,r.range(e-1,-1,-1),"outEdges"),s=i(t);d(t,s);for(var c,u=Number.POSITIVE_INFINITY,p=0,y=0;y<4;++p,++y){f(p%2?n:o,p%4>=2),s=l.buildLayerMatrix(t);var g=a(t,s);g<u&&(y=0,c=r.cloneDeep(s),u=g)}d(t,c)}},function(t,e,n){"use strict";var r=n(4);t.exports=function(t){var e={},n=r.filter(t.nodes(),(function(e){return!t.children(e).length})),i=r.max(r.map(n,(function(e){return t.node(e).rank}))),a=r.map(r.range(i+1),(function(){return[]}));var o=r.sortBy(n,(function(e){return t.node(e).rank}));return r.forEach(o,(function n(i){if(r.has(e,i))return;e[i]=!0;var o=t.node(i);a[o.rank].push(i),r.forEach(t.successors(i),n)})),a}},function(t,e,n){"use strict";var r=n(4);function i(t,e,n){for(var i=r.zipObject(n,r.map(n,(function(t,e){return e}))),a=r.flatten(r.map(e,(function(e){return r.sortBy(r.map(t.outEdges(e),(function(e){return{pos:i[e.w],weight:t.edge(e).weight}})),"pos")})),!0),o=1;o<n.length;)o<<=1;var s=2*o-1;o-=1;var c=r.map(new Array(s),(function(){return 0})),u=0;return r.forEach(a.forEach((function(t){var e=t.pos+o;c[e]+=t.weight;for(var n=0;e>0;)e%2&&(n+=c[e+1]),c[e=e-1>>1]+=t.weight;u+=t.weight*n}))),u}t.exports=function(t,e){for(var n=0,r=1;r<e.length;++r)n+=i(t,e[r-1],e[r]);return n}},function(t,e,n){var r=n(4),i=n(360),a=n(361),o=n(362);t.exports=function t(e,n,s,c){var u=e.children(n),l=e.node(n),h=l?l.borderLeft:void 0,f=l?l.borderRight:void 0,d={};h&&(u=r.filter(u,(function(t){return t!==h&&t!==f})));var p=i(e,u);r.forEach(p,(function(n){if(e.children(n.v).length){var i=t(e,n.v,s,c);d[n.v]=i,r.has(i,"barycenter")&&(a=n,o=i,r.isUndefined(a.barycenter)?(a.barycenter=o.barycenter,a.weight=o.weight):(a.barycenter=(a.barycenter*a.weight+o.barycenter*o.weight)/(a.weight+o.weight),a.weight+=o.weight))}var a,o}));var y=a(p,s);!function(t,e){r.forEach(t,(function(t){t.vs=r.flatten(t.vs.map((function(t){return e[t]?e[t].vs:t})),!0)}))}(y,d);var g=o(y,c);if(h&&(g.vs=r.flatten([h,g.vs,f],!0),e.predecessors(h).length)){var v=e.node(e.predecessors(h)[0]),m=e.node(e.predecessors(f)[0]);r.has(g,"barycenter")||(g.barycenter=0,g.weight=0),g.barycenter=(g.barycenter*g.weight+v.order+m.order)/(g.weight+2),g.weight+=2}return g}},function(t,e,n){var r=n(4);t.exports=function(t,e){return r.map(e,(function(e){var n=t.inEdges(e);if(n.length){var i=r.reduce(n,(function(e,n){var r=t.edge(n),i=t.node(n.v);return{sum:e.sum+r.weight*i.order,weight:e.weight+r.weight}}),{sum:0,weight:0});return{v:e,barycenter:i.sum/i.weight,weight:i.weight}}return{v:e}}))}},function(t,e,n){"use strict";var r=n(4);t.exports=function(t,e){var n={};return r.forEach(t,(function(t,e){var i=n[t.v]={indegree:0,in:[],out:[],vs:[t.v],i:e};r.isUndefined(t.barycenter)||(i.barycenter=t.barycenter,i.weight=t.weight)})),r.forEach(e.edges(),(function(t){var e=n[t.v],i=n[t.w];r.isUndefined(e)||r.isUndefined(i)||(i.indegree++,e.out.push(n[t.w]))})),function(t){var e=[];function n(t){return function(e){e.merged||(r.isUndefined(e.barycenter)||r.isUndefined(t.barycenter)||e.barycenter>=t.barycenter)&&function(t,e){var n=0,r=0;t.weight&&(n+=t.barycenter*t.weight,r+=t.weight);e.weight&&(n+=e.barycenter*e.weight,r+=e.weight);t.vs=e.vs.concat(t.vs),t.barycenter=n/r,t.weight=r,t.i=Math.min(e.i,t.i),e.merged=!0}(t,e)}}function i(e){return function(n){n.in.push(e),0==--n.indegree&&t.push(n)}}for(;t.length;){var a=t.pop();e.push(a),r.forEach(a.in.reverse(),n(a)),r.forEach(a.out,i(a))}return r.map(r.filter(e,(function(t){return!t.merged})),(function(t){return r.pick(t,["vs","i","barycenter","weight"])}))}(r.filter(n,(function(t){return!t.indegree})))}},function(t,e,n){var r=n(4),i=n(8);function a(t,e,n){for(var i;e.length&&(i=r.last(e)).i<=n;)e.pop(),t.push(i.vs),n++;return n}t.exports=function(t,e){var n=i.partition(t,(function(t){return r.has(t,"barycenter")})),o=n.lhs,s=r.sortBy(n.rhs,(function(t){return-t.i})),c=[],u=0,l=0,h=0;o.sort((f=!!e,function(t,e){return t.barycenter<e.barycenter?-1:t.barycenter>e.barycenter?1:f?e.i-t.i:t.i-e.i})),h=a(c,s,h),r.forEach(o,(function(t){h+=t.vs.length,c.push(t.vs),u+=t.barycenter*t.weight,l+=t.weight,h=a(c,s,h)}));var f;var d={vs:r.flatten(c,!0)};l&&(d.barycenter=u/l,d.weight=l);return d}},function(t,e,n){var r=n(4),i=n(20).Graph;t.exports=function(t,e,n){var a=function(t){var e;for(;t.hasNode(e=r.uniqueId("_root")););return e}(t),o=new i({compound:!0}).setGraph({root:a}).setDefaultNodeLabel((function(e){return t.node(e)}));return r.forEach(t.nodes(),(function(i){var s=t.node(i),c=t.parent(i);(s.rank===e||s.minRank<=e&&e<=s.maxRank)&&(o.setNode(i),o.setParent(i,c||a),r.forEach(t[n](i),(function(e){var n=e.v===i?e.w:e.v,a=o.edge(n,i),s=r.isUndefined(a)?0:a.weight;o.setEdge(n,i,{weight:t.edge(e).weight+s})})),r.has(s,"minRank")&&o.setNode(i,{borderLeft:s.borderLeft[e],borderRight:s.borderRight[e]}))})),o}},function(t,e,n){var r=n(4);t.exports=function(t,e,n){var i,a={};r.forEach(n,(function(n){for(var r,o,s=t.parent(n);s;){if((r=t.parent(s))?(o=a[r],a[r]=s):(o=i,i=s),o&&o!==s)return void e.setEdge(o,s);s=r}}))}},function(t,e,n){"use strict";var r=n(4),i=n(8),a=n(366).positionX;t.exports=function(t){(function(t){var e=i.buildLayerMatrix(t),n=t.graph().ranksep,a=0;r.forEach(e,(function(e){var i=r.max(r.map(e,(function(e){return t.node(e).height})));r.forEach(e,(function(e){t.node(e).y=a+i/2})),a+=i+n}))})(t=i.asNonCompoundGraph(t)),r.forEach(a(t),(function(e,n){t.node(n).x=e}))}},function(t,e,n){"use strict";var r=n(4),i=n(20).Graph,a=n(8);function o(t,e){var n={};return r.reduce(e,(function(e,i){var a=0,o=0,s=e.length,u=r.last(i);return r.forEach(i,(function(e,l){var h=function(t,e){if(t.node(e).dummy)return r.find(t.predecessors(e),(function(e){return t.node(e).dummy}))}(t,e),f=h?t.node(h).order:s;(h||e===u)&&(r.forEach(i.slice(o,l+1),(function(e){r.forEach(t.predecessors(e),(function(r){var i=t.node(r),o=i.order;!(o<a||f<o)||i.dummy&&t.node(e).dummy||c(n,r,e)}))})),o=l+1,a=f)})),i})),n}function s(t,e){var n={};function i(e,i,a,o,s){var u;r.forEach(r.range(i,a),(function(i){u=e[i],t.node(u).dummy&&r.forEach(t.predecessors(u),(function(e){var r=t.node(e);r.dummy&&(r.order<o||r.order>s)&&c(n,e,u)}))}))}return r.reduce(e,(function(e,n){var a,o=-1,s=0;return r.forEach(n,(function(r,c){if("border"===t.node(r).dummy){var u=t.predecessors(r);u.length&&(a=t.node(u[0]).order,i(n,s,c,o,a),s=c,o=a)}i(n,s,n.length,a,e.length)})),n})),n}function c(t,e,n){if(e>n){var r=e;e=n,n=r}var i=t[e];i||(t[e]=i={}),i[n]=!0}function u(t,e,n){if(e>n){var i=e;e=n,n=i}return r.has(t[e],n)}function l(t,e,n,i){var a={},o={},s={};return r.forEach(e,(function(t){r.forEach(t,(function(t,e){a[t]=t,o[t]=t,s[t]=e}))})),r.forEach(e,(function(t){var e=-1;r.forEach(t,(function(t){var c=i(t);if(c.length)for(var l=((c=r.sortBy(c,(function(t){return s[t]}))).length-1)/2,h=Math.floor(l),f=Math.ceil(l);h<=f;++h){var d=c[h];o[t]===t&&e<s[d]&&!u(n,t,d)&&(o[d]=t,o[t]=a[t]=a[d],e=s[d])}}))})),{root:a,align:o}}function h(t,e,n,a,o){var s={},c=function(t,e,n,a){var o=new i,s=t.graph(),c=function(t,e,n){return function(i,a,o){var s,c=i.node(a),u=i.node(o),l=0;if(l+=c.width/2,r.has(c,"labelpos"))switch(c.labelpos.toLowerCase()){case"l":s=-c.width/2;break;case"r":s=c.width/2}if(s&&(l+=n?s:-s),s=0,l+=(c.dummy?e:t)/2,l+=(u.dummy?e:t)/2,l+=u.width/2,r.has(u,"labelpos"))switch(u.labelpos.toLowerCase()){case"l":s=u.width/2;break;case"r":s=-u.width/2}return s&&(l+=n?s:-s),s=0,l}}(s.nodesep,s.edgesep,a);return r.forEach(e,(function(e){var i;r.forEach(e,(function(e){var r=n[e];if(o.setNode(r),i){var a=n[i],s=o.edge(a,r);o.setEdge(a,r,Math.max(c(t,e,i),s||0))}i=e}))})),o}(t,e,n,o),u=o?"borderLeft":"borderRight";function l(t,e){for(var n=c.nodes(),r=n.pop(),i={};r;)i[r]?t(r):(i[r]=!0,n.push(r),n=n.concat(e(r))),r=n.pop()}return l((function(t){s[t]=c.inEdges(t).reduce((function(t,e){return Math.max(t,s[e.v]+c.edge(e))}),0)}),c.predecessors.bind(c)),l((function(e){var n=c.outEdges(e).reduce((function(t,e){return Math.min(t,s[e.w]-c.edge(e))}),Number.POSITIVE_INFINITY),r=t.node(e);n!==Number.POSITIVE_INFINITY&&r.borderType!==u&&(s[e]=Math.max(s[e],n))}),c.successors.bind(c)),r.forEach(a,(function(t){s[t]=s[n[t]]})),s}function f(t,e){return r.minBy(r.values(e),(function(e){var n=Number.NEGATIVE_INFINITY,i=Number.POSITIVE_INFINITY;return r.forIn(e,(function(e,r){var a=function(t,e){return t.node(e).width}(t,r)/2;n=Math.max(e+a,n),i=Math.min(e-a,i)})),n-i}))}function d(t,e){var n=r.values(e),i=r.min(n),a=r.max(n);r.forEach(["u","d"],(function(n){r.forEach(["l","r"],(function(o){var s,c=n+o,u=t[c];if(u!==e){var l=r.values(u);(s="l"===o?i-r.min(l):a-r.max(l))&&(t[c]=r.mapValues(u,(function(t){return t+s})))}}))}))}function p(t,e){return r.mapValues(t.ul,(function(n,i){if(e)return t[e.toLowerCase()][i];var a=r.sortBy(r.map(t,i));return(a[1]+a[2])/2}))}t.exports={positionX:function(t){var e,n=a.buildLayerMatrix(t),i=r.merge(o(t,n),s(t,n)),c={};r.forEach(["u","d"],(function(a){e="u"===a?n:r.values(n).reverse(),r.forEach(["l","r"],(function(n){"r"===n&&(e=r.map(e,(function(t){return r.values(t).reverse()})));var o=("u"===a?t.predecessors:t.successors).bind(t),s=l(t,e,i,o),u=h(t,e,s.root,s.align,"r"===n);"r"===n&&(u=r.mapValues(u,(function(t){return-t}))),c[a+n]=u}))}));var u=f(t,c);return d(c,u),p(c,t.graph().align)},findType1Conflicts:o,findType2Conflicts:s,addConflict:c,hasConflict:u,verticalAlignment:l,horizontalCompaction:h,alignCoordinates:d,findSmallestWidthAlignment:f,balance:p}},function(t,e,n){var r=n(4),i=n(8),a=n(20).Graph;t.exports={debugOrdering:function(t){var e=i.buildLayerMatrix(t),n=new a({compound:!0,multigraph:!0}).setGraph({});return r.forEach(t.nodes(),(function(e){n.setNode(e,{label:e}),n.setParent(e,"layer"+t.node(e).rank)})),r.forEach(t.edges(),(function(t){n.setEdge(t.v,t.w,{},t.name)})),r.forEach(e,(function(t,e){var i="layer"+e;n.setNode(i,{rank:"same"}),r.reduce(t,(function(t,e){return n.setEdge(t,e,{style:"invis"}),e}))})),n}}},function(t,e){t.exports="0.8.5"},function(t,e,n){t.exports={node:n(166),circle:n(167),ellipse:n(97),polygon:n(168),rect:n(169)}},function(t,e){function n(t,e){return t*e>0}t.exports=function(t,e,r,i){var a,o,s,c,u,l,h,f,d,p,y,g,v;if(a=e.y-t.y,s=t.x-e.x,u=e.x*t.y-t.x*e.y,d=a*r.x+s*r.y+u,p=a*i.x+s*i.y+u,0!==d&&0!==p&&n(d,p))return;if(o=i.y-r.y,c=r.x-i.x,l=i.x*r.y-r.x*i.y,h=o*t.x+c*t.y+l,f=o*e.x+c*e.y+l,0!==h&&0!==f&&n(h,f))return;if(0===(y=a*c-o*s))return;return g=Math.abs(y/2),{x:(v=s*l-c*u)<0?(v-g)/y:(v+g)/y,y:(v=o*u-a*l)<0?(v-g)/y:(v+g)/y}}},function(t,e,n){var r=n(44),i=n(31),a=n(154).layout;t.exports=function(){var t=n(372),e=n(375),i=n(376),u=n(377),l=n(378),h=n(379),f=n(380),d=n(381),p=n(382),y=function(n,y){!function(t){t.nodes().forEach((function(e){var n=t.node(e);r.has(n,"label")||t.children(e).length||(n.label=e),r.has(n,"paddingX")&&r.defaults(n,{paddingLeft:n.paddingX,paddingRight:n.paddingX}),r.has(n,"paddingY")&&r.defaults(n,{paddingTop:n.paddingY,paddingBottom:n.paddingY}),r.has(n,"padding")&&r.defaults(n,{paddingLeft:n.padding,paddingRight:n.padding,paddingTop:n.padding,paddingBottom:n.padding}),r.defaults(n,o),r.each(["paddingLeft","paddingRight","paddingTop","paddingBottom"],(function(t){n[t]=Number(n[t])})),r.has(n,"width")&&(n._prevWidth=n.width),r.has(n,"height")&&(n._prevHeight=n.height)})),t.edges().forEach((function(e){var n=t.edge(e);r.has(n,"label")||(n.label=""),r.defaults(n,s)}))}(y);var g=c(n,"output"),v=c(g,"clusters"),m=c(g,"edgePaths"),b=i(c(g,"edgeLabels"),y),_=t(c(g,"nodes"),y,d);a(y),l(_,y),h(b,y),u(m,y,p);var x=e(v,y);f(x,y),function(t){r.each(t.nodes(),(function(e){var n=t.node(e);r.has(n,"_prevWidth")?n.width=n._prevWidth:delete n.width,r.has(n,"_prevHeight")?n.height=n._prevHeight:delete n.height,delete n._prevWidth,delete n._prevHeight}))}(y)};return y.createNodes=function(e){return arguments.length?(t=e,y):t},y.createClusters=function(t){return arguments.length?(e=t,y):e},y.createEdgeLabels=function(t){return arguments.length?(i=t,y):i},y.createEdgePaths=function(t){return arguments.length?(u=t,y):u},y.shapes=function(t){return arguments.length?(d=t,y):d},y.arrows=function(t){return arguments.length?(p=t,y):p},y};var o={paddingLeft:10,paddingRight:10,paddingTop:10,paddingBottom:10,rx:0,ry:0,shape:"rect"},s={arrowhead:"normal",curve:i.curveLinear};function c(t,e){var n=t.select("g."+e);return n.empty()&&(n=t.append("g").attr("class",e)),n}},function(t,e,n){"use strict";var r=n(44),i=n(98),a=n(14),o=n(31);t.exports=function(t,e,n){var s,c=e.nodes().filter((function(t){return!a.isSubgraph(e,t)})),u=t.selectAll("g.node").data(c,(function(t){return t})).classed("update",!0);u.exit().remove(),u.enter().append("g").attr("class","node").style("opacity",0),(u=t.selectAll("g.node")).each((function(t){var s=e.node(t),c=o.select(this);a.applyClass(c,s.class,(c.classed("update")?"update ":"")+"node"),c.select("g.label").remove();var u=c.append("g").attr("class","label"),l=i(u,s),h=n[s.shape],f=r.pick(l.node().getBBox(),"width","height");s.elem=this,s.id&&c.attr("id",s.id),s.labelId&&u.attr("id",s.labelId),r.has(s,"width")&&(f.width=s.width),r.has(s,"height")&&(f.height=s.height),f.width+=s.paddingLeft+s.paddingRight,f.height+=s.paddingTop+s.paddingBottom,u.attr("transform","translate("+(s.paddingLeft-s.paddingRight)/2+","+(s.paddingTop-s.paddingBottom)/2+")");var d=o.select(this);d.select(".label-container").remove();var p=h(d,f,s).classed("label-container",!0);a.applyStyle(p,s.style);var y=p.node().getBBox();s.width=y.width,s.height=y.height})),s=u.exit?u.exit():u.selectAll(null);return a.applyTransition(s,e).style("opacity",0).remove(),u}},function(t,e,n){var r=n(14);t.exports=function(t,e){for(var n=t.append("text"),i=function(t){for(var e,n="",r=!1,i=0;i<t.length;++i)if(e=t[i],r){switch(e){case"n":n+="\n";break;default:n+=e}r=!1}else"\\"===e?r=!0:n+=e;return n}(e.label).split("\n"),a=0;a<i.length;a++)n.append("tspan").attr("xml:space","preserve").attr("dy","1em").attr("x","1").text(i[a]);return r.applyStyle(n,e.labelStyle),n}},function(t,e,n){var r=n(14);t.exports=function(t,e){var n=t;return n.node().appendChild(e.label),r.applyStyle(n,e.labelStyle),n}},function(t,e,n){var r=n(14),i=n(31),a=n(98);t.exports=function(t,e){var n,o=e.nodes().filter((function(t){return r.isSubgraph(e,t)})),s=t.selectAll("g.cluster").data(o,(function(t){return t}));s.selectAll("*").remove(),s.enter().append("g").attr("class","cluster").attr("id",(function(t){return e.node(t).id})).style("opacity",0),s=t.selectAll("g.cluster"),r.applyTransition(s,e).style("opacity",1),s.each((function(t){var n=e.node(t),r=i.select(this);i.select(this).append("rect");var o=r.append("g").attr("class","label");a(o,n,n.clusterLabelPos)})),s.selectAll("rect").each((function(t){var n=e.node(t),a=i.select(this);r.applyStyle(a,n.style)})),n=s.exit?s.exit():s.selectAll(null);return r.applyTransition(n,e).style("opacity",0).remove(),s}},function(t,e,n){"use strict";var r=n(44),i=n(98),a=n(14),o=n(31);t.exports=function(t,e){var n,s=t.selectAll("g.edgeLabel").data(e.edges(),(function(t){return a.edgeToId(t)})).classed("update",!0);s.exit().remove(),s.enter().append("g").classed("edgeLabel",!0).style("opacity",0),(s=t.selectAll("g.edgeLabel")).each((function(t){var n=o.select(this);n.select(".label").remove();var a=e.edge(t),s=i(n,e.edge(t),0,0).classed("label",!0),c=s.node().getBBox();a.labelId&&s.attr("id",a.labelId),r.has(a,"width")||(a.width=c.width),r.has(a,"height")||(a.height=c.height)})),n=s.exit?s.exit():s.selectAll(null);return a.applyTransition(n,e).style("opacity",0).remove(),s}},function(t,e,n){"use strict";var r=n(44),i=n(166),a=n(14),o=n(31);function s(t,e){var n=(o.line||o.svg.line)().x((function(t){return t.x})).y((function(t){return t.y}));return(n.curve||n.interpolate)(t.curve),n(e)}t.exports=function(t,e,n){var c=t.selectAll("g.edgePath").data(e.edges(),(function(t){return a.edgeToId(t)})).classed("update",!0),u=function(t,e){var n=t.enter().append("g").attr("class","edgePath").style("opacity",0);return n.append("path").attr("class","path").attr("d",(function(t){var n=e.edge(t),i=e.node(t.v).elem;return s(n,r.range(n.points.length).map((function(){return e=(t=i).getBBox(),{x:(n=t.ownerSVGElement.getScreenCTM().inverse().multiply(t.getScreenCTM()).translate(e.width/2,e.height/2)).e,y:n.f};var t,e,n})))})),n.append("defs"),n}(c,e);!function(t,e){var n=t.exit();a.applyTransition(n,e).style("opacity",0).remove()}(c,e);var l=void 0!==c.merge?c.merge(u):c;return a.applyTransition(l,e).style("opacity",1),l.each((function(t){var n=o.select(this),r=e.edge(t);r.elem=this,r.id&&n.attr("id",r.id),a.applyClass(n,r.class,(n.classed("update")?"update ":"")+"edgePath")})),l.selectAll("path.path").each((function(t){var n=e.edge(t);n.arrowheadId=r.uniqueId("arrowhead");var c=o.select(this).attr("marker-end",(function(){return"url("+(t=location.href,e=n.arrowheadId,t.split("#")[0]+"#"+e)+")";var t,e})).style("fill","none");a.applyTransition(c,e).attr("d",(function(t){return function(t,e){var n=t.edge(e),r=t.node(e.v),a=t.node(e.w),o=n.points.slice(1,n.points.length-1);return o.unshift(i(r,o[0])),o.push(i(a,o[o.length-1])),s(n,o)}(e,t)})),a.applyStyle(c,n.style)})),l.selectAll("defs *").remove(),l.selectAll("defs").each((function(t){var r=e.edge(t);(0,n[r.arrowhead])(o.select(this),r.arrowheadId,r,"arrowhead")})),l}},function(t,e,n){"use strict";var r=n(14),i=n(31);t.exports=function(t,e){function n(t){var n=e.node(t);return"translate("+n.x+","+n.y+")"}t.filter((function(){return!i.select(this).classed("update")})).attr("transform",n),r.applyTransition(t,e).style("opacity",1).attr("transform",n)}},function(t,e,n){"use strict";var r=n(14),i=n(31),a=n(44);t.exports=function(t,e){function n(t){var n=e.edge(t);return a.has(n,"x")?"translate("+n.x+","+n.y+")":""}t.filter((function(){return!i.select(this).classed("update")})).attr("transform",n),r.applyTransition(t,e).style("opacity",1).attr("transform",n)}},function(t,e,n){"use strict";var r=n(14),i=n(31);t.exports=function(t,e){var n=t.filter((function(){return!i.select(this).classed("update")}));function a(t){var n=e.node(t);return"translate("+n.x+","+n.y+")"}n.attr("transform",a),r.applyTransition(t,e).style("opacity",1).attr("transform",a),r.applyTransition(n.selectAll("rect"),e).attr("width",(function(t){return e.node(t).width})).attr("height",(function(t){return e.node(t).height})).attr("x",(function(t){return-e.node(t).width/2})).attr("y",(function(t){return-e.node(t).height/2}))}},function(t,e,n){"use strict";var r=n(169),i=n(97),a=n(167),o=n(168);t.exports={rect:function(t,e,n){var i=t.insert("rect",":first-child").attr("rx",n.rx).attr("ry",n.ry).attr("x",-e.width/2).attr("y",-e.height/2).attr("width",e.width).attr("height",e.height);return n.intersect=function(t){return r(n,t)},i},ellipse:function(t,e,n){var r=e.width/2,a=e.height/2,o=t.insert("ellipse",":first-child").attr("x",-e.width/2).attr("y",-e.height/2).attr("rx",r).attr("ry",a);return n.intersect=function(t){return i(n,r,a,t)},o},circle:function(t,e,n){var r=Math.max(e.width,e.height)/2,i=t.insert("circle",":first-child").attr("x",-e.width/2).attr("y",-e.height/2).attr("r",r);return n.intersect=function(t){return a(n,r,t)},i},diamond:function(t,e,n){var r=e.width*Math.SQRT2/2,i=e.height*Math.SQRT2/2,a=[{x:0,y:-i},{x:-r,y:0},{x:0,y:i},{x:r,y:0}],s=t.insert("polygon",":first-child").attr("points",a.map((function(t){return t.x+","+t.y})).join(" "));return n.intersect=function(t){return o(n,a,t)},s}}},function(t,e,n){var r=n(14);function i(t,e,n,i){var a=t.append("marker").attr("id",e).attr("viewBox","0 0 10 10").attr("refX",9).attr("refY",5).attr("markerUnits","strokeWidth").attr("markerWidth",8).attr("markerHeight",6).attr("orient","auto").append("path").attr("d","M 0 0 L 10 5 L 0 10 z").style("stroke-width",1).style("stroke-dasharray","1,0");r.applyStyle(a,n[i+"Style"]),n[i+"Class"]&&a.attr("class",n[i+"Class"])}t.exports={default:i,normal:i,vee:function(t,e,n,i){var a=t.append("marker").attr("id",e).attr("viewBox","0 0 10 10").attr("refX",9).attr("refY",5).attr("markerUnits","strokeWidth").attr("markerWidth",8).attr("markerHeight",6).attr("orient","auto").append("path").attr("d","M 0 0 L 10 5 L 0 10 L 4 5 z").style("stroke-width",1).style("stroke-dasharray","1,0");r.applyStyle(a,n[i+"Style"]),n[i+"Class"]&&a.attr("class",n[i+"Class"])},undirected:function(t,e,n,i){var a=t.append("marker").attr("id",e).attr("viewBox","0 0 10 10").attr("refX",9).attr("refY",5).attr("markerUnits","strokeWidth").attr("markerWidth",8).attr("markerHeight",6).attr("orient","auto").append("path").attr("d","M 0 5 L 10 5").style("stroke-width",1).style("stroke-dasharray","1,0");r.applyStyle(a,n[i+"Style"]),n[i+"Class"]&&a.attr("class",n[i+"Class"])}}},function(t,e){t.exports="0.6.4"},function(t,e,n){"use strict";var r;function i(t){return r=r||document.createElement("div"),t=escape(t).replace(/%26/g,"&").replace(/%23/g,"#").replace(/%3B/g,";"),r.innerHTML=t,unescape(r.textContent)}n.r(e);var a=n(23),o=n.n(a),s={debug:1,info:2,warn:3,error:4,fatal:5},c={debug:function(){},info:function(){},warn:function(){},error:function(){},fatal:function(){}},u=function(){var t=arguments.length>0&&void 0!==arguments[0]?arguments[0]:"fatal";isNaN(t)&&(t=t.toLowerCase(),void 0!==s[t]&&(t=s[t])),c.trace=function(){},c.debug=function(){},c.info=function(){},c.warn=function(){},c.error=function(){},c.fatal=function(){},t<=s.fatal&&(c.fatal=console.error?console.error.bind(console,l("FATAL"),"color: orange"):console.log.bind(console,"",l("FATAL"))),t<=s.error&&(c.error=console.error?console.error.bind(console,l("ERROR"),"color: orange"):console.log.bind(console,"",l("ERROR"))),t<=s.warn&&(c.warn=console.warn?console.warn.bind(console,l("WARN"),"color: orange"):console.log.bind(console,"",l("WARN"))),t<=s.info&&(c.info=console.info?console.info.bind(console,l("INFO"),"color: lightblue"):console.log.bind(console,"",l("INFO"))),t<=s.debug&&(c.debug=console.debug?console.debug.bind(console,l("DEBUG"),"color: lightgreen"):console.log.bind(console,"",l("DEBUG")))},l=function(t){var e=o()().format("ss.SSS");return"%c".concat(e," : ").concat(t," : ")},h=n(0),f=n(170),d=n.n(f),p=n(36),y=n(71),g=function(t){for(var e="",n=0;n>=0;){if(!((n=t.indexOf("<script"))>=0)){e+=t,n=-1;break}e+=t.substr(0,n),(n=(t=t.substr(n+1)).indexOf("<\/script>"))>=0&&(n+=9,t=t.substr(n))}return e},v=/<br\s*\/?>/gi,m=function(t){return t.replace(v,"#br#")},b=function(t){return t.replace(/#br#/g,"<br/>")},_={getRows:function(t){if(!t)return 1;var e=m(t);return(e=e.replace(/\\n/g,"#br#")).split("#br#")},sanitizeText:function(t,e){var n=t,r=!0;if(!e.flowchart||!1!==e.flowchart.htmlLabels&&"false"!==e.flowchart.htmlLabels||(r=!1),r){var i=e.securityLevel;"antiscript"===i?n=g(n):"loose"!==i&&(n=(n=(n=m(n)).replace(/</g,"&lt;").replace(/>/g,"&gt;")).replace(/=/g,"&equals;"),n=b(n))}return n},hasBreaks:function(t){return/<br\s*[/]?>/gi.test(t)},splitBreaks:function(t){return t.split(/<br\s*[/]?>/gi)},lineBreakRegex:v,removeScript:g,getUrl:function(t){var e="";return t&&(e=(e=(e=window.location.protocol+"//"+window.location.host+window.location.pathname+window.location.search).replace(/\(/g,"\\(")).replace(/\)/g,"\\)")),e}};function x(t,e){for(var n=0;n<e.length;n++){var r=e[n];r.enumerable=r.enumerable||!1,r.configurable=!0,"value"in r&&(r.writable=!0),Object.defineProperty(t,r.key,r)}}function k(t){return(k="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(t){return typeof t}:function(t){return t&&"function"==typeof Symbol&&t.constructor===Symbol&&t!==Symbol.prototype?"symbol":typeof t})(t)}function w(t){return function(t){if(Array.isArray(t)){for(var e=0,n=new Array(t.length);e<t.length;e++)n[e]=t[e];return n}}(t)||function(t){if(Symbol.iterator in Object(t)||"[object Arguments]"===Object.prototype.toString.call(t))return Array.from(t)}(t)||function(){throw new TypeError("Invalid attempt to spread non-iterable instance")}()}var E={curveBasis:h.curveBasis,curveBasisClosed:h.curveBasisClosed,curveBasisOpen:h.curveBasisOpen,curveLinear:h.curveLinear,curveLinearClosed:h.curveLinearClosed,curveMonotoneX:h.curveMonotoneX,curveMonotoneY:h.curveMonotoneY,curveNatural:h.curveNatural,curveStep:h.curveStep,curveStepAfter:h.curveStepAfter,curveStepBefore:h.curveStepBefore},T=/[%]{2}[{]\s*(?:(?:(\w+)\s*:|(\w+))\s*(?:(?:(\w+))|((?:(?![}][%]{2}).|\r?\n)*))?\s*)(?:[}][%]{2})?/gi,C=/\s*(?:(?:(\w+)(?=:):|(\w+))\s*(?:(?:(\w+))|((?:(?![}][%]{2}).|\r?\n)*))?\s*)(?:[}][%]{2})?/gi,S=/\s*%%.*\n/gm,A=function(t){var e=arguments.length>1&&void 0!==arguments[1]?arguments[1]:null;try{var n=new RegExp("[%]{2}(?![{]".concat(C.source,")(?=[}][%]{2}).*\n"),"ig");t=t.trim().replace(n,"").replace(/'/gm,'"'),c.debug("Detecting diagram directive".concat(null!==e?" type:"+e:""," based on the text:").concat(t));for(var r,i=[];null!==(r=T.exec(t));)if(r.index===T.lastIndex&&T.lastIndex++,r&&!e||e&&r[1]&&r[1].match(e)||e&&r[2]&&r[2].match(e)){var a=r[1]?r[1]:r[2],o=r[3]?r[3].trim():r[4]?JSON.parse(r[4].trim()):null;i.push({type:a,args:o})}return 0===i.length&&i.push({type:t,args:null}),1===i.length?i[0]:i}catch(n){return c.error("ERROR: ".concat(n.message," - Unable to parse directive\n      ").concat(null!==e?" type:"+e:""," based on the text:").concat(t)),{type:null,args:null}}},M=function(t){return t=t.replace(T,"").replace(S,"\n"),c.debug("Detecting diagram type based on the text "+t),t.match(/^\s*sequenceDiagram/)?"sequence":t.match(/^\s*gantt/)?"gantt":t.match(/^\s*classDiagram-v2/)?"classDiagram":t.match(/^\s*classDiagram/)?"class":t.match(/^\s*stateDiagram-v2/)?"stateDiagram":t.match(/^\s*stateDiagram/)?"state":t.match(/^\s*gitGraph/)?"git":t.match(/^\s*flowchart/)?"flowchart-v2":t.match(/^\s*info/)?"info":t.match(/^\s*pie/)?"pie":t.match(/^\s*erDiagram/)?"er":t.match(/^\s*journey/)?"journey":t.match(/^\s*requirement/)||t.match(/^\s*requirementDiagram/)?"requirement":"flowchart"},O=function(t,e){var n={};return function(){for(var r=arguments.length,i=new Array(r),a=0;a<r;a++)i[a]=arguments[a];var o=e?e.apply(void 0,i):i[0];if(o in n)return n[o];var s=t.apply(void 0,i);return n[o]=s,s}},N=function(t,e){if(!t)return e;var n="curve".concat(t.charAt(0).toUpperCase()+t.slice(1));return E[n]||e},D=function(t,e){return t&&e?Math.sqrt(Math.pow(e.x-t.x,2)+Math.pow(e.y-t.y,2)):0},B=function(t){for(var e="",n="",r=0;r<t.length;r++)void 0!==t[r]&&(t[r].startsWith("color:")||t[r].startsWith("text-align:")?n=n+t[r]+";":e=e+t[r]+";");return{style:e,labelStyle:n}},L=0,I=function(){return L++,"id-"+Math.random().toString(36).substr(2,12)+"-"+L};var R=function(t){return function(t){for(var e="",n="0123456789abcdef".length,r=0;r<t;r++)e+="0123456789abcdef".charAt(Math.floor(Math.random()*n));return e}(t.length)},F=function t(e,n,r){var i=Object.assign({depth:2,clobber:!1},r),a=i.depth,o=i.clobber;return Array.isArray(n)&&!Array.isArray(e)?(n.forEach((function(n){return t(e,n,r)})),e):Array.isArray(n)&&Array.isArray(e)?(n.forEach((function(t){-1===e.indexOf(t)&&e.push(t)})),e):void 0===e||a<=0?null!=e&&"object"===k(e)&&"object"===k(n)?Object.assign(e,n):n:(void 0!==n&&"object"===k(e)&&"object"===k(n)&&Object.keys(n).forEach((function(r){"object"!==k(n[r])||void 0!==e[r]&&"object"!==k(e[r])?(o||"object"!==k(e[r])&&"object"!==k(n[r]))&&(e[r]=n[r]):(void 0===e[r]&&(e[r]=Array.isArray(n[r])?[]:{}),e[r]=t(e[r],n[r],{depth:a-1,clobber:o}))})),e)},P=function(t,e){var n=e.text.replace(_.lineBreakRegex," "),r=t.append("text");r.attr("x",e.x),r.attr("y",e.y),r.style("text-anchor",e.anchor),r.style("font-family",e.fontFamily),r.style("font-size",e.fontSize),r.style("font-weight",e.fontWeight),r.attr("fill",e.fill),void 0!==e.class&&r.attr("class",e.class);var i=r.append("tspan");return i.attr("x",e.x+2*e.textMargin),i.attr("fill",e.fill),i.text(n),r},j=O((function(t,e,n){if(!t)return t;if(n=Object.assign({fontSize:12,fontWeight:400,fontFamily:"Arial",joinWith:"<br/>"},n),_.lineBreakRegex.test(t))return t;var r=t.split(" "),i=[],a="";return r.forEach((function(t,o){var s=z("".concat(t," "),n),c=z(a,n);if(s>e){var u=Y(t,e,"-",n),l=u.hyphenatedStrings,h=u.remainingWord;i.push.apply(i,[a].concat(w(l))),a=h}else c+s>=e?(i.push(a),a=t):a=[a,t].filter(Boolean).join(" ");o+1===r.length&&i.push(a)})),i.filter((function(t){return""!==t})).join(n.joinWith)}),(function(t,e,n){return"".concat(t,"-").concat(e,"-").concat(n.fontSize,"-").concat(n.fontWeight,"-").concat(n.fontFamily,"-").concat(n.joinWith)})),Y=O((function(t,e){var n=arguments.length>2&&void 0!==arguments[2]?arguments[2]:"-",r=arguments.length>3?arguments[3]:void 0;r=Object.assign({fontSize:12,fontWeight:400,fontFamily:"Arial",margin:0},r);var i=t.split(""),a=[],o="";return i.forEach((function(t,s){var c="".concat(o).concat(t);if(z(c,r)>=e){var u=s+1,l=i.length===u,h="".concat(c).concat(n);a.push(l?c:h),o=""}else o=c})),{hyphenatedStrings:a,remainingWord:o}}),(function(t,e){var n=arguments.length>2&&void 0!==arguments[2]?arguments[2]:"-",r=arguments.length>3?arguments[3]:void 0;return"".concat(t,"-").concat(e,"-").concat(n,"-").concat(r.fontSize,"-").concat(r.fontWeight,"-").concat(r.fontFamily)})),z=function(t,e){return e=Object.assign({fontSize:12,fontWeight:400,fontFamily:"Arial"},e),U(t,e).width},U=O((function(t,e){var n=e=Object.assign({fontSize:12,fontWeight:400,fontFamily:"Arial"},e),r=n.fontSize,i=n.fontFamily,a=n.fontWeight;if(!t)return{width:0,height:0};var o=["sans-serif",i],s=t.split(_.lineBreakRegex),c=[],u=Object(h.select)("body");if(!u.remove)return{width:0,height:0,lineHeight:0};for(var l=u.append("svg"),f=0,d=o;f<d.length;f++){var p=d[f],y=0,g={width:0,height:0,lineHeight:0},v=!0,m=!1,b=void 0;try{for(var x,k=s[Symbol.iterator]();!(v=(x=k.next()).done);v=!0){var w=x.value,E={x:0,y:0,fill:void 0,anchor:"start",style:"#666",width:100,height:100,textMargin:0,rx:0,ry:0,valign:void 0};E.text=w;var T=P(l,E).style("font-size",r).style("font-weight",a).style("font-family",p),C=(T._groups||T)[0][0].getBBox();g.width=Math.round(Math.max(g.width,C.width)),y=Math.round(C.height),g.height+=y,g.lineHeight=Math.round(Math.max(g.lineHeight,y))}}catch(t){m=!0,b=t}finally{try{v||null==k.return||k.return()}finally{if(m)throw b}}c.push(g)}return l.remove(),c[isNaN(c[1].height)||isNaN(c[1].width)||isNaN(c[1].lineHeight)||c[0].height>c[1].height&&c[0].width>c[1].width&&c[0].lineHeight>c[1].lineHeight?0:1]}),(function(t,e){return"".concat(t,"-").concat(e.fontSize,"-").concat(e.fontWeight,"-").concat(e.fontFamily)})),$=function(t,e,n){var r=new Map;return r.set("height",t),n?(r.set("width","100%"),r.set("style","max-width: ".concat(e,"px;"))):r.set("width",e),r},W=function(t,e,n,r){!function(t,e){var n=!0,r=!1,i=void 0;try{for(var a,o=e[Symbol.iterator]();!(n=(a=o.next()).done);n=!0){var s=a.value;t.attr(s[0],s[1])}}catch(t){r=!0,i=t}finally{try{n||null==o.return||o.return()}finally{if(r)throw i}}}(t,$(e,n,r))},V={assignWithDepth:F,wrapLabel:j,calculateTextHeight:function(t,e){return e=Object.assign({fontSize:12,fontWeight:400,fontFamily:"Arial",margin:15},e),U(t,e).height},calculateTextWidth:z,calculateTextDimensions:U,calculateSvgSizeAttrs:$,configureSvgSize:W,detectInit:function(t){var e=A(t,/(?:init\b)|(?:initialize\b)/),n={};if(Array.isArray(e)){var r=e.map((function(t){return t.args}));n=F(n,w(r))}else n=e.args;if(n){var i=M(t);["config"].forEach((function(t){void 0!==n[t]&&("flowchart-v2"===i&&(i="flowchart"),n[i]=n[t],delete n[t])}))}return n},detectDirective:A,detectType:M,isSubstringInArray:function(t,e){for(var n=0;n<e.length;n++)if(e[n].match(t))return n;return-1},interpolateToCurve:N,calcLabelPosition:function(t){return function(t){var e,n=0;t.forEach((function(t){n+=D(t,e),e=t}));var r=n/2,i=void 0;return e=void 0,t.forEach((function(t){if(e&&!i){var n=D(t,e);if(n<r)r-=n;else{var a=r/n;a<=0&&(i=e),a>=1&&(i={x:t.x,y:t.y}),a>0&&a<1&&(i={x:(1-a)*e.x+a*t.x,y:(1-a)*e.y+a*t.y})}}e=t})),i}(t)},calcCardinalityPosition:function(t,e,n){var r;c.info("our points",e),e[0]!==n&&(e=e.reverse()),e.forEach((function(t){D(t,r),r=t}));var i,a=25;r=void 0,e.forEach((function(t){if(r&&!i){var e=D(t,r);if(e<a)a-=e;else{var n=a/e;n<=0&&(i=r),n>=1&&(i={x:t.x,y:t.y}),n>0&&n<1&&(i={x:(1-n)*r.x+n*t.x,y:(1-n)*r.y+n*t.y})}}r=t}));var o=t?10:5,s=Math.atan2(e[0].y-i.y,e[0].x-i.x),u={x:0,y:0};return u.x=Math.sin(s)*o+(e[0].x+i.x)/2,u.y=-Math.cos(s)*o+(e[0].y+i.y)/2,u},calcTerminalLabelPosition:function(t,e,n){var r,i=JSON.parse(JSON.stringify(n));c.info("our points",i),"start_left"!==e&&"start_right"!==e&&(i=i.reverse()),i.forEach((function(t){D(t,r),r=t}));var a,o=25;r=void 0,i.forEach((function(t){if(r&&!a){var e=D(t,r);if(e<o)o-=e;else{var n=o/e;n<=0&&(a=r),n>=1&&(a={x:t.x,y:t.y}),n>0&&n<1&&(a={x:(1-n)*r.x+n*t.x,y:(1-n)*r.y+n*t.y})}}r=t}));var s=10,u=Math.atan2(i[0].y-a.y,i[0].x-a.x),l={x:0,y:0};return l.x=Math.sin(u)*s+(i[0].x+a.x)/2,l.y=-Math.cos(u)*s+(i[0].y+a.y)/2,"start_left"===e&&(l.x=Math.sin(u+Math.PI)*s+(i[0].x+a.x)/2,l.y=-Math.cos(u+Math.PI)*s+(i[0].y+a.y)/2),"end_right"===e&&(l.x=Math.sin(u-Math.PI)*s+(i[0].x+a.x)/2-5,l.y=-Math.cos(u-Math.PI)*s+(i[0].y+a.y)/2-5),"end_left"===e&&(l.x=Math.sin(u)*s+(i[0].x+a.x)/2-5,l.y=-Math.cos(u)*s+(i[0].y+a.y)/2-5),l},formatUrl:function(t,e){var n=t.trim();if(n)return"loose"!==e.securityLevel?Object(y.sanitizeUrl)(n):n},getStylesFromArray:B,generateId:I,random:R,memoize:O,runFunc:function(t){for(var e,n=t.split("."),r=n.length-1,i=n[r],a=window,o=0;o<r;o++)if(!(a=a[n[o]]))return;for(var s=arguments.length,c=new Array(s>1?s-1:0),u=1;u<s;u++)c[u-1]=arguments[u];(e=a)[i].apply(e,c)},initIdGeneratior:function(t,e){return t?new(function(){function t(){return function(t,e){if(!(t instanceof e))throw new TypeError("Cannot call a class as a function")}(this,t),this.count=e?e.length:0}var n,r,i;return n=t,(r=[{key:"next",value:function(){return this.count++}}])&&x(n.prototype,r),i&&x(n,i),t}()):{next:function(){return Date.now()}}}},q=n(1),H=function(t,e){return e?Object(q.adjust)(t,{s:-40,l:10}):Object(q.adjust)(t,{s:-40,l:-10})};function G(t){return(G="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(t){return typeof t}:function(t){return t&&"function"==typeof Symbol&&t.constructor===Symbol&&t!==Symbol.prototype?"symbol":typeof t})(t)}function X(t,e){for(var n=0;n<e.length;n++){var r=e[n];r.enumerable=r.enumerable||!1,r.configurable=!0,"value"in r&&(r.writable=!0),Object.defineProperty(t,r.key,r)}}var Z=function(){function t(){!function(t,e){if(!(t instanceof e))throw new TypeError("Cannot call a class as a function")}(this,t),this.background="#f4f4f4",this.darkMode=!1,this.primaryColor="#fff4dd",this.noteBkgColor="#fff5ad",this.noteTextColor="#333",this.fontFamily='"trebuchet ms", verdana, arial, sans-serif',this.fontSize="16px"}var e,n,r;return e=t,(n=[{key:"updateColors",value:function(){this.primaryTextColor=this.primaryTextColor||(this.darkMode?"#ddd":"#333"),this.secondaryColor=this.secondaryColor||Object(q.adjust)(this.primaryColor,{h:-120}),this.tertiaryColor=this.tertiaryColor||Object(q.adjust)(this.primaryColor,{h:180,l:5}),this.primaryBorderColor=this.primaryBorderColor||H(this.primaryColor,this.darkMode),this.secondaryBorderColor=this.secondaryBorderColor||H(this.secondaryColor,this.darkMode),this.tertiaryBorderColor=this.tertiaryBorderColor||H(this.tertiaryColor,this.darkMode),this.noteBorderColor=this.noteBorderColor||H(this.noteBkgColor,this.darkMode),this.secondaryTextColor=this.secondaryTextColor||Object(q.invert)(this.secondaryColor),this.tertiaryTextColor=this.tertiaryTextColor||Object(q.invert)(this.tertiaryColor),this.lineColor=this.lineColor||Object(q.invert)(this.background),this.textColor=this.textColor||this.primaryTextColor,this.nodeBkg=this.nodeBkg||this.primaryColor,this.mainBkg=this.mainBkg||this.primaryColor,this.nodeBorder=this.nodeBorder||this.primaryBorderColor,this.clusterBkg=this.clusterBkg||this.tertiaryColor,this.clusterBorder=this.clusterBorder||this.tertiaryBorderColor,this.defaultLinkColor=this.defaultLinkColor||this.lineColor,this.titleColor=this.titleColor||this.tertiaryTextColor,this.edgeLabelBackground=this.edgeLabelBackground||(this.darkMode?Object(q.darken)(this.secondaryColor,30):this.secondaryColor),this.nodeTextColor=this.nodeTextColor||this.primaryTextColor,this.actorBorder=this.actorBorder||this.primaryBorderColor,this.actorBkg=this.actorBkg||this.mainBkg,this.actorTextColor=this.actorTextColor||this.primaryTextColor,this.actorLineColor=this.actorLineColor||"grey",this.labelBoxBkgColor=this.labelBoxBkgColor||this.actorBkg,this.signalColor=this.signalColor||this.textColor,this.signalTextColor=this.signalTextColor||this.textColor,this.labelBoxBorderColor=this.labelBoxBorderColor||this.actorBorder,this.labelTextColor=this.labelTextColor||this.actorTextColor,this.loopTextColor=this.loopTextColor||this.actorTextColor,this.activationBorderColor=this.activationBorderColor||Object(q.darken)(this.secondaryColor,10),this.activationBkgColor=this.activationBkgColor||this.secondaryColor,this.sequenceNumberColor=this.sequenceNumberColor||Object(q.invert)(this.lineColor),this.sectionBkgColor=this.sectionBkgColor||this.tertiaryColor,this.altSectionBkgColor=this.altSectionBkgColor||"white",this.sectionBkgColor=this.sectionBkgColor||this.secondaryColor,this.sectionBkgColor2=this.sectionBkgColor2||this.primaryColor,this.taskBorderColor=this.taskBorderColor||this.primaryBorderColor,this.taskBkgColor=this.taskBkgColor||this.primaryColor,this.activeTaskBorderColor=this.activeTaskBorderColor||this.primaryColor,this.activeTaskBkgColor=this.activeTaskBkgColor||Object(q.lighten)(this.primaryColor,23),this.gridColor=this.gridColor||"lightgrey",this.doneTaskBkgColor=this.doneTaskBkgColor||"lightgrey",this.doneTaskBorderColor=this.doneTaskBorderColor||"grey",this.critBorderColor=this.critBorderColor||"#ff8888",this.critBkgColor=this.critBkgColor||"red",this.todayLineColor=this.todayLineColor||"red",this.taskTextColor=this.taskTextColor||this.textColor,this.taskTextOutsideColor=this.taskTextOutsideColor||this.textColor,this.taskTextLightColor=this.taskTextLightColor||this.textColor,this.taskTextColor=this.taskTextColor||this.primaryTextColor,this.taskTextDarkColor=this.taskTextDarkColor||this.textColor,this.taskTextClickableColor=this.taskTextClickableColor||"#003163",this.labelColor=this.labelColor||this.primaryTextColor,this.altBackground=this.altBackground||this.tertiaryColor,this.errorBkgColor=this.errorBkgColor||this.tertiaryColor,this.errorTextColor=this.errorTextColor||this.tertiaryTextColor,this.classText=this.classText||this.textColor,this.fillType0=this.fillType0||this.primaryColor,this.fillType1=this.fillType1||this.secondaryColor,this.fillType2=this.fillType2||Object(q.adjust)(this.primaryColor,{h:64}),this.fillType3=this.fillType3||Object(q.adjust)(this.secondaryColor,{h:64}),this.fillType4=this.fillType4||Object(q.adjust)(this.primaryColor,{h:-64}),this.fillType5=this.fillType5||Object(q.adjust)(this.secondaryColor,{h:-64}),this.fillType6=this.fillType6||Object(q.adjust)(this.primaryColor,{h:128}),this.fillType7=this.fillType7||Object(q.adjust)(this.secondaryColor,{h:128})}},{key:"calculate",value:function(t){var e=this;if("object"===G(t)){var n=Object.keys(t);n.forEach((function(n){e[n]=t[n]})),this.updateColors(),n.forEach((function(n){e[n]=t[n]}))}else this.updateColors()}}])&&X(e.prototype,n),r&&X(e,r),t}();function Q(t){return(Q="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(t){return typeof t}:function(t){return t&&"function"==typeof Symbol&&t.constructor===Symbol&&t!==Symbol.prototype?"symbol":typeof t})(t)}function K(t,e){for(var n=0;n<e.length;n++){var r=e[n];r.enumerable=r.enumerable||!1,r.configurable=!0,"value"in r&&(r.writable=!0),Object.defineProperty(t,r.key,r)}}var J=function(){function t(){!function(t,e){if(!(t instanceof e))throw new TypeError("Cannot call a class as a function")}(this,t),this.background="#333",this.primaryColor="#1f2020",this.secondaryColor=Object(q.lighten)(this.primaryColor,16),this.tertiaryColor=Object(q.adjust)(this.primaryColor,{h:-160}),this.primaryBorderColor=H(this.primaryColor,this.darkMode),this.secondaryBorderColor=H(this.secondaryColor,this.darkMode),this.tertiaryBorderColor=H(this.tertiaryColor,this.darkMode),this.primaryTextColor=Object(q.invert)(this.primaryColor),this.secondaryTextColor=Object(q.invert)(this.secondaryColor),this.tertiaryTextColor=Object(q.invert)(this.tertiaryColor),this.lineColor=Object(q.invert)(this.background),this.textColor=Object(q.invert)(this.background),this.mainBkg="#1f2020",this.secondBkg="calculated",this.mainContrastColor="lightgrey",this.darkTextColor=Object(q.lighten)(Object(q.invert)("#323D47"),10),this.lineColor="calculated",this.border1="#81B1DB",this.border2=Object(q.rgba)(255,255,255,.25),this.arrowheadColor="calculated",this.fontFamily='"trebuchet ms", verdana, arial, sans-serif',this.fontSize="16px",this.labelBackground="#181818",this.textColor="#ccc",this.nodeBkg="calculated",this.nodeBorder="calculated",this.clusterBkg="calculated",this.clusterBorder="calculated",this.defaultLinkColor="calculated",this.titleColor="#F9FFFE",this.edgeLabelBackground="calculated",this.actorBorder="calculated",this.actorBkg="calculated",this.actorTextColor="calculated",this.actorLineColor="calculated",this.signalColor="calculated",this.signalTextColor="calculated",this.labelBoxBkgColor="calculated",this.labelBoxBorderColor="calculated",this.labelTextColor="calculated",this.loopTextColor="calculated",this.noteBorderColor="calculated",this.noteBkgColor="#fff5ad",this.noteTextColor="calculated",this.activationBorderColor="calculated",this.activationBkgColor="calculated",this.sequenceNumberColor="black",this.sectionBkgColor=Object(q.darken)("#EAE8D9",30),this.altSectionBkgColor="calculated",this.sectionBkgColor2="#EAE8D9",this.taskBorderColor=Object(q.rgba)(255,255,255,70),this.taskBkgColor="calculated",this.taskTextColor="calculated",this.taskTextLightColor="calculated",this.taskTextOutsideColor="calculated",this.taskTextClickableColor="#003163",this.activeTaskBorderColor=Object(q.rgba)(255,255,255,50),this.activeTaskBkgColor="#81B1DB",this.gridColor="calculated",this.doneTaskBkgColor="calculated",this.doneTaskBorderColor="grey",this.critBorderColor="#E83737",this.critBkgColor="#E83737",this.taskTextDarkColor="calculated",this.todayLineColor="#DB5757",this.labelColor="calculated",this.errorBkgColor="#a44141",this.errorTextColor="#ddd"}var e,n,r;return e=t,(n=[{key:"updateColors",value:function(){this.secondBkg=Object(q.lighten)(this.mainBkg,16),this.lineColor=this.mainContrastColor,this.arrowheadColor=this.mainContrastColor,this.nodeBkg=this.mainBkg,this.nodeBorder=this.border1,this.clusterBkg=this.secondBkg,this.clusterBorder=this.border2,this.defaultLinkColor=this.lineColor,this.edgeLabelBackground=Object(q.lighten)(this.labelBackground,25),this.actorBorder=this.border1,this.actorBkg=this.mainBkg,this.actorTextColor=this.mainContrastColor,this.actorLineColor=this.mainContrastColor,this.signalColor=this.mainContrastColor,this.signalTextColor=this.mainContrastColor,this.labelBoxBkgColor=this.actorBkg,this.labelBoxBorderColor=this.actorBorder,this.labelTextColor=this.mainContrastColor,this.loopTextColor=this.mainContrastColor,this.noteBorderColor=this.border2,this.noteTextColor=this.mainBkg,this.activationBorderColor=this.border1,this.activationBkgColor=this.secondBkg,this.altSectionBkgColor=this.background,this.taskBkgColor=Object(q.lighten)(this.mainBkg,23),this.taskTextColor=this.darkTextColor,this.taskTextLightColor=this.mainContrastColor,this.taskTextOutsideColor=this.taskTextLightColor,this.gridColor=this.mainContrastColor,this.doneTaskBkgColor=this.mainContrastColor,this.taskTextDarkColor=this.darkTextColor,this.labelColor=this.textColor,this.altBackground=Object(q.lighten)(this.background,20),this.fillType0=this.primaryColor,this.fillType1=this.secondaryColor,this.fillType2=Object(q.adjust)(this.primaryColor,{h:64}),this.fillType3=Object(q.adjust)(this.secondaryColor,{h:64}),this.fillType4=Object(q.adjust)(this.primaryColor,{h:-64}),this.fillType5=Object(q.adjust)(this.secondaryColor,{h:-64}),this.fillType6=Object(q.adjust)(this.primaryColor,{h:128}),this.fillType7=Object(q.adjust)(this.secondaryColor,{h:128}),this.classText=this.primaryTextColor}},{key:"calculate",value:function(t){var e=this;if("object"===Q(t)){var n=Object.keys(t);n.forEach((function(n){e[n]=t[n]})),this.updateColors(),n.forEach((function(n){e[n]=t[n]}))}else this.updateColors()}}])&&K(e.prototype,n),r&&K(e,r),t}();function tt(t){return(tt="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(t){return typeof t}:function(t){return t&&"function"==typeof Symbol&&t.constructor===Symbol&&t!==Symbol.prototype?"symbol":typeof t})(t)}function et(t,e){for(var n=0;n<e.length;n++){var r=e[n];r.enumerable=r.enumerable||!1,r.configurable=!0,"value"in r&&(r.writable=!0),Object.defineProperty(t,r.key,r)}}var nt=function(){function t(){!function(t,e){if(!(t instanceof e))throw new TypeError("Cannot call a class as a function")}(this,t),this.background="#f4f4f4",this.primaryColor="#ECECFF",this.secondaryColor=Object(q.adjust)(this.primaryColor,{h:120}),this.secondaryColor="#ffffde",this.tertiaryColor=Object(q.adjust)(this.primaryColor,{h:-160}),this.primaryBorderColor=H(this.primaryColor,this.darkMode),this.secondaryBorderColor=H(this.secondaryColor,this.darkMode),this.tertiaryBorderColor=H(this.tertiaryColor,this.darkMode),this.primaryTextColor=Object(q.invert)(this.primaryColor),this.secondaryTextColor=Object(q.invert)(this.secondaryColor),this.tertiaryTextColor=Object(q.invert)(this.tertiaryColor),this.lineColor=Object(q.invert)(this.background),this.textColor=Object(q.invert)(this.background),this.background="white",this.mainBkg="#ECECFF",this.secondBkg="#ffffde",this.lineColor="#333333",this.border1="#9370DB",this.border2="#aaaa33",this.arrowheadColor="#333333",this.fontFamily='"trebuchet ms", verdana, arial, sans-serif',this.fontSize="16px",this.labelBackground="#e8e8e8",this.textColor="#333",this.nodeBkg="calculated",this.nodeBorder="calculated",this.clusterBkg="calculated",this.clusterBorder="calculated",this.defaultLinkColor="calculated",this.titleColor="calculated",this.edgeLabelBackground="calculated",this.actorBorder="calculated",this.actorBkg="calculated",this.actorTextColor="black",this.actorLineColor="grey",this.signalColor="calculated",this.signalTextColor="calculated",this.labelBoxBkgColor="calculated",this.labelBoxBorderColor="calculated",this.labelTextColor="calculated",this.loopTextColor="calculated",this.noteBorderColor="calculated",this.noteBkgColor="#fff5ad",this.noteTextColor="calculated",this.activationBorderColor="#666",this.activationBkgColor="#f4f4f4",this.sequenceNumberColor="white",this.sectionBkgColor="calculated",this.altSectionBkgColor="calculated",this.sectionBkgColor2="calculated",this.taskBorderColor="calculated",this.taskBkgColor="calculated",this.taskTextLightColor="calculated",this.taskTextColor=this.taskTextLightColor,this.taskTextDarkColor="calculated",this.taskTextOutsideColor=this.taskTextDarkColor,this.taskTextClickableColor="calculated",this.activeTaskBorderColor="calculated",this.activeTaskBkgColor="calculated",this.gridColor="calculated",this.doneTaskBkgColor="calculated",this.doneTaskBorderColor="calculated",this.critBorderColor="calculated",this.critBkgColor="calculated",this.todayLineColor="calculated",this.sectionBkgColor=Object(q.rgba)(102,102,255,.49),this.altSectionBkgColor="white",this.sectionBkgColor2="#fff400",this.taskBorderColor="#534fbc",this.taskBkgColor="#8a90dd",this.taskTextLightColor="white",this.taskTextColor="calculated",this.taskTextDarkColor="black",this.taskTextOutsideColor="calculated",this.taskTextClickableColor="#003163",this.activeTaskBorderColor="#534fbc",this.activeTaskBkgColor="#bfc7ff",this.gridColor="lightgrey",this.doneTaskBkgColor="lightgrey",this.doneTaskBorderColor="grey",this.critBorderColor="#ff8888",this.critBkgColor="red",this.todayLineColor="red",this.labelColor="black",this.errorBkgColor="#552222",this.errorTextColor="#552222",this.updateColors()}var e,n,r;return e=t,(n=[{key:"updateColors",value:function(){this.nodeBkg=this.mainBkg,this.nodeBorder=this.border1,this.clusterBkg=this.secondBkg,this.clusterBorder=this.border2,this.defaultLinkColor=this.lineColor,this.titleColor=this.textColor,this.edgeLabelBackground=this.labelBackground,this.actorBorder=Object(q.lighten)(this.border1,23),this.actorBkg=this.mainBkg,this.labelBoxBkgColor=this.actorBkg,this.signalColor=this.textColor,this.signalTextColor=this.textColor,this.labelBoxBorderColor=this.actorBorder,this.labelTextColor=this.actorTextColor,this.loopTextColor=this.actorTextColor,this.noteBorderColor=this.border2,this.noteTextColor=this.actorTextColor,this.taskTextColor=this.taskTextLightColor,this.taskTextOutsideColor=this.taskTextDarkColor,this.classText=this.primaryTextColor,this.fillType0=this.primaryColor,this.fillType1=this.secondaryColor,this.fillType2=Object(q.adjust)(this.primaryColor,{h:64}),this.fillType3=Object(q.adjust)(this.secondaryColor,{h:64}),this.fillType4=Object(q.adjust)(this.primaryColor,{h:-64}),this.fillType5=Object(q.adjust)(this.secondaryColor,{h:-64}),this.fillType6=Object(q.adjust)(this.primaryColor,{h:128}),this.fillType7=Object(q.adjust)(this.secondaryColor,{h:128})}},{key:"calculate",value:function(t){var e=this;if("object"===tt(t)){var n=Object.keys(t);n.forEach((function(n){e[n]=t[n]})),this.updateColors(),n.forEach((function(n){e[n]=t[n]}))}else this.updateColors()}}])&&et(e.prototype,n),r&&et(e,r),t}();function rt(t){return(rt="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(t){return typeof t}:function(t){return t&&"function"==typeof Symbol&&t.constructor===Symbol&&t!==Symbol.prototype?"symbol":typeof t})(t)}function it(t,e){for(var n=0;n<e.length;n++){var r=e[n];r.enumerable=r.enumerable||!1,r.configurable=!0,"value"in r&&(r.writable=!0),Object.defineProperty(t,r.key,r)}}var at=function(){function t(){!function(t,e){if(!(t instanceof e))throw new TypeError("Cannot call a class as a function")}(this,t),this.background="#f4f4f4",this.primaryColor="#cde498",this.secondaryColor="#cdffb2",this.background="white",this.mainBkg="#cde498",this.secondBkg="#cdffb2",this.lineColor="green",this.border1="#13540c",this.border2="#6eaa49",this.arrowheadColor="green",this.fontFamily='"trebuchet ms", verdana, arial, sans-serif',this.fontSize="16px",this.tertiaryColor=Object(q.lighten)("#cde498",10),this.primaryBorderColor=H(this.primaryColor,this.darkMode),this.secondaryBorderColor=H(this.secondaryColor,this.darkMode),this.tertiaryBorderColor=H(this.tertiaryColor,this.darkMode),this.primaryTextColor=Object(q.invert)(this.primaryColor),this.secondaryTextColor=Object(q.invert)(this.secondaryColor),this.tertiaryTextColor=Object(q.invert)(this.primaryColor),this.lineColor=Object(q.invert)(this.background),this.textColor=Object(q.invert)(this.background),this.nodeBkg="calculated",this.nodeBorder="calculated",this.clusterBkg="calculated",this.clusterBorder="calculated",this.defaultLinkColor="calculated",this.titleColor="#333",this.edgeLabelBackground="#e8e8e8",this.actorBorder="calculated",this.actorBkg="calculated",this.actorTextColor="black",this.actorLineColor="grey",this.signalColor="#333",this.signalTextColor="#333",this.labelBoxBkgColor="calculated",this.labelBoxBorderColor="#326932",this.labelTextColor="calculated",this.loopTextColor="calculated",this.noteBorderColor="calculated",this.noteBkgColor="#fff5ad",this.noteTextColor="calculated",this.activationBorderColor="#666",this.activationBkgColor="#f4f4f4",this.sequenceNumberColor="white",this.sectionBkgColor="#6eaa49",this.altSectionBkgColor="white",this.sectionBkgColor2="#6eaa49",this.taskBorderColor="calculated",this.taskBkgColor="#487e3a",this.taskTextLightColor="white",this.taskTextColor="calculated",this.taskTextDarkColor="black",this.taskTextOutsideColor="calculated",this.taskTextClickableColor="#003163",this.activeTaskBorderColor="calculated",this.activeTaskBkgColor="calculated",this.gridColor="lightgrey",this.doneTaskBkgColor="lightgrey",this.doneTaskBorderColor="grey",this.critBorderColor="#ff8888",this.critBkgColor="red",this.todayLineColor="red",this.labelColor="black",this.errorBkgColor="#552222",this.errorTextColor="#552222"}var e,n,r;return e=t,(n=[{key:"updateColors",value:function(){this.nodeBkg=this.mainBkg,this.nodeBorder=this.border1,this.clusterBkg=this.secondBkg,this.clusterBorder=this.border2,this.defaultLinkColor=this.lineColor,this.actorBorder=Object(q.darken)(this.mainBkg,20),this.actorBkg=this.mainBkg,this.labelBoxBkgColor=this.actorBkg,this.labelTextColor=this.actorTextColor,this.loopTextColor=this.actorTextColor,this.noteBorderColor=this.border2,this.noteTextColor=this.actorTextColor,this.taskBorderColor=this.border1,this.taskTextColor=this.taskTextLightColor,this.taskTextOutsideColor=this.taskTextDarkColor,this.activeTaskBorderColor=this.taskBorderColor,this.activeTaskBkgColor=this.mainBkg,this.classText=this.primaryTextColor,this.fillType0=this.primaryColor,this.fillType1=this.secondaryColor,this.fillType2=Object(q.adjust)(this.primaryColor,{h:64}),this.fillType3=Object(q.adjust)(this.secondaryColor,{h:64}),this.fillType4=Object(q.adjust)(this.primaryColor,{h:-64}),this.fillType5=Object(q.adjust)(this.secondaryColor,{h:-64}),this.fillType6=Object(q.adjust)(this.primaryColor,{h:128}),this.fillType7=Object(q.adjust)(this.secondaryColor,{h:128})}},{key:"calculate",value:function(t){var e=this;if("object"===rt(t)){var n=Object.keys(t);n.forEach((function(n){e[n]=t[n]})),this.updateColors(),n.forEach((function(n){e[n]=t[n]}))}else this.updateColors()}}])&&it(e.prototype,n),r&&it(e,r),t}();function ot(t){return(ot="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(t){return typeof t}:function(t){return t&&"function"==typeof Symbol&&t.constructor===Symbol&&t!==Symbol.prototype?"symbol":typeof t})(t)}function st(t,e){for(var n=0;n<e.length;n++){var r=e[n];r.enumerable=r.enumerable||!1,r.configurable=!0,"value"in r&&(r.writable=!0),Object.defineProperty(t,r.key,r)}}var ct=function(){function t(){!function(t,e){if(!(t instanceof e))throw new TypeError("Cannot call a class as a function")}(this,t),this.primaryColor="#eee",this.contrast="#707070",this.secondaryColor=Object(q.lighten)(this.contrast,55),this.background="#ffffff",this.tertiaryColor=Object(q.adjust)(this.primaryColor,{h:-160}),this.primaryBorderColor=H(this.primaryColor,this.darkMode),this.secondaryBorderColor=H(this.secondaryColor,this.darkMode),this.tertiaryBorderColor=H(this.tertiaryColor,this.darkMode),this.primaryTextColor=Object(q.invert)(this.primaryColor),this.secondaryTextColor=Object(q.invert)(this.secondaryColor),this.tertiaryTextColor=Object(q.invert)(this.tertiaryColor),this.lineColor=Object(q.invert)(this.background),this.textColor=Object(q.invert)(this.background),this.altBackground=Object(q.lighten)(this.contrast,55),this.mainBkg="#eee",this.secondBkg="calculated",this.lineColor="#666",this.border1="#999",this.border2="calculated",this.note="#ffa",this.text="#333",this.critical="#d42",this.done="#bbb",this.arrowheadColor="#333333",this.fontFamily='"trebuchet ms", verdana, arial, sans-serif',this.fontSize="16px",this.nodeBkg="calculated",this.nodeBorder="calculated",this.clusterBkg="calculated",this.clusterBorder="calculated",this.defaultLinkColor="calculated",this.titleColor="calculated",this.edgeLabelBackground="white",this.actorBorder="calculated",this.actorBkg="calculated",this.actorTextColor="calculated",this.actorLineColor="calculated",this.signalColor="calculated",this.signalTextColor="calculated",this.labelBoxBkgColor="calculated",this.labelBoxBorderColor="calculated",this.labelTextColor="calculated",this.loopTextColor="calculated",this.noteBorderColor="calculated",this.noteBkgColor="calculated",this.noteTextColor="calculated",this.activationBorderColor="#666",this.activationBkgColor="#f4f4f4",this.sequenceNumberColor="white",this.sectionBkgColor="calculated",this.altSectionBkgColor="white",this.sectionBkgColor2="calculated",this.taskBorderColor="calculated",this.taskBkgColor="calculated",this.taskTextLightColor="white",this.taskTextColor="calculated",this.taskTextDarkColor="calculated",this.taskTextOutsideColor="calculated",this.taskTextClickableColor="#003163",this.activeTaskBorderColor="calculated",this.activeTaskBkgColor="calculated",this.gridColor="calculated",this.doneTaskBkgColor="calculated",this.doneTaskBorderColor="calculated",this.critBkgColor="calculated",this.critBorderColor="calculated",this.todayLineColor="calculated",this.labelColor="black",this.errorBkgColor="#552222",this.errorTextColor="#552222"}var e,n,r;return e=t,(n=[{key:"updateColors",value:function(){this.secondBkg=Object(q.lighten)(this.contrast,55),this.border2=this.contrast,this.nodeBkg=this.mainBkg,this.nodeBorder=this.border1,this.clusterBkg=this.secondBkg,this.clusterBorder=this.border2,this.defaultLinkColor=this.lineColor,this.titleColor=this.text,this.actorBorder=Object(q.lighten)(this.border1,23),this.actorBkg=this.mainBkg,this.actorTextColor=this.text,this.actorLineColor=this.lineColor,this.signalColor=this.text,this.signalTextColor=this.text,this.labelBoxBkgColor=this.actorBkg,this.labelBoxBorderColor=this.actorBorder,this.labelTextColor=this.text,this.loopTextColor=this.text,this.noteBorderColor=Object(q.darken)(this.note,60),this.noteBkgColor=this.note,this.noteTextColor=this.actorTextColor,this.sectionBkgColor=Object(q.lighten)(this.contrast,30),this.sectionBkgColor2=Object(q.lighten)(this.contrast,30),this.taskBorderColor=Object(q.darken)(this.contrast,10),this.taskBkgColor=this.contrast,this.taskTextColor=this.taskTextLightColor,this.taskTextDarkColor=this.text,this.taskTextOutsideColor=this.taskTextDarkColor,this.activeTaskBorderColor=this.taskBorderColor,this.activeTaskBkgColor=this.mainBkg,this.gridColor=Object(q.lighten)(this.border1,30),this.doneTaskBkgColor=this.done,this.doneTaskBorderColor=this.lineColor,this.critBkgColor=this.critical,this.critBorderColor=Object(q.darken)(this.critBkgColor,10),this.todayLineColor=this.critBkgColor,this.classText=this.primaryTextColor,this.fillType0=this.primaryColor,this.fillType1=this.secondaryColor,this.fillType2=Object(q.adjust)(this.primaryColor,{h:64}),this.fillType3=Object(q.adjust)(this.secondaryColor,{h:64}),this.fillType4=Object(q.adjust)(this.primaryColor,{h:-64}),this.fillType5=Object(q.adjust)(this.secondaryColor,{h:-64}),this.fillType6=Object(q.adjust)(this.primaryColor,{h:128}),this.fillType7=Object(q.adjust)(this.secondaryColor,{h:128})}},{key:"calculate",value:function(t){var e=this;if("object"===ot(t)){var n=Object.keys(t);n.forEach((function(n){e[n]=t[n]})),this.updateColors(),n.forEach((function(n){e[n]=t[n]}))}else this.updateColors()}}])&&st(e.prototype,n),r&&st(e,r),t}(),ut={base:{getThemeVariables:function(t){var e=new Z;return e.calculate(t),e}},dark:{getThemeVariables:function(t){var e=new J;return e.calculate(t),e}},default:{getThemeVariables:function(t){var e=new nt;return e.calculate(t),e}},forest:{getThemeVariables:function(t){var e=new at;return e.calculate(t),e}},neutral:{getThemeVariables:function(t){var e=new ct;return e.calculate(t),e}}},lt={theme:"default",themeVariables:ut.default.getThemeVariables(),themeCSS:void 0,maxTextSize:5e4,fontFamily:'"trebuchet ms", verdana, arial, sans-serif;',logLevel:5,securityLevel:"strict",startOnLoad:!0,arrowMarkerAbsolute:!1,secure:["secure","securityLevel","startOnLoad","maxTextSize"],deterministicIds:!1,deterministicIDSeed:void 0,flowchart:{diagramPadding:8,htmlLabels:!0,nodeSpacing:50,rankSpacing:50,curve:"natural",padding:15,useMaxWidth:!0},sequence:{activationWidth:10,diagramMarginX:50,diagramMarginY:10,actorMargin:50,width:150,height:65,boxMargin:10,boxTextMargin:5,noteMargin:10,messageMargin:35,messageAlign:"center",mirrorActors:!0,bottomMarginAdj:1,useMaxWidth:!0,rightAngles:!1,showSequenceNumbers:!1,actorFontSize:14,actorFontFamily:'"Open-Sans", "sans-serif"',actorFontWeight:400,noteFontSize:14,noteFontFamily:'"trebuchet ms", verdana, arial, sans-serif',noteFontWeight:400,noteAlign:"center",messageFontSize:16,messageFontFamily:'"trebuchet ms", verdana, arial, sans-serif',messageFontWeight:400,wrap:!1,wrapPadding:10,labelBoxWidth:50,labelBoxHeight:20,messageFont:function(){return{fontFamily:this.messageFontFamily,fontSize:this.messageFontSize,fontWeight:this.messageFontWeight}},noteFont:function(){return{fontFamily:this.noteFontFamily,fontSize:this.noteFontSize,fontWeight:this.noteFontWeight}},actorFont:function(){return{fontFamily:this.actorFontFamily,fontSize:this.actorFontSize,fontWeight:this.actorFontWeight}}},gantt:{titleTopMargin:25,barHeight:20,barGap:4,topPadding:50,rightPadding:75,leftPadding:75,gridLineStartPadding:35,fontSize:11,sectionFontSize:11,numberSectionStyles:4,axisFormat:"%Y-%m-%d",useMaxWidth:!0,useWidth:void 0},journey:{diagramMarginX:50,diagramMarginY:10,leftMargin:150,width:150,height:50,boxMargin:10,boxTextMargin:5,noteMargin:10,messageMargin:35,messageAlign:"center",bottomMarginAdj:1,useMaxWidth:!0,rightAngles:!1,taskFontSize:14,taskFontFamily:'"Open-Sans", "sans-serif"',taskMargin:50,activationWidth:10,textPlacement:"fo",actorColours:["#8FBC8F","#7CFC00","#00FFFF","#20B2AA","#B0E0E6","#FFFFE0"],sectionFills:["#191970","#8B008B","#4B0082","#2F4F4F","#800000","#8B4513","#00008B"],sectionColours:["#fff"]},class:{arrowMarkerAbsolute:!1,useMaxWidth:!0},git:{arrowMarkerAbsolute:!1,useWidth:void 0,useMaxWidth:!0},state:{dividerMargin:10,sizeUnit:5,padding:8,textHeight:10,titleShift:-15,noteMargin:10,forkWidth:70,forkHeight:7,miniPadding:2,fontSizeFactor:5.02,fontSize:24,labelHeight:16,edgeLengthFactor:"20",compositTitleSize:35,radius:5,useMaxWidth:!0},er:{diagramPadding:20,layoutDirection:"TB",minEntityWidth:100,minEntityHeight:75,entityPadding:15,stroke:"gray",fill:"honeydew",fontSize:12,useMaxWidth:!0},pie:{useWidth:void 0,useMaxWidth:!0},requirement:{useWidth:void 0,useMaxWidth:!0,rect_fill:"#f9f9f9",text_color:"#333",rect_border_size:"0.5px",rect_border_color:"#bbb",rect_min_width:200,rect_min_height:200,fontSize:14,rect_padding:10,line_height:20}};lt.class.arrowMarkerAbsolute=lt.arrowMarkerAbsolute,lt.git.arrowMarkerAbsolute=lt.arrowMarkerAbsolute;var ht=lt;function ft(t){return(ft="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(t){return typeof t}:function(t){return t&&"function"==typeof Symbol&&t.constructor===Symbol&&t!==Symbol.prototype?"symbol":typeof t})(t)}var dt,pt=Object.freeze(ht),yt=F({},pt),gt=[],vt=F({},pt),mt=function(t,e){for(var n=F({},t),r={},i=0;i<e.length;i++){var a=e[i];xt(a),r=F(r,a)}if(n=F(n,r),r.theme){var o=F({},dt),s=F(o.themeVariables||{},r.themeVariables);n.themeVariables=ut[n.theme].getThemeVariables(s)}return vt=n,n},bt=function(){return F({},yt)},_t=function(){return F({},vt)},xt=function t(e){Object.keys(yt.secure).forEach((function(t){void 0!==e[yt.secure[t]]&&(c.debug("Denied attempt to modify a secure key ".concat(yt.secure[t]),e[yt.secure[t]]),delete e[yt.secure[t]])})),Object.keys(e).forEach((function(t){0===t.indexOf("__")&&delete e[t]})),Object.keys(e).forEach((function(n){"string"==typeof e[n]&&(e[n].indexOf("<")>-1||e[n].indexOf(">")>-1||e[n].indexOf("url(data:")>-1)&&delete e[n],"object"===ft(e[n])&&t(e[n])}))},kt=function(t){t.fontFamily&&(t.themeVariables&&t.themeVariables.fontFamily||(t.themeVariables={fontFamily:t.fontFamily})),gt.push(t),mt(yt,gt)},wt=function(){mt(yt,gt=[])};function Et(t){return function(t){if(Array.isArray(t)){for(var e=0,n=new Array(t.length);e<t.length;e++)n[e]=t[e];return n}}(t)||function(t){if(Symbol.iterator in Object(t)||"[object Arguments]"===Object.prototype.toString.call(t))return Array.from(t)}(t)||function(){throw new TypeError("Invalid attempt to spread non-iterable instance")}()}var Tt=[],Ct={},St=0,At=[],Mt=function(t){var e="",n=t;if(t.indexOf("~")>0){var r=t.split("~");n=r[0],e=r[1]}return{className:n,type:e}},Ot=function(t){var e=Mt(t);void 0===Ct[e.className]&&(Ct[e.className]={id:e.className,type:e.type,cssClasses:[],methods:[],members:[],annotations:[],domId:"classid-"+e.className+"-"+St},St++)},Nt=function(t){for(var e=Object.keys(Ct),n=0;n<e.length;n++)if(Ct[e[n]].id===t)return Ct[e[n]].domId},Dt=function(t,e){var n=Mt(t).className,r=Ct[n];if("string"==typeof e){var i=e.trim();i.startsWith("<<")&&i.endsWith(">>")?r.annotations.push(i.substring(2,i.length-2)):i.indexOf(")")>0?r.methods.push(i):i&&r.members.push(i)}},Bt=function(t,e){t.split(",").forEach((function(t){var n=t;t[0].match(/\d/)&&(n="classid-"+n),void 0!==Ct[n]&&Ct[n].cssClasses.push(e)}))},Lt=function(t,e,n){var r=_t(),i=t,a=Nt(i);if("loose"===r.securityLevel&&void 0!==e&&void 0!==Ct[i]){var o=[];if("string"==typeof n){o=n.split(/,(?=(?:(?:[^"]*"){2})*[^"]*$)/);for(var s=0;s<o.length;s++){var c=o[s].trim();'"'===c.charAt(0)&&'"'===c.charAt(c.length-1)&&(c=c.substr(1,c.length-2)),o[s]=c}}0===o.length&&o.push(a),At.push((function(){var t=document.querySelector('[id="'.concat(a,'"]'));null!==t&&t.addEventListener("click",(function(){V.runFunc.apply(V,[e].concat(Et(o)))}),!1)}))}},It={AGGREGATION:0,EXTENSION:1,COMPOSITION:2,DEPENDENCY:3},Rt=function(t){var e=Object(h.select)(".mermaidTooltip");null===(e._groups||e)[0][0]&&(e=Object(h.select)("body").append("div").attr("class","mermaidTooltip").style("opacity",0)),Object(h.select)(t).select("svg").selectAll("g.node").on("mouseover",(function(){var t=Object(h.select)(this);if(null!==t.attr("title")){var n=this.getBoundingClientRect();e.transition().duration(200).style("opacity",".9"),e.html(t.attr("title")).style("left",window.scrollX+n.left+(n.right-n.left)/2+"px").style("top",window.scrollY+n.top-14+document.body.scrollTop+"px"),t.classed("hover",!0)}})).on("mouseout",(function(){e.transition().duration(500).style("opacity",0),Object(h.select)(this).classed("hover",!1)}))};At.push(Rt);var Ft={parseDirective:function(t,e,n){fs.parseDirective(this,t,e,n)},getConfig:function(){return _t().class},addClass:Ot,bindFunctions:function(t){At.forEach((function(e){e(t)}))},clear:function(){Tt=[],Ct={},(At=[]).push(Rt)},getClass:function(t){return Ct[t]},getClasses:function(){return Ct},addAnnotation:function(t,e){var n=Mt(t).className;Ct[n].annotations.push(e)},getRelations:function(){return Tt},addRelation:function(t){c.debug("Adding relation: "+JSON.stringify(t)),Ot(t.id1),Ot(t.id2),t.id1=Mt(t.id1).className,t.id2=Mt(t.id2).className,Tt.push(t)},addMember:Dt,addMembers:function(t,e){Array.isArray(e)&&(e.reverse(),e.forEach((function(e){return Dt(t,e)})))},cleanupLabel:function(t){return":"===t.substring(0,1)?t.substr(1).trim():t.trim()},lineType:{LINE:0,DOTTED_LINE:1},relationType:It,setClickEvent:function(t,e,n){t.split(",").forEach((function(t){Lt(t,e,n),Ct[t].haveCallback=!0})),Bt(t,"clickable")},setCssClass:Bt,setLink:function(t,e,n){var r=_t();t.split(",").forEach((function(t){var i=t;t[0].match(/\d/)&&(i="classid-"+i),void 0!==Ct[i]&&(Ct[i].link=V.formatUrl(e,r),Ct[i].linkTarget="string"==typeof n?n:"_blank")})),Bt(t,"clickable")},setTooltip:function(t,e){var n=_t();t.split(",").forEach((function(t){void 0!==e&&(Ct[t].tooltip=_.sanitizeText(e,n))}))},lookUpDomId:Nt},Pt=n(9),jt=n.n(Pt),Yt=n(3),zt=n.n(Yt),Ut=n(15),$t=n.n(Ut),Wt=0,Vt=function(t){var e=t.match(/(\+|-|~|#)?(\w+)(~\w+~|\[\])?\s+(\w+)/),n=t.match(/^([+|\-|~|#])?(\w+) *\( *(.*)\) *(\*|\$)? *(\w*[~|[\]]*\s*\w*~?)$/);return e&&!n?qt(e):n?Ht(n):Gt(t)},qt=function(t){var e="";try{e=(t[1]?t[1].trim():"")+(t[2]?t[2].trim():"")+(t[3]?Zt(t[3].trim()):"")+" "+(t[4]?t[4].trim():"")}catch(n){e=t}return{displayText:e,cssStyle:""}},Ht=function(t){var e="",n="";try{var r=t[1]?t[1].trim():"",i=t[2]?t[2].trim():"",a=t[3]?Zt(t[3].trim()):"",o=t[4]?t[4].trim():"";n=r+i+"("+a+")"+(t[5]?" : "+Zt(t[5]).trim():""),e=Qt(o)}catch(e){n=t}return{displayText:n,cssStyle:e}},Gt=function(t){var e="",n="",r="",i=t.indexOf("("),a=t.indexOf(")");if(i>1&&a>i&&a<=t.length){var o="",s="",c=t.substring(0,1);c.match(/\w/)?s=t.substring(0,i).trim():(c.match(/\+|-|~|#/)&&(o=c),s=t.substring(1,i).trim());var u=t.substring(i+1,a),l=t.substring(a+1,1);n=Qt(l),e=o+s+"("+Zt(u.trim())+")",a<"".length&&""!==(r=t.substring(a+2).trim())&&(r=" : "+Zt(r))}else e=Zt(t);return{displayText:e,cssStyle:n}},Xt=function(t,e,n,r){var i=Vt(e),a=t.append("tspan").attr("x",r.padding).text(i.displayText);""!==i.cssStyle&&a.attr("style",i.cssStyle),n||a.attr("dy",r.textHeight)},Zt=function t(e){var n=e;return-1!=e.indexOf("~")?t(n=(n=n.replace("~","<")).replace("~",">")):n},Qt=function(t){switch(t){case"*":return"font-style:italic;";case"$":return"text-decoration:underline;";default:return""}},Kt=function(t,e,n){c.info("Rendering class "+e);var r,i=e.id,a={id:i,label:e.id,width:0,height:0},o=t.append("g").attr("id",Nt(i)).attr("class","classGroup");r=e.link?o.append("svg:a").attr("xlink:href",e.link).attr("target",e.linkTarget).append("text").attr("y",n.textHeight+n.padding).attr("x",0):o.append("text").attr("y",n.textHeight+n.padding).attr("x",0);var s=!0;e.annotations.forEach((function(t){var e=r.append("tspan").text("«"+t+"»");s||e.attr("dy",n.textHeight),s=!1}));var u=e.id;void 0!==e.type&&""!==e.type&&(u+="<"+e.type+">");var l=r.append("tspan").text(u).attr("class","title");s||l.attr("dy",n.textHeight);var h=r.node().getBBox().height,f=o.append("line").attr("x1",0).attr("y1",n.padding+h+n.dividerMargin/2).attr("y2",n.padding+h+n.dividerMargin/2),d=o.append("text").attr("x",n.padding).attr("y",h+n.dividerMargin+n.textHeight).attr("fill","white").attr("class","classText");s=!0,e.members.forEach((function(t){Xt(d,t,s,n),s=!1}));var p=d.node().getBBox(),y=o.append("line").attr("x1",0).attr("y1",n.padding+h+n.dividerMargin+p.height).attr("y2",n.padding+h+n.dividerMargin+p.height),g=o.append("text").attr("x",n.padding).attr("y",h+2*n.dividerMargin+p.height+n.textHeight).attr("fill","white").attr("class","classText");s=!0,e.methods.forEach((function(t){Xt(g,t,s,n),s=!1}));var v=o.node().getBBox(),m=" ";e.cssClasses.length>0&&(m+=e.cssClasses.join(" "));var b=o.insert("rect",":first-child").attr("x",0).attr("y",0).attr("width",v.width+2*n.padding).attr("height",v.height+n.padding+.5*n.dividerMargin).attr("class",m).node().getBBox().width;return r.node().childNodes.forEach((function(t){t.setAttribute("x",(b-t.getBBox().width)/2)})),e.tooltip&&r.insert("title").text(e.tooltip),f.attr("x2",b),y.attr("x2",b),a.width=b,a.height=v.height+n.padding+.5*n.dividerMargin,a},Jt=function(t,e,n,r){var i=function(t){switch(t){case It.AGGREGATION:return"aggregation";case It.EXTENSION:return"extension";case It.COMPOSITION:return"composition";case It.DEPENDENCY:return"dependency"}};e.points=e.points.filter((function(t){return!Number.isNaN(t.y)}));var a,o,s=e.points,u=Object(h.line)().x((function(t){return t.x})).y((function(t){return t.y})).curve(h.curveBasis),l=t.append("path").attr("d",u(s)).attr("id","edge"+Wt).attr("class","relation"),f="";r.arrowMarkerAbsolute&&(f=(f=(f=window.location.protocol+"//"+window.location.host+window.location.pathname+window.location.search).replace(/\(/g,"\\(")).replace(/\)/g,"\\)")),1==n.relation.lineType&&l.attr("class","relation dashed-line"),"none"!==n.relation.type1&&l.attr("marker-start","url("+f+"#"+i(n.relation.type1)+"Start)"),"none"!==n.relation.type2&&l.attr("marker-end","url("+f+"#"+i(n.relation.type2)+"End)");var d,p,y,g,v=e.points.length,m=V.calcLabelPosition(e.points);if(a=m.x,o=m.y,v%2!=0&&v>1){var b=V.calcCardinalityPosition("none"!==n.relation.type1,e.points,e.points[0]),_=V.calcCardinalityPosition("none"!==n.relation.type2,e.points,e.points[v-1]);c.debug("cardinality_1_point "+JSON.stringify(b)),c.debug("cardinality_2_point "+JSON.stringify(_)),d=b.x,p=b.y,y=_.x,g=_.y}if(void 0!==n.title){var x=t.append("g").attr("class","classLabel"),k=x.append("text").attr("class","label").attr("x",a).attr("y",o).attr("fill","red").attr("text-anchor","middle").text(n.title);window.label=k;var w=k.node().getBBox();x.insert("rect",":first-child").attr("class","box").attr("x",w.x-r.padding/2).attr("y",w.y-r.padding/2).attr("width",w.width+r.padding).attr("height",w.height+r.padding)}(c.info("Rendering relation "+JSON.stringify(n)),void 0!==n.relationTitle1&&"none"!==n.relationTitle1)&&t.append("g").attr("class","cardinality").append("text").attr("class","type1").attr("x",d).attr("y",p).attr("fill","black").attr("font-size","6").text(n.relationTitle1);void 0!==n.relationTitle2&&"none"!==n.relationTitle2&&t.append("g").attr("class","cardinality").append("text").attr("class","type2").attr("x",y).attr("y",g).attr("fill","black").attr("font-size","6").text(n.relationTitle2);Wt++};Ut.parser.yy=Ft;var te={},ee={dividerMargin:10,padding:5,textHeight:10},ne=function(t){for(var e=Object.keys(te),n=0;n<e.length;n++)if(te[e[n]].label===t)return e[n]},re=function(t){Object.keys(t).forEach((function(e){ee[e]=t[e]}))},ie=function(t,e){te={},Ut.parser.yy.clear(),Ut.parser.parse(t),c.info("Rendering diagram "+t);var n,r=Object(h.select)("[id='".concat(e,"']"));r.attr("xmlns:xlink","http://www.w3.org/1999/xlink"),(n=r).append("defs").append("marker").attr("id","extensionStart").attr("class","extension").attr("refX",0).attr("refY",7).attr("markerWidth",190).attr("markerHeight",240).attr("orient","auto").append("path").attr("d","M 1,7 L18,13 V 1 Z"),n.append("defs").append("marker").attr("id","extensionEnd").attr("refX",19).attr("refY",7).attr("markerWidth",20).attr("markerHeight",28).attr("orient","auto").append("path").attr("d","M 1,1 V 13 L18,7 Z"),n.append("defs").append("marker").attr("id","compositionStart").attr("class","extension").attr("refX",0).attr("refY",7).attr("markerWidth",190).attr("markerHeight",240).attr("orient","auto").append("path").attr("d","M 18,7 L9,13 L1,7 L9,1 Z"),n.append("defs").append("marker").attr("id","compositionEnd").attr("refX",19).attr("refY",7).attr("markerWidth",20).attr("markerHeight",28).attr("orient","auto").append("path").attr("d","M 18,7 L9,13 L1,7 L9,1 Z"),n.append("defs").append("marker").attr("id","aggregationStart").attr("class","extension").attr("refX",0).attr("refY",7).attr("markerWidth",190).attr("markerHeight",240).attr("orient","auto").append("path").attr("d","M 18,7 L9,13 L1,7 L9,1 Z"),n.append("defs").append("marker").attr("id","aggregationEnd").attr("refX",19).attr("refY",7).attr("markerWidth",20).attr("markerHeight",28).attr("orient","auto").append("path").attr("d","M 18,7 L9,13 L1,7 L9,1 Z"),n.append("defs").append("marker").attr("id","dependencyStart").attr("class","extension").attr("refX",0).attr("refY",7).attr("markerWidth",190).attr("markerHeight",240).attr("orient","auto").append("path").attr("d","M 5,7 L9,13 L1,7 L9,1 Z"),n.append("defs").append("marker").attr("id","dependencyEnd").attr("refX",19).attr("refY",7).attr("markerWidth",20).attr("markerHeight",28).attr("orient","auto").append("path").attr("d","M 18,7 L9,13 L14,7 L9,1 Z");var i=new zt.a.Graph({multigraph:!0});i.setGraph({isMultiGraph:!0}),i.setDefaultEdgeLabel((function(){return{}}));for(var a=Ft.getClasses(),o=Object.keys(a),s=0;s<o.length;s++){var u=a[o[s]],l=Kt(r,u,ee);te[l.id]=l,i.setNode(l.id,l),c.info("Org height: "+l.height)}Ft.getRelations().forEach((function(t){c.info("tjoho"+ne(t.id1)+ne(t.id2)+JSON.stringify(t)),i.setEdge(ne(t.id1),ne(t.id2),{relation:t},t.title||"DEFAULT")})),jt.a.layout(i),i.nodes().forEach((function(t){void 0!==t&&void 0!==i.node(t)&&(c.debug("Node "+t+": "+JSON.stringify(i.node(t))),Object(h.select)("#"+Nt(t)).attr("transform","translate("+(i.node(t).x-i.node(t).width/2)+","+(i.node(t).y-i.node(t).height/2)+" )"))})),i.edges().forEach((function(t){void 0!==t&&void 0!==i.edge(t)&&(c.debug("Edge "+t.v+" -> "+t.w+": "+JSON.stringify(i.edge(t))),Jt(r,i.edge(t),i.edge(t).relation,ee))}));var f=r.node().getBBox(),d=f.width+40,p=f.height+40;W(r,p,d,ee.useMaxWidth);var y="".concat(f.x-20," ").concat(f.y-20," ").concat(d," ").concat(p);c.debug("viewBox ".concat(y)),r.attr("viewBox",y)},ae={extension:function(t,e,n){c.trace("Making markers for ",n),t.append("defs").append("marker").attr("id",e+"-extensionStart").attr("class","marker extension "+e).attr("refX",0).attr("refY",7).attr("markerWidth",190).attr("markerHeight",240).attr("orient","auto").append("path").attr("d","M 1,7 L18,13 V 1 Z"),t.append("defs").append("marker").attr("id",e+"-extensionEnd").attr("class","marker extension "+e).attr("refX",19).attr("refY",7).attr("markerWidth",20).attr("markerHeight",28).attr("orient","auto").append("path").attr("d","M 1,1 V 13 L18,7 Z")},composition:function(t,e){t.append("defs").append("marker").attr("id",e+"-compositionStart").attr("class","marker composition "+e).attr("refX",0).attr("refY",7).attr("markerWidth",190).attr("markerHeight",240).attr("orient","auto").append("path").attr("d","M 18,7 L9,13 L1,7 L9,1 Z"),t.append("defs").append("marker").attr("id",e+"-compositionEnd").attr("class","marker composition "+e).attr("refX",19).attr("refY",7).attr("markerWidth",20).attr("markerHeight",28).attr("orient","auto").append("path").attr("d","M 18,7 L9,13 L1,7 L9,1 Z")},aggregation:function(t,e){t.append("defs").append("marker").attr("id",e+"-aggregationStart").attr("class","marker aggregation "+e).attr("refX",0).attr("refY",7).attr("markerWidth",190).attr("markerHeight",240).attr("orient","auto").append("path").attr("d","M 18,7 L9,13 L1,7 L9,1 Z"),t.append("defs").append("marker").attr("id",e+"-aggregationEnd").attr("class","marker aggregation "+e).attr("refX",19).attr("refY",7).attr("markerWidth",20).attr("markerHeight",28).attr("orient","auto").append("path").attr("d","M 18,7 L9,13 L1,7 L9,1 Z")},dependency:function(t,e){t.append("defs").append("marker").attr("id",e+"-dependencyStart").attr("class","marker dependency "+e).attr("refX",0).attr("refY",7).attr("markerWidth",190).attr("markerHeight",240).attr("orient","auto").append("path").attr("d","M 5,7 L9,13 L1,7 L9,1 Z"),t.append("defs").append("marker").attr("id",e+"-dependencyEnd").attr("class","marker dependency "+e).attr("refX",19).attr("refY",7).attr("markerWidth",20).attr("markerHeight",28).attr("orient","auto").append("path").attr("d","M 18,7 L9,13 L14,7 L9,1 Z")},point:function(t,e){t.append("marker").attr("id",e+"-pointEnd").attr("class","marker "+e).attr("viewBox","0 0 10 10").attr("refX",9).attr("refY",5).attr("markerUnits","userSpaceOnUse").attr("markerWidth",12).attr("markerHeight",12).attr("orient","auto").append("path").attr("d","M 0 0 L 10 5 L 0 10 z").attr("class","arrowMarkerPath").style("stroke-width",1).style("stroke-dasharray","1,0"),t.append("marker").attr("id",e+"-pointStart").attr("class","marker "+e).attr("viewBox","0 0 10 10").attr("refX",0).attr("refY",5).attr("markerUnits","userSpaceOnUse").attr("markerWidth",12).attr("markerHeight",12).attr("orient","auto").append("path").attr("d","M 0 5 L 10 10 L 10 0 z").attr("class","arrowMarkerPath").style("stroke-width",1).style("stroke-dasharray","1,0")},circle:function(t,e){t.append("marker").attr("id",e+"-circleEnd").attr("class","marker "+e).attr("viewBox","0 0 10 10").attr("refX",11).attr("refY",5).attr("markerUnits","userSpaceOnUse").attr("markerWidth",11).attr("markerHeight",11).attr("orient","auto").append("circle").attr("cx","5").attr("cy","5").attr("r","5").attr("class","arrowMarkerPath").style("stroke-width",1).style("stroke-dasharray","1,0"),t.append("marker").attr("id",e+"-circleStart").attr("class","marker "+e).attr("viewBox","0 0 10 10").attr("refX",-1).attr("refY",5).attr("markerUnits","userSpaceOnUse").attr("markerWidth",11).attr("markerHeight",11).attr("orient","auto").append("circle").attr("cx","5").attr("cy","5").attr("r","5").attr("class","arrowMarkerPath").style("stroke-width",1).style("stroke-dasharray","1,0")},cross:function(t,e){t.append("marker").attr("id",e+"-crossEnd").attr("class","marker cross "+e).attr("viewBox","0 0 11 11").attr("refX",12).attr("refY",5.2).attr("markerUnits","userSpaceOnUse").attr("markerWidth",11).attr("markerHeight",11).attr("orient","auto").append("path").attr("d","M 1,1 l 9,9 M 10,1 l -9,9").attr("class","arrowMarkerPath").style("stroke-width",2).style("stroke-dasharray","1,0"),t.append("marker").attr("id",e+"-crossStart").attr("class","marker cross "+e).attr("viewBox","0 0 11 11").attr("refX",-1).attr("refY",5.2).attr("markerUnits","userSpaceOnUse").attr("markerWidth",11).attr("markerHeight",11).attr("orient","auto").append("path").attr("d","M 1,1 l 9,9 M 10,1 l -9,9").attr("class","arrowMarkerPath").style("stroke-width",2).style("stroke-dasharray","1,0")},barb:function(t,e){t.append("defs").append("marker").attr("id",e+"-barbEnd").attr("refX",19).attr("refY",7).attr("markerWidth",20).attr("markerHeight",14).attr("markerUnits","strokeWidth").attr("orient","auto").append("path").attr("d","M 19,7 L9,13 L14,7 L9,1 Z")}},oe=function(t,e,n,r){e.forEach((function(e){ae[e](t,n,r)}))};var se=function(t,e,n,r){var i=t||"";if(_t().flowchart.htmlLabels)return i=i.replace(/\\n|\n/g,"<br />"),c.info("vertexText"+i),function(t){var e,n,r=Object(h.select)(document.createElementNS("http://www.w3.org/2000/svg","foreignObject")),i=r.append("xhtml:div"),a=t.label,o=t.isNode?"nodeLabel":"edgeLabel";return i.html('<span class="'+o+'" '+(t.labelStyle?'style="'+t.labelStyle+'"':"")+">"+a+"</span>"),e=i,(n=t.labelStyle)&&e.attr("style",n),i.style("display","inline-block"),i.style("white-space","nowrap"),i.attr("xmlns","http://www.w3.org/1999/xhtml"),r.node()}({isNode:r,label:i.replace(/fa[lrsb]?:fa-[\w-]+/g,(function(t){return"<i class='".concat(t.replace(":"," "),"'></i>")})),labelStyle:e.replace("fill:","color:")});var a=document.createElementNS("http://www.w3.org/2000/svg","text");a.setAttribute("style",e.replace("color:","fill:"));var o=[];o="string"==typeof i?i.split(/\\n|\n|<br\s*\/?>/gi):Array.isArray(i)?i:[];for(var s=0;s<o.length;s++){var u=document.createElementNS("http://www.w3.org/2000/svg","tspan");u.setAttributeNS("http://www.w3.org/XML/1998/namespace","xml:space","preserve"),u.setAttribute("dy","1em"),u.setAttribute("x","0"),n?u.setAttribute("class","title-row"):u.setAttribute("class","row"),u.textContent=o[s].trim(),a.appendChild(u)}return a},ce=function(t,e,n,r){var i;i=n||"node default";var a=t.insert("g").attr("class",i).attr("id",e.domId||e.id),o=a.insert("g").attr("class","label").attr("style",e.labelStyle),s=o.node().appendChild(se(e.labelText,e.labelStyle,!1,r)),c=s.getBBox();if(_t().flowchart.htmlLabels){var u=s.children[0],l=Object(h.select)(s);c=u.getBoundingClientRect(),l.attr("width",c.width),l.attr("height",c.height)}var f=e.padding/2;return o.attr("transform","translate("+-c.width/2+", "+-c.height/2+")"),{shapeSvg:a,bbox:c,halfPadding:f,label:o}},ue=function(t,e){var n=e.node().getBBox();t.width=n.width,t.height=n.height};function le(t,e,n,r){return t.insert("polygon",":first-child").attr("points",r.map((function(t){return t.x+","+t.y})).join(" ")).attr("class","label-container").attr("transform","translate("+-e/2+","+n/2+")")}var he={},fe={},de={},pe=function(t,e){return c.debug("In isDecendant",e," ",t," = ",fe[e].indexOf(t)>=0),fe[e].indexOf(t)>=0},ye=function t(e,n,r,i){c.warn("Copying children of ",e,"root",i,"data",n.node(e),i);var a=n.children(e)||[];e!==i&&a.push(e),c.warn("Copying (nodes) clusterId",e,"nodes",a),a.forEach((function(a){if(n.children(a).length>0)t(a,n,r,i);else{var o=n.node(a);c.info("cp ",a," to ",i," with parent ",e),r.setNode(a,o),i!==n.parent(a)&&(c.warn("Setting parent",a,n.parent(a)),r.setParent(a,n.parent(a))),e!==i&&a!==e?(c.debug("Setting parent",a,e),r.setParent(a,e)):(c.info("In copy ",e,"root",i,"data",n.node(e),i),c.debug("Not Setting parent for node=",a,"cluster!==rootId",e!==i,"node!==clusterId",a!==e));var s=n.edges(a);c.debug("Copying Edges",s),s.forEach((function(t){c.info("Edge",t);var a=n.edge(t.v,t.w,t.name);c.info("Edge data",a,i);try{!function(t,e){return c.info("Decendants of ",e," is ",fe[e]),c.info("Edge is ",t),t.v!==e&&(t.w!==e&&(fe[e]?(c.info("Here "),fe[e].indexOf(t.v)>=0||(!!pe(t.v,e)||(!!pe(t.w,e)||fe[e].indexOf(t.w)>=0))):(c.debug("Tilt, ",e,",not in decendants"),!1)))}(t,i)?c.info("Skipping copy of edge ",t.v,"--\x3e",t.w," rootId: ",i," clusterId:",e):(c.info("Copying as ",t.v,t.w,a,t.name),r.setEdge(t.v,t.w,a,t.name),c.info("newGraph edges ",r.edges(),r.edge(r.edges()[0])))}catch(t){c.error(t)}}))}c.debug("Removing node",a),n.removeNode(a)}))},ge=function t(e,n){c.trace("Searching",e);var r=n.children(e);if(c.trace("Searching children of id ",e,r),r.length<1)return c.trace("This is a valid node",e),e;for(var i=0;i<r.length;i++){var a=t(r[i],n);if(a)return c.trace("Found replacement for",e," => ",a),a}},ve=function(t){return he[t]&&he[t].externalConnections&&he[t]?he[t].id:t},me=function(t,e){!t||e>10?c.debug("Opting out, no graph "):(c.debug("Opting in, graph "),t.nodes().forEach((function(e){t.children(e).length>0&&(c.warn("Cluster identified",e," Replacement id in edges: ",ge(e,t)),fe[e]=function t(e,n){for(var r=n.children(e),i=[].concat(r),a=0;a<r.length;a++)de[r[a]]=e,i=i.concat(t(r[a],n));return i}(e,t),he[e]={id:ge(e,t),clusterData:t.node(e)})})),t.nodes().forEach((function(e){var n=t.children(e),r=t.edges();n.length>0?(c.debug("Cluster identified",e,fe),r.forEach((function(t){t.v!==e&&t.w!==e&&(pe(t.v,e)^pe(t.w,e)&&(c.warn("Edge: ",t," leaves cluster ",e),c.warn("Decendants of XXX ",e,": ",fe[e]),he[e].externalConnections=!0))}))):c.debug("Not a cluster ",e,fe)})),t.edges().forEach((function(e){var n=t.edge(e);c.warn("Edge "+e.v+" -> "+e.w+": "+JSON.stringify(e)),c.warn("Edge "+e.v+" -> "+e.w+": "+JSON.stringify(t.edge(e)));var r=e.v,i=e.w;c.warn("Fix XXX",he,"ids:",e.v,e.w,"Translateing: ",he[e.v]," --- ",he[e.w]),(he[e.v]||he[e.w])&&(c.warn("Fixing and trixing - removing XXX",e.v,e.w,e.name),r=ve(e.v),i=ve(e.w),t.removeEdge(e.v,e.w,e.name),r!==e.v&&(n.fromCluster=e.v),i!==e.w&&(n.toCluster=e.w),c.warn("Fix Replacing with XXX",r,i,e.name),t.setEdge(r,i,n,e.name))})),c.warn("Adjusted Graph",zt.a.json.write(t)),be(t,0),c.trace(he))},be=function t(e,n){if(c.warn("extractor - ",n,zt.a.json.write(e),e.children("D")),n>10)c.error("Bailing out");else{for(var r=e.nodes(),i=!1,a=0;a<r.length;a++){var o=r[a],s=e.children(o);i=i||s.length>0}if(i){c.debug("Nodes = ",r,n);for(var u=0;u<r.length;u++){var l=r[u];if(c.debug("Extracting node",l,he,he[l]&&!he[l].externalConnections,!e.parent(l),e.node(l),e.children("D")," Depth ",n),he[l])if(!he[l].externalConnections&&e.children(l)&&e.children(l).length>0){c.warn("Cluster without external connections, without a parent and with children",l,n);var h=e.graph(),f=new zt.a.Graph({multigraph:!0,compound:!0}).setGraph({rankdir:"TB"===h.rankdir?"LR":"TB",nodesep:50,ranksep:50,marginx:8,marginy:8}).setDefaultEdgeLabel((function(){return{}}));c.warn("Old graph before copy",zt.a.json.write(e)),ye(l,e,f,l),e.setNode(l,{clusterNode:!0,id:l,clusterData:he[l].clusterData,labelText:he[l].labelText,graph:f}),c.warn("New graph after copy node: (",l,")",zt.a.json.write(f)),c.debug("Old graph after copy",zt.a.json.write(e))}else c.warn("Cluster ** ",l," **not meeting the criteria !externalConnections:",!he[l].externalConnections," no parent: ",!e.parent(l)," children ",e.children(l)&&e.children(l).length>0,e.children("D"),n),c.debug(he);else c.debug("Not a cluster",l,n)}r=e.nodes(),c.warn("New list of nodes",r);for(var d=0;d<r.length;d++){var p=r[d],y=e.node(p);c.warn(" Now next level",p,y),y.clusterNode&&t(y.graph,n+1)}}else c.debug("Done, no node has children",e.nodes())}},_e=function(t){return function t(e,n){if(0===n.length)return[];var r=Object.assign(n);return n.forEach((function(n){var i=e.children(n),a=t(e,i);r=r.concat(a)})),r}(t,t.children())},xe=n(171);var ke=function(t,e,n,r){var i=t.x,a=t.y,o=i-r.x,s=a-r.y,c=Math.sqrt(e*e*s*s+n*n*o*o),u=Math.abs(e*n*o/c);r.x<i&&(u=-u);var l=Math.abs(e*n*s/c);return r.y<a&&(l=-l),{x:i+u,y:a+l}};var we=function(t,e,n){return ke(t,e,e,n)};function Ee(t,e){return t*e>0}var Te=function(t,e,n,r){var i,a,o,s,c,u,l,h,f,d,p,y,g;if(i=e.y-t.y,o=t.x-e.x,c=e.x*t.y-t.x*e.y,f=i*n.x+o*n.y+c,d=i*r.x+o*r.y+c,!(0!==f&&0!==d&&Ee(f,d)||(a=r.y-n.y,s=n.x-r.x,u=r.x*n.y-n.x*r.y,l=a*t.x+s*t.y+u,h=a*e.x+s*e.y+u,0!==l&&0!==h&&Ee(l,h)||0==(p=i*s-a*o))))return y=Math.abs(p/2),{x:(g=o*u-s*c)<0?(g-y)/p:(g+y)/p,y:(g=a*c-i*u)<0?(g-y)/p:(g+y)/p}},Ce=function(t,e,n){var r=t.x,i=t.y,a=[],o=Number.POSITIVE_INFINITY,s=Number.POSITIVE_INFINITY;"function"==typeof e.forEach?e.forEach((function(t){o=Math.min(o,t.x),s=Math.min(s,t.y)})):(o=Math.min(o,e.x),s=Math.min(s,e.y));for(var c=r-t.width/2-o,u=i-t.height/2-s,l=0;l<e.length;l++){var h=e[l],f=e[l<e.length-1?l+1:0],d=Te(t,n,{x:c+h.x,y:u+h.y},{x:c+f.x,y:u+f.y});d&&a.push(d)}if(!a.length)return t;a.length>1&&a.sort((function(t,e){var r=t.x-n.x,i=t.y-n.y,a=Math.sqrt(r*r+i*i),o=e.x-n.x,s=e.y-n.y,c=Math.sqrt(o*o+s*s);return a<c?-1:a===c?0:1}));return a[0]};var Se=function(t,e){var n,r,i=t.x,a=t.y,o=e.x-i,s=e.y-a,c=t.width/2,u=t.height/2;return Math.abs(s)*c>Math.abs(o)*u?(s<0&&(u=-u),n=0===s?0:u*o/s,r=u):(o<0&&(c=-c),n=c,r=0===o?0:c*s/o),{x:i+n,y:a+r}},Ae={node:n.n(xe).a,circle:we,ellipse:ke,polygon:Ce,rect:Se},Me=function(t,e,n){var r=t.insert("g").attr("class","node default").attr("id",e.domId||e.id),i=70,a=10;"LR"===n&&(i=10,a=70);var o=r.append("rect").style("stroke","black").style("fill","black").attr("x",-1*i/2).attr("y",-1*a/2).attr("width",i).attr("height",a).attr("class","fork-join");return ue(e,o),e.height=e.height+e.padding/2,e.width=e.width+e.padding/2,e.intersect=function(t){return Ae.rect(e,t)},r},Oe={question:function(t,e){var n=ce(t,e,void 0,!0),r=n.shapeSvg,i=n.bbox,a=i.width+e.padding+(i.height+e.padding),o=[{x:a/2,y:0},{x:a,y:-a/2},{x:a/2,y:-a},{x:0,y:-a/2}];c.info("Question main (Circle)");var s=le(r,a,a,o);return s.attr("style",e.style),ue(e,s),e.intersect=function(t){return c.warn("Intersect called"),Ae.polygon(e,o,t)},r},rect:function(t,e){var n=ce(t,e,"node "+e.classes,!0),r=n.shapeSvg,i=n.bbox,a=n.halfPadding;c.trace("Classes = ",e.classes);var o=r.insert("rect",":first-child");return o.attr("class","basic label-container").attr("style",e.style).attr("rx",e.rx).attr("ry",e.ry).attr("x",-i.width/2-a).attr("y",-i.height/2-a).attr("width",i.width+e.padding).attr("height",i.height+e.padding),ue(e,o),e.intersect=function(t){return Ae.rect(e,t)},r},rectWithTitle:function(t,e){var n;n=e.classes?"node "+e.classes:"node default";var r=t.insert("g").attr("class",n).attr("id",e.domId||e.id),i=r.insert("rect",":first-child"),a=r.insert("line"),o=r.insert("g").attr("class","label"),s=e.labelText.flat();c.info("Label text",s[0]);var u,l=o.node().appendChild(se(s[0],e.labelStyle,!0,!0));if(_t().flowchart.htmlLabels){var f=l.children[0],d=Object(h.select)(l);u=f.getBoundingClientRect(),d.attr("width",u.width),d.attr("height",u.height)}c.info("Text 2",s);var p=s.slice(1,s.length),y=l.getBBox(),g=o.node().appendChild(se(p.join("<br/>"),e.labelStyle,!0,!0));if(_t().flowchart.htmlLabels){var v=g.children[0],m=Object(h.select)(g);u=v.getBoundingClientRect(),m.attr("width",u.width),m.attr("height",u.height)}var b=e.padding/2;return Object(h.select)(g).attr("transform","translate( "+(u.width>y.width?0:(y.width-u.width)/2)+", "+(y.height+b+5)+")"),Object(h.select)(l).attr("transform","translate( "+(u.width<y.width?0:-(y.width-u.width)/2)+", 0)"),u=o.node().getBBox(),o.attr("transform","translate("+-u.width/2+", "+(-u.height/2-b+3)+")"),i.attr("class","outer title-state").attr("x",-u.width/2-b).attr("y",-u.height/2-b).attr("width",u.width+e.padding).attr("height",u.height+e.padding),a.attr("class","divider").attr("x1",-u.width/2-b).attr("x2",u.width/2+b).attr("y1",-u.height/2-b+y.height+b).attr("y2",-u.height/2-b+y.height+b),ue(e,i),e.intersect=function(t){return Ae.rect(e,t)},r},circle:function(t,e){var n=ce(t,e,void 0,!0),r=n.shapeSvg,i=n.bbox,a=n.halfPadding,o=r.insert("circle",":first-child");return o.attr("style",e.style).attr("rx",e.rx).attr("ry",e.ry).attr("r",i.width/2+a).attr("width",i.width+e.padding).attr("height",i.height+e.padding),c.info("Circle main"),ue(e,o),e.intersect=function(t){return c.info("Circle intersect",e,i.width/2+a,t),Ae.circle(e,i.width/2+a,t)},r},stadium:function(t,e){var n=ce(t,e,void 0,!0),r=n.shapeSvg,i=n.bbox,a=i.height+e.padding,o=i.width+a/4+e.padding,s=r.insert("rect",":first-child").attr("style",e.style).attr("rx",a/2).attr("ry",a/2).attr("x",-o/2).attr("y",-a/2).attr("width",o).attr("height",a);return ue(e,s),e.intersect=function(t){return Ae.rect(e,t)},r},hexagon:function(t,e){var n=ce(t,e,void 0,!0),r=n.shapeSvg,i=n.bbox,a=i.height+e.padding,o=a/4,s=i.width+2*o+e.padding,c=[{x:o,y:0},{x:s-o,y:0},{x:s,y:-a/2},{x:s-o,y:-a},{x:o,y:-a},{x:0,y:-a/2}],u=le(r,s,a,c);return u.attr("style",e.style),ue(e,u),e.intersect=function(t){return Ae.polygon(e,c,t)},r},rect_left_inv_arrow:function(t,e){var n=ce(t,e,void 0,!0),r=n.shapeSvg,i=n.bbox,a=i.width+e.padding,o=i.height+e.padding,s=[{x:-o/2,y:0},{x:a,y:0},{x:a,y:-o},{x:-o/2,y:-o},{x:0,y:-o/2}];return le(r,a,o,s).attr("style",e.style),e.width=a+o,e.height=o,e.intersect=function(t){return Ae.polygon(e,s,t)},r},lean_right:function(t,e){var n=ce(t,e,void 0,!0),r=n.shapeSvg,i=n.bbox,a=i.width+e.padding,o=i.height+e.padding,s=[{x:-2*o/6,y:0},{x:a-o/6,y:0},{x:a+2*o/6,y:-o},{x:o/6,y:-o}],c=le(r,a,o,s);return c.attr("style",e.style),ue(e,c),e.intersect=function(t){return Ae.polygon(e,s,t)},r},lean_left:function(t,e){var n=ce(t,e,void 0,!0),r=n.shapeSvg,i=n.bbox,a=i.width+e.padding,o=i.height+e.padding,s=[{x:2*o/6,y:0},{x:a+o/6,y:0},{x:a-2*o/6,y:-o},{x:-o/6,y:-o}],c=le(r,a,o,s);return c.attr("style",e.style),ue(e,c),e.intersect=function(t){return Ae.polygon(e,s,t)},r},trapezoid:function(t,e){var n=ce(t,e,void 0,!0),r=n.shapeSvg,i=n.bbox,a=i.width+e.padding,o=i.height+e.padding,s=[{x:-2*o/6,y:0},{x:a+2*o/6,y:0},{x:a-o/6,y:-o},{x:o/6,y:-o}],c=le(r,a,o,s);return c.attr("style",e.style),ue(e,c),e.intersect=function(t){return Ae.polygon(e,s,t)},r},inv_trapezoid:function(t,e){var n=ce(t,e,void 0,!0),r=n.shapeSvg,i=n.bbox,a=i.width+e.padding,o=i.height+e.padding,s=[{x:o/6,y:0},{x:a-o/6,y:0},{x:a+2*o/6,y:-o},{x:-2*o/6,y:-o}],c=le(r,a,o,s);return c.attr("style",e.style),ue(e,c),e.intersect=function(t){return Ae.polygon(e,s,t)},r},rect_right_inv_arrow:function(t,e){var n=ce(t,e,void 0,!0),r=n.shapeSvg,i=n.bbox,a=i.width+e.padding,o=i.height+e.padding,s=[{x:0,y:0},{x:a+o/2,y:0},{x:a,y:-o/2},{x:a+o/2,y:-o},{x:0,y:-o}],c=le(r,a,o,s);return c.attr("style",e.style),ue(e,c),e.intersect=function(t){return Ae.polygon(e,s,t)},r},cylinder:function(t,e){var n=ce(t,e,void 0,!0),r=n.shapeSvg,i=n.bbox,a=i.width+e.padding,o=a/2,s=o/(2.5+a/50),c=i.height+s+e.padding,u="M 0,"+s+" a "+o+","+s+" 0,0,0 "+a+" 0 a "+o+","+s+" 0,0,0 "+-a+" 0 l 0,"+c+" a "+o+","+s+" 0,0,0 "+a+" 0 l 0,"+-c,l=r.attr("label-offset-y",s).insert("path",":first-child").attr("style",e.style).attr("d",u).attr("transform","translate("+-a/2+","+-(c/2+s)+")");return ue(e,l),e.intersect=function(t){var n=Ae.rect(e,t),r=n.x-e.x;if(0!=o&&(Math.abs(r)<e.width/2||Math.abs(r)==e.width/2&&Math.abs(n.y-e.y)>e.height/2-s)){var i=s*s*(1-r*r/(o*o));0!=i&&(i=Math.sqrt(i)),i=s-i,t.y-e.y>0&&(i=-i),n.y+=i}return n},r},start:function(t,e){var n=t.insert("g").attr("class","node default").attr("id",e.domId||e.id),r=n.insert("circle",":first-child");return r.attr("class","state-start").attr("r",7).attr("width",14).attr("height",14),ue(e,r),e.intersect=function(t){return Ae.circle(e,7,t)},n},end:function(t,e){var n=t.insert("g").attr("class","node default").attr("id",e.domId||e.id),r=n.insert("circle",":first-child"),i=n.insert("circle",":first-child");return i.attr("class","state-start").attr("r",7).attr("width",14).attr("height",14),r.attr("class","state-end").attr("r",5).attr("width",10).attr("height",10),ue(e,i),e.intersect=function(t){return Ae.circle(e,7,t)},n},note:function(t,e){var n=ce(t,e,"node "+e.classes,!0),r=n.shapeSvg,i=n.bbox,a=n.halfPadding;c.info("Classes = ",e.classes);var o=r.insert("rect",":first-child");return o.attr("rx",e.rx).attr("ry",e.ry).attr("x",-i.width/2-a).attr("y",-i.height/2-a).attr("width",i.width+e.padding).attr("height",i.height+e.padding),ue(e,o),e.intersect=function(t){return Ae.rect(e,t)},r},subroutine:function(t,e){var n=ce(t,e,void 0,!0),r=n.shapeSvg,i=n.bbox,a=i.width+e.padding,o=i.height+e.padding,s=[{x:0,y:0},{x:a,y:0},{x:a,y:-o},{x:0,y:-o},{x:0,y:0},{x:-8,y:0},{x:a+8,y:0},{x:a+8,y:-o},{x:-8,y:-o},{x:-8,y:0}],c=le(r,a,o,s);return c.attr("style",e.style),ue(e,c),e.intersect=function(t){return Ae.polygon(e,s,t)},r},fork:Me,join:Me,class_box:function(t,e){var n,r=e.padding/2;n=e.classes?"node "+e.classes:"node default";var i=t.insert("g").attr("class",n).attr("id",e.domId||e.id),a=i.insert("rect",":first-child"),o=i.insert("line"),s=i.insert("line"),c=0,u=4,l=i.insert("g").attr("class","label"),f=0,d=e.classData.annotations&&e.classData.annotations[0],p=e.classData.annotations[0]?"«"+e.classData.annotations[0]+"»":"",y=l.node().appendChild(se(p,e.labelStyle,!0,!0)),g=y.getBBox();if(_t().flowchart.htmlLabels){var v=y.children[0],m=Object(h.select)(y);g=v.getBoundingClientRect(),m.attr("width",g.width),m.attr("height",g.height)}e.classData.annotations[0]&&(u+=g.height+4,c+=g.width);var b=e.classData.id;void 0!==e.classData.type&&""!==e.classData.type&&(b+="<"+e.classData.type+">");var _=l.node().appendChild(se(b,e.labelStyle,!0,!0));Object(h.select)(_).attr("class","classTitle");var x=_.getBBox();if(_t().flowchart.htmlLabels){var k=_.children[0],w=Object(h.select)(_);x=k.getBoundingClientRect(),w.attr("width",x.width),w.attr("height",x.height)}u+=x.height+4,x.width>c&&(c=x.width);var E=[];e.classData.members.forEach((function(t){var n=Vt(t).displayText,r=l.node().appendChild(se(n,e.labelStyle,!0,!0)),i=r.getBBox();if(_t().flowchart.htmlLabels){var a=r.children[0],o=Object(h.select)(r);i=a.getBoundingClientRect(),o.attr("width",i.width),o.attr("height",i.height)}i.width>c&&(c=i.width),u+=i.height+4,E.push(r)})),u+=8;var T=[];if(e.classData.methods.forEach((function(t){var n=Vt(t).displayText,r=l.node().appendChild(se(n,e.labelStyle,!0,!0)),i=r.getBBox();if(_t().flowchart.htmlLabels){var a=r.children[0],o=Object(h.select)(r);i=a.getBoundingClientRect(),o.attr("width",i.width),o.attr("height",i.height)}i.width>c&&(c=i.width),u+=i.height+4,T.push(r)})),u+=8,d){var C=(c-g.width)/2;Object(h.select)(y).attr("transform","translate( "+(-1*c/2+C)+", "+-1*u/2+")"),f=g.height+4}var S=(c-x.width)/2;return Object(h.select)(_).attr("transform","translate( "+(-1*c/2+S)+", "+(-1*u/2+f)+")"),f+=x.height+4,o.attr("class","divider").attr("x1",-c/2-r).attr("x2",c/2+r).attr("y1",-u/2-r+8+f).attr("y2",-u/2-r+8+f),f+=8,E.forEach((function(t){Object(h.select)(t).attr("transform","translate( "+-c/2+", "+(-1*u/2+f+4)+")"),f+=x.height+4})),f+=8,s.attr("class","divider").attr("x1",-c/2-r).attr("x2",c/2+r).attr("y1",-u/2-r+8+f).attr("y2",-u/2-r+8+f),f+=8,T.forEach((function(t){Object(h.select)(t).attr("transform","translate( "+-c/2+", "+(-1*u/2+f)+")"),f+=x.height+4})),a.attr("class","outer title-state").attr("x",-c/2-r).attr("y",-u/2-r).attr("width",c+e.padding).attr("height",u+e.padding),ue(e,a),e.intersect=function(t){return Ae.rect(e,t)},i}},Ne={},De=function(t){var e=Ne[t.id];c.trace("Transforming node",t,"translate("+(t.x-t.width/2-5)+", "+(t.y-t.height/2-5)+")");t.clusterNode?e.attr("transform","translate("+(t.x-t.width/2-8)+", "+(t.y-t.height/2-8)+")"):e.attr("transform","translate("+t.x+", "+t.y+")")},Be={rect:function(t,e){c.trace("Creating subgraph rect for ",e.id,e);var n=t.insert("g").attr("class","cluster"+(e.class?" "+e.class:"")).attr("id",e.id),r=n.insert("rect",":first-child"),i=n.insert("g").attr("class","cluster-label"),a=i.node().appendChild(se(e.labelText,e.labelStyle,void 0,!0)),o=a.getBBox();if(_t().flowchart.htmlLabels){var s=a.children[0],u=Object(h.select)(a);o=s.getBoundingClientRect(),u.attr("width",o.width),u.attr("height",o.height)}var l=0*e.padding,f=l/2;c.trace("Data ",e,JSON.stringify(e)),r.attr("style",e.style).attr("rx",e.rx).attr("ry",e.ry).attr("x",e.x-e.width/2-f).attr("y",e.y-e.height/2-f).attr("width",e.width+l).attr("height",e.height+l),i.attr("transform","translate("+(e.x-o.width/2)+", "+(e.y-e.height/2+e.padding/3)+")");var d=r.node().getBBox();return e.width=d.width,e.height=d.height,e.intersect=function(t){return Se(e,t)},n},roundedWithTitle:function(t,e){var n=t.insert("g").attr("class",e.classes).attr("id",e.id),r=n.insert("rect",":first-child"),i=n.insert("g").attr("class","cluster-label"),a=n.append("rect"),o=i.node().appendChild(se(e.labelText,e.labelStyle,void 0,!0)),s=o.getBBox();if(_t().flowchart.htmlLabels){var c=o.children[0],u=Object(h.select)(o);s=c.getBoundingClientRect(),u.attr("width",s.width),u.attr("height",s.height)}s=o.getBBox();var l=0*e.padding,f=l/2;r.attr("class","outer").attr("x",e.x-e.width/2-f).attr("y",e.y-e.height/2-f).attr("width",e.width+l).attr("height",e.height+l),a.attr("class","inner").attr("x",e.x-e.width/2-f).attr("y",e.y-e.height/2-f+s.height-1).attr("width",e.width+l).attr("height",e.height+l-s.height-3),i.attr("transform","translate("+(e.x-s.width/2)+", "+(e.y-e.height/2-e.padding/3+(_t().flowchart.htmlLabels?5:3))+")");var d=r.node().getBBox();return e.width=d.width,e.height=d.height,e.intersect=function(t){return Se(e,t)},n},noteGroup:function(t,e){var n=t.insert("g").attr("class","note-cluster").attr("id",e.id),r=n.insert("rect",":first-child"),i=0*e.padding,a=i/2;r.attr("rx",e.rx).attr("ry",e.ry).attr("x",e.x-e.width/2-a).attr("y",e.y-e.height/2-a).attr("width",e.width+i).attr("height",e.height+i).attr("fill","none");var o=r.node().getBBox();return e.width=o.width,e.height=o.height,e.intersect=function(t){return Se(e,t)},n},divider:function(t,e){var n=t.insert("g").attr("class",e.classes).attr("id",e.id),r=n.insert("rect",":first-child"),i=0*e.padding,a=i/2;r.attr("class","divider").attr("x",e.x-e.width/2-a).attr("y",e.y-e.height/2).attr("width",e.width+i).attr("height",e.height+i);var o=r.node().getBBox();return e.width=o.width,e.height=o.height,e.intersect=function(t){return Se(e,t)},n}},Le={},Ie={},Re={},Fe=function(t,e){var n=t.x,r=t.y,i=Math.abs(e.x-n),a=Math.abs(e.y-r),o=t.width/2,s=t.height/2;return i>=o||a>=s},Pe=function(t,e,n){c.warn("intersection calc o:",e," i:",n,t);var r=t.x,i=t.y,a=Math.abs(r-n.x),o=t.width/2,s=n.x<e.x?o-a:o+a,u=t.height/2,l=r-o,h=r+o,f=i-u,d=i+u;if(e.x===l||e.x===h||e.y===f||e.y===d)return c.warn("calc equals on edge"),e;var p=Math.abs(e.y-n.y),y=Math.abs(e.x-n.x);if(Math.abs(i-e.y)*o>Math.abs(r-e.x)*u){var g=n.y<e.y?e.y-u-i:i-u-e.y;s=y*g/p;var v={x:n.x<e.x?n.x+y-s:n.x-s,y:n.y<e.y?n.y+p-g:n.y-g};return c.warn("topp/bott calc, Q ".concat(p,", q ").concat(g,", R ").concat(y,", r ").concat(s),v),v}var m=m=p*(s=n.x<e.x?e.x-o-r:r-o-e.x)/y;return c.warn("sides calc, Q ".concat(p,", q ").concat(m,", R ").concat(y,", r ").concat(s),{x:n.x<e.x?n.x+y-s:n.x+a-o,y:n.y<e.y?n.y+m:n.y-m}),{x:n.x<e.x?n.x+y-s:n.x+a-o,y:n.y<e.y?n.y+m:n.y-m}},je=function t(e,n,r,i){c.info("Graph in recursive render: XXX",zt.a.json.write(n),i);var a=n.graph().rankdir;c.warn("Dir in recursive render - dir:",a);var o=e.insert("g").attr("class","root");n.nodes()?c.info("Recursive render XXX",n.nodes()):c.info("No nodes found for",n),n.edges().length>0&&c.info("Recursive edges",n.edge(n.edges()[0]));var s=o.insert("g").attr("class","clusters"),u=o.insert("g").attr("class","edgePaths"),l=o.insert("g").attr("class","edgeLabels"),f=o.insert("g").attr("class","nodes");return n.nodes().forEach((function(e){var o=n.node(e);if(void 0!==i){var s=JSON.parse(JSON.stringify(i.clusterData));c.info("Setting data for cluster XXX (",e,") ",s,i),n.setNode(i.id,s),n.parent(e)||(c.warn("Setting parent",e,i.id),n.setParent(e,i.id,s))}if(c.info("(Insert) Node XXX"+e+": "+JSON.stringify(n.node(e))),o&&o.clusterNode){c.info("Cluster identified",e,o,n.node(e));var u=t(f,o.graph,r,n.node(e));ue(o,u),function(t,e){Ne[e.id]=t}(u,o),c.warn("Recursive render complete",u,o)}else n.children(e).length>0?(c.info("Cluster - the non recursive path XXX",e,o.id,o,n),c.info(ge(o.id,n)),he[o.id]={id:ge(o.id,n),node:o}):(c.info("Node - the non recursive path",e,o.id,o),function(t,e,n){var r,i;e.link?(r=t.insert("svg:a").attr("xlink:href",e.link).attr("target",e.linkTarget||"_blank"),i=Oe[e.shape](r,e,n)):r=i=Oe[e.shape](t,e,n),e.tooltip&&i.attr("title",e.tooltip),e.class&&i.attr("class","node default "+e.class),Ne[e.id]=r,e.haveCallback&&Ne[e.id].attr("class",Ne[e.id].attr("class")+" clickable")}(f,n.node(e),a))})),n.edges().forEach((function(t){var e=n.edge(t.v,t.w,t.name);c.info("Edge "+t.v+" -> "+t.w+": "+JSON.stringify(t)),c.info("Edge "+t.v+" -> "+t.w+": ",t," ",JSON.stringify(n.edge(t))),c.info("Fix",he,"ids:",t.v,t.w,"Translateing: ",he[t.v],he[t.w]),function(t,e){var n=se(e.label,e.labelStyle),r=t.insert("g").attr("class","edgeLabel"),i=r.insert("g").attr("class","label");i.node().appendChild(n);var a=n.getBBox();if(_t().flowchart.htmlLabels){var o=n.children[0],s=Object(h.select)(n);a=o.getBoundingClientRect(),s.attr("width",a.width),s.attr("height",a.height)}if(i.attr("transform","translate("+-a.width/2+", "+-a.height/2+")"),Ie[e.id]=r,e.width=a.width,e.height=a.height,e.startLabelLeft){var c=se(e.startLabelLeft,e.labelStyle),u=t.insert("g").attr("class","edgeTerminals"),l=u.insert("g").attr("class","inner");l.node().appendChild(c);var f=c.getBBox();l.attr("transform","translate("+-f.width/2+", "+-f.height/2+")"),Re[e.id]||(Re[e.id]={}),Re[e.id].startLeft=u}if(e.startLabelRight){var d=se(e.startLabelRight,e.labelStyle),p=t.insert("g").attr("class","edgeTerminals"),y=p.insert("g").attr("class","inner");p.node().appendChild(d),y.node().appendChild(d);var g=d.getBBox();y.attr("transform","translate("+-g.width/2+", "+-g.height/2+")"),Re[e.id]||(Re[e.id]={}),Re[e.id].startRight=p}if(e.endLabelLeft){var v=se(e.endLabelLeft,e.labelStyle),m=t.insert("g").attr("class","edgeTerminals"),b=m.insert("g").attr("class","inner");b.node().appendChild(v);var _=v.getBBox();b.attr("transform","translate("+-_.width/2+", "+-_.height/2+")"),m.node().appendChild(v),Re[e.id]||(Re[e.id]={}),Re[e.id].endLeft=m}if(e.endLabelRight){var x=se(e.endLabelRight,e.labelStyle),k=t.insert("g").attr("class","edgeTerminals"),w=k.insert("g").attr("class","inner");w.node().appendChild(x);var E=x.getBBox();w.attr("transform","translate("+-E.width/2+", "+-E.height/2+")"),k.node().appendChild(x),Re[e.id]||(Re[e.id]={}),Re[e.id].endRight=k}}(l,e)})),n.edges().forEach((function(t){c.info("Edge "+t.v+" -> "+t.w+": "+JSON.stringify(t))})),c.info("#############################################"),c.info("###                Layout                 ###"),c.info("#############################################"),c.info(n),jt.a.layout(n),c.info("Graph after layout:",zt.a.json.write(n)),_e(n).forEach((function(t){var e=n.node(t);c.info("Position "+t+": "+JSON.stringify(n.node(t))),c.info("Position "+t+": ("+e.x,","+e.y,") width: ",e.width," height: ",e.height),e&&e.clusterNode?De(e):n.children(t).length>0?(!function(t,e){c.trace("Inserting cluster");var n=e.shape||"rect";Le[e.id]=Be[n](t,e)}(s,e),he[e.id].node=e):De(e)})),n.edges().forEach((function(t){var e=n.edge(t);c.info("Edge "+t.v+" -> "+t.w+": "+JSON.stringify(e),e);var i=function(t,e,n,r,i,a){var o=n.points,s=!1,u=a.node(e.v),l=a.node(e.w);if(l.intersect&&u.intersect&&((o=o.slice(1,n.points.length-1)).unshift(u.intersect(o[0])),c.info("Last point",o[o.length-1],l,l.intersect(o[o.length-1])),o.push(l.intersect(o[o.length-1]))),n.toCluster){var f;c.trace("edge",n),c.trace("to cluster",r[n.toCluster]),o=[];var d=!1;n.points.forEach((function(t){var e=r[n.toCluster].node;if(Fe(e,t)||d)d||o.push(t);else{c.trace("inside",n.toCluster,t,f);var i=Pe(e,f,t),a=!1;o.forEach((function(t){a=a||t.x===i.x&&t.y===i.y})),o.find((function(t){return t.x===i.x&&t.y===i.y}))?c.warn("no intersect",i,o):o.push(i),d=!0}f=t})),s=!0}if(n.fromCluster){c.trace("edge",n),c.warn("from cluster",r[n.fromCluster]);for(var p,y=[],g=!1,v=o.length-1;v>=0;v--){var m=o[v],b=r[n.fromCluster].node;if(Fe(b,m)||g)c.trace("Outside point",m),g||y.unshift(m);else{c.warn("inside",n.fromCluster,m,b);var _=Pe(b,p,m);y.unshift(_),g=!0}p=m}o=y,s=!0}var x,k=o.filter((function(t){return!Number.isNaN(t.y)}));x=("graph"===i||"flowchart"===i)&&n.curve||h.curveBasis;var w,E=Object(h.line)().x((function(t){return t.x})).y((function(t){return t.y})).curve(x);switch(n.thickness){case"normal":w="edge-thickness-normal";break;case"thick":w="edge-thickness-thick";break;default:w=""}switch(n.pattern){case"solid":w+=" edge-pattern-solid";break;case"dotted":w+=" edge-pattern-dotted";break;case"dashed":w+=" edge-pattern-dashed"}var T=t.append("path").attr("d",E(k)).attr("id",n.id).attr("class"," "+w+(n.classes?" "+n.classes:"")).attr("style",n.style),C="";switch(_t().state.arrowMarkerAbsolute&&(C=(C=(C=window.location.protocol+"//"+window.location.host+window.location.pathname+window.location.search).replace(/\(/g,"\\(")).replace(/\)/g,"\\)")),c.info("arrowTypeStart",n.arrowTypeStart),c.info("arrowTypeEnd",n.arrowTypeEnd),n.arrowTypeStart){case"arrow_cross":T.attr("marker-start","url("+C+"#"+i+"-crossStart)");break;case"arrow_point":T.attr("marker-start","url("+C+"#"+i+"-pointStart)");break;case"arrow_barb":T.attr("marker-start","url("+C+"#"+i+"-barbStart)");break;case"arrow_circle":T.attr("marker-start","url("+C+"#"+i+"-circleStart)");break;case"aggregation":T.attr("marker-start","url("+C+"#"+i+"-aggregationStart)");break;case"extension":T.attr("marker-start","url("+C+"#"+i+"-extensionStart)");break;case"composition":T.attr("marker-start","url("+C+"#"+i+"-compositionStart)");break;case"dependency":T.attr("marker-start","url("+C+"#"+i+"-dependencyStart)")}switch(n.arrowTypeEnd){case"arrow_cross":T.attr("marker-end","url("+C+"#"+i+"-crossEnd)");break;case"arrow_point":T.attr("marker-end","url("+C+"#"+i+"-pointEnd)");break;case"arrow_barb":T.attr("marker-end","url("+C+"#"+i+"-barbEnd)");break;case"arrow_circle":T.attr("marker-end","url("+C+"#"+i+"-circleEnd)");break;case"aggregation":T.attr("marker-end","url("+C+"#"+i+"-aggregationEnd)");break;case"extension":T.attr("marker-end","url("+C+"#"+i+"-extensionEnd)");break;case"composition":T.attr("marker-end","url("+C+"#"+i+"-compositionEnd)");break;case"dependency":T.attr("marker-end","url("+C+"#"+i+"-dependencyEnd)")}var S={};return s&&(S.updatedPath=o),S.originalPath=n.points,S}(u,t,e,he,r,n);!function(t,e){c.info("Moving label",t.id,t.label,Ie[t.id]);var n=e.updatedPath?e.updatedPath:e.originalPath;if(t.label){var r=Ie[t.id],i=t.x,a=t.y;if(n){var o=V.calcLabelPosition(n);c.info("Moving label from (",i,",",a,") to (",o.x,",",o.y,")")}r.attr("transform","translate("+i+", "+a+")")}if(t.startLabelLeft){var s=Re[t.id].startLeft,u=t.x,l=t.y;if(n){var h=V.calcTerminalLabelPosition(0,"start_left",n);u=h.x,l=h.y}s.attr("transform","translate("+u+", "+l+")")}if(t.startLabelRight){var f=Re[t.id].startRight,d=t.x,p=t.y;if(n){var y=V.calcTerminalLabelPosition(0,"start_right",n);d=y.x,p=y.y}f.attr("transform","translate("+d+", "+p+")")}if(t.endLabelLeft){var g=Re[t.id].endLeft,v=t.x,m=t.y;if(n){var b=V.calcTerminalLabelPosition(0,"end_left",n);v=b.x,m=b.y}g.attr("transform","translate("+v+", "+m+")")}if(t.endLabelRight){var _=Re[t.id].endRight,x=t.x,k=t.y;if(n){var w=V.calcTerminalLabelPosition(0,"end_right",n);x=w.x,k=w.y}_.attr("transform","translate("+x+", "+k+")")}}(e,i)})),o},Ye=function(t,e,n,r,i){oe(t,n,r,i),Ne={},Ie={},Re={},Le={},fe={},de={},he={},c.warn("Graph at first:",zt.a.json.write(e)),me(e),c.warn("Graph after:",zt.a.json.write(e)),je(t,e,r)};Ut.parser.yy=Ft;var ze={dividerMargin:10,padding:5,textHeight:10},Ue=function(t){Object.keys(t).forEach((function(e){ze[e]=t[e]}))},$e=function(t,e){c.info("Drawing class"),Ft.clear(),Ut.parser.parse(t);var n=_t().flowchart;c.info("config:",n);var r=n.nodeSpacing||50,i=n.rankSpacing||50,a=new zt.a.Graph({multigraph:!0,compound:!0}).setGraph({rankdir:"TD",nodesep:r,ranksep:i,marginx:8,marginy:8}).setDefaultEdgeLabel((function(){return{}})),o=Ft.getClasses(),s=Ft.getRelations();c.info(s),function(t,e){var n=Object.keys(t);c.info("keys:",n),c.info(t),n.forEach((function(n){var r=t[n],i="";r.cssClasses.length>0&&(i=i+" "+r.cssClasses.join(" "));var a={labelStyle:""},o=void 0!==r.text?r.text:r.id,s="";switch(r.type){case"class":s="class_box";break;default:s="class_box"}e.setNode(r.id,{labelStyle:a.labelStyle,shape:s,labelText:o,classData:r,rx:0,ry:0,class:i,style:a.style,id:r.id,domId:r.domId,haveCallback:r.haveCallback,link:r.link,width:"group"===r.type?500:void 0,type:r.type,padding:_t().flowchart.padding}),c.info("setNode",{labelStyle:a.labelStyle,shape:s,labelText:o,rx:0,ry:0,class:i,style:a.style,id:r.id,width:"group"===r.type?500:void 0,type:r.type,padding:_t().flowchart.padding})}))}(o,a),function(t,e){var n=0;t.forEach((function(r){n++;var i={classes:"relation"};i.pattern=1==r.relation.lineType?"dashed":"solid",i.id="id"+n,"arrow_open"===r.type?i.arrowhead="none":i.arrowhead="normal",c.info(i,r),i.startLabelRight="none"===r.relationTitle1?"":r.relationTitle1,i.endLabelLeft="none"===r.relationTitle2?"":r.relationTitle2,i.arrowTypeStart=We(r.relation.type1),i.arrowTypeEnd=We(r.relation.type2);var a="",o="";if(void 0!==r.style){var s=B(r.style);a=s.style,o=s.labelStyle}else a="fill:none";i.style=a,i.labelStyle=o,void 0!==r.interpolate?i.curve=N(r.interpolate,h.curveLinear):void 0!==t.defaultInterpolate?i.curve=N(t.defaultInterpolate,h.curveLinear):i.curve=N(ze.curve,h.curveLinear),r.text=r.title,void 0===r.text?void 0!==r.style&&(i.arrowheadStyle="fill: #333"):(i.arrowheadStyle="fill: #333",i.labelpos="c",_t().flowchart.htmlLabels,i.labelType="text",i.label=r.text.replace(_.lineBreakRegex,"\n"),void 0===r.style&&(i.style=i.style||"stroke: #333; stroke-width: 1.5px;fill:none"),i.labelStyle=i.labelStyle.replace("color:","fill:")),e.setEdge(r.id1,r.id2,i,n)}))}(s,a);var u=Object(h.select)('[id="'.concat(e,'"]'));u.attr("xmlns:xlink","http://www.w3.org/1999/xlink");var l=Object(h.select)("#"+e+" g");Ye(l,a,["aggregation","extension","composition","dependency"],"classDiagram",e);var f=u.node().getBBox(),d=f.width+16,p=f.height+16;if(c.debug("new ViewBox 0 0 ".concat(d," ").concat(p),"translate(".concat(8-a._label.marginx,", ").concat(8-a._label.marginy,")")),W(u,p,d,n.useMaxWidth),u.attr("viewBox","0 0 ".concat(d," ").concat(p)),u.select("g").attr("transform","translate(".concat(8-a._label.marginx,", ").concat(8-f.y,")")),!n.htmlLabels)for(var y=document.querySelectorAll('[id="'+e+'"] .edgeLabel .label'),g=0;g<y.length;g++){var v=y[g],m=v.getBBox(),b=document.createElementNS("http://www.w3.org/2000/svg","rect");b.setAttribute("rx",0),b.setAttribute("ry",0),b.setAttribute("width",m.width),b.setAttribute("height",m.height),b.setAttribute("style","fill:#e8e8e8;"),v.insertBefore(b,v.firstChild)}};function We(t){var e;switch(t){case 0:e="aggregation";break;case 1:e="extension";break;case 2:e="composition";break;case 3:e="dependency";break;default:e="none"}return e}var Ve={},qe=[],He="",Ge=function(t){return void 0===Ve[t]&&(Ve[t]={attributes:[]},c.info("Added new entity :",t)),Ve[t]},Xe={Cardinality:{ZERO_OR_ONE:"ZERO_OR_ONE",ZERO_OR_MORE:"ZERO_OR_MORE",ONE_OR_MORE:"ONE_OR_MORE",ONLY_ONE:"ONLY_ONE"},Identification:{NON_IDENTIFYING:"NON_IDENTIFYING",IDENTIFYING:"IDENTIFYING"},parseDirective:function(t,e,n){fs.parseDirective(this,t,e,n)},getConfig:function(){return _t().er},addEntity:Ge,addAttributes:function(t,e){var n,r=Ge(t);for(n=e.length-1;n>=0;n--)r.attributes.push(e[n]),c.debug("Added attribute ",e[n].attributeName)},getEntities:function(){return Ve},addRelationship:function(t,e,n,r){var i={entityA:t,roleA:e,entityB:n,relSpec:r};qe.push(i),c.debug("Added new relationship :",i)},getRelationships:function(){return qe},clear:function(){Ve={},qe=[],He=""},setTitle:function(t){He=t},getTitle:function(){return He}},Ze=n(75),Qe=n.n(Ze),Ke={ONLY_ONE_START:"ONLY_ONE_START",ONLY_ONE_END:"ONLY_ONE_END",ZERO_OR_ONE_START:"ZERO_OR_ONE_START",ZERO_OR_ONE_END:"ZERO_OR_ONE_END",ONE_OR_MORE_START:"ONE_OR_MORE_START",ONE_OR_MORE_END:"ONE_OR_MORE_END",ZERO_OR_MORE_START:"ZERO_OR_MORE_START",ZERO_OR_MORE_END:"ZERO_OR_MORE_END"},Je=Ke,tn=function(t,e){var n;t.append("defs").append("marker").attr("id",Ke.ONLY_ONE_START).attr("refX",0).attr("refY",9).attr("markerWidth",18).attr("markerHeight",18).attr("orient","auto").append("path").attr("stroke",e.stroke).attr("fill","none").attr("d","M9,0 L9,18 M15,0 L15,18"),t.append("defs").append("marker").attr("id",Ke.ONLY_ONE_END).attr("refX",18).attr("refY",9).attr("markerWidth",18).attr("markerHeight",18).attr("orient","auto").append("path").attr("stroke",e.stroke).attr("fill","none").attr("d","M3,0 L3,18 M9,0 L9,18"),(n=t.append("defs").append("marker").attr("id",Ke.ZERO_OR_ONE_START).attr("refX",0).attr("refY",9).attr("markerWidth",30).attr("markerHeight",18).attr("orient","auto")).append("circle").attr("stroke",e.stroke).attr("fill","white").attr("cx",21).attr("cy",9).attr("r",6),n.append("path").attr("stroke",e.stroke).attr("fill","none").attr("d","M9,0 L9,18"),(n=t.append("defs").append("marker").attr("id",Ke.ZERO_OR_ONE_END).attr("refX",30).attr("refY",9).attr("markerWidth",30).attr("markerHeight",18).attr("orient","auto")).append("circle").attr("stroke",e.stroke).attr("fill","white").attr("cx",9).attr("cy",9).attr("r",6),n.append("path").attr("stroke",e.stroke).attr("fill","none").attr("d","M21,0 L21,18"),t.append("defs").append("marker").attr("id",Ke.ONE_OR_MORE_START).attr("refX",18).attr("refY",18).attr("markerWidth",45).attr("markerHeight",36).attr("orient","auto").append("path").attr("stroke",e.stroke).attr("fill","none").attr("d","M0,18 Q 18,0 36,18 Q 18,36 0,18 M42,9 L42,27"),t.append("defs").append("marker").attr("id",Ke.ONE_OR_MORE_END).attr("refX",27).attr("refY",18).attr("markerWidth",45).attr("markerHeight",36).attr("orient","auto").append("path").attr("stroke",e.stroke).attr("fill","none").attr("d","M3,9 L3,27 M9,18 Q27,0 45,18 Q27,36 9,18"),(n=t.append("defs").append("marker").attr("id",Ke.ZERO_OR_MORE_START).attr("refX",18).attr("refY",18).attr("markerWidth",57).attr("markerHeight",36).attr("orient","auto")).append("circle").attr("stroke",e.stroke).attr("fill","white").attr("cx",48).attr("cy",18).attr("r",6),n.append("path").attr("stroke",e.stroke).attr("fill","none").attr("d","M0,18 Q18,0 36,18 Q18,36 0,18"),(n=t.append("defs").append("marker").attr("id",Ke.ZERO_OR_MORE_END).attr("refX",39).attr("refY",18).attr("markerWidth",57).attr("markerHeight",36).attr("orient","auto")).append("circle").attr("stroke",e.stroke).attr("fill","white").attr("cx",9).attr("cy",18).attr("r",6),n.append("path").attr("stroke",e.stroke).attr("fill","none").attr("d","M21,18 Q39,0 57,18 Q39,36 21,18")},en={},nn=function(t,e,n){var r;return Object.keys(e).forEach((function(i){var a=t.append("g").attr("id",i);r=void 0===r?i:r;var o="entity-"+i,s=a.append("text").attr("class","er entityLabel").attr("id",o).attr("x",0).attr("y",0).attr("dominant-baseline","middle").attr("text-anchor","middle").attr("style","font-family: "+_t().fontFamily+"; font-size: "+en.fontSize+"px").text(i),c=function(t,e,n){var r=en.entityPadding/3,i=en.entityPadding/3,a=.85*en.fontSize,o=e.node().getBBox(),s=[],c=0,u=0,l=o.height+2*r,h=1;n.forEach((function(n){var i="".concat(e.node().id,"-attr-").concat(h),o=t.append("text").attr("class","er entityLabel").attr("id","".concat(i,"-type")).attr("x",0).attr("y",0).attr("dominant-baseline","middle").attr("text-anchor","left").attr("style","font-family: "+_t().fontFamily+"; font-size: "+a+"px").text(n.attributeType),f=t.append("text").attr("class","er entityLabel").attr("id","".concat(i,"-name")).attr("x",0).attr("y",0).attr("dominant-baseline","middle").attr("text-anchor","left").attr("style","font-family: "+_t().fontFamily+"; font-size: "+a+"px").text(n.attributeName);s.push({tn:o,nn:f});var d=o.node().getBBox(),p=f.node().getBBox();c=Math.max(c,d.width),u=Math.max(u,p.width),l+=Math.max(d.height,p.height)+2*r,h+=1}));var f={width:Math.max(en.minEntityWidth,Math.max(o.width+2*en.entityPadding,c+u+4*i)),height:n.length>0?l:Math.max(en.minEntityHeight,o.height+2*en.entityPadding)},d=Math.max(0,f.width-(c+u)-4*i);if(n.length>0){e.attr("transform","translate("+f.width/2+","+(r+o.height/2)+")");var p=o.height+2*r,y="attributeBoxOdd";s.forEach((function(e){var n=p+r+Math.max(e.tn.node().getBBox().height,e.nn.node().getBBox().height)/2;e.tn.attr("transform","translate("+i+","+n+")");var a=t.insert("rect","#"+e.tn.node().id).attr("class","er ".concat(y)).attr("fill",en.fill).attr("fill-opacity","100%").attr("stroke",en.stroke).attr("x",0).attr("y",p).attr("width",c+2*i+d/2).attr("height",e.tn.node().getBBox().height+2*r);e.nn.attr("transform","translate("+(parseFloat(a.attr("width"))+i)+","+n+")"),t.insert("rect","#"+e.nn.node().id).attr("class","er ".concat(y)).attr("fill",en.fill).attr("fill-opacity","100%").attr("stroke",en.stroke).attr("x","".concat(a.attr("x")+a.attr("width"))).attr("y",p).attr("width",u+2*i+d/2).attr("height",e.nn.node().getBBox().height+2*r),p+=Math.max(e.tn.node().getBBox().height,e.nn.node().getBBox().height)+2*r,y="attributeBoxOdd"==y?"attributeBoxEven":"attributeBoxOdd"}))}else f.height=Math.max(en.minEntityHeight,l),e.attr("transform","translate("+f.width/2+","+f.height/2+")");return f}(a,s,e[i].attributes),u=c.width,l=c.height,h=a.insert("rect","#"+o).attr("class","er entityBox").attr("fill",en.fill).attr("fill-opacity","100%").attr("stroke",en.stroke).attr("x",0).attr("y",0).attr("width",u).attr("height",l).node().getBBox();n.setNode(i,{width:h.width,height:h.height,shape:"rect",id:i})})),r},rn=function(t){return(t.entityA+t.roleA+t.entityB).replace(/\s/g,"")},an=0,on=function(t){for(var e=Object.keys(t),n=0;n<e.length;n++)en[e[n]]=t[e[n]]},sn=function(t,e){c.info("Drawing ER diagram"),Xe.clear();var n=Qe.a.parser;n.yy=Xe;try{n.parse(t)}catch(t){c.debug("Parsing failed")}var r,i=Object(h.select)("[id='".concat(e,"']"));tn(i,en),r=new zt.a.Graph({multigraph:!0,directed:!0,compound:!1}).setGraph({rankdir:en.layoutDirection,marginx:20,marginy:20,nodesep:100,edgesep:100,ranksep:100}).setDefaultEdgeLabel((function(){return{}}));var a,o,s=nn(i,Xe.getEntities(),r),u=function(t,e){return t.forEach((function(t){e.setEdge(t.entityA,t.entityB,{relationship:t},rn(t))})),t}(Xe.getRelationships(),r);jt.a.layout(r),a=i,(o=r).nodes().forEach((function(t){void 0!==t&&void 0!==o.node(t)&&a.select("#"+t).attr("transform","translate("+(o.node(t).x-o.node(t).width/2)+","+(o.node(t).y-o.node(t).height/2)+" )")})),u.forEach((function(t){!function(t,e,n,r){an++;var i=n.edge(e.entityA,e.entityB,rn(e)),a=Object(h.line)().x((function(t){return t.x})).y((function(t){return t.y})).curve(h.curveBasis),o=t.insert("path","#"+r).attr("class","er relationshipLine").attr("d",a(i.points)).attr("stroke",en.stroke).attr("fill","none");e.relSpec.relType===Xe.Identification.NON_IDENTIFYING&&o.attr("stroke-dasharray","8,8");var s="";switch(en.arrowMarkerAbsolute&&(s=(s=(s=window.location.protocol+"//"+window.location.host+window.location.pathname+window.location.search).replace(/\(/g,"\\(")).replace(/\)/g,"\\)")),e.relSpec.cardA){case Xe.Cardinality.ZERO_OR_ONE:o.attr("marker-end","url("+s+"#"+Je.ZERO_OR_ONE_END+")");break;case Xe.Cardinality.ZERO_OR_MORE:o.attr("marker-end","url("+s+"#"+Je.ZERO_OR_MORE_END+")");break;case Xe.Cardinality.ONE_OR_MORE:o.attr("marker-end","url("+s+"#"+Je.ONE_OR_MORE_END+")");break;case Xe.Cardinality.ONLY_ONE:o.attr("marker-end","url("+s+"#"+Je.ONLY_ONE_END+")")}switch(e.relSpec.cardB){case Xe.Cardinality.ZERO_OR_ONE:o.attr("marker-start","url("+s+"#"+Je.ZERO_OR_ONE_START+")");break;case Xe.Cardinality.ZERO_OR_MORE:o.attr("marker-start","url("+s+"#"+Je.ZERO_OR_MORE_START+")");break;case Xe.Cardinality.ONE_OR_MORE:o.attr("marker-start","url("+s+"#"+Je.ONE_OR_MORE_START+")");break;case Xe.Cardinality.ONLY_ONE:o.attr("marker-start","url("+s+"#"+Je.ONLY_ONE_START+")")}var c=o.node().getTotalLength(),u=o.node().getPointAtLength(.5*c),l="rel"+an,f=t.append("text").attr("class","er relationshipLabel").attr("id",l).attr("x",u.x).attr("y",u.y).attr("text-anchor","middle").attr("dominant-baseline","middle").attr("style","font-family: "+_t().fontFamily+"; font-size: "+en.fontSize+"px").text(e.roleA).node().getBBox();t.insert("rect","#"+l).attr("class","er relationshipLabelBox").attr("x",u.x-f.width/2).attr("y",u.y-f.height/2).attr("width",f.width).attr("height",f.height).attr("fill","white").attr("fill-opacity","85%")}(i,t,r,s)}));var l=en.diagramPadding,f=i.node().getBBox(),d=f.width+2*l,p=f.height+2*l;W(i,p,d,en.useMaxWidth),i.attr("viewBox","".concat(f.x-l," ").concat(f.y-l," ").concat(d," ").concat(p))};function cn(t){return(cn="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(t){return typeof t}:function(t){return t&&"function"==typeof Symbol&&t.constructor===Symbol&&t!==Symbol.prototype?"symbol":typeof t})(t)}function un(t){return function(t){if(Array.isArray(t)){for(var e=0,n=new Array(t.length);e<t.length;e++)n[e]=t[e];return n}}(t)||function(t){if(Symbol.iterator in Object(t)||"[object Arguments]"===Object.prototype.toString.call(t))return Array.from(t)}(t)||function(){throw new TypeError("Invalid attempt to spread non-iterable instance")}()}var ln,hn,fn=0,dn=_t(),pn={},yn=[],gn=[],vn=[],mn={},bn={},_n=0,xn=!0,kn=[],wn=function(t){for(var e=Object.keys(pn),n=0;n<e.length;n++)if(pn[e[n]].id===t)return pn[e[n]].domId;return t},En=function(t,e,n,r){var i={start:t,end:e,type:void 0,text:""};void 0!==(r=n.text)&&(i.text=_.sanitizeText(r.trim(),dn),'"'===i.text[0]&&'"'===i.text[i.text.length-1]&&(i.text=i.text.substring(1,i.text.length-1))),void 0!==n&&(i.type=n.type,i.stroke=n.stroke,i.length=n.length),yn.push(i)},Tn=function(t,e){t.split(",").forEach((function(t){var n=t;void 0!==pn[n]&&pn[n].classes.push(e),void 0!==mn[n]&&mn[n].classes.push(e)}))},Cn=function(t){var e=Object(h.select)(".mermaidTooltip");null===(e._groups||e)[0][0]&&(e=Object(h.select)("body").append("div").attr("class","mermaidTooltip").style("opacity",0)),Object(h.select)(t).select("svg").selectAll("g.node").on("mouseover",(function(){var t=Object(h.select)(this);if(null!==t.attr("title")){var n=this.getBoundingClientRect();e.transition().duration(200).style("opacity",".9"),e.html(t.attr("title")).style("left",window.scrollX+n.left+(n.right-n.left)/2+"px").style("top",window.scrollY+n.top-14+document.body.scrollTop+"px"),t.classed("hover",!0)}})).on("mouseout",(function(){e.transition().duration(500).style("opacity",0),Object(h.select)(this).classed("hover",!1)}))};kn.push(Cn);var Sn=function(t){for(var e=0;e<vn.length;e++)if(vn[e].id===t)return e;return-1},An=-1,Mn=[],On=function(t,e){var n=!1;return t.forEach((function(t){t.nodes.indexOf(e)>=0&&(n=!0)})),n},Nn=function(t,e){var n=[];return t.nodes.forEach((function(r,i){On(e,r)||n.push(t.nodes[i])})),{nodes:n}},Dn={parseDirective:function(t,e,n){fs.parseDirective(this,t,e,n)},defaultConfig:function(){return pt.flowchart},addVertex:function(t,e,n,r,i){var a,o=t;void 0!==o&&0!==o.trim().length&&(void 0===pn[o]&&(pn[o]={id:o,domId:"flowchart-"+o+"-"+fn,styles:[],classes:[]}),fn++,void 0!==e?(dn=_t(),'"'===(a=_.sanitizeText(e.trim(),dn))[0]&&'"'===a[a.length-1]&&(a=a.substring(1,a.length-1)),pn[o].text=a):void 0===pn[o].text&&(pn[o].text=t),void 0!==n&&(pn[o].type=n),null!=r&&r.forEach((function(t){pn[o].styles.push(t)})),null!=i&&i.forEach((function(t){pn[o].classes.push(t)})))},lookUpDomId:wn,addLink:function(t,e,n,r){var i,a;for(i=0;i<t.length;i++)for(a=0;a<e.length;a++)En(t[i],e[a],n,r)},updateLinkInterpolate:function(t,e){t.forEach((function(t){"default"===t?yn.defaultInterpolate=e:yn[t].interpolate=e}))},updateLink:function(t,e){t.forEach((function(t){"default"===t?yn.defaultStyle=e:(-1===V.isSubstringInArray("fill",e)&&e.push("fill:none"),yn[t].style=e)}))},addClass:function(t,e){void 0===gn[t]&&(gn[t]={id:t,styles:[],textStyles:[]}),null!=e&&e.forEach((function(e){if(e.match("color")){var n=e.replace("fill","bgFill").replace("color","fill");gn[t].textStyles.push(n)}gn[t].styles.push(e)}))},setDirection:function(t){(ln=t).match(/.*</)&&(ln="RL"),ln.match(/.*\^/)&&(ln="BT"),ln.match(/.*>/)&&(ln="LR"),ln.match(/.*v/)&&(ln="TB")},setClass:Tn,setTooltip:function(t,e){t.split(",").forEach((function(t){void 0!==e&&(bn["gen-1"===hn?wn(t):t]=_.sanitizeText(e,dn))}))},getTooltip:function(t){return bn[t]},setClickEvent:function(t,e,n){t.split(",").forEach((function(t){!function(t,e,n){var r=wn(t);if("loose"===_t().securityLevel&&void 0!==e){var i=[];if("string"==typeof n){i=n.split(/,(?=(?:(?:[^"]*"){2})*[^"]*$)/);for(var a=0;a<i.length;a++){var o=i[a].trim();'"'===o.charAt(0)&&'"'===o.charAt(o.length-1)&&(o=o.substr(1,o.length-2)),i[a]=o}}0===i.length&&i.push(t),void 0!==pn[t]&&(pn[t].haveCallback=!0,kn.push((function(){var t=document.querySelector('[id="'.concat(r,'"]'));null!==t&&t.addEventListener("click",(function(){V.runFunc.apply(V,[e].concat(un(i)))}),!1)})))}}(t,e,n)})),Tn(t,"clickable")},setLink:function(t,e,n){t.split(",").forEach((function(t){void 0!==pn[t]&&(pn[t].link=V.formatUrl(e,dn),pn[t].linkTarget=n)})),Tn(t,"clickable")},bindFunctions:function(t){kn.forEach((function(e){e(t)}))},getDirection:function(){return ln.trim()},getVertices:function(){return pn},getEdges:function(){return yn},getClasses:function(){return gn},clear:function(t){pn={},gn={},yn=[],(kn=[]).push(Cn),vn=[],mn={},_n=0,bn=[],xn=!0,hn=t||"gen-1"},setGen:function(t){hn=t||"gen-1"},defaultStyle:function(){return"fill:#ffa;stroke: #f66; stroke-width: 3px; stroke-dasharray: 5, 5;fill:#ffa;stroke: #666;"},addSubGraph:function(t,e,n){var r=t.trim(),i=n;t===n&&n.match(/\s/)&&(r=void 0);var a,o,s,u=[];if(a=u.concat.apply(u,e),o={boolean:{},number:{},string:{}},s=[],u=a.filter((function(t){var e=cn(t);return""!==t.trim()&&(e in o?!o[e].hasOwnProperty(t)&&(o[e][t]=!0):!(s.indexOf(t)>=0)&&s.push(t))})),"gen-1"===hn){c.warn("LOOKING UP");for(var l=0;l<u.length;l++)u[l]=wn(u[l])}r=r||"subGraph"+_n,i=i||"",i=_.sanitizeText(i,dn),_n+=1;var h={id:r,nodes:u,title:i.trim(),classes:[]};return c.info("Adding",h.id,h.nodes),h.nodes=Nn(h,vn).nodes,vn.push(h),mn[r]=h,r},getDepthFirstPos:function(t){return Mn[t]},indexNodes:function(){An=-1,vn.length>0&&function t(e,n){var r=vn[n].nodes;if(!((An+=1)>2e3)){if(Mn[An]=n,vn[n].id===e)return{result:!0,count:0};for(var i=0,a=1;i<r.length;){var o=Sn(r[i]);if(o>=0){var s=t(e,o);if(s.result)return{result:!0,count:a+s.count};a+=s.count}i+=1}return{result:!1,count:a}}}("none",vn.length-1)},getSubGraphs:function(){return vn},destructLink:function(t,e){var n,r=function(t){var e=t.trim(),n=e.slice(0,-1),r="arrow_open";switch(e.slice(-1)){case"x":r="arrow_cross","x"===e[0]&&(r="double_"+r,n=n.slice(1));break;case">":r="arrow_point","<"===e[0]&&(r="double_"+r,n=n.slice(1));break;case"o":r="arrow_circle","o"===e[0]&&(r="double_"+r,n=n.slice(1))}var i="normal",a=n.length-1;"="===n[0]&&(i="thick");var o=function(t,e){for(var n=e.length,r=0,i=0;i<n;++i)e[i]===t&&++r;return r}(".",n);return o&&(i="dotted",a=o),{type:r,stroke:i,length:a}}(t);if(e){if((n=function(t){var e=t.trim(),n="arrow_open";switch(e[0]){case"<":n="arrow_point",e=e.slice(1);break;case"x":n="arrow_cross",e=e.slice(1);break;case"o":n="arrow_circle",e=e.slice(1)}var r="normal";return-1!==e.indexOf("=")&&(r="thick"),-1!==e.indexOf(".")&&(r="dotted"),{type:n,stroke:r}}(e)).stroke!==r.stroke)return{type:"INVALID",stroke:"INVALID"};if("arrow_open"===n.type)n.type=r.type;else{if(n.type!==r.type)return{type:"INVALID",stroke:"INVALID"};n.type="double_"+n.type}return"double_arrow"===n.type&&(n.type="double_arrow_point"),n.length=r.length,n}return r},lex:{firstGraph:function(){return!!xn&&(xn=!1,!0)}},exists:On,makeUniq:Nn},Bn=n(26),Ln=n.n(Bn),In=n(7),Rn=n.n(In),Fn=n(50),Pn=n.n(Fn);function jn(t,e,n){var r=.9*(e.width+e.height),i=[{x:r/2,y:0},{x:r,y:-r/2},{x:r/2,y:-r},{x:0,y:-r/2}],a=Zn(t,r,r,i);return n.intersect=function(t){return Rn.a.intersect.polygon(n,i,t)},a}function Yn(t,e,n){var r=e.height,i=r/4,a=e.width+2*i,o=[{x:i,y:0},{x:a-i,y:0},{x:a,y:-r/2},{x:a-i,y:-r},{x:i,y:-r},{x:0,y:-r/2}],s=Zn(t,a,r,o);return n.intersect=function(t){return Rn.a.intersect.polygon(n,o,t)},s}function zn(t,e,n){var r=e.width,i=e.height,a=[{x:-i/2,y:0},{x:r,y:0},{x:r,y:-i},{x:-i/2,y:-i},{x:0,y:-i/2}],o=Zn(t,r,i,a);return n.intersect=function(t){return Rn.a.intersect.polygon(n,a,t)},o}function Un(t,e,n){var r=e.width,i=e.height,a=[{x:-2*i/6,y:0},{x:r-i/6,y:0},{x:r+2*i/6,y:-i},{x:i/6,y:-i}],o=Zn(t,r,i,a);return n.intersect=function(t){return Rn.a.intersect.polygon(n,a,t)},o}function $n(t,e,n){var r=e.width,i=e.height,a=[{x:2*i/6,y:0},{x:r+i/6,y:0},{x:r-2*i/6,y:-i},{x:-i/6,y:-i}],o=Zn(t,r,i,a);return n.intersect=function(t){return Rn.a.intersect.polygon(n,a,t)},o}function Wn(t,e,n){var r=e.width,i=e.height,a=[{x:-2*i/6,y:0},{x:r+2*i/6,y:0},{x:r-i/6,y:-i},{x:i/6,y:-i}],o=Zn(t,r,i,a);return n.intersect=function(t){return Rn.a.intersect.polygon(n,a,t)},o}function Vn(t,e,n){var r=e.width,i=e.height,a=[{x:i/6,y:0},{x:r-i/6,y:0},{x:r+2*i/6,y:-i},{x:-2*i/6,y:-i}],o=Zn(t,r,i,a);return n.intersect=function(t){return Rn.a.intersect.polygon(n,a,t)},o}function qn(t,e,n){var r=e.width,i=e.height,a=[{x:0,y:0},{x:r+i/2,y:0},{x:r,y:-i/2},{x:r+i/2,y:-i},{x:0,y:-i}],o=Zn(t,r,i,a);return n.intersect=function(t){return Rn.a.intersect.polygon(n,a,t)},o}function Hn(t,e,n){var r=e.height,i=e.width+r/4,a=t.insert("rect",":first-child").attr("rx",r/2).attr("ry",r/2).attr("x",-i/2).attr("y",-r/2).attr("width",i).attr("height",r);return n.intersect=function(t){return Rn.a.intersect.rect(n,t)},a}function Gn(t,e,n){var r=e.width,i=e.height,a=[{x:0,y:0},{x:r,y:0},{x:r,y:-i},{x:0,y:-i},{x:0,y:0},{x:-8,y:0},{x:r+8,y:0},{x:r+8,y:-i},{x:-8,y:-i},{x:-8,y:0}],o=Zn(t,r,i,a);return n.intersect=function(t){return Rn.a.intersect.polygon(n,a,t)},o}function Xn(t,e,n){var r=e.width,i=r/2,a=i/(2.5+r/50),o=e.height+a,s="M 0,"+a+" a "+i+","+a+" 0,0,0 "+r+" 0 a "+i+","+a+" 0,0,0 "+-r+" 0 l 0,"+o+" a "+i+","+a+" 0,0,0 "+r+" 0 l 0,"+-o,c=t.attr("label-offset-y",a).insert("path",":first-child").attr("d",s).attr("transform","translate("+-r/2+","+-(o/2+a)+")");return n.intersect=function(t){var e=Rn.a.intersect.rect(n,t),r=e.x-n.x;if(0!=i&&(Math.abs(r)<n.width/2||Math.abs(r)==n.width/2&&Math.abs(e.y-n.y)>n.height/2-a)){var o=a*a*(1-r*r/(i*i));0!=o&&(o=Math.sqrt(o)),o=a-o,t.y-n.y>0&&(o=-o),e.y+=o}return e},c}function Zn(t,e,n,r){return t.insert("polygon",":first-child").attr("points",r.map((function(t){return t.x+","+t.y})).join(" ")).attr("transform","translate("+-e/2+","+n/2+")")}var Qn={addToRender:function(t){t.shapes().question=jn,t.shapes().hexagon=Yn,t.shapes().stadium=Hn,t.shapes().subroutine=Gn,t.shapes().cylinder=Xn,t.shapes().rect_left_inv_arrow=zn,t.shapes().lean_right=Un,t.shapes().lean_left=$n,t.shapes().trapezoid=Wn,t.shapes().inv_trapezoid=Vn,t.shapes().rect_right_inv_arrow=qn},addToRenderV2:function(t){t({question:jn}),t({hexagon:Yn}),t({stadium:Hn}),t({subroutine:Gn}),t({cylinder:Xn}),t({rect_left_inv_arrow:zn}),t({lean_right:Un}),t({lean_left:$n}),t({trapezoid:Wn}),t({inv_trapezoid:Vn}),t({rect_right_inv_arrow:qn})}},Kn={},Jn=function(t,e,n){var r=Object(h.select)('[id="'.concat(n,'"]'));Object.keys(t).forEach((function(n){var i=t[n],a="default";i.classes.length>0&&(a=i.classes.join(" "));var o,s=B(i.styles),u=void 0!==i.text?i.text:i.id;if(_t().flowchart.htmlLabels){var l={label:u.replace(/fa[lrsb]?:fa-[\w-]+/g,(function(t){return"<i class='".concat(t.replace(":"," "),"'></i>")}))};(o=Pn()(r,l).node()).parentNode.removeChild(o)}else{var h=document.createElementNS("http://www.w3.org/2000/svg","text");h.setAttribute("style",s.labelStyle.replace("color:","fill:"));for(var f=u.split(_.lineBreakRegex),d=0;d<f.length;d++){var p=document.createElementNS("http://www.w3.org/2000/svg","tspan");p.setAttributeNS("http://www.w3.org/XML/1998/namespace","xml:space","preserve"),p.setAttribute("dy","1em"),p.setAttribute("x","1"),p.textContent=f[d],h.appendChild(p)}o=h}var y=0,g="";switch(i.type){case"round":y=5,g="rect";break;case"square":g="rect";break;case"diamond":g="question";break;case"hexagon":g="hexagon";break;case"odd":g="rect_left_inv_arrow";break;case"lean_right":g="lean_right";break;case"lean_left":g="lean_left";break;case"trapezoid":g="trapezoid";break;case"inv_trapezoid":g="inv_trapezoid";break;case"odd_right":g="rect_left_inv_arrow";break;case"circle":g="circle";break;case"ellipse":g="ellipse";break;case"stadium":g="stadium";break;case"subroutine":g="subroutine";break;case"cylinder":g="cylinder";break;case"group":g="rect";break;default:g="rect"}c.warn("Adding node",i.id,i.domId),e.setNode(Dn.lookUpDomId(i.id),{labelType:"svg",labelStyle:s.labelStyle,shape:g,label:o,rx:y,ry:y,class:a,style:s.style,id:Dn.lookUpDomId(i.id)})}))},tr=function(t,e){var n,r,i=0;if(void 0!==t.defaultStyle){var a=B(t.defaultStyle);n=a.style,r=a.labelStyle}t.forEach((function(a){i++;var o="L-"+a.start+"-"+a.end,s="LS-"+a.start,c="LE-"+a.end,u={};"arrow_open"===a.type?u.arrowhead="none":u.arrowhead="normal";var l="",f="";if(void 0!==a.style){var d=B(a.style);l=d.style,f=d.labelStyle}else switch(a.stroke){case"normal":l="fill:none",void 0!==n&&(l=n),void 0!==r&&(f=r);break;case"dotted":l="fill:none;stroke-width:2px;stroke-dasharray:3;";break;case"thick":l=" stroke-width: 3.5px;fill:none"}u.style=l,u.labelStyle=f,void 0!==a.interpolate?u.curve=N(a.interpolate,h.curveLinear):void 0!==t.defaultInterpolate?u.curve=N(t.defaultInterpolate,h.curveLinear):u.curve=N(Kn.curve,h.curveLinear),void 0===a.text?void 0!==a.style&&(u.arrowheadStyle="fill: #333"):(u.arrowheadStyle="fill: #333",u.labelpos="c",_t().flowchart.htmlLabels?(u.labelType="html",u.label='<span id="L-'.concat(o,'" class="edgeLabel L-').concat(s,"' L-").concat(c,'">').concat(a.text.replace(/fa[lrsb]?:fa-[\w-]+/g,(function(t){return"<i class='".concat(t.replace(":"," "),"'></i>")})),"</span>")):(u.labelType="text",u.label=a.text.replace(_.lineBreakRegex,"\n"),void 0===a.style&&(u.style=u.style||"stroke: #333; stroke-width: 1.5px;fill:none"),u.labelStyle=u.labelStyle.replace("color:","fill:"))),u.id=o,u.class=s+" "+c,u.minlen=a.length||1,e.setEdge(Dn.lookUpDomId(a.start),Dn.lookUpDomId(a.end),u,i)}))},er=function(t){for(var e=Object.keys(t),n=0;n<e.length;n++)Kn[e[n]]=t[e[n]]},nr=function(t){c.info("Extracting classes"),Dn.clear();try{var e=Ln.a.parser;return e.yy=Dn,e.parse(t),Dn.getClasses()}catch(t){return}},rr=function(t,e){c.info("Drawing flowchart"),Dn.clear(),Dn.setGen("gen-1");var n=Ln.a.parser;n.yy=Dn,n.parse(t);var r=Dn.getDirection();void 0===r&&(r="TD");for(var i,a=_t().flowchart,o=a.nodeSpacing||50,s=a.rankSpacing||50,u=new zt.a.Graph({multigraph:!0,compound:!0}).setGraph({rankdir:r,nodesep:o,ranksep:s,marginx:8,marginy:8}).setDefaultEdgeLabel((function(){return{}})),l=Dn.getSubGraphs(),f=l.length-1;f>=0;f--)i=l[f],Dn.addVertex(i.id,i.title,"group",void 0,i.classes);var d=Dn.getVertices();c.warn("Get vertices",d);var p=Dn.getEdges(),y=0;for(y=l.length-1;y>=0;y--){i=l[y],Object(h.selectAll)("cluster").append("text");for(var g=0;g<i.nodes.length;g++)c.warn("Setting subgraph",i.nodes[g],Dn.lookUpDomId(i.nodes[g]),Dn.lookUpDomId(i.id)),u.setParent(Dn.lookUpDomId(i.nodes[g]),Dn.lookUpDomId(i.id))}Jn(d,u,e),tr(p,u);var v=new(0,Rn.a.render);Qn.addToRender(v),v.arrows().none=function(t,e,n,r){var i=t.append("marker").attr("id",e).attr("viewBox","0 0 10 10").attr("refX",9).attr("refY",5).attr("markerUnits","strokeWidth").attr("markerWidth",8).attr("markerHeight",6).attr("orient","auto").append("path").attr("d","M 0 0 L 0 0 L 0 0 z");Rn.a.util.applyStyle(i,n[r+"Style"])},v.arrows().normal=function(t,e){t.append("marker").attr("id",e).attr("viewBox","0 0 10 10").attr("refX",9).attr("refY",5).attr("markerUnits","strokeWidth").attr("markerWidth",8).attr("markerHeight",6).attr("orient","auto").append("path").attr("d","M 0 0 L 10 5 L 0 10 z").attr("class","arrowheadPath").style("stroke-width",1).style("stroke-dasharray","1,0")};var m=Object(h.select)('[id="'.concat(e,'"]'));m.attr("xmlns:xlink","http://www.w3.org/1999/xlink"),c.warn(u);var b=Object(h.select)("#"+e+" g");v(b,u),b.selectAll("g.node").attr("title",(function(){return Dn.getTooltip(this.id)}));var _=a.diagramPadding,x=m.node().getBBox(),k=x.width+2*_,w=x.height+2*_;W(m,w,k,a.useMaxWidth);var E="".concat(x.x-_," ").concat(x.y-_," ").concat(k," ").concat(w);for(c.debug("viewBox ".concat(E)),m.attr("viewBox",E),Dn.indexNodes("subGraph"+y),y=0;y<l.length;y++)if("undefined"!==(i=l[y]).title){var T=document.querySelectorAll("#"+e+' [id="'+Dn.lookUpDomId(i.id)+'"] rect'),C=document.querySelectorAll("#"+e+' [id="'+Dn.lookUpDomId(i.id)+'"]'),S=T[0].x.baseVal.value,A=T[0].y.baseVal.value,M=T[0].width.baseVal.value,O=Object(h.select)(C[0]).select(".label");O.attr("transform","translate(".concat(S+M/2,", ").concat(A+14,")")),O.attr("id",e+"Text");for(var N=0;N<i.classes.length;N++)C[0].classList.add(i.classes[N])}a.htmlLabels;for(var D=document.querySelectorAll('[id="'+e+'"] .edgeLabel .label'),B=0;B<D.length;B++){var L=D[B],I=L.getBBox(),R=document.createElementNS("http://www.w3.org/2000/svg","rect");R.setAttribute("rx",0),R.setAttribute("ry",0),R.setAttribute("width",I.width),R.setAttribute("height",I.height),L.insertBefore(R,L.firstChild)}Object.keys(d).forEach((function(t){var n=d[t];if(n.link){var r=Object(h.select)("#"+e+' [id="'+Dn.lookUpDomId(t)+'"]');if(r){var i=document.createElementNS("http://www.w3.org/2000/svg","a");i.setAttributeNS("http://www.w3.org/2000/svg","class",n.classes.join(" ")),i.setAttributeNS("http://www.w3.org/2000/svg","href",n.link),i.setAttributeNS("http://www.w3.org/2000/svg","rel","noopener"),n.linkTarget&&i.setAttributeNS("http://www.w3.org/2000/svg","target",n.linkTarget);var a=r.insert((function(){return i}),":first-child"),o=r.select(".label-container");o&&a.append((function(){return o.node()}));var s=r.select(".label");s&&a.append((function(){return s.node()}))}}}))},ir={},ar=function(t,e,n){var r=Object(h.select)('[id="'.concat(n,'"]'));Object.keys(t).forEach((function(n){var i=t[n],a="default";i.classes.length>0&&(a=i.classes.join(" "));var o,s=B(i.styles),u=void 0!==i.text?i.text:i.id;if(_t().flowchart.htmlLabels){var l={label:u.replace(/fa[lrsb]?:fa-[\w-]+/g,(function(t){return"<i class='".concat(t.replace(":"," "),"'></i>")}))};(o=Pn()(r,l).node()).parentNode.removeChild(o)}else{var h=document.createElementNS("http://www.w3.org/2000/svg","text");h.setAttribute("style",s.labelStyle.replace("color:","fill:"));for(var f=u.split(_.lineBreakRegex),d=0;d<f.length;d++){var p=document.createElementNS("http://www.w3.org/2000/svg","tspan");p.setAttributeNS("http://www.w3.org/XML/1998/namespace","xml:space","preserve"),p.setAttribute("dy","1em"),p.setAttribute("x","1"),p.textContent=f[d],h.appendChild(p)}o=h}var y=0,g="";switch(i.type){case"round":y=5,g="rect";break;case"square":g="rect";break;case"diamond":g="question";break;case"hexagon":g="hexagon";break;case"odd":g="rect_left_inv_arrow";break;case"lean_right":g="lean_right";break;case"lean_left":g="lean_left";break;case"trapezoid":g="trapezoid";break;case"inv_trapezoid":g="inv_trapezoid";break;case"odd_right":g="rect_left_inv_arrow";break;case"circle":g="circle";break;case"ellipse":g="ellipse";break;case"stadium":g="stadium";break;case"subroutine":g="subroutine";break;case"cylinder":g="cylinder";break;case"group":g="rect";break;default:g="rect"}e.setNode(i.id,{labelStyle:s.labelStyle,shape:g,labelText:u,rx:y,ry:y,class:a,style:s.style,id:i.id,link:i.link,linkTarget:i.linkTarget,tooltip:Dn.getTooltip(i.id)||"",domId:Dn.lookUpDomId(i.id),haveCallback:i.haveCallback,width:"group"===i.type?500:void 0,type:i.type,padding:_t().flowchart.padding}),c.info("setNode",{labelStyle:s.labelStyle,shape:g,labelText:u,rx:y,ry:y,class:a,style:s.style,id:i.id,domId:Dn.lookUpDomId(i.id),width:"group"===i.type?500:void 0,type:i.type,padding:_t().flowchart.padding})}))},or=function(t,e){var n,r,i=0;if(void 0!==t.defaultStyle){var a=B(t.defaultStyle);n=a.style,r=a.labelStyle}t.forEach((function(a){i++;var o="L-"+a.start+"-"+a.end,s="LS-"+a.start,c="LE-"+a.end,u={style:"",labelStyle:""};switch(u.minlen=a.length||1,"arrow_open"===a.type?u.arrowhead="none":u.arrowhead="normal",u.arrowTypeStart="arrow_open",u.arrowTypeEnd="arrow_open",a.type){case"double_arrow_cross":u.arrowTypeStart="arrow_cross";case"arrow_cross":u.arrowTypeEnd="arrow_cross";break;case"double_arrow_point":u.arrowTypeStart="arrow_point";case"arrow_point":u.arrowTypeEnd="arrow_point";break;case"double_arrow_circle":u.arrowTypeStart="arrow_circle";case"arrow_circle":u.arrowTypeEnd="arrow_circle"}var l="",f="";switch(a.stroke){case"normal":l="fill:none;",void 0!==n&&(l=n),void 0!==r&&(f=r),u.thickness="normal",u.pattern="solid";break;case"dotted":u.thickness="normal",u.pattern="dotted",u.style="fill:none;stroke-width:2px;stroke-dasharray:3;";break;case"thick":u.thickness="thick",u.pattern="solid",u.style="stroke-width: 3.5px;fill:none;"}if(void 0!==a.style){var d=B(a.style);l=d.style,f=d.labelStyle}u.style=u.style+=l,u.labelStyle=u.labelStyle+=f,void 0!==a.interpolate?u.curve=N(a.interpolate,h.curveLinear):void 0!==t.defaultInterpolate?u.curve=N(t.defaultInterpolate,h.curveLinear):u.curve=N(ir.curve,h.curveLinear),void 0===a.text?void 0!==a.style&&(u.arrowheadStyle="fill: #333"):(u.arrowheadStyle="fill: #333",u.labelpos="c"),u.labelType="text",u.label=a.text.replace(_.lineBreakRegex,"\n"),void 0===a.style&&(u.style=u.style||"stroke: #333; stroke-width: 1.5px;fill:none;"),u.labelStyle=u.labelStyle.replace("color:","fill:"),u.id=o,u.classes="flowchart-link "+s+" "+c,e.setEdge(a.start,a.end,u,i)}))},sr=function(t){for(var e=Object.keys(t),n=0;n<e.length;n++)ir[e[n]]=t[e[n]]},cr=function(t,e){c.info("Drawing flowchart"),Dn.clear(),Dn.setGen("gen-2");var n=Ln.a.parser;n.yy=Dn,n.parse(t);var r=Dn.getDirection();void 0===r&&(r="TD");var i,a=_t().flowchart,o=a.nodeSpacing||50,s=a.rankSpacing||50,u=new zt.a.Graph({multigraph:!0,compound:!0}).setGraph({rankdir:r,nodesep:o,ranksep:s,marginx:8,marginy:8}).setDefaultEdgeLabel((function(){return{}})),l=Dn.getSubGraphs();c.info("Subgraphs - ",l);for(var f=l.length-1;f>=0;f--)i=l[f],c.info("Subgraph - ",i),Dn.addVertex(i.id,i.title,"group",void 0,i.classes);var d=Dn.getVertices(),p=Dn.getEdges();c.info(p);var y=0;for(y=l.length-1;y>=0;y--){i=l[y],Object(h.selectAll)("cluster").append("text");for(var g=0;g<i.nodes.length;g++)c.info("Setting up subgraphs",i.nodes[g],i.id),u.setParent(i.nodes[g],i.id)}ar(d,u,e),or(p,u);var v=Object(h.select)('[id="'.concat(e,'"]'));v.attr("xmlns:xlink","http://www.w3.org/1999/xlink");var m=Object(h.select)("#"+e+" g");Ye(m,u,["point","circle","cross"],"flowchart",e);var b=a.diagramPadding,_=v.node().getBBox(),x=_.width+2*b,k=_.height+2*b;if(c.debug("new ViewBox 0 0 ".concat(x," ").concat(k),"translate(".concat(b-u._label.marginx,", ").concat(b-u._label.marginy,")")),W(v,k,x,a.useMaxWidth),v.attr("viewBox","0 0 ".concat(x," ").concat(k)),v.select("g").attr("transform","translate(".concat(b-u._label.marginx,", ").concat(b-_.y,")")),Dn.indexNodes("subGraph"+y),!a.htmlLabels)for(var w=document.querySelectorAll('[id="'+e+'"] .edgeLabel .label'),E=0;E<w.length;E++){var T=w[E],C=T.getBBox(),S=document.createElementNS("http://www.w3.org/2000/svg","rect");S.setAttribute("rx",0),S.setAttribute("ry",0),S.setAttribute("width",C.width),S.setAttribute("height",C.height),T.insertBefore(S,T.firstChild)}Object.keys(d).forEach((function(t){var n=d[t];if(n.link){var r=Object(h.select)("#"+e+' [id="'+t+'"]');if(r){var i=document.createElementNS("http://www.w3.org/2000/svg","a");i.setAttributeNS("http://www.w3.org/2000/svg","class",n.classes.join(" ")),i.setAttributeNS("http://www.w3.org/2000/svg","href",n.link),i.setAttributeNS("http://www.w3.org/2000/svg","rel","noopener"),n.linkTarget&&i.setAttributeNS("http://www.w3.org/2000/svg","target",n.linkTarget);var a=r.insert((function(){return i}),":first-child"),o=r.select(".label-container");o&&a.append((function(){return o.node()}));var s=r.select(".label");s&&a.append((function(){return s.node()}))}}}))};function ur(t){return function(t){if(Array.isArray(t)){for(var e=0,n=new Array(t.length);e<t.length;e++)n[e]=t[e];return n}}(t)||function(t){if(Symbol.iterator in Object(t)||"[object Arguments]"===Object.prototype.toString.call(t))return Array.from(t)}(t)||function(){throw new TypeError("Invalid attempt to spread non-iterable instance")}()}var lr,hr,fr="",dr="",pr="",yr=[],gr="",vr=[],mr=[],br="",_r=["active","done","crit","milestone"],xr=[],kr=!1,wr=0,Er=function(t,e,n){return t.isoWeekday()>=6&&n.indexOf("weekends")>=0||(n.indexOf(t.format("dddd").toLowerCase())>=0||n.indexOf(t.format(e.trim()))>=0)},Tr=function(t,e,n){if(n.length&&!t.manualEndTime){var r=o()(t.startTime,e,!0);r.add(1,"d");var i=o()(t.endTime,e,!0),a=Cr(r,i,e,n);t.endTime=i.toDate(),t.renderEndTime=a}},Cr=function(t,e,n,r){for(var i=!1,a=null;t<=e;)i||(a=e.toDate()),(i=Er(t,n,r))&&e.add(1,"d"),t.add(1,"d");return a},Sr=function(t,e,n){n=n.trim();var r=/^after\s+([\d\w- ]+)/.exec(n.trim());if(null!==r){var i=null;if(r[1].split(" ").forEach((function(t){var e=Lr(t);void 0!==e&&(i?e.endTime>i.endTime&&(i=e):i=e)})),i)return i.endTime;var a=new Date;return a.setHours(0,0,0,0),a}var s=o()(n,e.trim(),!0);return s.isValid()?s.toDate():(c.debug("Invalid date:"+n),c.debug("With date format:"+e.trim()),new Date)},Ar=function(t,e){if(null!==t)switch(t[2]){case"s":e.add(t[1],"seconds");break;case"m":e.add(t[1],"minutes");break;case"h":e.add(t[1],"hours");break;case"d":e.add(t[1],"days");break;case"w":e.add(t[1],"weeks")}return e.toDate()},Mr=function(t,e,n,r){r=r||!1,n=n.trim();var i=o()(n,e.trim(),!0);return i.isValid()?(r&&i.add(1,"d"),i.toDate()):Ar(/^([\d]+)([wdhms])/.exec(n.trim()),o()(t))},Or=0,Nr=function(t){return void 0===t?"task"+(Or+=1):t},Dr=[],Br={},Lr=function(t){var e=Br[t];return Dr[e]},Ir=function(){for(var t=function(t){var e=Dr[t],n="";switch(Dr[t].raw.startTime.type){case"prevTaskEnd":var r=Lr(e.prevTaskId);e.startTime=r.endTime;break;case"getStartDate":(n=Sr(0,fr,Dr[t].raw.startTime.startData))&&(Dr[t].startTime=n)}return Dr[t].startTime&&(Dr[t].endTime=Mr(Dr[t].startTime,fr,Dr[t].raw.endTime.data,kr),Dr[t].endTime&&(Dr[t].processed=!0,Dr[t].manualEndTime=o()(Dr[t].raw.endTime.data,"YYYY-MM-DD",!0).isValid(),Tr(Dr[t],fr,yr))),Dr[t].processed},e=!0,n=0;n<Dr.length;n++)t(n),e=e&&Dr[n].processed;return e},Rr=function(t,e){t.split(",").forEach((function(t){var n=Lr(t);void 0!==n&&n.classes.push(e)}))},Fr=function(t,e){xr.push((function(){var n=document.querySelector('[id="'.concat(t,'"]'));null!==n&&n.addEventListener("click",(function(){e()}))})),xr.push((function(){var n=document.querySelector('[id="'.concat(t,'-text"]'));null!==n&&n.addEventListener("click",(function(){e()}))}))},Pr={parseDirective:function(t,e,n){fs.parseDirective(this,t,e,n)},getConfig:function(){return _t().gantt},clear:function(){vr=[],mr=[],br="",xr=[],gr="",Or=0,lr=void 0,hr=void 0,Dr=[],fr="",dr="",pr="",yr=[],kr=!1,wr=0},setDateFormat:function(t){fr=t},getDateFormat:function(){return fr},enableInclusiveEndDates:function(){kr=!0},endDatesAreInclusive:function(){return kr},setAxisFormat:function(t){dr=t},getAxisFormat:function(){return dr},setTodayMarker:function(t){pr=t},getTodayMarker:function(){return pr},setTitle:function(t){gr=t},getTitle:function(){return gr},addSection:function(t){br=t,vr.push(t)},getSections:function(){return vr},getTasks:function(){for(var t=Ir(),e=0;!t&&e<10;)t=Ir(),e++;return mr=Dr},addTask:function(t,e){var n={section:br,type:br,processed:!1,manualEndTime:!1,renderEndTime:null,raw:{data:e},task:t,classes:[]},r=function(t,e){var n=(":"===e.substr(0,1)?e.substr(1,e.length):e).split(","),r={};jr(n,r,_r);for(var i=0;i<n.length;i++)n[i]=n[i].trim();switch(n.length){case 1:r.id=Nr(),r.startTime={type:"prevTaskEnd",id:t},r.endTime={data:n[0]};break;case 2:r.id=Nr(),r.startTime={type:"getStartDate",startData:n[0]},r.endTime={data:n[1]};break;case 3:r.id=Nr(n[0]),r.startTime={type:"getStartDate",startData:n[1]},r.endTime={data:n[2]}}return r}(hr,e);n.raw.startTime=r.startTime,n.raw.endTime=r.endTime,n.id=r.id,n.prevTaskId=hr,n.active=r.active,n.done=r.done,n.crit=r.crit,n.milestone=r.milestone,n.order=wr,wr++;var i=Dr.push(n);hr=n.id,Br[n.id]=i-1},findTaskById:Lr,addTaskOrg:function(t,e){var n={section:br,type:br,description:t,task:t,classes:[]},r=function(t,e){var n=(":"===e.substr(0,1)?e.substr(1,e.length):e).split(","),r={};jr(n,r,_r);for(var i=0;i<n.length;i++)n[i]=n[i].trim();var a="";switch(n.length){case 1:r.id=Nr(),r.startTime=t.endTime,a=n[0];break;case 2:r.id=Nr(),r.startTime=Sr(0,fr,n[0]),a=n[1];break;case 3:r.id=Nr(n[0]),r.startTime=Sr(0,fr,n[1]),a=n[2]}return a&&(r.endTime=Mr(r.startTime,fr,a,kr),r.manualEndTime=o()(a,"YYYY-MM-DD",!0).isValid(),Tr(r,fr,yr)),r}(lr,e);n.startTime=r.startTime,n.endTime=r.endTime,n.id=r.id,n.active=r.active,n.done=r.done,n.crit=r.crit,n.milestone=r.milestone,lr=n,mr.push(n)},setExcludes:function(t){yr=t.toLowerCase().split(/[\s,]+/)},getExcludes:function(){return yr},setClickEvent:function(t,e,n){t.split(",").forEach((function(t){!function(t,e,n){if("loose"===_t().securityLevel&&void 0!==e){var r=[];if("string"==typeof n){r=n.split(/,(?=(?:(?:[^"]*"){2})*[^"]*$)/);for(var i=0;i<r.length;i++){var a=r[i].trim();'"'===a.charAt(0)&&'"'===a.charAt(a.length-1)&&(a=a.substr(1,a.length-2)),r[i]=a}}0===r.length&&r.push(t),void 0!==Lr(t)&&Fr(t,(function(){V.runFunc.apply(V,[e].concat(ur(r)))}))}}(t,e,n)})),Rr(t,"clickable")},setLink:function(t,e){var n=e;"loose"!==_t().securityLevel&&(n=Object(y.sanitizeUrl)(e)),t.split(",").forEach((function(t){void 0!==Lr(t)&&Fr(t,(function(){window.open(n,"_self")}))})),Rr(t,"clickable")},bindFunctions:function(t){xr.forEach((function(e){e(t)}))},durationToDate:Ar};function jr(t,e,n){for(var r=!0;r;)r=!1,n.forEach((function(n){var i=new RegExp("^\\s*"+n+"\\s*$");t[0].match(i)&&(e[n]=!0,t.shift(1),r=!0)}))}var Yr=n(27),zr=n.n(Yr);Yr.parser.yy=Pr;var Ur,$r=function(){},Wr=function(t,e){var n=_t().gantt;Yr.parser.yy.clear(),Yr.parser.parse(t);var r=document.getElementById(e);void 0===(Ur=r.parentElement.offsetWidth)&&(Ur=1200),void 0!==n.useWidth&&(Ur=n.useWidth);var i=Yr.parser.yy.getTasks(),a=i.length*(n.barHeight+n.barGap)+2*n.topPadding;r.setAttribute("viewBox","0 0 "+Ur+" "+a);for(var o=Object(h.select)('[id="'.concat(e,'"]')),s=Object(h.scaleTime)().domain([Object(h.min)(i,(function(t){return t.startTime})),Object(h.max)(i,(function(t){return t.endTime}))]).rangeRound([0,Ur-n.leftPadding-n.rightPadding]),c=[],u=0;u<i.length;u++)c.push(i[u].type);var l=c;function f(t){for(var e=t.length,n={};e;)n[t[--e]]=(n[t[e]]||0)+1;return n}c=function(t){for(var e={},n=[],r=0,i=t.length;r<i;++r)e.hasOwnProperty(t[r])||(e[t[r]]=!0,n.push(t[r]));return n}(c),i.sort((function(t,e){var n=t.startTime,r=e.startTime,i=0;return n>r?i=1:n<r&&(i=-1),i})),function(t,e,r){var i=n.barHeight,a=i+n.barGap,u=n.topPadding,d=n.leftPadding;Object(h.scaleLinear)().domain([0,c.length]).range(["#00B9FA","#F95002"]).interpolate(h.interpolateHcl);(function(t,e,r,i){var a=Object(h.axisBottom)(s).tickSize(-i+e+n.gridLineStartPadding).tickFormat(Object(h.timeFormat)(Yr.parser.yy.getAxisFormat()||n.axisFormat||"%Y-%m-%d"));o.append("g").attr("class","grid").attr("transform","translate("+t+", "+(i-50)+")").call(a).selectAll("text").style("text-anchor","middle").attr("fill","#000").attr("stroke","none").attr("font-size",10).attr("dy","1em")})(d,u,0,r),function(t,e,r,i,a,u,l){o.append("g").selectAll("rect").data(t).enter().append("rect").attr("x",0).attr("y",(function(t,n){return t.order*e+r-2})).attr("width",(function(){return l-n.rightPadding/2})).attr("height",e).attr("class",(function(t){for(var e=0;e<c.length;e++)if(t.type===c[e])return"section section"+e%n.numberSectionStyles;return"section section0"}));var h=o.append("g").selectAll("rect").data(t).enter();h.append("rect").attr("id",(function(t){return t.id})).attr("rx",3).attr("ry",3).attr("x",(function(t){return t.milestone?s(t.startTime)+i+.5*(s(t.endTime)-s(t.startTime))-.5*a:s(t.startTime)+i})).attr("y",(function(t,n){return t.order*e+r})).attr("width",(function(t){return t.milestone?a:s(t.renderEndTime||t.endTime)-s(t.startTime)})).attr("height",a).attr("transform-origin",(function(t,n){return n=t.order,(s(t.startTime)+i+.5*(s(t.endTime)-s(t.startTime))).toString()+"px "+(n*e+r+.5*a).toString()+"px"})).attr("class",(function(t){var e="";t.classes.length>0&&(e=t.classes.join(" "));for(var r=0,i=0;i<c.length;i++)t.type===c[i]&&(r=i%n.numberSectionStyles);var a="";return t.active?t.crit?a+=" activeCrit":a=" active":t.done?a=t.crit?" doneCrit":" done":t.crit&&(a+=" crit"),0===a.length&&(a=" task"),t.milestone&&(a=" milestone "+a),a+=r,"task"+(a+=" "+e)})),h.append("text").attr("id",(function(t){return t.id+"-text"})).text((function(t){return t.task})).attr("font-size",n.fontSize).attr("x",(function(t){var e=s(t.startTime),r=s(t.renderEndTime||t.endTime);t.milestone&&(e+=.5*(s(t.endTime)-s(t.startTime))-.5*a),t.milestone&&(r=e+a);var o=this.getBBox().width;return o>r-e?r+o+1.5*n.leftPadding>l?e+i-5:r+i+5:(r-e)/2+e+i})).attr("y",(function(t,i){return t.order*e+n.barHeight/2+(n.fontSize/2-2)+r})).attr("text-height",a).attr("class",(function(t){var e=s(t.startTime),r=s(t.endTime);t.milestone&&(r=e+a);var i=this.getBBox().width,o="";t.classes.length>0&&(o=t.classes.join(" "));for(var u=0,h=0;h<c.length;h++)t.type===c[h]&&(u=h%n.numberSectionStyles);var f="";return t.active&&(f=t.crit?"activeCritText"+u:"activeText"+u),t.done?f=t.crit?f+" doneCritText"+u:f+" doneText"+u:t.crit&&(f=f+" critText"+u),t.milestone&&(f+=" milestoneText"),i>r-e?r+i+1.5*n.leftPadding>l?o+" taskTextOutsideLeft taskTextOutside"+u+" "+f:o+" taskTextOutsideRight taskTextOutside"+u+" "+f+" width-"+i:o+" taskText taskText"+u+" "+f+" width-"+i}))}(t,a,u,d,i,0,e),function(t,e){for(var r=[],i=0,a=0;a<c.length;a++)r[a]=[c[a],(s=c[a],u=l,f(u)[s]||0)];var s,u;o.append("g").selectAll("text").data(r).enter().append((function(t){var e=t[0].split(_.lineBreakRegex),n=-(e.length-1)/2,r=document.createElementNS("http://www.w3.org/2000/svg","text");r.setAttribute("dy",n+"em");for(var i=0;i<e.length;i++){var a=document.createElementNS("http://www.w3.org/2000/svg","tspan");a.setAttribute("alignment-baseline","central"),a.setAttribute("x","10"),i>0&&a.setAttribute("dy","1em"),a.textContent=e[i],r.appendChild(a)}return r})).attr("x",10).attr("y",(function(n,a){if(!(a>0))return n[1]*t/2+e;for(var o=0;o<a;o++)return i+=r[a-1][1],n[1]*t/2+i*t+e})).attr("font-size",n.sectionFontSize).attr("font-size",n.sectionFontSize).attr("class",(function(t){for(var e=0;e<c.length;e++)if(t[0]===c[e])return"sectionTitle sectionTitle"+e%n.numberSectionStyles;return"sectionTitle"}))}(a,u),function(t,e,r,i){var a=Pr.getTodayMarker();if("off"===a)return;var c=o.append("g").attr("class","today"),u=new Date,l=c.append("line");l.attr("x1",s(u)+t).attr("x2",s(u)+t).attr("y1",n.titleTopMargin).attr("y2",i-n.titleTopMargin).attr("class","today"),""!==a&&l.attr("style",a.replace(/,/g,";"))}(d,0,0,r)}(i,Ur,a),W(o,a,Ur,n.useMaxWidth),o.append("text").text(Yr.parser.yy.getTitle()).attr("x",Ur/2).attr("y",n.titleTopMargin).attr("class","titleText")},Vr={},qr=null,Hr={master:qr},Gr="master",Xr="LR",Zr=0;function Qr(){return R({length:7})}function Kr(t,e){for(c.debug("Entering isfastforwardable:",t.id,e.id);t.seq<=e.seq&&t!==e&&null!=e.parent;){if(Array.isArray(e.parent))return c.debug("In merge commit:",e.parent),Kr(t,Vr[e.parent[0]])||Kr(t,Vr[e.parent[1]]);e=Vr[e.parent]}return c.debug(t.id,e.id),t.id===e.id}var Jr={};function ti(t,e,n){var r=t.indexOf(e);-1===r?t.push(n):t.splice(r,1,n)}function ei(t){var e=t.reduce((function(t,e){return t.seq>e.seq?t:e}),t[0]),n="";t.forEach((function(t){n+=t===e?"\t*":"\t|"}));var r,i,a,o=[n,e.id,e.seq];for(var s in Hr)Hr[s]===e.id&&o.push(s);if(c.debug(o.join(" ")),Array.isArray(e.parent)){var u=Vr[e.parent[0]];ti(t,e,u),t.push(Vr[e.parent[1]])}else{if(null==e.parent)return;var l=Vr[e.parent];ti(t,e,l)}r=t,i=function(t){return t.id},a=Object.create(null),ei(t=r.reduce((function(t,e){var n=i(e);return a[n]||(a[n]=!0,t.push(e)),t}),[]))}var ni,ri=function(){var t=Object.keys(Vr).map((function(t){return Vr[t]}));return t.forEach((function(t){c.debug(t.id)})),t.sort((function(t,e){return e.seq-t.seq})),t},ii={setDirection:function(t){Xr=t},setOptions:function(t){c.debug("options str",t),t=(t=t&&t.trim())||"{}";try{Jr=JSON.parse(t)}catch(t){c.error("error while parsing gitGraph options",t.message)}},getOptions:function(){return Jr},commit:function(t){var e={id:Qr(),message:t,seq:Zr++,parent:null==qr?null:qr.id};qr=e,Vr[e.id]=e,Hr[Gr]=e.id,c.debug("in pushCommit "+e.id)},branch:function(t){Hr[t]=null!=qr?qr.id:null,c.debug("in createBranch")},merge:function(t){var e=Vr[Hr[Gr]],n=Vr[Hr[t]];if(function(t,e){return t.seq>e.seq&&Kr(e,t)}(e,n))c.debug("Already merged");else{if(Kr(e,n))Hr[Gr]=Hr[t],qr=Vr[Hr[Gr]];else{var r={id:Qr(),message:"merged branch "+t+" into "+Gr,seq:Zr++,parent:[null==qr?null:qr.id,Hr[t]]};qr=r,Vr[r.id]=r,Hr[Gr]=r.id}c.debug(Hr),c.debug("in mergeBranch")}},checkout:function(t){c.debug("in checkout");var e=Hr[Gr=t];qr=Vr[e]},reset:function(t){c.debug("in reset",t);var e=t.split(":")[0],n=parseInt(t.split(":")[1]),r="HEAD"===e?qr:Vr[Hr[e]];for(c.debug(r,n);n>0;)if(n--,!(r=Vr[r.parent])){var i="Critical error - unique parent commit not found during reset";throw c.error(i),i}qr=r,Hr[Gr]=r.id},prettyPrint:function(){c.debug(Vr),ei([ri()[0]])},clear:function(){Vr={},Hr={master:qr=null},Gr="master",Zr=0},getBranchesAsObjArray:function(){var t=[];for(var e in Hr)t.push({name:e,commit:Vr[Hr[e]]});return t},getBranches:function(){return Hr},getCommits:function(){return Vr},getCommitsArray:ri,getCurrentBranch:function(){return Gr},getDirection:function(){return Xr},getHead:function(){return qr}},ai=n(72),oi=n.n(ai),si={},ci={nodeSpacing:150,nodeFillColor:"yellow",nodeStrokeWidth:2,nodeStrokeColor:"grey",lineStrokeWidth:4,branchOffset:50,lineColor:"grey",leftMargin:50,branchColors:["#442f74","#983351","#609732","#AA9A39"],nodeRadius:10,nodeLabel:{width:75,height:100,x:-25,y:0}},ui={};function li(t,e,n,r){var i=N(r,h.curveBasis),a=ci.branchColors[n%ci.branchColors.length],o=Object(h.line)().x((function(t){return Math.round(t.x)})).y((function(t){return Math.round(t.y)})).curve(i);t.append("svg:path").attr("d",o(e)).style("stroke",a).style("stroke-width",ci.lineStrokeWidth).style("fill","none")}function hi(t,e){e=e||t.node().getBBox();var n=t.node().getCTM();return{left:n.e+e.x*n.a,top:n.f+e.y*n.d,width:e.width,height:e.height}}function fi(t,e,n,r,i){c.debug("svgDrawLineForCommits: ",e,n);var a=hi(t.select("#node-"+e+" circle")),o=hi(t.select("#node-"+n+" circle"));switch(r){case"LR":if(a.left-o.left>ci.nodeSpacing){var s={x:a.left-ci.nodeSpacing,y:o.top+o.height/2};li(t,[s,{x:o.left+o.width,y:o.top+o.height/2}],i,"linear"),li(t,[{x:a.left,y:a.top+a.height/2},{x:a.left-ci.nodeSpacing/2,y:a.top+a.height/2},{x:a.left-ci.nodeSpacing/2,y:s.y},s],i)}else li(t,[{x:a.left,y:a.top+a.height/2},{x:a.left-ci.nodeSpacing/2,y:a.top+a.height/2},{x:a.left-ci.nodeSpacing/2,y:o.top+o.height/2},{x:o.left+o.width,y:o.top+o.height/2}],i);break;case"BT":if(o.top-a.top>ci.nodeSpacing){var u={x:o.left+o.width/2,y:a.top+a.height+ci.nodeSpacing};li(t,[u,{x:o.left+o.width/2,y:o.top}],i,"linear"),li(t,[{x:a.left+a.width/2,y:a.top+a.height},{x:a.left+a.width/2,y:a.top+a.height+ci.nodeSpacing/2},{x:o.left+o.width/2,y:u.y-ci.nodeSpacing/2},u],i)}else li(t,[{x:a.left+a.width/2,y:a.top+a.height},{x:a.left+a.width/2,y:a.top+ci.nodeSpacing/2},{x:o.left+o.width/2,y:o.top-ci.nodeSpacing/2},{x:o.left+o.width/2,y:o.top}],i)}}function di(t,e){return t.select(e).node().cloneNode(!0)}function pi(t,e,n,r){var i,a=Object.keys(si).length;if("string"==typeof e)do{if(i=si[e],c.debug("in renderCommitHistory",i.id,i.seq),t.select("#node-"+e).size()>0)return;t.append((function(){return di(t,"#def-commit")})).attr("class","commit").attr("id",(function(){return"node-"+i.id})).attr("transform",(function(){switch(r){case"LR":return"translate("+(i.seq*ci.nodeSpacing+ci.leftMargin)+", "+ni*ci.branchOffset+")";case"BT":return"translate("+(ni*ci.branchOffset+ci.leftMargin)+", "+(a-i.seq)*ci.nodeSpacing+")"}})).attr("fill",ci.nodeFillColor).attr("stroke",ci.nodeStrokeColor).attr("stroke-width",ci.nodeStrokeWidth);var o=void 0;for(var s in n)if(n[s].commit===i){o=n[s];break}o&&(c.debug("found branch ",o.name),t.select("#node-"+i.id+" p").append("xhtml:span").attr("class","branch-label").text(o.name+", ")),t.select("#node-"+i.id+" p").append("xhtml:span").attr("class","commit-id").text(i.id),""!==i.message&&"BT"===r&&t.select("#node-"+i.id+" p").append("xhtml:span").attr("class","commit-msg").text(", "+i.message),e=i.parent}while(e&&si[e]);Array.isArray(e)&&(c.debug("found merge commmit",e),pi(t,e[0],n,r),ni++,pi(t,e[1],n,r),ni--)}function yi(t,e,n,r){for(r=r||0;e.seq>0&&!e.lineDrawn;)"string"==typeof e.parent?(fi(t,e.id,e.parent,n,r),e.lineDrawn=!0,e=si[e.parent]):Array.isArray(e.parent)&&(fi(t,e.id,e.parent[0],n,r),fi(t,e.id,e.parent[1],n,r+1),yi(t,si[e.parent[1]],n,r+1),e.lineDrawn=!0,e=si[e.parent[0]])}var gi,vi=function(t){ui=t},mi=function(t,e,n){try{var r=oi.a.parser;r.yy=ii,r.yy.clear(),c.debug("in gitgraph renderer",t+"\n","id:",e,n),r.parse(t+"\n"),ci=Object.assign(ci,ui,ii.getOptions()),c.debug("effective options",ci);var i=ii.getDirection();si=ii.getCommits();var a=ii.getBranchesAsObjArray();"BT"===i&&(ci.nodeLabel.x=a.length*ci.branchOffset,ci.nodeLabel.width="100%",ci.nodeLabel.y=-2*ci.nodeRadius);var o=Object(h.select)('[id="'.concat(e,'"]'));for(var s in function(t){t.append("defs").append("g").attr("id","def-commit").append("circle").attr("r",ci.nodeRadius).attr("cx",0).attr("cy",0),t.select("#def-commit").append("foreignObject").attr("width",ci.nodeLabel.width).attr("height",ci.nodeLabel.height).attr("x",ci.nodeLabel.x).attr("y",ci.nodeLabel.y).attr("class","node-label").attr("requiredFeatures","http://www.w3.org/TR/SVG11/feature#Extensibility").append("p").html("")}(o),ni=1,a){var u=a[s];pi(o,u.commit.id,a,i),yi(o,u.commit,i),ni++}o.attr("height",(function(){return"BT"===i?Object.keys(si).length*ci.nodeSpacing:(a.length+1)*ci.branchOffset}))}catch(t){c.error("Error while rendering gitgraph"),c.error(t.message)}},bi="",_i=!1,xi={setMessage:function(t){c.debug("Setting message to: "+t),bi=t},getMessage:function(){return bi},setInfo:function(t){_i=t},getInfo:function(){return _i}},ki=n(73),wi=n.n(ki),Ei={},Ti=function(t){Object.keys(t).forEach((function(e){Ei[e]=t[e]}))},Ci=function(t,e,n){try{var r=wi.a.parser;r.yy=xi,c.debug("Renering info diagram\n"+t),r.parse(t),c.debug("Parsed info diagram");var i=Object(h.select)("#"+e);i.append("g").append("text").attr("x",100).attr("y",40).attr("class","version").attr("font-size","32px").style("text-anchor","middle").text("v "+n),i.attr("height",100),i.attr("width",400)}catch(t){c.error("Error while rendering info diagram"),c.error(t.message)}},Si=n(74),Ai=n.n(Si),Mi={},Oi="",Ni={parseDirective:function(t,e,n){fs.parseDirective(this,t,e,n)},getConfig:function(){return _t().pie},addSection:function(t,e){void 0===Mi[t]&&(Mi[t]=e,c.debug("Added new section :",t))},getSections:function(){return Mi},cleanupValue:function(t){return":"===t.substring(0,1)?(t=t.substring(1).trim(),Number(t.trim())):Number(t.trim())},clear:function(){Mi={},Oi=""},setTitle:function(t){Oi=t},getTitle:function(){return Oi}},Di={},Bi=function(t){Object.keys(t).forEach((function(e){Di[e]=t[e]}))},Li=function(t,e){try{var n=Ai.a.parser;n.yy=Ni,c.debug("Rendering info diagram\n"+t),n.yy.clear(),n.parse(t),c.debug("Parsed info diagram");var r=document.getElementById(e);void 0===(gi=r.parentElement.offsetWidth)&&(gi=1200),void 0!==Di.useWidth&&(gi=Di.useWidth);var i=Object(h.select)("#"+e);W(i,450,gi,Di.useMaxWidth),r.setAttribute("viewBox","0 0 "+gi+" 450");var a=Math.min(gi,450)/2-40,o=i.append("g").attr("transform","translate("+gi/2+",225)"),s=Ni.getSections(),u=0;Object.keys(s).forEach((function(t){u+=s[t]}));var l=Object(h.scaleOrdinal)().domain(s).range(h.schemeSet2),f=Object(h.pie)().value((function(t){return t.value}))(Object(h.entries)(s)),d=Object(h.arc)().innerRadius(0).outerRadius(a);o.selectAll("mySlices").data(f).enter().append("path").attr("d",d).attr("fill",(function(t){return l(t.data.key)})).attr("stroke","black").style("stroke-width","2px").style("opacity",.7),o.selectAll("mySlices").data(f.filter((function(t){return 0!==t.data.value}))).enter().append("text").text((function(t){return(t.data.value/u*100).toFixed(0)+"%"})).attr("transform",(function(t){return"translate("+d.centroid(t)+")"})).style("text-anchor","middle").attr("class","slice").style("font-size",17),o.append("text").text(n.yy.getTitle()).attr("x",0).attr("y",-200).attr("class","pieTitleText");var p=o.selectAll(".legend").data(l.domain()).enter().append("g").attr("class","legend").attr("transform",(function(t,e){return"translate(216,"+(22*e-22*l.domain().length/2)+")"}));p.append("rect").attr("width",18).attr("height",18).style("fill",l).style("stroke",l),p.append("text").attr("x",22).attr("y",14).text((function(t){return t}))}catch(t){c.error("Error while rendering info diagram"),c.error(t)}},Ii=n(51),Ri=n.n(Ii),Fi=[],Pi={},ji={},Yi={},zi={},Ui={RequirementType:{REQUIREMENT:"Requirement",FUNCTIONAL_REQUIREMENT:"Functional Requirement",INTERFACE_REQUIREMENT:"Interface Requirement",PERFORMANCE_REQUIREMENT:"Performance Requirement",PHYSICAL_REQUIREMENT:"Physical Requirement",DESIGN_CONSTRAINT:"Design Constraint"},RiskLevel:{LOW_RISK:"Low",MED_RISK:"Medium",HIGH_RISK:"High"},VerifyType:{VERIFY_ANALYSIS:"Analysis",VERIFY_DEMONSTRATION:"Demonstration",VERIFY_INSPECTION:"Inspection",VERIFY_TEST:"Test"},Relationships:{CONTAINS:"contains",COPIES:"copies",DERIVES:"derives",SATISFIES:"satisfies",VERIFIES:"verifies",REFINES:"refines",TRACES:"traces"},parseDirective:function(t,e,n){fs.parseDirective(this,t,e,n)},getConfig:function(){return _t().req},addRequirement:function(t,e){return void 0===ji[t]&&(ji[t]={name:t,type:e,id:Pi.id,text:Pi.text,risk:Pi.risk,verifyMethod:Pi.verifyMethod}),Pi={},ji[t]},getRequirements:function(){return ji},setNewReqId:function(t){void 0!==Pi&&(Pi.id=t)},setNewReqText:function(t){void 0!==Pi&&(Pi.text=t)},setNewReqRisk:function(t){void 0!==Pi&&(Pi.risk=t)},setNewReqVerifyMethod:function(t){void 0!==Pi&&(Pi.verifyMethod=t)},addElement:function(t){return void 0===zi[t]&&(zi[t]={name:t,type:Yi.type,docRef:Yi.docRef},c.info("Added new requirement: ",t)),Yi={},zi[t]},getElements:function(){return zi},setNewElementType:function(t){void 0!==Yi&&(Yi.type=t)},setNewElementDocRef:function(t){void 0!==Yi&&(Yi.docRef=t)},addRelationship:function(t,e,n){Fi.push({type:t,src:e,dst:n})},getRelationships:function(){return Fi},clear:function(){Fi=[],Pi={},ji={},Yi={},zi={}}},$i={CONTAINS:"contains",ARROW:"arrow"},Wi=$i,Vi=function(t,e){var n=t.append("defs").append("marker").attr("id",$i.CONTAINS+"_line_ending").attr("refX",0).attr("refY",e.line_height/2).attr("markerWidth",e.line_height).attr("markerHeight",e.line_height).attr("orient","auto").append("g");n.append("circle").attr("cx",e.line_height/2).attr("cy",e.line_height/2).attr("r",e.line_height/2).attr("stroke",e.rect_border_color).attr("stroke-width",1).attr("fill","none"),n.append("line").attr("x1",0).attr("x2",e.line_height).attr("y1",e.line_height/2).attr("y2",e.line_height/2).attr("stroke",e.rect_border_color).attr("stroke-width",1),n.append("line").attr("y1",0).attr("y2",e.line_height).attr("x1",e.line_height/2).attr("x2",e.line_height/2).attr("stroke",e.rect_border_color).attr("stroke-width",1),t.append("defs").append("marker").attr("id",$i.ARROW+"_line_ending").attr("refX",e.line_height).attr("refY",.5*e.line_height).attr("markerWidth",e.line_height).attr("markerHeight",e.line_height).attr("orient","auto").append("path").attr("d","M0,0 \n      L".concat(e.line_height,",").concat(e.line_height/2," \n      M").concat(e.line_height,",").concat(e.line_height/2," \n      L0,").concat(e.line_height)).attr("stroke-width",1).attr("stroke",e.rect_border_color)},qi={},Hi=0,Gi=function(t,e){return t.insert("rect","#"+e).attr("class","req reqBox").attr("fill",qi.rect_fill).attr("fill-opacity","100%").attr("stroke",qi.rect_border_color).attr("stroke-size",qi.rect_border_size).attr("x",0).attr("y",0).attr("width",qi.rect_min_width+"px").attr("height",qi.rect_min_height+"px")},Xi=function(t,e,n){var r=qi.rect_min_width/2,i=t.append("text").attr("class","req reqLabel reqTitle").attr("id",e).attr("x",r).attr("y",qi.rect_padding).attr("dominant-baseline","hanging").attr("style","font-family: "+_t().fontFamily+"; font-size: "+qi.fontSize+"px"),a=0;n.forEach((function(t){0==a?i.append("tspan").attr("text-anchor","middle").attr("x",qi.rect_min_width/2).attr("dy",0).text(t):i.append("tspan").attr("text-anchor","middle").attr("x",qi.rect_min_width/2).attr("dy",.75*qi.line_height).text(t),a++}));var o=1.5*qi.rect_padding+a*qi.line_height*.75;return t.append("line").attr("x1","0").attr("x2",qi.rect_min_width).attr("y1",o).attr("y2",o).attr("style","stroke: ".concat(qi.rect_border_color,"; stroke-width: 1")),{titleNode:i,y:o}},Zi=function(t,e,n,r){var i=t.append("text").attr("class","req reqLabel").attr("id",e).attr("x",qi.rect_padding).attr("y",r).attr("dominant-baseline","hanging").attr("style","font-family: "+_t().fontFamily+"; font-size: "+qi.fontSize+"px"),a=0,o=[];return n.forEach((function(t){for(var e=t.length;e>30&&a<3;){var n=t.substring(0,30);e=(t=t.substring(30,t.length)).length,o[o.length]=n,a++}if(3==a){var r=o[o.length-1];o[o.length-1]=r.substring(0,r.length-4)+"..."}else o[o.length]=t;a=0})),o.forEach((function(t){i.append("tspan").attr("x",qi.rect_padding).attr("dy",qi.line_height).text(t)})),i},Qi=function(t,e,n,r){var i=n.edge(Ki(e.src),Ki(e.dst)),a=Object(h.line)().x((function(t){return t.x})).y((function(t){return t.y})),o=t.insert("path","#"+r).attr("class","er relationshipLine").attr("d",a(i.points)).attr("stroke",qi.rect_border_color).attr("fill","none");e.type==Ui.Relationships.CONTAINS?o.attr("marker-start","url("+_.getUrl(qi.arrowMarkerAbsolute)+"#"+e.type+"_line_ending)"):(o.attr("stroke-dasharray","10,7"),o.attr("marker-end","url("+_.getUrl(qi.arrowMarkerAbsolute)+"#"+Wi.ARROW+"_line_ending)")),function(t,e,n,r){var i=e.node().getTotalLength(),a=e.node().getPointAtLength(.5*i),o="rel"+Hi;Hi++;var s=t.append("text").attr("class","er relationshipLabel").attr("id",o).attr("x",a.x).attr("y",a.y).attr("text-anchor","middle").attr("dominant-baseline","middle").attr("style","font-family: "+n.fontFamily+"; font-size: "+n.fontSize+"px").text(r).node().getBBox();t.insert("rect","#"+o).attr("class","req reqLabelBox").attr("x",a.x-s.width/2).attr("y",a.y-s.height/2).attr("width",s.width).attr("height",s.height).attr("fill","white").attr("fill-opacity","85%")}(t,o,qi,"<<".concat(e.type,">>"))},Ki=function(t){return t.replace(/\s/g,"").replace(/\./g,"_")},Ji=function(t){if(void 0!==t)for(var e=Object.keys(t),n=0;n<e.length;n++)qi[e[n]]=t[e[n]]},ta=function(t,e){Ii.parser.yy=Ui,Ii.parser.parse(t);var n=Object(h.select)("[id='".concat(e,"']"));Vi(n,qi);var r,i,a,o=new zt.a.Graph({multigraph:!1,compound:!1,directed:!0}).setGraph({rankdir:qi.layoutDirection,marginx:20,marginy:20,nodesep:100,edgesep:100,ranksep:100}).setDefaultEdgeLabel((function(){return{}})),s=Ui.getRequirements(),u=Ui.getElements(),l=Ui.getRelationships();r=s,i=o,a=n,Object.keys(r).forEach((function(t){var e=r[t];t=Ki(t),console.log("reqName: ",t),c.info("Added new requirement: ",t);var n=a.append("g").attr("id",t),o=Gi(n,"req-"+t),s=[],u=Xi(n,t+"_title",["<<".concat(e.type,">>"),"".concat(e.name)]);s.push(u.titleNode);var l=Zi(n,t+"_body",["Id: ".concat(e.id),"Text: ".concat(e.text),"Risk: ".concat(e.risk),"Verification: ".concat(e.verifyMethod)],u.y);s.push(l);var h=o.node().getBBox();i.setNode(t,{width:h.width,height:h.height,shape:"rect",id:t})})),function(t,e,n){Object.keys(t).forEach((function(r){var i=t[r],a=Ki(r),o=n.append("g").attr("id",a),s="element-"+a,c=Gi(o,s),u=[],l=Xi(o,s+"_title",["<<Element>>","".concat(r)]);u.push(l.titleNode);var h=Zi(o,s+"_body",["Type: ".concat(i.type||"Not Specified"),"Doc Ref: ".concat(i.docref||"None")],l.y);u.push(h);var f=c.node().getBBox();e.setNode(a,{width:f.width,height:f.height,shape:"rect",id:a})}))}(u,o,n),function(t,e){t.forEach((function(t){var n=Ki(t.src),r=Ki(t.dst);e.setEdge(n,r,{relationship:t})}))}(l,o),jt.a.layout(o),function(t,e){e.nodes().forEach((function(n){void 0!==n&&void 0!==e.node(n)&&(t.select("#"+n),t.select("#"+n).attr("transform","translate("+(e.node(n).x-e.node(n).width/2)+","+(e.node(n).y-e.node(n).height/2)+" )"))}))}(n,o),l.forEach((function(t){Qi(n,t,o,e)}));var f=qi.rect_padding,d=n.node().getBBox(),p=d.width+2*f,y=d.height+2*f;W(n,y,p,qi.useMaxWidth),n.attr("viewBox","".concat(d.x-f," ").concat(d.y-f," ").concat(p," ").concat(y))},ea=n(2),na=n.n(ea),ra=void 0,ia={},aa=[],oa=[],sa="",ca=!1,ua=!1,la=!1,ha=function(t,e,n){var r=ia[t];r&&e===r.name&&null==n||(null!=n&&null!=n.text||(n={text:e,wrap:null}),ia[t]={name:e,description:n.text,wrap:void 0===n.wrap&&pa()||!!n.wrap,prevActor:ra},ra&&ia[ra]&&(ia[ra].nextActor=t),ra=t)},fa=function(t){var e,n=0;for(e=0;e<aa.length;e++)aa[e].type===ya.ACTIVE_START&&aa[e].from.actor===t&&n++,aa[e].type===ya.ACTIVE_END&&aa[e].from.actor===t&&n--;return n},da=function(t,e){var n=arguments.length>2&&void 0!==arguments[2]?arguments[2]:{text:void 0,wrap:void 0},r=arguments.length>3?arguments[3]:void 0;if(r===ya.ACTIVE_END){var i=fa(t.actor);if(i<1){var a=new Error("Trying to inactivate an inactive participant ("+t.actor+")");throw a.hash={text:"->>-",token:"->>-",line:"1",loc:{first_line:1,last_line:1,first_column:1,last_column:1},expected:["'ACTIVE_PARTICIPANT'"]},a}}return aa.push({from:t,to:e,message:n.text,wrap:void 0===n.wrap&&pa()||!!n.wrap,type:r}),!0},pa=function(){return la},ya={SOLID:0,DOTTED:1,NOTE:2,SOLID_CROSS:3,DOTTED_CROSS:4,SOLID_OPEN:5,DOTTED_OPEN:6,LOOP_START:10,LOOP_END:11,ALT_START:12,ALT_ELSE:13,ALT_END:14,OPT_START:15,OPT_END:16,ACTIVE_START:17,ACTIVE_END:18,PAR_START:19,PAR_AND:20,PAR_END:21,RECT_START:22,RECT_END:23,SOLID_POINT:24,DOTTED_POINT:25},ga=function(t,e,n){var r={actor:t,placement:e,message:n.text,wrap:void 0===n.wrap&&pa()||!!n.wrap},i=[].concat(t,t);oa.push(r),aa.push({from:i[0],to:i[1],message:n.text,wrap:void 0===n.wrap&&pa()||!!n.wrap,type:ya.NOTE,placement:e})},va=function(t){sa=t.text,ca=void 0===t.wrap&&pa()||!!t.wrap},ma={addActor:ha,addMessage:function(t,e,n,r){aa.push({from:t,to:e,message:n.text,wrap:void 0===n.wrap&&pa()||!!n.wrap,answer:r})},addSignal:da,autoWrap:pa,setWrap:function(t){la=t},enableSequenceNumbers:function(){ua=!0},showSequenceNumbers:function(){return ua},getMessages:function(){return aa},getActors:function(){return ia},getActor:function(t){return ia[t]},getActorKeys:function(){return Object.keys(ia)},getTitle:function(){return sa},parseDirective:function(t,e,n){fs.parseDirective(this,t,e,n)},getConfig:function(){return _t().sequence},getTitleWrapped:function(){return ca},clear:function(){ia={},aa=[]},parseMessage:function(t){var e=t.trim(),n={text:e.replace(/^[:]?(?:no)?wrap:/,"").trim(),wrap:null!==e.match(/^[:]?wrap:/)||null===e.match(/^[:]?nowrap:/)&&void 0};return c.debug("parseMessage:",n),n},LINETYPE:ya,ARROWTYPE:{FILLED:0,OPEN:1},PLACEMENT:{LEFTOF:0,RIGHTOF:1,OVER:2},addNote:ga,setTitle:va,apply:function t(e){if(e instanceof Array)e.forEach((function(e){t(e)}));else switch(e.type){case"addActor":ha(e.actor,e.actor,e.description);break;case"activeStart":case"activeEnd":da(e.actor,void 0,void 0,e.signalType);break;case"addNote":ga(e.actor,e.placement,e.text);break;case"addMessage":da(e.from,e.to,e.msg,e.signalType);break;case"loopStart":da(void 0,void 0,e.loopText,e.signalType);break;case"loopEnd":da(void 0,void 0,void 0,e.signalType);break;case"rectStart":da(void 0,void 0,e.color,e.signalType);break;case"rectEnd":da(void 0,void 0,void 0,e.signalType);break;case"optStart":da(void 0,void 0,e.optText,e.signalType);break;case"optEnd":da(void 0,void 0,void 0,e.signalType);break;case"altStart":case"else":da(void 0,void 0,e.altText,e.signalType);break;case"altEnd":da(void 0,void 0,void 0,e.signalType);break;case"setTitle":va(e.text);break;case"parStart":case"and":da(void 0,void 0,e.parText,e.signalType);break;case"parEnd":da(void 0,void 0,void 0,e.signalType)}}},ba=function(t,e){var n=t.append("rect");return n.attr("x",e.x),n.attr("y",e.y),n.attr("fill",e.fill),n.attr("stroke",e.stroke),n.attr("width",e.width),n.attr("height",e.height),n.attr("rx",e.rx),n.attr("ry",e.ry),void 0!==e.class&&n.attr("class",e.class),n},_a=function(t,e){var n=0,r=0,i=e.text.split(_.lineBreakRegex),a=[],o=0,s=function(){return e.y};if(void 0!==e.valign&&void 0!==e.textMargin&&e.textMargin>0)switch(e.valign){case"top":case"start":s=function(){return Math.round(e.y+e.textMargin)};break;case"middle":case"center":s=function(){return Math.round(e.y+(n+r+e.textMargin)/2)};break;case"bottom":case"end":s=function(){return Math.round(e.y+(n+r+2*e.textMargin)-e.textMargin)}}if(void 0!==e.anchor&&void 0!==e.textMargin&&void 0!==e.width)switch(e.anchor){case"left":case"start":e.x=Math.round(e.x+e.textMargin),e.anchor="start",e.dominantBaseline="text-after-edge",e.alignmentBaseline="middle";break;case"middle":case"center":e.x=Math.round(e.x+e.width/2),e.anchor="middle",e.dominantBaseline="middle",e.alignmentBaseline="middle";break;case"right":case"end":e.x=Math.round(e.x+e.width-e.textMargin),e.anchor="end",e.dominantBaseline="text-before-edge",e.alignmentBaseline="middle"}for(var c=0;c<i.length;c++){var u=i[c];void 0!==e.textMargin&&0===e.textMargin&&void 0!==e.fontSize&&(o=c*e.fontSize);var l=t.append("text");if(l.attr("x",e.x),l.attr("y",s()),void 0!==e.anchor&&l.attr("text-anchor",e.anchor).attr("dominant-baseline",e.dominantBaseline).attr("alignment-baseline",e.alignmentBaseline),void 0!==e.fontFamily&&l.style("font-family",e.fontFamily),void 0!==e.fontSize&&l.style("font-size",e.fontSize),void 0!==e.fontWeight&&l.style("font-weight",e.fontWeight),void 0!==e.fill&&l.attr("fill",e.fill),void 0!==e.class&&l.attr("class",e.class),void 0!==e.dy?l.attr("dy",e.dy):0!==o&&l.attr("dy",o),e.tspan){var h=l.append("tspan");h.attr("x",e.x),void 0!==e.fill&&h.attr("fill",e.fill),h.text(u)}else l.text(u);void 0!==e.valign&&void 0!==e.textMargin&&e.textMargin>0&&(r+=(l._groups||l)[0][0].getBBox().height,n=r),a.push(l)}return a},xa=function(t,e){var n,r,i,a,o,s=t.append("polygon");return s.attr("points",(n=e.x,r=e.y,i=e.width,a=e.height,n+","+r+" "+(n+i)+","+r+" "+(n+i)+","+(r+a-(o=7))+" "+(n+i-1.2*o)+","+(r+a)+" "+n+","+(r+a))),s.attr("class","labelBox"),e.y=e.y+e.height/2,_a(t,e),s},ka=-1,wa=function(){return{x:0,y:0,fill:void 0,anchor:void 0,style:"#666",width:void 0,height:void 0,textMargin:0,rx:0,ry:0,tspan:!0,valign:void 0}},Ea=function(){return{x:0,y:0,fill:"#EDF2AE",stroke:"#666",width:100,anchor:"start",height:100,rx:0,ry:0}},Ta=function(){function t(t,e,n,i,a,o,s){r(e.append("text").attr("x",n+a/2).attr("y",i+o/2+5).style("text-anchor","middle").text(t),s)}function e(t,e,n,i,a,o,s,c){for(var u=c.actorFontSize,l=c.actorFontFamily,h=c.actorFontWeight,f=t.split(_.lineBreakRegex),d=0;d<f.length;d++){var p=d*u-u*(f.length-1)/2,y=e.append("text").attr("x",n+a/2).attr("y",i).style("text-anchor","middle").style("font-size",u).style("font-weight",h).style("font-family",l);y.append("tspan").attr("x",n+a/2).attr("dy",p).text(f[d]),y.attr("y",i+o/2).attr("dominant-baseline","central").attr("alignment-baseline","central"),r(y,s)}}function n(t,n,i,a,o,s,c,u){var l=n.append("switch"),h=l.append("foreignObject").attr("x",i).attr("y",a).attr("width",o).attr("height",s).append("div").style("display","table").style("height","100%").style("width","100%");h.append("div").style("display","table-cell").style("text-align","center").style("vertical-align","middle").text(t),e(t,l,i,a,o,s,c,u),r(h,c)}function r(t,e){for(var n in e)e.hasOwnProperty(n)&&t.attr(n,e[n])}return function(r){return"fo"===r.textPlacement?n:"old"===r.textPlacement?t:e}}(),Ca={drawRect:ba,drawText:_a,drawLabel:xa,drawActor:function(t,e,n){var r=e.x+e.width/2,i=t.append("g");0===e.y&&(ka++,i.append("line").attr("id","actor"+ka).attr("x1",r).attr("y1",5).attr("x2",r).attr("y2",2e3).attr("class","actor-line").attr("stroke-width","0.5px").attr("stroke","#999"));var a=Ea();a.x=e.x,a.y=e.y,a.fill="#eaeaea",a.width=e.width,a.height=e.height,a.class="actor",a.rx=3,a.ry=3,ba(i,a),Ta(n)(e.description,i,a.x,a.y,a.width,a.height,{class:"actor"},n)},anchorElement:function(t){return t.append("g")},drawActivation:function(t,e,n,r,i){var a=Ea(),o=e.anchored;a.x=e.startx,a.y=e.starty,a.class="activation"+i%3,a.width=e.stopx-e.startx,a.height=n-e.starty,ba(o,a)},drawLoop:function(t,e,n,r){var i=r.boxMargin,a=r.boxTextMargin,o=r.labelBoxHeight,s=r.labelBoxWidth,c=r.messageFontFamily,u=r.messageFontSize,l=r.messageFontWeight,h=t.append("g"),f=function(t,e,n,r){return h.append("line").attr("x1",t).attr("y1",e).attr("x2",n).attr("y2",r).attr("class","loopLine")};f(e.startx,e.starty,e.stopx,e.starty),f(e.stopx,e.starty,e.stopx,e.stopy),f(e.startx,e.stopy,e.stopx,e.stopy),f(e.startx,e.starty,e.startx,e.stopy),void 0!==e.sections&&e.sections.forEach((function(t){f(e.startx,t.y,e.stopx,t.y).style("stroke-dasharray","3, 3")}));var d=wa();d.text=n,d.x=e.startx,d.y=e.starty,d.fontFamily=c,d.fontSize=u,d.fontWeight=l,d.anchor="middle",d.valign="middle",d.tspan=!1,d.width=s||50,d.height=o||20,d.textMargin=a,d.class="labelText",xa(h,d),(d=wa()).text=e.title,d.x=e.startx+s/2+(e.stopx-e.startx)/2,d.y=e.starty+i+a,d.anchor="middle",d.valign="middle",d.textMargin=a,d.class="loopText",d.fontFamily=c,d.fontSize=u,d.fontWeight=l,d.wrap=!0;var p=_a(h,d);return void 0!==e.sectionTitles&&e.sectionTitles.forEach((function(t,n){if(t.message){d.text=t.message,d.x=e.startx+(e.stopx-e.startx)/2,d.y=e.sections[n].y+i+a,d.class="loopText",d.anchor="middle",d.valign="middle",d.tspan=!1,d.fontFamily=c,d.fontSize=u,d.fontWeight=l,d.wrap=e.wrap,p=_a(h,d);var r=Math.round(p.map((function(t){return(t._groups||t)[0][0].getBBox().height})).reduce((function(t,e){return t+e})));e.sections[n].height+=r-(i+a)}})),e.height=Math.round(e.stopy-e.starty),h},drawBackgroundRect:function(t,e){ba(t,{x:e.startx,y:e.starty,width:e.stopx-e.startx,height:e.stopy-e.starty,fill:e.fill,class:"rect"}).lower()},insertArrowHead:function(t){t.append("defs").append("marker").attr("id","arrowhead").attr("refX",9).attr("refY",5).attr("markerUnits","userSpaceOnUse").attr("markerWidth",12).attr("markerHeight",12).attr("orient","auto").append("path").attr("d","M 0 0 L 10 5 L 0 10 z")},insertArrowFilledHead:function(t){t.append("defs").append("marker").attr("id","filled-head").attr("refX",18).attr("refY",7).attr("markerWidth",20).attr("markerHeight",28).attr("orient","auto").append("path").attr("d","M 18,7 L9,13 L14,7 L9,1 Z")},insertSequenceNumber:function(t){t.append("defs").append("marker").attr("id","sequencenumber").attr("refX",15).attr("refY",15).attr("markerWidth",60).attr("markerHeight",40).attr("orient","auto").append("circle").attr("cx",15).attr("cy",15).attr("r",6)},insertArrowCrossHead:function(t){var e=t.append("defs").append("marker").attr("id","crosshead").attr("markerWidth",15).attr("markerHeight",8).attr("orient","auto").attr("refX",16).attr("refY",4);e.append("path").attr("fill","black").attr("stroke","#000000").style("stroke-dasharray","0, 0").attr("stroke-width","1px").attr("d","M 9,2 V 6 L16,4 Z"),e.append("path").attr("fill","none").attr("stroke","#000000").style("stroke-dasharray","0, 0").attr("stroke-width","1px").attr("d","M 0,1 L 6,7 M 6,1 L 0,7")},getTextObj:wa,getNoteRect:Ea};ea.parser.yy=ma;var Sa={},Aa={data:{startx:void 0,stopx:void 0,starty:void 0,stopy:void 0},verticalPos:0,sequenceItems:[],activations:[],models:{getHeight:function(){return Math.max.apply(null,0===this.actors.length?[0]:this.actors.map((function(t){return t.height||0})))+(0===this.loops.length?0:this.loops.map((function(t){return t.height||0})).reduce((function(t,e){return t+e})))+(0===this.messages.length?0:this.messages.map((function(t){return t.height||0})).reduce((function(t,e){return t+e})))+(0===this.notes.length?0:this.notes.map((function(t){return t.height||0})).reduce((function(t,e){return t+e})))},clear:function(){this.actors=[],this.loops=[],this.messages=[],this.notes=[]},addActor:function(t){this.actors.push(t)},addLoop:function(t){this.loops.push(t)},addMessage:function(t){this.messages.push(t)},addNote:function(t){this.notes.push(t)},lastActor:function(){return this.actors[this.actors.length-1]},lastLoop:function(){return this.loops[this.loops.length-1]},lastMessage:function(){return this.messages[this.messages.length-1]},lastNote:function(){return this.notes[this.notes.length-1]},actors:[],loops:[],messages:[],notes:[]},init:function(){this.sequenceItems=[],this.activations=[],this.models.clear(),this.data={startx:void 0,stopx:void 0,starty:void 0,stopy:void 0},this.verticalPos=0,Ba(ea.parser.yy.getConfig())},updateVal:function(t,e,n,r){void 0===t[e]?t[e]=n:t[e]=r(n,t[e])},updateBounds:function(t,e,n,r){var i=this,a=0;function o(o){return function(s){a++;var c=i.sequenceItems.length-a+1;i.updateVal(s,"starty",e-c*Sa.boxMargin,Math.min),i.updateVal(s,"stopy",r+c*Sa.boxMargin,Math.max),i.updateVal(Aa.data,"startx",t-c*Sa.boxMargin,Math.min),i.updateVal(Aa.data,"stopx",n+c*Sa.boxMargin,Math.max),"activation"!==o&&(i.updateVal(s,"startx",t-c*Sa.boxMargin,Math.min),i.updateVal(s,"stopx",n+c*Sa.boxMargin,Math.max),i.updateVal(Aa.data,"starty",e-c*Sa.boxMargin,Math.min),i.updateVal(Aa.data,"stopy",r+c*Sa.boxMargin,Math.max))}}this.sequenceItems.forEach(o()),this.activations.forEach(o("activation"))},insert:function(t,e,n,r){var i=Math.min(t,n),a=Math.max(t,n),o=Math.min(e,r),s=Math.max(e,r);this.updateVal(Aa.data,"startx",i,Math.min),this.updateVal(Aa.data,"starty",o,Math.min),this.updateVal(Aa.data,"stopx",a,Math.max),this.updateVal(Aa.data,"stopy",s,Math.max),this.updateBounds(i,o,a,s)},newActivation:function(t,e,n){var r=n[t.from.actor],i=La(t.from.actor).length||0,a=r.x+r.width/2+(i-1)*Sa.activationWidth/2;this.activations.push({startx:a,starty:this.verticalPos+2,stopx:a+Sa.activationWidth,stopy:void 0,actor:t.from.actor,anchored:Ca.anchorElement(e)})},endActivation:function(t){var e=this.activations.map((function(t){return t.actor})).lastIndexOf(t.from.actor);return this.activations.splice(e,1)[0]},createLoop:function(){var t=arguments.length>0&&void 0!==arguments[0]?arguments[0]:{message:void 0,wrap:!1,width:void 0},e=arguments.length>1?arguments[1]:void 0;return{startx:void 0,starty:this.verticalPos,stopx:void 0,stopy:void 0,title:t.message,wrap:t.wrap,width:t.width,height:0,fill:e}},newLoop:function(){var t=arguments.length>0&&void 0!==arguments[0]?arguments[0]:{message:void 0,wrap:!1,width:void 0},e=arguments.length>1?arguments[1]:void 0;this.sequenceItems.push(this.createLoop(t,e))},endLoop:function(){return this.sequenceItems.pop()},addSectionToLoop:function(t){var e=this.sequenceItems.pop();e.sections=e.sections||[],e.sectionTitles=e.sectionTitles||[],e.sections.push({y:Aa.getVerticalPos(),height:0}),e.sectionTitles.push(t),this.sequenceItems.push(e)},bumpVerticalPos:function(t){this.verticalPos=this.verticalPos+t,this.data.stopy=this.verticalPos},getVerticalPos:function(){return this.verticalPos},getBounds:function(){return{bounds:this.data,models:this.models}}},Ma=function(t){return{fontFamily:t.messageFontFamily,fontSize:t.messageFontSize,fontWeight:t.messageFontWeight}},Oa=function(t){return{fontFamily:t.noteFontFamily,fontSize:t.noteFontSize,fontWeight:t.noteFontWeight}},Na=function(t){return{fontFamily:t.actorFontFamily,fontSize:t.actorFontSize,fontWeight:t.actorFontWeight}},Da=function(t,e,n,r){for(var i=0,a=0,o=0;o<n.length;o++){var s=e[n[o]];s.width=s.width||Sa.width,s.height=Math.max(s.height||Sa.height,Sa.height),s.margin=s.margin||Sa.actorMargin,s.x=i+a,s.y=r,Ca.drawActor(t,s,Sa),Aa.insert(s.x,r,s.x+s.width,s.height),i+=s.width,a+=s.margin,Aa.models.addActor(s)}Aa.bumpVerticalPos(Sa.height)},Ba=function(t){F(Sa,t),t.fontFamily&&(Sa.actorFontFamily=Sa.noteFontFamily=Sa.messageFontFamily=t.fontFamily),t.fontSize&&(Sa.actorFontSize=Sa.noteFontSize=Sa.messageFontSize=t.fontSize),t.fontWeight&&(Sa.actorFontWeight=Sa.noteFontWeight=Sa.messageFontWeight=t.fontWeight)},La=function(t){return Aa.activations.filter((function(e){return e.actor===t}))},Ia=function(t,e){var n=e[t],r=La(t);return[r.reduce((function(t,e){return Math.min(t,e.startx)}),n.x+n.width/2),r.reduce((function(t,e){return Math.max(t,e.stopx)}),n.x+n.width/2)]};function Ra(t,e,n,r,i){Aa.bumpVerticalPos(n);var a=r;if(e.id&&e.message&&t[e.id]){var o=t[e.id].width,s=Ma(Sa);e.message=V.wrapLabel("[".concat(e.message,"]"),o-2*Sa.wrapPadding,s),e.width=o,e.wrap=!0;var u=V.calculateTextDimensions(e.message,s),l=Math.max(u.height,Sa.labelBoxHeight);a=r+l,c.debug("".concat(l," - ").concat(e.message))}i(e),Aa.bumpVerticalPos(a)}var Fa=function(t,e){var n={};return e.forEach((function(e){if(t[e.to]&&t[e.from]){var r=t[e.to];if(e.placement===ea.parser.yy.PLACEMENT.LEFTOF&&!r.prevActor)return;if(e.placement===ea.parser.yy.PLACEMENT.RIGHTOF&&!r.nextActor)return;var i=void 0!==e.placement,a=!i,o=i?Oa(Sa):Ma(Sa),s=e.wrap?V.wrapLabel(e.message,Sa.width-2*Sa.wrapPadding,o):e.message,c=V.calculateTextDimensions(s,o).width+2*Sa.wrapPadding;a&&e.from===r.nextActor?n[e.to]=Math.max(n[e.to]||0,c):a&&e.from===r.prevActor?n[e.from]=Math.max(n[e.from]||0,c):a&&e.from===e.to?(n[e.from]=Math.max(n[e.from]||0,c/2),n[e.to]=Math.max(n[e.to]||0,c/2)):e.placement===ea.parser.yy.PLACEMENT.RIGHTOF?n[e.from]=Math.max(n[e.from]||0,c):e.placement===ea.parser.yy.PLACEMENT.LEFTOF?n[r.prevActor]=Math.max(n[r.prevActor]||0,c):e.placement===ea.parser.yy.PLACEMENT.OVER&&(r.prevActor&&(n[r.prevActor]=Math.max(n[r.prevActor]||0,c/2)),r.nextActor&&(n[e.from]=Math.max(n[e.from]||0,c/2)))}})),c.debug("maxMessageWidthPerActor:",n),n},Pa=function(t,e){var n=0;for(var r in Object.keys(t).forEach((function(e){var r=t[e];r.wrap&&(r.description=V.wrapLabel(r.description,Sa.width-2*Sa.wrapPadding,Na(Sa)));var i=V.calculateTextDimensions(r.description,Na(Sa));r.width=r.wrap?Sa.width:Math.max(Sa.width,i.width+2*Sa.wrapPadding),r.height=r.wrap?Math.max(i.height,Sa.height):Sa.height,n=Math.max(n,r.height)})),e){var i=t[r];if(i){var a=t[i.nextActor];if(a){var o=e[r]+Sa.actorMargin-i.width/2-a.width/2;i.margin=Math.max(o,Sa.actorMargin)}}}return Math.max(n,Sa.height)},ja=function(t,e){var n,r,i,a={},o=[];return t.forEach((function(t){switch(t.id=V.random({length:10}),t.type){case ea.parser.yy.LINETYPE.LOOP_START:case ea.parser.yy.LINETYPE.ALT_START:case ea.parser.yy.LINETYPE.OPT_START:case ea.parser.yy.LINETYPE.PAR_START:o.push({id:t.id,msg:t.message,from:Number.MAX_SAFE_INTEGER,to:Number.MIN_SAFE_INTEGER,width:0});break;case ea.parser.yy.LINETYPE.ALT_ELSE:case ea.parser.yy.LINETYPE.PAR_AND:t.message&&(n=o.pop(),a[n.id]=n,a[t.id]=n,o.push(n));break;case ea.parser.yy.LINETYPE.LOOP_END:case ea.parser.yy.LINETYPE.ALT_END:case ea.parser.yy.LINETYPE.OPT_END:case ea.parser.yy.LINETYPE.PAR_END:n=o.pop(),a[n.id]=n;break;case ea.parser.yy.LINETYPE.ACTIVE_START:var s=e[t.from?t.from.actor:t.to.actor],u=La(t.from?t.from.actor:t.to.actor).length,l=s.x+s.width/2+(u-1)*Sa.activationWidth/2,h={startx:l,stopx:l+Sa.activationWidth,actor:t.from.actor,enabled:!0};Aa.activations.push(h);break;case ea.parser.yy.LINETYPE.ACTIVE_END:var f=Aa.activations.map((function(t){return t.actor})).lastIndexOf(t.from.actor);delete Aa.activations.splice(f,1)[0]}void 0!==t.placement?(r=function(t,e){var n=e[t.from].x,r=e[t.to].x,i=t.wrap&&t.message,a=V.calculateTextDimensions(i?V.wrapLabel(t.message,Sa.width,Oa(Sa)):t.message,Oa(Sa)),o={width:i?Sa.width:Math.max(Sa.width,a.width+2*Sa.noteMargin),height:0,startx:e[t.from].x,stopx:0,starty:0,stopy:0,message:t.message};return t.placement===ea.parser.yy.PLACEMENT.RIGHTOF?(o.width=i?Math.max(Sa.width,a.width):Math.max(e[t.from].width/2+e[t.to].width/2,a.width+2*Sa.noteMargin),o.startx=n+(e[t.from].width+Sa.actorMargin)/2):t.placement===ea.parser.yy.PLACEMENT.LEFTOF?(o.width=i?Math.max(Sa.width,a.width+2*Sa.noteMargin):Math.max(e[t.from].width/2+e[t.to].width/2,a.width+2*Sa.noteMargin),o.startx=n-o.width+(e[t.from].width-Sa.actorMargin)/2):t.to===t.from?(a=V.calculateTextDimensions(i?V.wrapLabel(t.message,Math.max(Sa.width,e[t.from].width),Oa(Sa)):t.message,Oa(Sa)),o.width=i?Math.max(Sa.width,e[t.from].width):Math.max(e[t.from].width,Sa.width,a.width+2*Sa.noteMargin),o.startx=n+(e[t.from].width-o.width)/2):(o.width=Math.abs(n+e[t.from].width/2-(r+e[t.to].width/2))+Sa.actorMargin,o.startx=n<r?n+e[t.from].width/2-Sa.actorMargin/2:r+e[t.to].width/2-Sa.actorMargin/2),i&&(o.message=V.wrapLabel(t.message,o.width-2*Sa.wrapPadding,Oa(Sa))),c.debug("NM:[".concat(o.startx,",").concat(o.stopx,",").concat(o.starty,",").concat(o.stopy,":").concat(o.width,",").concat(o.height,"=").concat(t.message,"]")),o}(t,e),t.noteModel=r,o.forEach((function(t){(n=t).from=Math.min(n.from,r.startx),n.to=Math.max(n.to,r.startx+r.width),n.width=Math.max(n.width,Math.abs(n.from-n.to))-Sa.labelBoxWidth}))):(i=function(t,e){var n=!1;if([ea.parser.yy.LINETYPE.SOLID_OPEN,ea.parser.yy.LINETYPE.DOTTED_OPEN,ea.parser.yy.LINETYPE.SOLID,ea.parser.yy.LINETYPE.DOTTED,ea.parser.yy.LINETYPE.SOLID_CROSS,ea.parser.yy.LINETYPE.DOTTED_CROSS,ea.parser.yy.LINETYPE.SOLID_POINT,ea.parser.yy.LINETYPE.DOTTED_POINT].includes(t.type)&&(n=!0),!n)return{};var r=Ia(t.from,e),i=Ia(t.to,e),a=r[0]<=i[0]?1:0,o=r[0]<i[0]?0:1,s=r.concat(i),c=Math.abs(i[o]-r[a]);t.wrap&&t.message&&(t.message=V.wrapLabel(t.message,Math.max(c+2*Sa.wrapPadding,Sa.width),Ma(Sa)));var u=V.calculateTextDimensions(t.message,Ma(Sa));return{width:Math.max(t.wrap?0:u.width+2*Sa.wrapPadding,c+2*Sa.wrapPadding,Sa.width),height:0,startx:r[a],stopx:i[o],starty:0,stopy:0,message:t.message,type:t.type,wrap:t.wrap,fromBounds:Math.min.apply(null,s),toBounds:Math.max.apply(null,s)}}(t,e),t.msgModel=i,i.startx&&i.stopx&&o.length>0&&o.forEach((function(r){if(n=r,i.startx===i.stopx){var a=e[t.from],o=e[t.to];n.from=Math.min(a.x-i.width/2,a.x-a.width/2,n.from),n.to=Math.max(o.x+i.width/2,o.x+a.width/2,n.to),n.width=Math.max(n.width,Math.abs(n.to-n.from))-Sa.labelBoxWidth}else n.from=Math.min(i.startx,n.from),n.to=Math.max(i.stopx,n.to),n.width=Math.max(n.width,i.width)-Sa.labelBoxWidth})))})),Aa.activations=[],c.debug("Loop type widths:",a),a},Ya={bounds:Aa,drawActors:Da,setConf:Ba,draw:function(t,e){Sa=_t().sequence,ea.parser.yy.clear(),ea.parser.yy.setWrap(Sa.wrap),ea.parser.parse(t+"\n"),Aa.init(),c.debug("C:".concat(JSON.stringify(Sa,null,2)));var n=Object(h.select)('[id="'.concat(e,'"]')),r=ea.parser.yy.getActors(),i=ea.parser.yy.getActorKeys(),a=ea.parser.yy.getMessages(),o=ea.parser.yy.getTitle(),s=Fa(r,a);Sa.height=Pa(r,s),Da(n,r,i,0);var u=ja(a,r,s);Ca.insertArrowHead(n),Ca.insertArrowCrossHead(n),Ca.insertArrowFilledHead(n),Ca.insertSequenceNumber(n);var l=1;a.forEach((function(t){var e,i,a;switch(t.type){case ea.parser.yy.LINETYPE.NOTE:i=t.noteModel,function(t,e){Aa.bumpVerticalPos(Sa.boxMargin),e.height=Sa.boxMargin,e.starty=Aa.getVerticalPos();var n=Ca.getNoteRect();n.x=e.startx,n.y=e.starty,n.width=e.width||Sa.width,n.class="note";var r=t.append("g"),i=Ca.drawRect(r,n),a=Ca.getTextObj();a.x=e.startx,a.y=e.starty,a.width=n.width,a.dy="1em",a.text=e.message,a.class="noteText",a.fontFamily=Sa.noteFontFamily,a.fontSize=Sa.noteFontSize,a.fontWeight=Sa.noteFontWeight,a.anchor=Sa.noteAlign,a.textMargin=Sa.noteMargin,a.valign=Sa.noteAlign;var o=_a(r,a),s=Math.round(o.map((function(t){return(t._groups||t)[0][0].getBBox().height})).reduce((function(t,e){return t+e})));i.attr("height",s+2*Sa.noteMargin),e.height+=s+2*Sa.noteMargin,Aa.bumpVerticalPos(s+2*Sa.noteMargin),e.stopy=e.starty+s+2*Sa.noteMargin,e.stopx=e.startx+n.width,Aa.insert(e.startx,e.starty,e.stopx,e.stopy),Aa.models.addNote(e)}(n,i);break;case ea.parser.yy.LINETYPE.ACTIVE_START:Aa.newActivation(t,n,r);break;case ea.parser.yy.LINETYPE.ACTIVE_END:!function(t,e){var r=Aa.endActivation(t);r.starty+18>e&&(r.starty=e-6,e+=12),Ca.drawActivation(n,r,e,Sa,La(t.from.actor).length),Aa.insert(r.startx,e-10,r.stopx,e)}(t,Aa.getVerticalPos());break;case ea.parser.yy.LINETYPE.LOOP_START:Ra(u,t,Sa.boxMargin,Sa.boxMargin+Sa.boxTextMargin,(function(t){return Aa.newLoop(t)}));break;case ea.parser.yy.LINETYPE.LOOP_END:e=Aa.endLoop(),Ca.drawLoop(n,e,"loop",Sa),Aa.bumpVerticalPos(e.stopy-Aa.getVerticalPos()),Aa.models.addLoop(e);break;case ea.parser.yy.LINETYPE.RECT_START:Ra(u,t,Sa.boxMargin,Sa.boxMargin,(function(t){return Aa.newLoop(void 0,t.message)}));break;case ea.parser.yy.LINETYPE.RECT_END:e=Aa.endLoop(),Ca.drawBackgroundRect(n,e),Aa.models.addLoop(e),Aa.bumpVerticalPos(e.stopy-Aa.getVerticalPos());break;case ea.parser.yy.LINETYPE.OPT_START:Ra(u,t,Sa.boxMargin,Sa.boxMargin+Sa.boxTextMargin,(function(t){return Aa.newLoop(t)}));break;case ea.parser.yy.LINETYPE.OPT_END:e=Aa.endLoop(),Ca.drawLoop(n,e,"opt",Sa),Aa.bumpVerticalPos(e.stopy-Aa.getVerticalPos()),Aa.models.addLoop(e);break;case ea.parser.yy.LINETYPE.ALT_START:Ra(u,t,Sa.boxMargin,Sa.boxMargin+Sa.boxTextMargin,(function(t){return Aa.newLoop(t)}));break;case ea.parser.yy.LINETYPE.ALT_ELSE:Ra(u,t,Sa.boxMargin+Sa.boxTextMargin,Sa.boxMargin,(function(t){return Aa.addSectionToLoop(t)}));break;case ea.parser.yy.LINETYPE.ALT_END:e=Aa.endLoop(),Ca.drawLoop(n,e,"alt",Sa),Aa.bumpVerticalPos(e.stopy-Aa.getVerticalPos()),Aa.models.addLoop(e);break;case ea.parser.yy.LINETYPE.PAR_START:Ra(u,t,Sa.boxMargin,Sa.boxMargin+Sa.boxTextMargin,(function(t){return Aa.newLoop(t)}));break;case ea.parser.yy.LINETYPE.PAR_AND:Ra(u,t,Sa.boxMargin+Sa.boxTextMargin,Sa.boxMargin,(function(t){return Aa.addSectionToLoop(t)}));break;case ea.parser.yy.LINETYPE.PAR_END:e=Aa.endLoop(),Ca.drawLoop(n,e,"par",Sa),Aa.bumpVerticalPos(e.stopy-Aa.getVerticalPos()),Aa.models.addLoop(e);break;default:try{(a=t.msgModel).starty=Aa.getVerticalPos(),a.sequenceIndex=l,function(t,e){Aa.bumpVerticalPos(10);var n=e.startx,r=e.stopx,i=e.starty,a=e.message,o=e.type,s=e.sequenceIndex,c=_.splitBreaks(a).length,u=V.calculateTextDimensions(a,Ma(Sa)),l=u.height/c;e.height+=l,Aa.bumpVerticalPos(l);var h=Ca.getTextObj();h.x=n,h.y=i+10,h.width=r-n,h.class="messageText",h.dy="1em",h.text=a,h.fontFamily=Sa.messageFontFamily,h.fontSize=Sa.messageFontSize,h.fontWeight=Sa.messageFontWeight,h.anchor=Sa.messageAlign,h.valign=Sa.messageAlign,h.textMargin=Sa.wrapPadding,h.tspan=!1,_a(t,h);var f,d,p=u.height-10,y=u.width;if(n===r){d=Aa.getVerticalPos()+p,Sa.rightAngles?f=t.append("path").attr("d","M  ".concat(n,",").concat(d," H ").concat(n+Math.max(Sa.width/2,y/2)," V ").concat(d+25," H ").concat(n)):(p+=Sa.boxMargin,d=Aa.getVerticalPos()+p,f=t.append("path").attr("d","M "+n+","+d+" C "+(n+60)+","+(d-10)+" "+(n+60)+","+(d+30)+" "+n+","+(d+20))),p+=30;var g=Math.max(y/2,Sa.width/2);Aa.insert(n-g,Aa.getVerticalPos()-10+p,r+g,Aa.getVerticalPos()+30+p)}else p+=Sa.boxMargin,d=Aa.getVerticalPos()+p,(f=t.append("line")).attr("x1",n),f.attr("y1",d),f.attr("x2",r),f.attr("y2",d),Aa.insert(n,d-10,r,d);o===ea.parser.yy.LINETYPE.DOTTED||o===ea.parser.yy.LINETYPE.DOTTED_CROSS||o===ea.parser.yy.LINETYPE.DOTTED_POINT||o===ea.parser.yy.LINETYPE.DOTTED_OPEN?(f.style("stroke-dasharray","3, 3"),f.attr("class","messageLine1")):f.attr("class","messageLine0");var v="";Sa.arrowMarkerAbsolute&&(v=(v=(v=window.location.protocol+"//"+window.location.host+window.location.pathname+window.location.search).replace(/\(/g,"\\(")).replace(/\)/g,"\\)")),f.attr("stroke-width",2),f.attr("stroke","none"),f.style("fill","none"),o!==ea.parser.yy.LINETYPE.SOLID&&o!==ea.parser.yy.LINETYPE.DOTTED||f.attr("marker-end","url("+v+"#arrowhead)"),o!==ea.parser.yy.LINETYPE.SOLID_POINT&&o!==ea.parser.yy.LINETYPE.DOTTED_POINT||f.attr("marker-end","url("+v+"#filled-head)"),o!==ea.parser.yy.LINETYPE.SOLID_CROSS&&o!==ea.parser.yy.LINETYPE.DOTTED_CROSS||f.attr("marker-end","url("+v+"#crosshead)"),(ma.showSequenceNumbers()||Sa.showSequenceNumbers)&&(f.attr("marker-start","url("+v+"#sequencenumber)"),t.append("text").attr("x",n).attr("y",d+4).attr("font-family","sans-serif").attr("font-size","12px").attr("text-anchor","middle").attr("textLength","16px").attr("class","sequenceNumber").text(s)),Aa.bumpVerticalPos(p),e.height+=p,e.stopy=e.starty+e.height,Aa.insert(e.fromBounds,e.starty,e.toBounds,e.stopy)}(n,a),Aa.models.addMessage(a)}catch(t){c.error("error while drawing message",t)}}[ea.parser.yy.LINETYPE.SOLID_OPEN,ea.parser.yy.LINETYPE.DOTTED_OPEN,ea.parser.yy.LINETYPE.SOLID,ea.parser.yy.LINETYPE.DOTTED,ea.parser.yy.LINETYPE.SOLID_CROSS,ea.parser.yy.LINETYPE.DOTTED_CROSS,ea.parser.yy.LINETYPE.SOLID_POINT,ea.parser.yy.LINETYPE.DOTTED_POINT].includes(t.type)&&l++})),Sa.mirrorActors&&(Aa.bumpVerticalPos(2*Sa.boxMargin),Da(n,r,i,Aa.getVerticalPos()));var f=Aa.getBounds().bounds;c.debug("For line height fix Querying: #"+e+" .actor-line"),Object(h.selectAll)("#"+e+" .actor-line").attr("y2",f.stopy);var d=f.stopy-f.starty+2*Sa.diagramMarginY;Sa.mirrorActors&&(d=d-Sa.boxMargin+Sa.bottomMarginAdj);var p=f.stopx-f.startx+2*Sa.diagramMarginX;o&&n.append("text").text(o).attr("x",(f.stopx-f.startx)/2-2*Sa.diagramMarginX).attr("y",-25),W(n,d,p,Sa.useMaxWidth);var y=o?40:0;n.attr("viewBox",f.startx-Sa.diagramMarginX+" -"+(Sa.diagramMarginY+y)+" "+p+" "+(d+y)),c.debug("models:",Aa.models)}},za=n(22),Ua=n.n(za);function $a(t){return($a="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(t){return typeof t}:function(t){return t&&"function"==typeof Symbol&&t.constructor===Symbol&&t!==Symbol.prototype?"symbol":typeof t})(t)}var Wa,Va=function(t){return JSON.parse(JSON.stringify(t))},qa=[],Ha={root:{relations:[],states:{},documents:{}}},Ga=Ha.root,Xa=0,Za=function(t,e,n,r,i){void 0===Ga.states[t]?Ga.states[t]={id:t,descriptions:[],type:e,doc:n,note:i}:(Ga.states[t].doc||(Ga.states[t].doc=n),Ga.states[t].type||(Ga.states[t].type=e)),r&&(c.info("Adding state ",t,r),"string"==typeof r&&Ja(t,r.trim()),"object"===$a(r)&&r.forEach((function(e){return Ja(t,e.trim())}))),i&&(Ga.states[t].note=i)},Qa=function(){Ga=(Ha={root:{relations:[],states:{},documents:{}}}).root,Ga=Ha.root,Xa=0,0,eo=[]},Ka=function(t,e,n){var r=t,i=e,a="default",o="default";"[*]"===t&&(r="start"+ ++Xa,a="start"),"[*]"===e&&(i="end"+Xa,o="end"),Za(r,a),Za(i,o),Ga.relations.push({id1:r,id2:i,title:n})},Ja=function(t,e){var n=Ga.states[t],r=e;":"===r[0]&&(r=r.substr(1).trim()),n.descriptions.push(r)},to=0,eo=[],no={parseDirective:function(t,e,n){fs.parseDirective(this,t,e,n)},getConfig:function(){return _t().state},addState:Za,clear:Qa,getState:function(t){return Ga.states[t]},getStates:function(){return Ga.states},getRelations:function(){return Ga.relations},getClasses:function(){return eo},getDirection:function(){return"TB"},addRelation:Ka,getDividerId:function(){return"divider-id-"+ ++to},cleanupLabel:function(t){return":"===t.substring(0,1)?t.substr(2).trim():t.trim()},lineType:{LINE:0,DOTTED_LINE:1},relationType:{AGGREGATION:0,EXTENSION:1,COMPOSITION:2,DEPENDENCY:3},logDocuments:function(){c.info("Documents = ",Ha)},getRootDoc:function(){return qa},setRootDoc:function(t){c.info("Setting root doc",t),qa=t},getRootDocV2:function(){return function t(e,n,r){if("relation"===n.stmt)t(e,n.state1,!0),t(e,n.state2,!1);else if("state"===n.stmt&&"[*]"===n.id&&(n.id=r?e.id+"_start":e.id+"_end",n.start=r),n.doc){var i=[],a=0,o=[];for(a=0;a<n.doc.length;a++)if("divider"===n.doc[a].type){var s=Va(n.doc[a]);s.doc=Va(o),i.push(s),o=[]}else o.push(n.doc[a]);if(i.length>0&&o.length>0){var c={stmt:"state",id:I(),type:"divider",doc:Va(o)};i.push(Va(c)),n.doc=i}n.doc.forEach((function(e){return t(n,e,!0)}))}}({id:"root"},{id:"root",doc:qa},!0),{id:"root",doc:qa}},extract:function(t){var e;e=t.doc?t.doc:t,c.info(e),Qa(),c.info("Extract",e),e.forEach((function(t){"state"===t.stmt&&Za(t.id,t.type,t.doc,t.description,t.note),"relation"===t.stmt&&Ka(t.state1.id,t.state2.id,t.description)}))},trimColon:function(t){return t&&":"===t[0]?t.substr(1).trim():t.trim()}},ro={},io=function(t,e){ro[t]=e},ao=function(t,e){var n=t.append("text").attr("x",2*_t().state.padding).attr("y",_t().state.textHeight+1.3*_t().state.padding).attr("font-size",_t().state.fontSize).attr("class","state-title").text(e.descriptions[0]).node().getBBox(),r=n.height,i=t.append("text").attr("x",_t().state.padding).attr("y",r+.4*_t().state.padding+_t().state.dividerMargin+_t().state.textHeight).attr("class","state-description"),a=!0,o=!0;e.descriptions.forEach((function(t){a||(!function(t,e,n){var r=t.append("tspan").attr("x",2*_t().state.padding).text(e);n||r.attr("dy",_t().state.textHeight)}(i,t,o),o=!1),a=!1}));var s=t.append("line").attr("x1",_t().state.padding).attr("y1",_t().state.padding+r+_t().state.dividerMargin/2).attr("y2",_t().state.padding+r+_t().state.dividerMargin/2).attr("class","descr-divider"),c=i.node().getBBox(),u=Math.max(c.width,n.width);return s.attr("x2",u+3*_t().state.padding),t.insert("rect",":first-child").attr("x",_t().state.padding).attr("y",_t().state.padding).attr("width",u+2*_t().state.padding).attr("height",c.height+r+2*_t().state.padding).attr("rx",_t().state.radius),t},oo=function(t,e,n){var r,i=_t().state.padding,a=2*_t().state.padding,o=t.node().getBBox(),s=o.width,c=o.x,u=t.append("text").attr("x",0).attr("y",_t().state.titleShift).attr("font-size",_t().state.fontSize).attr("class","state-title").text(e.id),l=u.node().getBBox().width+a,h=Math.max(l,s);h===s&&(h+=a);var f=t.node().getBBox();e.doc,r=c-i,l>s&&(r=(s-h)/2+i),Math.abs(c-f.x)<i&&l>s&&(r=c-(l-s)/2);var d=1-_t().state.textHeight;return t.insert("rect",":first-child").attr("x",r).attr("y",d).attr("class",n?"alt-composit":"composit").attr("width",h).attr("height",f.height+_t().state.textHeight+_t().state.titleShift+1).attr("rx","0"),u.attr("x",r+i),l<=s&&u.attr("x",c+(h-a)/2-l/2+i),t.insert("rect",":first-child").attr("x",r).attr("y",_t().state.titleShift-_t().state.textHeight-_t().state.padding).attr("width",h).attr("height",3*_t().state.textHeight).attr("rx",_t().state.radius),t.insert("rect",":first-child").attr("x",r).attr("y",_t().state.titleShift-_t().state.textHeight-_t().state.padding).attr("width",h).attr("height",f.height+3+2*_t().state.textHeight).attr("rx",_t().state.radius),t},so=function(t,e){e.attr("class","state-note");var n=e.append("rect").attr("x",0).attr("y",_t().state.padding),r=function(t,e,n,r){var i=0,a=r.append("text");a.style("text-anchor","start"),a.attr("class","noteText");var o=t.replace(/\r\n/g,"<br/>"),s=(o=o.replace(/\n/g,"<br/>")).split(_.lineBreakRegex),c=1.25*_t().state.noteMargin,u=!0,l=!1,h=void 0;try{for(var f,d=s[Symbol.iterator]();!(u=(f=d.next()).done);u=!0){var p=f.value.trim();if(p.length>0){var y=a.append("tspan");if(y.text(p),0===c)c+=y.node().getBBox().height;i+=c,y.attr("x",e+_t().state.noteMargin),y.attr("y",n+i+1.25*_t().state.noteMargin)}}}catch(t){l=!0,h=t}finally{try{u||null==d.return||d.return()}finally{if(l)throw h}}return{textWidth:a.node().getBBox().width,textHeight:i}}(t,0,0,e.append("g")),i=r.textWidth,a=r.textHeight;return n.attr("height",a+2*_t().state.noteMargin),n.attr("width",i+2*_t().state.noteMargin),n},co=function(t,e){var n=e.id,r={id:n,label:e.id,width:0,height:0},i=t.append("g").attr("id",n).attr("class","stateGroup");"start"===e.type&&function(t){t.append("circle").attr("class","start-state").attr("r",_t().state.sizeUnit).attr("cx",_t().state.padding+_t().state.sizeUnit).attr("cy",_t().state.padding+_t().state.sizeUnit)}(i),"end"===e.type&&function(t){t.append("circle").attr("class","end-state-outer").attr("r",_t().state.sizeUnit+_t().state.miniPadding).attr("cx",_t().state.padding+_t().state.sizeUnit+_t().state.miniPadding).attr("cy",_t().state.padding+_t().state.sizeUnit+_t().state.miniPadding),t.append("circle").attr("class","end-state-inner").attr("r",_t().state.sizeUnit).attr("cx",_t().state.padding+_t().state.sizeUnit+2).attr("cy",_t().state.padding+_t().state.sizeUnit+2)}(i),"fork"!==e.type&&"join"!==e.type||function(t,e){var n=_t().state.forkWidth,r=_t().state.forkHeight;if(e.parentId){var i=n;n=r,r=i}t.append("rect").style("stroke","black").style("fill","black").attr("width",n).attr("height",r).attr("x",_t().state.padding).attr("y",_t().state.padding)}(i,e),"note"===e.type&&so(e.note.text,i),"divider"===e.type&&function(t){t.append("line").style("stroke","grey").style("stroke-dasharray","3").attr("x1",_t().state.textHeight).attr("class","divider").attr("x2",2*_t().state.textHeight).attr("y1",0).attr("y2",0)}(i),"default"===e.type&&0===e.descriptions.length&&function(t,e){var n=t.append("text").attr("x",2*_t().state.padding).attr("y",_t().state.textHeight+2*_t().state.padding).attr("font-size",_t().state.fontSize).attr("class","state-title").text(e.id),r=n.node().getBBox();t.insert("rect",":first-child").attr("x",_t().state.padding).attr("y",_t().state.padding).attr("width",r.width+2*_t().state.padding).attr("height",r.height+2*_t().state.padding).attr("rx",_t().state.radius)}(i,e),"default"===e.type&&e.descriptions.length>0&&ao(i,e);var a=i.node().getBBox();return r.width=a.width+2*_t().state.padding,r.height=a.height+2*_t().state.padding,io(n,r),r},uo=0;za.parser.yy=no;var lo={},ho=function t(e,n,r,i){var a,o=new zt.a.Graph({compound:!0,multigraph:!0}),s=!0;for(a=0;a<e.length;a++)if("relation"===e[a].stmt){s=!1;break}r?o.setGraph({rankdir:"LR",multigraph:!0,compound:!0,ranker:"tight-tree",ranksep:s?1:Wa.edgeLengthFactor,nodeSep:s?1:50,isMultiGraph:!0}):o.setGraph({rankdir:"TB",multigraph:!0,compound:!0,ranksep:s?1:Wa.edgeLengthFactor,nodeSep:s?1:50,ranker:"tight-tree",isMultiGraph:!0}),o.setDefaultEdgeLabel((function(){return{}})),no.extract(e);for(var u=no.getStates(),l=no.getRelations(),f=Object.keys(u),d=0;d<f.length;d++){var p=u[f[d]];r&&(p.parentId=r);var y=void 0;if(p.doc){var g=n.append("g").attr("id",p.id).attr("class","stateGroup");y=t(p.doc,g,p.id,!i);var v=(g=oo(g,p,i)).node().getBBox();y.width=v.width,y.height=v.height+Wa.padding/2,lo[p.id]={y:Wa.compositTitleSize}}else y=co(n,p);if(p.note){var m={descriptions:[],id:p.id+"-note",note:p.note,type:"note"},b=co(n,m);"left of"===p.note.position?(o.setNode(y.id+"-note",b),o.setNode(y.id,y)):(o.setNode(y.id,y),o.setNode(y.id+"-note",b)),o.setParent(y.id,y.id+"-group"),o.setParent(y.id+"-note",y.id+"-group")}else o.setNode(y.id,y)}c.debug("Count=",o.nodeCount(),o);var x=0;l.forEach((function(t){var e;x++,c.debug("Setting edge",t),o.setEdge(t.id1,t.id2,{relation:t,width:(e=t.title,e?e.length*Wa.fontSizeFactor:1),height:Wa.labelHeight*_.getRows(t.title).length,labelpos:"c"},"id"+x)})),jt.a.layout(o),c.debug("Graph after layout",o.nodes());var k=n.node();o.nodes().forEach((function(t){void 0!==t&&void 0!==o.node(t)?(c.warn("Node "+t+": "+JSON.stringify(o.node(t))),Object(h.select)("#"+k.id+" #"+t).attr("transform","translate("+(o.node(t).x-o.node(t).width/2)+","+(o.node(t).y+(lo[t]?lo[t].y:0)-o.node(t).height/2)+" )"),Object(h.select)("#"+k.id+" #"+t).attr("data-x-shift",o.node(t).x-o.node(t).width/2),document.querySelectorAll("#"+k.id+" #"+t+" .divider").forEach((function(t){var e=t.parentElement,n=0,r=0;e&&(e.parentElement&&(n=e.parentElement.getBBox().width),r=parseInt(e.getAttribute("data-x-shift"),10),Number.isNaN(r)&&(r=0)),t.setAttribute("x1",0-r+8),t.setAttribute("x2",n-r-8)}))):c.debug("No Node "+t+": "+JSON.stringify(o.node(t)))}));var w=k.getBBox();o.edges().forEach((function(t){void 0!==t&&void 0!==o.edge(t)&&(c.debug("Edge "+t.v+" -> "+t.w+": "+JSON.stringify(o.edge(t))),function(t,e,n){e.points=e.points.filter((function(t){return!Number.isNaN(t.y)}));var r=e.points,i=Object(h.line)().x((function(t){return t.x})).y((function(t){return t.y})).curve(h.curveBasis),a=t.append("path").attr("d",i(r)).attr("id","edge"+uo).attr("class","transition"),o="";if(_t().state.arrowMarkerAbsolute&&(o=(o=(o=window.location.protocol+"//"+window.location.host+window.location.pathname+window.location.search).replace(/\(/g,"\\(")).replace(/\)/g,"\\)")),a.attr("marker-end","url("+o+"#"+function(t){switch(t){case no.relationType.AGGREGATION:return"aggregation";case no.relationType.EXTENSION:return"extension";case no.relationType.COMPOSITION:return"composition";case no.relationType.DEPENDENCY:return"dependency"}}(no.relationType.DEPENDENCY)+"End)"),void 0!==n.title){for(var s=t.append("g").attr("class","stateLabel"),u=V.calcLabelPosition(e.points),l=u.x,f=u.y,d=_.getRows(n.title),p=0,y=[],g=0,v=0,m=0;m<=d.length;m++){var b=s.append("text").attr("text-anchor","middle").text(d[m]).attr("x",l).attr("y",f+p),x=b.node().getBBox();if(g=Math.max(g,x.width),v=Math.min(v,x.x),c.info(x.x,l,f+p),0===p){var k=b.node().getBBox();p=k.height,c.info("Title height",p,f)}y.push(b)}var w=p*d.length;if(d.length>1){var E=(d.length-1)*p*.5;y.forEach((function(t,e){return t.attr("y",f+e*p-E)})),w=p*d.length}var T=s.node().getBBox();s.insert("rect",":first-child").attr("class","box").attr("x",l-g/2-_t().state.padding/2).attr("y",f-w/2-_t().state.padding/2-3.5).attr("width",g+_t().state.padding).attr("height",w+_t().state.padding),c.info(T)}uo++}(n,o.edge(t),o.edge(t).relation))})),w=k.getBBox();var E={id:r||"root",label:r||"root",width:0,height:0};return E.width=w.width+2*Wa.padding,E.height=w.height+2*Wa.padding,c.debug("Doc rendered",E,o),E},fo=function(){},po=function(t,e){Wa=_t().state,za.parser.yy.clear(),za.parser.parse(t),c.debug("Rendering diagram "+t);var n=Object(h.select)("[id='".concat(e,"']"));n.append("defs").append("marker").attr("id","dependencyEnd").attr("refX",19).attr("refY",7).attr("markerWidth",20).attr("markerHeight",28).attr("orient","auto").append("path").attr("d","M 19,7 L9,13 L14,7 L9,1 Z"),new zt.a.Graph({multigraph:!0,compound:!0,rankdir:"RL"}).setDefaultEdgeLabel((function(){return{}}));var r=no.getRootDoc();ho(r,n,void 0,!1);var i=Wa.padding,a=n.node().getBBox(),o=a.width+2*i,s=a.height+2*i;W(n,s,1.75*o,Wa.useMaxWidth),n.attr("viewBox","".concat(a.x-Wa.padding,"  ").concat(a.y-Wa.padding," ")+o+" "+s)},yo={},go={},vo=function(t,e,n,r){if("root"!==n.id){var i="rect";!0===n.start&&(i="start"),!1===n.start&&(i="end"),"default"!==n.type&&(i=n.type),go[n.id]||(go[n.id]={id:n.id,shape:i,description:n.id,classes:"statediagram-state"}),n.description&&(Array.isArray(go[n.id].description)?(go[n.id].shape="rectWithTitle",go[n.id].description.push(n.description)):go[n.id].description.length>0?(go[n.id].shape="rectWithTitle",go[n.id].description===n.id?go[n.id].description=[n.description]:go[n.id].description=[go[n.id].description,n.description]):(go[n.id].shape="rect",go[n.id].description=n.description)),!go[n.id].type&&n.doc&&(c.info("Setting cluser for ",n.id),go[n.id].type="group",go[n.id].shape="divider"===n.type?"divider":"roundedWithTitle",go[n.id].classes=go[n.id].classes+" "+(r?"statediagram-cluster statediagram-cluster-alt":"statediagram-cluster"));var a={labelStyle:"",shape:go[n.id].shape,labelText:go[n.id].description,classes:go[n.id].classes,style:"",id:n.id,domId:"state-"+n.id+"-"+mo,type:go[n.id].type,padding:15};if(n.note){var o={labelStyle:"",shape:"note",labelText:n.note.text,classes:"statediagram-note",style:"",id:n.id+"----note",domId:"state-"+n.id+"----note-"+mo,type:go[n.id].type,padding:15},s={labelStyle:"",shape:"noteGroup",labelText:n.note.text,classes:go[n.id].classes,style:"",id:n.id+"----parent",domId:"state-"+n.id+"----parent-"+mo,type:"group",padding:0};mo++,t.setNode(n.id+"----parent",s),t.setNode(o.id,o),t.setNode(n.id,a),t.setParent(n.id,n.id+"----parent"),t.setParent(o.id,n.id+"----parent");var u=n.id,l=o.id;"left of"===n.note.position&&(u=o.id,l=n.id),t.setEdge(u,l,{arrowhead:"none",arrowType:"",style:"fill:none",labelStyle:"",classes:"transition note-edge",arrowheadStyle:"fill: #333",labelpos:"c",labelType:"text",thickness:"normal"})}else t.setNode(n.id,a)}e&&"root"!==e.id&&(c.info("Setting node ",n.id," to be child of its parent ",e.id),t.setParent(n.id,e.id)),n.doc&&(c.info("Adding nodes children "),bo(t,n,n.doc,!r))},mo=0,bo=function(t,e,n,r){mo=0,c.trace("items",n),n.forEach((function(n){if("state"===n.stmt||"default"===n.stmt)vo(t,e,n,r);else if("relation"===n.stmt){vo(t,e,n.state1,r),vo(t,e,n.state2,r);var i={id:"edge"+mo,arrowhead:"normal",arrowTypeEnd:"arrow_barb",style:"fill:none",labelStyle:"",label:n.description,arrowheadStyle:"fill: #333",labelpos:"c",labelType:"text",thickness:"normal",classes:"transition"},a=n.state1.id,o=n.state2.id;t.setEdge(a,o,i,mo),mo++}}))},_o=function(t){for(var e=Object.keys(t),n=0;n<e.length;n++)yo[e[n]]=t[e[n]]},xo=function(t,e){c.info("Drawing state diagram (v2)",e),no.clear(),go={};var n=Ua.a.parser;n.yy=no,n.parse(t);var r=no.getDirection();void 0===r&&(r="LR");var i=_t().state,a=i.nodeSpacing||50,o=i.rankSpacing||50,s=new zt.a.Graph({multigraph:!0,compound:!0}).setGraph({rankdir:"TB",nodesep:a,ranksep:o,marginx:8,marginy:8}).setDefaultEdgeLabel((function(){return{}}));c.info(no.getRootDocV2()),no.extract(no.getRootDocV2()),c.info(no.getRootDocV2()),vo(s,void 0,no.getRootDocV2(),!0);var u=Object(h.select)('[id="'.concat(e,'"]')),l=Object(h.select)("#"+e+" g");Ye(l,s,["barb"],"statediagram",e);var f=u.node().getBBox(),d=f.width+16,p=f.height+16;u.attr("class","statediagram");var y=u.node().getBBox();W(u,p,1.75*d,i.useMaxWidth);var g="".concat(y.x-8," ").concat(y.y-8," ").concat(d," ").concat(p);if(c.debug("viewBox ".concat(g)),u.attr("viewBox",g),!i.htmlLabels)for(var v=document.querySelectorAll('[id="'+e+'"] .edgeLabel .label'),m=0;m<v.length;m++){var b=v[m],_=b.getBBox(),x=document.createElementNS("http://www.w3.org/2000/svg","rect");x.setAttribute("rx",0),x.setAttribute("ry",0),x.setAttribute("width",_.width),x.setAttribute("height",_.height),b.insertBefore(x,b.firstChild)}};function ko(t){return function(t){if(Array.isArray(t)){for(var e=0,n=new Array(t.length);e<t.length;e++)n[e]=t[e];return n}}(t)||function(t){if(Symbol.iterator in Object(t)||"[object Arguments]"===Object.prototype.toString.call(t))return Array.from(t)}(t)||function(){throw new TypeError("Invalid attempt to spread non-iterable instance")}()}var wo="",Eo="",To=[],Co=[],So=[],Ao=function(){for(var t=!0,e=0;e<So.length;e++)So[e].processed,t=t&&So[e].processed;return t},Mo={parseDirective:function(t,e,n){fs.parseDirective(this,t,e,n)},getConfig:function(){return _t().journey},clear:function(){To.length=0,Co.length=0,Eo="",wo="",So.length=0},setTitle:function(t){wo=t},getTitle:function(){return wo},addSection:function(t){Eo=t,To.push(t)},getSections:function(){return To},getTasks:function(){for(var t=Ao(),e=0;!t&&e<100;)t=Ao(),e++;return Co.push.apply(Co,So),Co},addTask:function(t,e){var n=e.substr(1).split(":"),r=0,i=[];1===n.length?(r=Number(n[0]),i=[]):(r=Number(n[0]),i=n[1].split(","));var a=i.map((function(t){return t.trim()})),o={section:Eo,type:Eo,people:a,task:t,score:r};So.push(o)},addTaskOrg:function(t){var e={section:Eo,type:Eo,description:t,task:t,classes:[]};Co.push(e)},getActors:function(){return t=[],Co.forEach((function(e){e.people&&t.push.apply(t,ko(e.people))})),ko(new Set(t)).sort();var t}},Oo=n(28),No=n.n(Oo),Do=function(t,e){var n=t.append("rect");return n.attr("x",e.x),n.attr("y",e.y),n.attr("fill",e.fill),n.attr("stroke",e.stroke),n.attr("width",e.width),n.attr("height",e.height),n.attr("rx",e.rx),n.attr("ry",e.ry),void 0!==e.class&&n.attr("class",e.class),n},Bo=function(t,e){var n=t.append("circle");return n.attr("cx",e.cx),n.attr("cy",e.cy),n.attr("fill",e.fill),n.attr("stroke",e.stroke),n.attr("r",e.r),void 0!==n.class&&n.attr("class",n.class),void 0!==e.title&&n.append("title").text(e.title),n},Lo=function(t,e){var n=e.text.replace(/<br\s*\/?>/gi," "),r=t.append("text");r.attr("x",e.x),r.attr("y",e.y),r.attr("class","legend"),r.style("text-anchor",e.anchor),void 0!==e.class&&r.attr("class",e.class);var i=r.append("tspan");return i.attr("x",e.x+2*e.textMargin),i.text(n),r},Io=-1,Ro=function(){return{x:0,y:0,width:100,anchor:"start",height:100,rx:0,ry:0}},Fo=function(){function t(t,e,n,i,a,o,s,c){r(e.append("text").attr("x",n+a/2).attr("y",i+o/2+5).style("font-color",c).style("text-anchor","middle").text(t),s)}function e(t,e,n,i,a,o,s,c,u){for(var l=c.taskFontSize,h=c.taskFontFamily,f=t.split(/<br\s*\/?>/gi),d=0;d<f.length;d++){var p=d*l-l*(f.length-1)/2,y=e.append("text").attr("x",n+a/2).attr("y",i).attr("fill",u).style("text-anchor","middle").style("font-size",l).style("font-family",h);y.append("tspan").attr("x",n+a/2).attr("dy",p).text(f[d]),y.attr("y",i+o/2).attr("dominant-baseline","central").attr("alignment-baseline","central"),r(y,s)}}function n(t,n,i,a,o,s,c,u){var l=n.append("switch"),h=l.append("foreignObject").attr("x",i).attr("y",a).attr("width",o).attr("height",s).attr("position","fixed").append("div").style("display","table").style("height","100%").style("width","100%");h.append("div").attr("class","label").style("display","table-cell").style("text-align","center").style("vertical-align","middle").text(t),e(t,l,i,a,o,s,c,u),r(h,c)}function r(t,e){for(var n in e)n in e&&t.attr(n,e[n])}return function(r){return"fo"===r.textPlacement?n:"old"===r.textPlacement?t:e}}(),Po=Bo,jo=function(t,e,n){var r=t.append("g"),i=Ro();i.x=e.x,i.y=e.y,i.fill=e.fill,i.width=n.width,i.height=n.height,i.class="journey-section section-type-"+e.num,i.rx=3,i.ry=3,Do(r,i),Fo(n)(e.text,r,i.x,i.y,i.width,i.height,{class:"journey-section section-type-"+e.num},n,e.colour)},Yo=Lo,zo=function(t,e,n){var r=e.x+n.width/2,i=t.append("g");Io++;var a,o,s;i.append("line").attr("id","task"+Io).attr("x1",r).attr("y1",e.y).attr("x2",r).attr("y2",450).attr("class","task-line").attr("stroke-width","1px").attr("stroke-dasharray","4 2").attr("stroke","#666"),a=i,o={cx:r,cy:300+30*(5-e.score),score:e.score},a.append("circle").attr("cx",o.cx).attr("cy",o.cy).attr("class","face").attr("r",15).attr("stroke-width",2).attr("overflow","visible"),(s=a.append("g")).append("circle").attr("cx",o.cx-5).attr("cy",o.cy-5).attr("r",1.5).attr("stroke-width",2).attr("fill","#666").attr("stroke","#666"),s.append("circle").attr("cx",o.cx+5).attr("cy",o.cy-5).attr("r",1.5).attr("stroke-width",2).attr("fill","#666").attr("stroke","#666"),o.score>3?function(t){var e=Object(h.arc)().startAngle(Math.PI/2).endAngle(Math.PI/2*3).innerRadius(7.5).outerRadius(15/2.2);t.append("path").attr("class","mouth").attr("d",e).attr("transform","translate("+o.cx+","+(o.cy+2)+")")}(s):o.score<3?function(t){var e=Object(h.arc)().startAngle(3*Math.PI/2).endAngle(Math.PI/2*5).innerRadius(7.5).outerRadius(15/2.2);t.append("path").attr("class","mouth").attr("d",e).attr("transform","translate("+o.cx+","+(o.cy+7)+")")}(s):function(t){t.append("line").attr("class","mouth").attr("stroke",2).attr("x1",o.cx-5).attr("y1",o.cy+7).attr("x2",o.cx+5).attr("y2",o.cy+7).attr("class","mouth").attr("stroke-width","1px").attr("stroke","#666")}(s);var c=Ro();c.x=e.x,c.y=e.y,c.fill=e.fill,c.width=n.width,c.height=n.height,c.class="task task-type-"+e.num,c.rx=3,c.ry=3,Do(i,c);var u=e.x+14;e.people.forEach((function(t){var n=e.actors[t],r={cx:u,cy:e.y,r:7,fill:n,stroke:"#000",title:t};Bo(i,r),u+=10})),Fo(n)(e.task,i,c.x,c.y,c.width,c.height,{class:"task"},n,e.colour)},Uo=function(t){t.append("defs").append("marker").attr("id","arrowhead").attr("refX",5).attr("refY",2).attr("markerWidth",6).attr("markerHeight",4).attr("orient","auto").append("path").attr("d","M 0,0 V 4 L6,2 Z")};Oo.parser.yy=Mo;var $o={};var Wo=_t().journey,Vo=_t().journey.leftMargin,qo={data:{startx:void 0,stopx:void 0,starty:void 0,stopy:void 0},verticalPos:0,sequenceItems:[],init:function(){this.sequenceItems=[],this.data={startx:void 0,stopx:void 0,starty:void 0,stopy:void 0},this.verticalPos=0},updateVal:function(t,e,n,r){void 0===t[e]?t[e]=n:t[e]=r(n,t[e])},updateBounds:function(t,e,n,r){var i,a=_t().journey,o=this,s=0;this.sequenceItems.forEach((function(c){s++;var u=o.sequenceItems.length-s+1;o.updateVal(c,"starty",e-u*a.boxMargin,Math.min),o.updateVal(c,"stopy",r+u*a.boxMargin,Math.max),o.updateVal(qo.data,"startx",t-u*a.boxMargin,Math.min),o.updateVal(qo.data,"stopx",n+u*a.boxMargin,Math.max),"activation"!==i&&(o.updateVal(c,"startx",t-u*a.boxMargin,Math.min),o.updateVal(c,"stopx",n+u*a.boxMargin,Math.max),o.updateVal(qo.data,"starty",e-u*a.boxMargin,Math.min),o.updateVal(qo.data,"stopy",r+u*a.boxMargin,Math.max))}))},insert:function(t,e,n,r){var i=Math.min(t,n),a=Math.max(t,n),o=Math.min(e,r),s=Math.max(e,r);this.updateVal(qo.data,"startx",i,Math.min),this.updateVal(qo.data,"starty",o,Math.min),this.updateVal(qo.data,"stopx",a,Math.max),this.updateVal(qo.data,"stopy",s,Math.max),this.updateBounds(i,o,a,s)},bumpVerticalPos:function(t){this.verticalPos=this.verticalPos+t,this.data.stopy=this.verticalPos},getVerticalPos:function(){return this.verticalPos},getBounds:function(){return this.data}},Ho=Wo.sectionFills,Go=Wo.sectionColours,Xo=function(t,e,n){for(var r=_t().journey,i="",a=n+(2*r.height+r.diagramMarginY),o=0,s="#CCC",c="black",u=0,l=0;l<e.length;l++){var h=e[l];if(i!==h.section){s=Ho[o%Ho.length],u=o%Ho.length,c=Go[o%Go.length];var f={x:l*r.taskMargin+l*r.width+Vo,y:50,text:h.section,fill:s,num:u,colour:c};jo(t,f,r),i=h.section,o++}var d=h.people.reduce((function(t,e){return $o[e]&&(t[e]=$o[e]),t}),{});h.x=l*r.taskMargin+l*r.width+Vo,h.y=a,h.width=r.diagramMarginX,h.height=r.diagramMarginY,h.colour=c,h.fill=s,h.num=u,h.actors=d,zo(t,h,r),qo.insert(h.x,h.y,h.x+h.width+r.taskMargin,450)}},Zo=function(t){Object.keys(t).forEach((function(e){Wo[e]=t[e]}))},Qo=function(t,e){var n=_t().journey;Oo.parser.yy.clear(),Oo.parser.parse(t+"\n"),qo.init();var r=Object(h.select)("#"+e);r.attr("xmlns:xlink","http://www.w3.org/1999/xlink"),Uo(r);var i=Oo.parser.yy.getTasks(),a=Oo.parser.yy.getTitle(),o=Oo.parser.yy.getActors();for(var s in $o)delete $o[s];var c=0;o.forEach((function(t){$o[t]=n.actorColours[c%n.actorColours.length],c++})),function(t){var e=_t().journey,n=60;Object.keys($o).forEach((function(r){var i=$o[r];Po(t,{cx:20,cy:n,r:7,fill:i,stroke:"#000"});var a={x:40,y:n+7,fill:"#666",text:r,textMargin:5|e.boxTextMargin};Yo(t,a),n+=20}))}(r),qo.insert(0,0,Vo,50*Object.keys($o).length),Xo(r,i,0);var u=qo.getBounds();a&&r.append("text").text(a).attr("x",Vo).attr("font-size","4ex").attr("font-weight","bold").attr("y",25);var l=u.stopy-u.starty+2*n.diagramMarginY,f=Vo+u.stopx+2*n.diagramMarginX;W(r,l,f,n.useMaxWidth),r.append("line").attr("x1",Vo).attr("y1",4*n.height).attr("x2",f-Vo-4).attr("y2",4*n.height).attr("stroke-width",4).attr("stroke","black").attr("marker-end","url(#arrowhead)");var d=a?70:0;r.attr("viewBox","".concat(u.startx," -25 ").concat(f," ").concat(l+d)),r.attr("preserveAspectRatio","xMinYMin meet")},Ko={},Jo=function(t){Object.keys(t).forEach((function(e){Ko[e]=t[e]}))},ts=function(t,e){try{c.debug("Renering svg for syntax error\n");var n=Object(h.select)("#"+t),r=n.append("g");r.append("path").attr("class","error-icon").attr("d","m411.313,123.313c6.25-6.25 6.25-16.375 0-22.625s-16.375-6.25-22.625,0l-32,32-9.375,9.375-20.688-20.688c-12.484-12.5-32.766-12.5-45.25,0l-16,16c-1.261,1.261-2.304,2.648-3.31,4.051-21.739-8.561-45.324-13.426-70.065-13.426-105.867,0-192,86.133-192,192s86.133,192 192,192 192-86.133 192-192c0-24.741-4.864-48.327-13.426-70.065 1.402-1.007 2.79-2.049 4.051-3.31l16-16c12.5-12.492 12.5-32.758 0-45.25l-20.688-20.688 9.375-9.375 32.001-31.999zm-219.313,100.687c-52.938,0-96,43.063-96,96 0,8.836-7.164,16-16,16s-16-7.164-16-16c0-70.578 57.422-128 128-128 8.836,0 16,7.164 16,16s-7.164,16-16,16z"),r.append("path").attr("class","error-icon").attr("d","m459.02,148.98c-6.25-6.25-16.375-6.25-22.625,0s-6.25,16.375 0,22.625l16,16c3.125,3.125 7.219,4.688 11.313,4.688 4.094,0 8.188-1.563 11.313-4.688 6.25-6.25 6.25-16.375 0-22.625l-16.001-16z"),r.append("path").attr("class","error-icon").attr("d","m340.395,75.605c3.125,3.125 7.219,4.688 11.313,4.688 4.094,0 8.188-1.563 11.313-4.688 6.25-6.25 6.25-16.375 0-22.625l-16-16c-6.25-6.25-16.375-6.25-22.625,0s-6.25,16.375 0,22.625l15.999,16z"),r.append("path").attr("class","error-icon").attr("d","m400,64c8.844,0 16-7.164 16-16v-32c0-8.836-7.156-16-16-16-8.844,0-16,7.164-16,16v32c0,8.836 7.156,16 16,16z"),r.append("path").attr("class","error-icon").attr("d","m496,96.586h-32c-8.844,0-16,7.164-16,16 0,8.836 7.156,16 16,16h32c8.844,0 16-7.164 16-16 0-8.836-7.156-16-16-16z"),r.append("path").attr("class","error-icon").attr("d","m436.98,75.605c3.125,3.125 7.219,4.688 11.313,4.688 4.094,0 8.188-1.563 11.313-4.688l32-32c6.25-6.25 6.25-16.375 0-22.625s-16.375-6.25-22.625,0l-32,32c-6.251,6.25-6.251,16.375-0.001,22.625z"),r.append("text").attr("class","error-text").attr("x",1240).attr("y",250).attr("font-size","150px").style("text-anchor","middle").text("Syntax error in graph"),r.append("text").attr("class","error-text").attr("x",1050).attr("y",400).attr("font-size","100px").style("text-anchor","middle").text("mermaid version "+e),n.attr("height",100),n.attr("width",400),n.attr("viewBox","768 0 512 512")}catch(t){c.error("Error while rendering info diagram"),c.error(t.message)}},es=function(t){return"g.classGroup text {\n  fill: ".concat(t.nodeBorder,";\n  fill: ").concat(t.classText,";\n  stroke: none;\n  font-family: ").concat(t.fontFamily,";\n  font-size: 10px;\n\n  .title {\n    font-weight: bolder;\n  }\n\n}\n\n.classTitle {\n  font-weight: bolder;\n}\n.node rect,\n  .node circle,\n  .node ellipse,\n  .node polygon,\n  .node path {\n    fill: ").concat(t.mainBkg,";\n    stroke: ").concat(t.nodeBorder,";\n    stroke-width: 1px;\n  }\n\n\n.divider {\n  stroke: ").concat(t.nodeBorder,";\n  stroke: 1;\n}\n\ng.clickable {\n  cursor: pointer;\n}\n\ng.classGroup rect {\n  fill: ").concat(t.mainBkg,";\n  stroke: ").concat(t.nodeBorder,";\n}\n\ng.classGroup line {\n  stroke: ").concat(t.nodeBorder,";\n  stroke-width: 1;\n}\n\n.classLabel .box {\n  stroke: none;\n  stroke-width: 0;\n  fill: ").concat(t.mainBkg,";\n  opacity: 0.5;\n}\n\n.classLabel .label {\n  fill: ").concat(t.nodeBorder,";\n  font-size: 10px;\n}\n\n.relation {\n  stroke: ").concat(t.lineColor,";\n  stroke-width: 1;\n  fill: none;\n}\n\n.dashed-line{\n  stroke-dasharray: 3;\n}\n\n#compositionStart, .composition {\n  fill: ").concat(t.lineColor," !important;\n  stroke: ").concat(t.lineColor," !important;\n  stroke-width: 1;\n}\n\n#compositionEnd, .composition {\n  fill: ").concat(t.lineColor," !important;\n  stroke: ").concat(t.lineColor," !important;\n  stroke-width: 1;\n}\n\n#dependencyStart, .dependency {\n  fill: ").concat(t.lineColor," !important;\n  stroke: ").concat(t.lineColor," !important;\n  stroke-width: 1;\n}\n\n#dependencyStart, .dependency {\n  fill: ").concat(t.lineColor," !important;\n  stroke: ").concat(t.lineColor," !important;\n  stroke-width: 1;\n}\n\n#extensionStart, .extension {\n  fill: ").concat(t.lineColor," !important;\n  stroke: ").concat(t.lineColor," !important;\n  stroke-width: 1;\n}\n\n#extensionEnd, .extension {\n  fill: ").concat(t.lineColor," !important;\n  stroke: ").concat(t.lineColor," !important;\n  stroke-width: 1;\n}\n\n#aggregationStart, .aggregation {\n  fill: ").concat(t.mainBkg," !important;\n  stroke: ").concat(t.lineColor," !important;\n  stroke-width: 1;\n}\n\n#aggregationEnd, .aggregation {\n  fill: ").concat(t.mainBkg," !important;\n  stroke: ").concat(t.lineColor," !important;\n  stroke-width: 1;\n}\n\n.edgeTerminals {\n  font-size: 11px;\n}\n\n")},ns=function(t){return".label {\n    font-family: ".concat(t.fontFamily,";\n    color: ").concat(t.nodeTextColor||t.textColor,";\n  }\n  .cluster-label text {\n    fill: ").concat(t.titleColor,";\n  }\n  .cluster-label span {\n    color: ").concat(t.titleColor,";\n  }\n\n  .label text,span {\n    fill: ").concat(t.nodeTextColor||t.textColor,";\n    color: ").concat(t.nodeTextColor||t.textColor,";\n  }\n\n  .node rect,\n  .node circle,\n  .node ellipse,\n  .node polygon,\n  .node path {\n    fill: ").concat(t.mainBkg,";\n    stroke: ").concat(t.nodeBorder,";\n    stroke-width: 1px;\n  }\n\n  .node .label {\n    text-align: center;\n  }\n  .node.clickable {\n    cursor: pointer;\n  }\n\n  .arrowheadPath {\n    fill: ").concat(t.arrowheadColor,";\n  }\n\n  .edgePath .path {\n    stroke: ").concat(t.lineColor,";\n    stroke-width: 1.5px;\n  }\n\n  .flowchart-link {\n    stroke: ").concat(t.lineColor,";\n    fill: none;\n  }\n\n  .edgeLabel {\n    background-color: ").concat(t.edgeLabelBackground,";\n    rect {\n      opacity: 0.5;\n      background-color: ").concat(t.edgeLabelBackground,";\n      fill: ").concat(t.edgeLabelBackground,";\n    }\n    text-align: center;\n  }\n\n  .cluster rect {\n    fill: ").concat(t.clusterBkg,";\n    stroke: ").concat(t.clusterBorder,";\n    stroke-width: 1px;\n  }\n\n  .cluster text {\n    fill: ").concat(t.titleColor,";\n  }\n\n  .cluster span {\n    color: ").concat(t.titleColor,";\n  }\n  // .cluster div {\n  //   color: ").concat(t.titleColor,";\n  // }\n\n  div.mermaidTooltip {\n    position: absolute;\n    text-align: center;\n    max-width: 200px;\n    padding: 2px;\n    font-family: ").concat(t.fontFamily,";\n    font-size: 12px;\n    background: ").concat(t.tertiaryColor,";\n    border: 1px solid ").concat(t.border2,";\n    border-radius: 2px;\n    pointer-events: none;\n    z-index: 100;\n  }\n")},rs=function(t){return"g.stateGroup text {\n  fill: ".concat(t.nodeBorder,";\n  stroke: none;\n  font-size: 10px;\n}\ng.stateGroup text {\n  fill: ").concat(t.textColor,";\n  stroke: none;\n  font-size: 10px;\n\n}\ng.stateGroup .state-title {\n  font-weight: bolder;\n  fill: ").concat(t.labelColor,";\n}\n\ng.stateGroup rect {\n  fill: ").concat(t.mainBkg,";\n  stroke: ").concat(t.nodeBorder,";\n}\n\ng.stateGroup line {\n  stroke: ").concat(t.lineColor,";\n  stroke-width: 1;\n}\n\n.transition {\n  stroke: ").concat(t.lineColor,";\n  stroke-width: 1;\n  fill: none;\n}\n\n.stateGroup .composit {\n  fill: ").concat(t.background,";\n  border-bottom: 1px\n}\n\n.stateGroup .alt-composit {\n  fill: #e0e0e0;\n  border-bottom: 1px\n}\n\n.state-note {\n  stroke: ").concat(t.noteBorderColor,";\n  fill: ").concat(t.noteBkgColor,";\n\n  text {\n    fill: black;\n    stroke: none;\n    font-size: 10px;\n  }\n}\n\n.stateLabel .box {\n  stroke: none;\n  stroke-width: 0;\n  fill: ").concat(t.mainBkg,";\n  opacity: 0.5;\n}\n\n.edgeLabel .label rect {\n  fill: ").concat(t.tertiaryColor,";\n  opacity: 0.5;\n}\n.edgeLabel .label text {\n  fill: ").concat(t.tertiaryTextColor,";\n}\n.label div .edgeLabel {\n  color: ").concat(t.tertiaryTextColor,";\n}\n\n.stateLabel text {\n  fill: ").concat(t.labelColor,";\n  font-size: 10px;\n  font-weight: bold;\n}\n\n.node circle.state-start {\n  fill: ").concat(t.lineColor,";\n  stroke: black;\n}\n.node circle.state-end {\n  fill: ").concat(t.primaryBorderColor,";\n  stroke: ").concat(t.background,";\n  stroke-width: 1.5\n}\n.end-state-inner {\n  fill: ").concat(t.background,";\n  // stroke: ").concat(t.background,";\n  stroke-width: 1.5\n}\n\n.node rect {\n  fill: ").concat(t.mainBkg,";\n  stroke: ").concat(t.nodeBorder,";\n  stroke-width: 1px;\n}\n#statediagram-barbEnd {\n  fill: ").concat(t.lineColor,";\n}\n\n.statediagram-cluster rect {\n  fill: ").concat(t.mainBkg,";\n  stroke: ").concat(t.nodeBorder,";\n  stroke-width: 1px;\n}\n\n.cluster-label, .nodeLabel {\n  color: ").concat(t.textColor,";\n}\n\n.statediagram-cluster rect.outer {\n  rx: 5px;\n  ry: 5px;\n}\n.statediagram-state .divider {\n  stroke: ").concat(t.nodeBorder,";\n}\n\n.statediagram-state .title-state {\n  rx: 5px;\n  ry: 5px;\n}\n.statediagram-cluster.statediagram-cluster .inner {\n  fill: ").concat(t.background,";\n}\n.statediagram-cluster.statediagram-cluster-alt .inner {\n  fill: #e0e0e0;\n}\n\n.statediagram-cluster .inner {\n  rx:0;\n  ry:0;\n}\n\n.statediagram-state rect.basic {\n  rx: 5px;\n  ry: 5px;\n}\n.statediagram-state rect.divider {\n  stroke-dasharray: 10,10;\n  fill: ").concat(t.altBackground?t.altBackground:"#efefef",";\n}\n\n.note-edge {\n  stroke-dasharray: 5;\n}\n\n.statediagram-note rect {\n  fill: ").concat(t.noteBkgColor,";\n  stroke: ").concat(t.noteBorderColor,";\n  stroke-width: 1px;\n  rx: 0;\n  ry: 0;\n}\n.statediagram-note rect {\n  fill: ").concat(t.noteBkgColor,";\n  stroke: ").concat(t.noteBorderColor,";\n  stroke-width: 1px;\n  rx: 0;\n  ry: 0;\n}\n\n.statediagram-note text {\n  fill: ").concat(t.noteTextColor,";\n}\n\n.statediagram-note .nodeLabel {\n  color: ").concat(t.noteTextColor,";\n}\n\n#dependencyStart, #dependencyEnd {\n  fill: ").concat(t.lineColor,";\n  stroke: ").concat(t.lineColor,";\n  stroke-width: 1;\n}\n")},is={flowchart:ns,"flowchart-v2":ns,sequence:function(t){return".actor {\n    stroke: ".concat(t.actorBorder,";\n    fill: ").concat(t.actorBkg,";\n  }\n\n  text.actor > tspan {\n    fill: ").concat(t.actorTextColor,";\n    stroke: none;\n  }\n\n  .actor-line {\n    stroke: ").concat(t.actorLineColor,";\n  }\n\n  .messageLine0 {\n    stroke-width: 1.5;\n    stroke-dasharray: none;\n    stroke: ").concat(t.signalColor,";\n  }\n\n  .messageLine1 {\n    stroke-width: 1.5;\n    stroke-dasharray: 2, 2;\n    stroke: ").concat(t.signalColor,";\n  }\n\n  #arrowhead path {\n    fill: ").concat(t.signalColor,";\n    stroke: ").concat(t.signalColor,";\n  }\n\n  .sequenceNumber {\n    fill: ").concat(t.sequenceNumberColor,";\n  }\n\n  #sequencenumber {\n    fill: ").concat(t.signalColor,";\n  }\n\n  #crosshead path {\n    fill: ").concat(t.signalColor,";\n    stroke: ").concat(t.signalColor,";\n  }\n\n  .messageText {\n    fill: ").concat(t.signalTextColor,";\n    stroke: ").concat(t.signalTextColor,";\n  }\n\n  .labelBox {\n    stroke: ").concat(t.labelBoxBorderColor,";\n    fill: ").concat(t.labelBoxBkgColor,";\n  }\n\n  .labelText, .labelText > tspan {\n    fill: ").concat(t.labelTextColor,";\n    stroke: none;\n  }\n\n  .loopText, .loopText > tspan {\n    fill: ").concat(t.loopTextColor,";\n    stroke: none;\n  }\n\n  .loopLine {\n    stroke-width: 2px;\n    stroke-dasharray: 2, 2;\n    stroke: ").concat(t.labelBoxBorderColor,";\n    fill: ").concat(t.labelBoxBorderColor,";\n  }\n\n  .note {\n    //stroke: #decc93;\n    stroke: ").concat(t.noteBorderColor,";\n    fill: ").concat(t.noteBkgColor,";\n  }\n\n  .noteText, .noteText > tspan {\n    fill: ").concat(t.noteTextColor,";\n    stroke: none;\n  }\n\n  .activation0 {\n    fill: ").concat(t.activationBkgColor,";\n    stroke: ").concat(t.activationBorderColor,";\n  }\n\n  .activation1 {\n    fill: ").concat(t.activationBkgColor,";\n    stroke: ").concat(t.activationBorderColor,";\n  }\n\n  .activation2 {\n    fill: ").concat(t.activationBkgColor,";\n    stroke: ").concat(t.activationBorderColor,";\n  }\n")},gantt:function(t){return'\n  .mermaid-main-font {\n    font-family: "trebuchet ms", verdana, arial, sans-serif;\n    font-family: var(--mermaid-font-family);\n  }\n\n  .section {\n    stroke: none;\n    opacity: 0.2;\n  }\n\n  .section0 {\n    fill: '.concat(t.sectionBkgColor,";\n  }\n\n  .section2 {\n    fill: ").concat(t.sectionBkgColor2,";\n  }\n\n  .section1,\n  .section3 {\n    fill: ").concat(t.altSectionBkgColor,";\n    opacity: 0.2;\n  }\n\n  .sectionTitle0 {\n    fill: ").concat(t.titleColor,";\n  }\n\n  .sectionTitle1 {\n    fill: ").concat(t.titleColor,";\n  }\n\n  .sectionTitle2 {\n    fill: ").concat(t.titleColor,";\n  }\n\n  .sectionTitle3 {\n    fill: ").concat(t.titleColor,";\n  }\n\n  .sectionTitle {\n    text-anchor: start;\n    // font-size: ").concat(t.ganttFontSize,";\n    // text-height: 14px;\n    font-family: 'trebuchet ms', verdana, arial, sans-serif;\n    font-family: var(--mermaid-font-family);\n\n  }\n\n\n  /* Grid and axis */\n\n  .grid .tick {\n    stroke: ").concat(t.gridColor,";\n    opacity: 0.8;\n    shape-rendering: crispEdges;\n    text {\n      font-family: ").concat(t.fontFamily,";\n      fill: ").concat(t.textColor,";\n    }\n  }\n\n  .grid path {\n    stroke-width: 0;\n  }\n\n\n  /* Today line */\n\n  .today {\n    fill: none;\n    stroke: ").concat(t.todayLineColor,";\n    stroke-width: 2px;\n  }\n\n\n  /* Task styling */\n\n  /* Default task */\n\n  .task {\n    stroke-width: 2;\n  }\n\n  .taskText {\n    text-anchor: middle;\n    font-family: 'trebuchet ms', verdana, arial, sans-serif;\n    font-family: var(--mermaid-font-family);\n  }\n\n  // .taskText:not([font-size]) {\n  //   font-size: ").concat(t.ganttFontSize,";\n  // }\n\n  .taskTextOutsideRight {\n    fill: ").concat(t.taskTextDarkColor,";\n    text-anchor: start;\n    // font-size: ").concat(t.ganttFontSize,";\n    font-family: 'trebuchet ms', verdana, arial, sans-serif;\n    font-family: var(--mermaid-font-family);\n\n  }\n\n  .taskTextOutsideLeft {\n    fill: ").concat(t.taskTextDarkColor,";\n    text-anchor: end;\n    // font-size: ").concat(t.ganttFontSize,";\n  }\n\n  /* Special case clickable */\n  .task.clickable {\n    cursor: pointer;\n  }\n  .taskText.clickable {\n    cursor: pointer;\n    fill: ").concat(t.taskTextClickableColor," !important;\n    font-weight: bold;\n  }\n\n  .taskTextOutsideLeft.clickable {\n    cursor: pointer;\n    fill: ").concat(t.taskTextClickableColor," !important;\n    font-weight: bold;\n  }\n\n  .taskTextOutsideRight.clickable {\n    cursor: pointer;\n    fill: ").concat(t.taskTextClickableColor," !important;\n    font-weight: bold;\n  }\n\n  /* Specific task settings for the sections*/\n\n  .taskText0,\n  .taskText1,\n  .taskText2,\n  .taskText3 {\n    fill: ").concat(t.taskTextColor,";\n  }\n\n  .task0,\n  .task1,\n  .task2,\n  .task3 {\n    fill: ").concat(t.taskBkgColor,";\n    stroke: ").concat(t.taskBorderColor,";\n  }\n\n  .taskTextOutside0,\n  .taskTextOutside2\n  {\n    fill: ").concat(t.taskTextOutsideColor,";\n  }\n\n  .taskTextOutside1,\n  .taskTextOutside3 {\n    fill: ").concat(t.taskTextOutsideColor,";\n  }\n\n\n  /* Active task */\n\n  .active0,\n  .active1,\n  .active2,\n  .active3 {\n    fill: ").concat(t.activeTaskBkgColor,";\n    stroke: ").concat(t.activeTaskBorderColor,";\n  }\n\n  .activeText0,\n  .activeText1,\n  .activeText2,\n  .activeText3 {\n    fill: ").concat(t.taskTextDarkColor," !important;\n  }\n\n\n  /* Completed task */\n\n  .done0,\n  .done1,\n  .done2,\n  .done3 {\n    stroke: ").concat(t.doneTaskBorderColor,";\n    fill: ").concat(t.doneTaskBkgColor,";\n    stroke-width: 2;\n  }\n\n  .doneText0,\n  .doneText1,\n  .doneText2,\n  .doneText3 {\n    fill: ").concat(t.taskTextDarkColor," !important;\n  }\n\n\n  /* Tasks on the critical line */\n\n  .crit0,\n  .crit1,\n  .crit2,\n  .crit3 {\n    stroke: ").concat(t.critBorderColor,";\n    fill: ").concat(t.critBkgColor,";\n    stroke-width: 2;\n  }\n\n  .activeCrit0,\n  .activeCrit1,\n  .activeCrit2,\n  .activeCrit3 {\n    stroke: ").concat(t.critBorderColor,";\n    fill: ").concat(t.activeTaskBkgColor,";\n    stroke-width: 2;\n  }\n\n  .doneCrit0,\n  .doneCrit1,\n  .doneCrit2,\n  .doneCrit3 {\n    stroke: ").concat(t.critBorderColor,";\n    fill: ").concat(t.doneTaskBkgColor,";\n    stroke-width: 2;\n    cursor: pointer;\n    shape-rendering: crispEdges;\n  }\n\n  .milestone {\n    transform: rotate(45deg) scale(0.8,0.8);\n  }\n\n  .milestoneText {\n    font-style: italic;\n  }\n  .doneCritText0,\n  .doneCritText1,\n  .doneCritText2,\n  .doneCritText3 {\n    fill: ").concat(t.taskTextDarkColor," !important;\n  }\n\n  .activeCritText0,\n  .activeCritText1,\n  .activeCritText2,\n  .activeCritText3 {\n    fill: ").concat(t.taskTextDarkColor," !important;\n  }\n\n  .titleText {\n    text-anchor: middle;\n    font-size: 18px;\n    fill: ").concat(t.textColor,"    ;\n    font-family: 'trebuchet ms', verdana, arial, sans-serif;\n    font-family: var(--mermaid-font-family);\n  }\n")},classDiagram:es,"classDiagram-v2":es,class:es,stateDiagram:rs,state:rs,git:function(){return"\n  .commit-id,\n  .commit-msg,\n  .branch-label {\n    fill: lightgrey;\n    color: lightgrey;\n    font-family: 'trebuchet ms', verdana, arial, sans-serif;\n    font-family: var(--mermaid-font-family);\n  }\n"},info:function(){return""},pie:function(t){return".pieTitleText {\n    text-anchor: middle;\n    font-size: 25px;\n    fill: ".concat(t.taskTextDarkColor,";\n    font-family: ").concat(t.fontFamily,";\n  }\n  .slice {\n    font-family: ").concat(t.fontFamily,";\n    fill: ").concat(t.textColor,";\n    // fill: white;\n  }\n  .legend text {\n    fill: ").concat(t.taskTextDarkColor,";\n    font-family: ").concat(t.fontFamily,";\n    font-size: 17px;\n  }\n")},er:function(t){return"\n  .entityBox {\n    fill: ".concat(t.mainBkg,";\n    stroke: ").concat(t.nodeBorder,";\n  }\n\n  .attributeBoxOdd {\n    fill: #ffffff;\n    stroke: ").concat(t.nodeBorder,";\n  }\n\n  .attributeBoxEven {\n    fill: #f2f2f2;\n    stroke: ").concat(t.nodeBorder,";\n  }\n\n  .relationshipLabelBox {\n    fill: ").concat(t.tertiaryColor,";\n    opacity: 0.7;\n    background-color: ").concat(t.tertiaryColor,";\n      rect {\n        opacity: 0.5;\n      }\n  }\n\n    .relationshipLine {\n      stroke: ").concat(t.lineColor,";\n    }\n")},journey:function(t){return".label {\n    font-family: 'trebuchet ms', verdana, arial, sans-serif;\n    font-family: var(--mermaid-font-family);\n    color: ".concat(t.textColor,";\n  }\n  .mouth {\n    stroke: #666;\n  }\n\n  line {\n    stroke: ").concat(t.textColor,"\n  }\n\n  .legend {\n    fill: ").concat(t.textColor,";\n  }\n\n  .label text {\n    fill: #333;\n  }\n  .label {\n    color: ").concat(t.textColor,"\n  }\n\n  .face {\n    fill: #FFF8DC;\n    stroke: #999;\n  }\n\n  .node rect,\n  .node circle,\n  .node ellipse,\n  .node polygon,\n  .node path {\n    fill: ").concat(t.mainBkg,";\n    stroke: ").concat(t.nodeBorder,";\n    stroke-width: 1px;\n  }\n\n  .node .label {\n    text-align: center;\n  }\n  .node.clickable {\n    cursor: pointer;\n  }\n\n  .arrowheadPath {\n    fill: ").concat(t.arrowheadColor,";\n  }\n\n  .edgePath .path {\n    stroke: ").concat(t.lineColor,";\n    stroke-width: 1.5px;\n  }\n\n  .flowchart-link {\n    stroke: ").concat(t.lineColor,";\n    fill: none;\n  }\n\n  .edgeLabel {\n    background-color: ").concat(t.edgeLabelBackground,";\n    rect {\n      opacity: 0.5;\n    }\n    text-align: center;\n  }\n\n  .cluster rect {\n  }\n\n  .cluster text {\n    fill: ").concat(t.titleColor,";\n  }\n\n  div.mermaidTooltip {\n    position: absolute;\n    text-align: center;\n    max-width: 200px;\n    padding: 2px;\n    font-family: 'trebuchet ms', verdana, arial, sans-serif;\n    font-family: var(--mermaid-font-family);\n    font-size: 12px;\n    background: ").concat(t.tertiaryColor,";\n    border: 1px solid ").concat(t.border2,";\n    border-radius: 2px;\n    pointer-events: none;\n    z-index: 100;\n  }\n\n  .task-type-0, .section-type-0  {\n    ").concat(t.fillType0?"fill: ".concat(t.fillType0):"",";\n  }\n  .task-type-1, .section-type-1  {\n    ").concat(t.fillType0?"fill: ".concat(t.fillType1):"",";\n  }\n  .task-type-2, .section-type-2  {\n    ").concat(t.fillType0?"fill: ".concat(t.fillType2):"",";\n  }\n  .task-type-3, .section-type-3  {\n    ").concat(t.fillType0?"fill: ".concat(t.fillType3):"",";\n  }\n  .task-type-4, .section-type-4  {\n    ").concat(t.fillType0?"fill: ".concat(t.fillType4):"",";\n  }\n  .task-type-5, .section-type-5  {\n    ").concat(t.fillType0?"fill: ".concat(t.fillType5):"",";\n  }\n  .task-type-6, .section-type-6  {\n    ").concat(t.fillType0?"fill: ".concat(t.fillType6):"",";\n  }\n  .task-type-7, .section-type-7  {\n    ").concat(t.fillType0?"fill: ".concat(t.fillType7):"",";\n  }\n")},requirement:function(){return""}},as=function(t,e,n){return" {\n    font-family: ".concat(n.fontFamily,";\n    font-size: ").concat(n.fontSize,";\n    fill: ").concat(n.textColor,"\n  }\n\n  /* Classes common for multiple diagrams */\n\n  .error-icon {\n    fill: ").concat(n.errorBkgColor,";\n  }\n  .error-text {\n    fill: ").concat(n.errorTextColor,";\n    stroke: ").concat(n.errorTextColor,";\n  }\n\n  .edge-thickness-normal {\n    stroke-width: 2px;\n  }\n  .edge-thickness-thick {\n    stroke-width: 3.5px\n  }\n  .edge-pattern-solid {\n    stroke-dasharray: 0;\n  }\n\n  .edge-pattern-dashed{\n    stroke-dasharray: 3;\n  }\n  .edge-pattern-dotted {\n    stroke-dasharray: 2;\n  }\n\n  .marker {\n    fill: ").concat(n.lineColor,";\n    stroke: ").concat(n.lineColor,";\n  }\n  .marker.cross {\n    stroke: ").concat(n.lineColor,";\n  }\n\n  svg {\n    font-family: ").concat(n.fontFamily,";\n    font-size: ").concat(n.fontSize,";\n  }\n\n  ").concat(is[t](n),"\n\n  ").concat(e,"\n\n  ").concat(t," { fill: apa;}\n")};function os(t){return(os="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(t){return typeof t}:function(t){return t&&"function"==typeof Symbol&&t.constructor===Symbol&&t!==Symbol.prototype?"symbol":typeof t})(t)}var ss={},cs=function(t,e,n){switch(c.debug("Directive type=".concat(e.type," with args:"),e.args),e.type){case"init":case"initialize":["config"].forEach((function(t){void 0!==e.args[t]&&("flowchart-v2"===n&&(n="flowchart"),e.args[n]=e.args[t],delete e.args[t])})),e.args,kt(e.args);break;case"wrap":case"nowrap":t&&t.setWrap&&t.setWrap("wrap"===e.type);break;default:c.warn("Unhandled directive: source: '%%{".concat(e.type,": ").concat(JSON.stringify(e.args?e.args:{}),"}%%"),e)}};function us(t){vi(t.git),er(t.flowchart),sr(t.flowchart),void 0!==t.sequenceDiagram&&Ya.setConf(F(t.sequence,t.sequenceDiagram)),Ya.setConf(t.sequence),$r(t.gantt),re(t.class),fo(t.state),_o(t.state),Ti(t.class),Bi(t.class),on(t.er),Zo(t.journey),Ji(t.requirement),Jo(t.class)}function ls(){}var hs=Object.freeze({render:function(t,e,n,r){wt();var i=e,a=V.detectInit(i);a&&kt(a);var o=_t();if(e.length>o.maxTextSize&&(i="graph TB;a[Maximum text size in diagram exceeded];style a fill:#faa"),void 0!==r)r.innerHTML="",Object(h.select)(r).append("div").attr("id","d"+t).attr("style","font-family: "+o.fontFamily).append("svg").attr("id",t).attr("width","100%").attr("xmlns","http://www.w3.org/2000/svg").append("g");else{var s=document.getElementById(t);s&&s.remove();var u=document.querySelector("#d"+t);u&&u.remove(),Object(h.select)("body").append("div").attr("id","d"+t).append("svg").attr("id",t).attr("width","100%").attr("xmlns","http://www.w3.org/2000/svg").append("g")}window.txt=i,i=function(t){var e=t;return e=(e=(e=e.replace(/style.*:\S*#.*;/g,(function(t){return t.substring(0,t.length-1)}))).replace(/classDef.*:\S*#.*;/g,(function(t){return t.substring(0,t.length-1)}))).replace(/#\w+;/g,(function(t){var e=t.substring(1,t.length-1);return/^\+?\d+$/.test(e)?"fl°°"+e+"¶ß":"fl°"+e+"¶ß"}))}(i);var l=Object(h.select)("#d"+t).node(),f=V.detectType(i),y=l.firstChild,g=y.firstChild,v="";if(void 0!==o.themeCSS&&(v+="\n".concat(o.themeCSS)),void 0!==o.fontFamily&&(v+="\n:root { --mermaid-font-family: ".concat(o.fontFamily,"}")),void 0!==o.altFontFamily&&(v+="\n:root { --mermaid-alt-font-family: ".concat(o.altFontFamily,"}")),"flowchart"===f||"flowchart-v2"===f||"graph"===f){var m=nr(i);for(var b in m)v+="\n.".concat(b," > * { ").concat(m[b].styles.join(" !important; ")," !important; }"),m[b].textStyles&&(v+="\n.".concat(b," tspan { ").concat(m[b].textStyles.join(" !important; ")," !important; }"))}var _=(new d.a)("#".concat(t),as(f,v,o.themeVariables)),x=document.createElement("style");x.innerHTML=_,y.insertBefore(x,g);try{switch(f){case"git":o.flowchart.arrowMarkerAbsolute=o.arrowMarkerAbsolute,vi(o.git),mi(i,t,!1);break;case"flowchart":o.flowchart.arrowMarkerAbsolute=o.arrowMarkerAbsolute,er(o.flowchart),rr(i,t,!1);break;case"flowchart-v2":o.flowchart.arrowMarkerAbsolute=o.arrowMarkerAbsolute,sr(o.flowchart),cr(i,t,!1);break;case"sequence":o.sequence.arrowMarkerAbsolute=o.arrowMarkerAbsolute,o.sequenceDiagram?(Ya.setConf(Object.assign(o.sequence,o.sequenceDiagram)),console.error("`mermaid config.sequenceDiagram` has been renamed to `config.sequence`. Please update your mermaid config.")):Ya.setConf(o.sequence),Ya.draw(i,t);break;case"gantt":o.gantt.arrowMarkerAbsolute=o.arrowMarkerAbsolute,$r(o.gantt),Wr(i,t);break;case"class":o.class.arrowMarkerAbsolute=o.arrowMarkerAbsolute,re(o.class),ie(i,t);break;case"classDiagram":o.class.arrowMarkerAbsolute=o.arrowMarkerAbsolute,Ue(o.class),$e(i,t);break;case"state":o.class.arrowMarkerAbsolute=o.arrowMarkerAbsolute,fo(o.state),po(i,t);break;case"stateDiagram":o.class.arrowMarkerAbsolute=o.arrowMarkerAbsolute,_o(o.state),xo(i,t);break;case"info":o.class.arrowMarkerAbsolute=o.arrowMarkerAbsolute,Ti(o.class),Ci(i,t,p.version);break;case"pie":o.class.arrowMarkerAbsolute=o.arrowMarkerAbsolute,Bi(o.pie),Li(i,t,p.version);break;case"er":on(o.er),sn(i,t,p.version);break;case"journey":Zo(o.journey),Qo(i,t,p.version);break;case"requirement":Ji(o.requirement),ta(i,t,p.version)}}catch(e){throw ts(t,p.version),e}Object(h.select)('[id="'.concat(t,'"]')).selectAll("foreignobject > *").attr("xmlns","http://www.w3.org/1999/xhtml");var k=Object(h.select)("#d"+t).node().innerHTML;if(c.debug("cnf.arrowMarkerAbsolute",o.arrowMarkerAbsolute),o.arrowMarkerAbsolute&&"false"!==o.arrowMarkerAbsolute||(k=k.replace(/marker-end="url\(.*?#/g,'marker-end="url(#',"g")),k=(k=function(t){var e=t;return e=(e=(e=e.replace(/fl°°/g,(function(){return"&#"}))).replace(/fl°/g,(function(){return"&"}))).replace(/¶ß/g,(function(){return";"}))}(k)).replace(/<br>/g,"<br/>"),void 0!==n)switch(f){case"flowchart":case"flowchart-v2":n(k,Dn.bindFunctions);break;case"gantt":n(k,Pr.bindFunctions);break;case"class":case"classDiagram":n(k,Ft.bindFunctions);break;default:n(k)}else c.debug("CB = undefined!");var w=Object(h.select)("#d"+t).node();return null!==w&&"function"==typeof w.remove&&Object(h.select)("#d"+t).node().remove(),k},parse:function(t){var e=V.detectInit(t);e&&c.debug("reinit ",e);var n,r=V.detectType(t);switch(c.debug("Type "+r),r){case"git":(n=oi.a).parser.yy=ii;break;case"flowchart":case"flowchart-v2":Dn.clear(),(n=Ln.a).parser.yy=Dn;break;case"sequence":(n=na.a).parser.yy=ma;break;case"gantt":(n=zr.a).parser.yy=Pr;break;case"class":case"classDiagram":(n=$t.a).parser.yy=Ft;break;case"state":case"stateDiagram":(n=Ua.a).parser.yy=no;break;case"info":c.debug("info info info"),(n=wi.a).parser.yy=xi;break;case"pie":c.debug("pie"),(n=Ai.a).parser.yy=Ni;break;case"er":c.debug("er"),(n=Qe.a).parser.yy=Xe;break;case"journey":c.debug("Journey"),(n=No.a).parser.yy=Mo;break;case"requirement":case"requirementDiagram":console.log("RequirementDiagram"),c.debug("RequirementDiagram"),(n=Ri.a).parser.yy=Ui}return n.parser.yy.graphType=r,n.parser.yy.parseError=function(t,e){throw{str:t,hash:e}},n.parse(t),n},parseDirective:function(t,e,n,r){try{if(void 0!==e)switch(e=e.trim(),n){case"open_directive":ss={};break;case"type_directive":ss.type=e.toLowerCase();break;case"arg_directive":ss.args=JSON.parse(e);break;case"close_directive":cs(t,ss,r),ss=null}}catch(t){c.error("Error while rendering sequenceDiagram directive: ".concat(e," jison context: ").concat(n)),c.error(t.message)}},initialize:function(t){t&&t.fontFamily&&(t.themeVariables&&t.themeVariables.fontFamily||(t.themeVariables={fontFamily:t.fontFamily})),dt=F({},t),t&&t.theme&&ut[t.theme]?t.themeVariables=ut[t.theme].getThemeVariables(t.themeVariables):t&&(t.themeVariables=ut.default.getThemeVariables(t.themeVariables));var e="object"===os(t)?function(t){return yt=F({},pt),yt=F(yt,t),t.theme&&(yt.themeVariables=ut[t.theme].getThemeVariables(t.themeVariables)),vt=mt(yt,gt),yt}(t):bt();us(e),u(e.logLevel)},reinitialize:ls,getConfig:_t,setConfig:function(t){return F(vt,t),_t()},getSiteConfig:bt,updateSiteConfig:function(t){return yt=F(yt,t),mt(yt,gt),yt},reset:function(){wt()},globalReset:function(){wt(),us(_t())},defaultConfig:pt});u(_t().logLevel),wt(_t());var fs=hs,ds=function(){ps.startOnLoad?fs.getConfig().startOnLoad&&ps.init():void 0===ps.startOnLoad&&(c.debug("In start, no config"),fs.getConfig().startOnLoad&&ps.init())};"undefined"!=typeof document&&
+/*!
+   * Wait for document loaded before starting the execution
+   */
+window.addEventListener("load",(function(){ds()}),!1);var ps={startOnLoad:!0,htmlLabels:!0,mermaidAPI:fs,parse:fs.parse,render:fs.render,init:function(){var t,e,n=this,r=fs.getConfig();arguments.length>=2?(
+/*! sequence config was passed as #1 */
+void 0!==arguments[0]&&(ps.sequenceConfig=arguments[0]),t=arguments[1]):t=arguments[0],"function"==typeof arguments[arguments.length-1]?(e=arguments[arguments.length-1],c.debug("Callback function found")):void 0!==r.mermaid&&("function"==typeof r.mermaid.callback?(e=r.mermaid.callback,c.debug("Callback function found")):c.debug("No Callback function found")),t=void 0===t?document.querySelectorAll(".mermaid"):"string"==typeof t?document.querySelectorAll(t):t instanceof window.Node?[t]:t,c.debug("Start On Load before: "+ps.startOnLoad),void 0!==ps.startOnLoad&&(c.debug("Start On Load inner: "+ps.startOnLoad),fs.updateSiteConfig({startOnLoad:ps.startOnLoad})),void 0!==ps.ganttConfig&&fs.updateSiteConfig({gantt:ps.ganttConfig});for(var a,o=V.initIdGeneratior(r.deterministicIds,r.deterministicIDSeed).next,s=function(r){var s=t[r];
+/*! Check if previously processed */if(s.getAttribute("data-processed"))return"continue";s.setAttribute("data-processed",!0);var u="mermaid-".concat(o());a=i(a=s.innerHTML).trim().replace(/<br\s*\/?>/gi,"<br/>");var l=V.detectInit(a);l&&c.debug("Detected early reinit: ",l);try{fs.render(u,a,(function(t,n){s.innerHTML=t,void 0!==e&&e(u),n&&n(s)}),s)}catch(t){c.warn("Syntax Error rendering"),c.warn(t),n.parseError&&n.parseError(t)}},u=0;u<t.length;u++)s(u)},initialize:function(t){void 0!==t.mermaid&&(void 0!==t.mermaid.startOnLoad&&(ps.startOnLoad=t.mermaid.startOnLoad),void 0!==t.mermaid.htmlLabels&&(ps.htmlLabels=t.mermaid.htmlLabels)),fs.initialize(t)},contentLoaded:ds};e.default=ps}]).default}));
\ No newline at end of file
diff --git a/lolrmm.com/themes/compose/static/js/w3.js b/lolrmm.com/themes/compose/static/js/w3.js
new file mode 100644
index 00000000..f638315d
--- /dev/null
+++ b/lolrmm.com/themes/compose/static/js/w3.js
@@ -0,0 +1,440 @@
+/* W3.JS 1.03 December 2017 by w3schools.com */
+"use strict";
+var w3 = {};
+w3.hide = function (sel) {
+  w3.hideElements(w3.getElements(sel));
+};
+w3.hideElements = function (elements) {
+  var i, l = elements.length;
+  for (i = 0; i < l; i++) {
+    w3.hideElement(elements[i]);
+  }
+};
+w3.hideElement = function (element) {
+  w3.styleElement(element, "display", "none");
+};
+w3.show = function (sel, a) {
+  var elements = w3.getElements(sel);
+  if (a) {w3.hideElements(elements);}
+  w3.showElements(elements);
+};
+w3.showElements = function (elements) {
+  var i, l = elements.length;
+  for (i = 0; i < l; i++) {
+    w3.showElement(elements[i]);
+  }
+};
+w3.showElement = function (element) {
+  w3.styleElement(element, "display", "block");
+};
+w3.addStyle = function (sel, prop, val) {
+  w3.styleElements(w3.getElements(sel), prop, val);
+};
+w3.styleElements = function (elements, prop, val) {
+  var i, l = elements.length;
+  for (i = 0; i < l; i++) {    
+    w3.styleElement(elements[i], prop, val);
+  }
+};
+w3.styleElement = function (element, prop, val) {
+  element.style.setProperty(prop, val);
+};
+w3.toggleShow = function (sel) {
+  var i, x = w3.getElements(sel), l = x.length;
+  for (i = 0; i < l; i++) {    
+    if (x[i].style.display == "none") {
+      w3.styleElement(x[i], "display", "block");
+    } else {
+      w3.styleElement(x[i], "display", "none");
+    }
+  }
+};
+w3.addClass = function (sel, name) {
+  w3.addClassElements(w3.getElements(sel), name);
+};
+w3.addClassElements = function (elements, name) {
+  var i, l = elements.length;
+  for (i = 0; i < l; i++) {
+    w3.addClassElement(elements[i], name);
+  }
+};
+w3.addClassElement = function (element, name) {
+  var i, arr1, arr2;
+  arr1 = element.className.split(" ");
+  arr2 = name.split(" ");
+  for (i = 0; i < arr2.length; i++) {
+    if (arr1.indexOf(arr2[i]) == -1) {element.className += " " + arr2[i];}
+  }
+};
+w3.removeClass = function (sel, name) {
+  w3.removeClassElements(w3.getElements(sel), name);
+};
+w3.removeClassElements = function (elements, name) {
+  var i, l = elements.length, arr1, arr2, j;
+  for (i = 0; i < l; i++) {
+    w3.removeClassElement(elements[i], name);
+  }
+};
+w3.removeClassElement = function (element, name) {
+  var i, arr1, arr2;
+  arr1 = element.className.split(" ");
+  arr2 = name.split(" ");
+  for (i = 0; i < arr2.length; i++) {
+    while (arr1.indexOf(arr2[i]) > -1) {
+      arr1.splice(arr1.indexOf(arr2[i]), 1);     
+    }
+  }
+  element.className = arr1.join(" ");
+};
+w3.toggleClass = function (sel, c1, c2) {
+  w3.toggleClassElements(w3.getElements(sel), c1, c2);
+};
+w3.toggleClassElements = function (elements, c1, c2) {
+  var i, l = elements.length;
+  for (i = 0; i < l; i++) {    
+    w3.toggleClassElement(elements[i], c1, c2);
+  }
+};
+w3.toggleClassElement = function (element, c1, c2) {
+  var t1, t2, t1Arr, t2Arr, j, arr, allPresent;
+  t1 = (c1 || "");
+  t2 = (c2 || "");
+  t1Arr = t1.split(" ");
+  t2Arr = t2.split(" ");
+  arr = element.className.split(" ");
+  if (t2Arr.length == 0) {
+    allPresent = true;
+    for (j = 0; j < t1Arr.length; j++) {
+      if (arr.indexOf(t1Arr[j]) == -1) {allPresent = false;}
+    }
+    if (allPresent) {
+      w3.removeClassElement(element, t1);
+    } else {
+      w3.addClassElement(element, t1);
+    }
+  } else {
+    allPresent = true;
+    for (j = 0; j < t1Arr.length; j++) {
+      if (arr.indexOf(t1Arr[j]) == -1) {allPresent = false;}
+    }
+    if (allPresent) {
+      w3.removeClassElement(element, t1);
+      w3.addClassElement(element, t2);          
+    } else {
+      w3.removeClassElement(element, t2);        
+      w3.addClassElement(element, t1);
+    }
+  }
+};
+w3.getElements = function (id) {
+  if (typeof id == "object") {
+    return [id];
+  } else {
+    return document.querySelectorAll(id);
+  }
+};
+w3.filterHTML = function(id, sel, filter) {
+  var a, b, c, i, ii, iii, hit;
+  a = w3.getElements(id);
+  for (i = 0; i < a.length; i++) {
+    b = w3.getElements(sel);
+    for (ii = 0; ii < b.length; ii++) {
+      hit = 0;
+      if (b[ii].innerHTML.toUpperCase().indexOf(filter.toUpperCase()) > -1) {
+        hit = 1;
+      }
+      c = b[ii].getElementsByTagName("*");
+      for (iii = 0; iii < c.length; iii++) {
+        if (c[iii].innerHTML.toUpperCase().indexOf(filter.toUpperCase()) > -1) {
+          hit = 1;
+        }
+      }
+      if (hit == 1) {
+        b[ii].style.display = "";
+      } else {
+        b[ii].style.display = "none";
+      }
+    }
+  }
+};
+w3.sortHTML = function(id, sel, sortvalue) {
+  var a, b, i, ii, y, bytt, v1, v2, cc, j;
+  a = w3.getElements(id);
+  for (i = 0; i < a.length; i++) {
+    for (j = 0; j < 2; j++) {
+      cc = 0;
+      y = 1;
+      while (y == 1) {
+        y = 0;
+        b = a[i].querySelectorAll(sel);
+        for (ii = 0; ii < (b.length - 1); ii++) {
+          bytt = 0;
+          if (sortvalue) {
+            v1 = b[ii].querySelector(sortvalue).innerHTML.toLowerCase();
+            v2 = b[ii + 1].querySelector(sortvalue).innerHTML.toLowerCase();
+          } else {
+            v1 = b[ii].innerHTML.toLowerCase();
+            v2 = b[ii + 1].innerHTML.toLowerCase();
+          }
+          if ((j == 0 && (v1 > v2)) || (j == 1 && (v1 < v2))) {
+            bytt = 1;
+            break;
+          }
+        }
+        if (bytt == 1) {
+          b[ii].parentNode.insertBefore(b[ii + 1], b[ii]);
+          y = 1;
+          cc++;
+        }
+      }
+      if (cc > 0) {break;}
+    }
+  }
+};
+w3.sortHTMLbyNumber = function(id, sel, sortvalue) {
+  var a, b, i, ii, y, bytt, v1, v2, cc, j;
+  a = w3.getElements(id);
+  for (i = 0; i < a.length; i++) {
+    for (j = 0; j < 2; j++) {
+      cc = 0;
+      y = 1;
+      while (y == 1) {
+        y = 0;
+        b = a[i].querySelectorAll(sel);
+        for (ii = 0; ii < (b.length - 1); ii++) {
+          bytt = 0;
+          if (sortvalue) {
+            v1 = b[ii].querySelector(sortvalue).innerHTML.toLowerCase();
+            v2 = b[ii + 1].querySelector(sortvalue).innerHTML.toLowerCase();
+          } else {
+            v1 = b[ii].innerHTML.toLowerCase();
+            v2 = b[ii + 1].innerHTML.toLowerCase();
+          }
+          var i1 = parseInt(v1, 10);
+          var i2 = parseInt(v2, 10);
+            if(Number.isNaN(i1)) {
+              i1 = -1;
+            }
+            if(Number.isNaN(i2)) {
+              i2 = -1;
+            }
+          if ((j == 0 && (i1 > i2)) || (j == 1 && (i1 < i2))) {
+            bytt = 1;
+            break;
+          }
+        }
+        if (bytt == 1) {
+          b[ii].parentNode.insertBefore(b[ii + 1], b[ii]);
+          y = 1;
+          cc++;
+        }
+      }
+      if (cc > 0) {break;}
+    }
+  }
+};
+w3.slideshow = function (sel, ms, func) {
+  var i, ss, x = w3.getElements(sel), l = x.length;
+  ss = {};
+  ss.current = 1;
+  ss.x = x;
+  ss.ondisplaychange = func;
+  if (!isNaN(ms) || ms == 0) {
+    ss.milliseconds = ms;
+  } else {
+    ss.milliseconds = 1000;
+  }
+  ss.start = function() {
+    ss.display(ss.current)
+    if (ss.ondisplaychange) {ss.ondisplaychange();}
+    if (ss.milliseconds > 0) {
+      window.clearTimeout(ss.timeout);
+      ss.timeout = window.setTimeout(ss.next, ss.milliseconds);
+    }
+  };
+  ss.next = function() {
+    ss.current += 1;
+    if (ss.current > ss.x.length) {ss.current = 1;}
+    ss.start();
+  };
+  ss.previous = function() {
+    ss.current -= 1;
+    if (ss.current < 1) {ss.current = ss.x.length;}
+    ss.start();
+  };
+  ss.display = function (n) {
+    w3.styleElements(ss.x, "display", "none");
+    w3.styleElement(ss.x[n - 1], "display", "block");
+  }
+  ss.start();
+  return ss;
+};
+w3.includeHTML = function(cb) {
+  var z, i, elmnt, file, xhttp;
+  z = document.getElementsByTagName("*");
+  for (i = 0; i < z.length; i++) {
+    elmnt = z[i];
+    file = elmnt.getAttribute("w3-include-html");
+    if (file) {
+      xhttp = new XMLHttpRequest();
+      xhttp.onreadystatechange = function() {
+        if (this.readyState == 4) {
+          if (this.status == 200) {elmnt.innerHTML = this.responseText;}
+          if (this.status == 404) {elmnt.innerHTML = "Page not found.";}
+          elmnt.removeAttribute("w3-include-html");
+          w3.includeHTML(cb);
+        }
+      }      
+      xhttp.open("GET", file, true);
+      xhttp.send();
+      return;
+    }
+  }
+  if (cb) cb();
+};
+w3.getHttpData = function (file, func) {
+  w3.http(file, function () {
+    if (this.readyState == 4 && this.status == 200) {
+      func(this.responseText);
+    }
+  });
+};
+w3.getHttpObject = function (file, func) {
+  w3.http(file, function () {
+    if (this.readyState == 4 && this.status == 200) {
+      func(JSON.parse(this.responseText));
+    }
+  });
+};
+w3.displayHttp = function (id, file) {
+  w3.http(file, function () {
+    if (this.readyState == 4 && this.status == 200) {
+      w3.displayObject(id, JSON.parse(this.responseText));
+    }
+  });
+};
+w3.http = function (target, readyfunc, xml, method) {
+  var httpObj;
+  if (!method) {method = "GET"; }
+  if (window.XMLHttpRequest) {
+    httpObj = new XMLHttpRequest();
+  } else if (window.ActiveXObject) {
+    httpObj = new ActiveXObject("Microsoft.XMLHTTP");
+  }
+  if (httpObj) {
+    if (readyfunc) {httpObj.onreadystatechange = readyfunc;}
+    httpObj.open(method, target, true);
+    httpObj.send(xml);
+  }
+};
+w3.getElementsByAttribute = function (x, att) {
+  var arr = [], arrCount = -1, i, l, y = x.getElementsByTagName("*"), z = att.toUpperCase();
+  l = y.length;
+  for (i = -1; i < l; i += 1) {
+    if (i == -1) {y[i] = x;}
+    if (y[i].getAttribute(z) !== null) {arrCount += 1; arr[arrCount] = y[i];}
+  }
+  return arr;
+};  
+w3.dataObject = {},
+w3.displayObject = function (id, data) {
+  var htmlObj, htmlTemplate, html, arr = [], a, l, rowClone, x, j, i, ii, cc, repeat, repeatObj, repeatX = "";
+  htmlObj = document.getElementById(id);
+  htmlTemplate = init_template(id, htmlObj);
+  html = htmlTemplate.cloneNode(true);
+  arr = w3.getElementsByAttribute(html, "w3-repeat");
+  l = arr.length;
+  for (j = (l - 1); j >= 0; j -= 1) {
+    cc = arr[j].getAttribute("w3-repeat").split(" ");
+    if (cc.length == 1) {
+      repeat = cc[0];
+    } else {
+      repeatX = cc[0];
+      repeat = cc[2];
+    }
+    arr[j].removeAttribute("w3-repeat");
+    repeatObj = data[repeat];
+    if (repeatObj && typeof repeatObj == "object" && repeatObj.length != "undefined") {
+      i = 0;
+      for (x in repeatObj) {
+        i += 1;
+        rowClone = arr[j];
+        rowClone = w3_replace_curly(rowClone, "element", repeatX, repeatObj[x]);
+        a = rowClone.attributes;
+        for (ii = 0; ii < a.length; ii += 1) {
+          a[ii].value = w3_replace_curly(a[ii], "attribute", repeatX, repeatObj[x]).value;
+        }
+        (i === repeatObj.length) ? arr[j].parentNode.replaceChild(rowClone, arr[j]) : arr[j].parentNode.insertBefore(rowClone, arr[j]);
+      }
+    } else {
+      console.log("w3-repeat must be an array. " + repeat + " is not an array.");
+      continue;
+    }
+  }
+  html = w3_replace_curly(html, "element");
+  htmlObj.parentNode.replaceChild(html, htmlObj);
+  function init_template(id, obj) {
+    var template;
+    template = obj.cloneNode(true);
+    if (w3.dataObject.hasOwnProperty(id)) {return w3.dataObject[id];}
+    w3.dataObject[id] = template;
+    return template;
+  }
+  function w3_replace_curly(elmnt, typ, repeatX, x) {
+    var value, rowClone, pos1, pos2, originalHTML, lookFor, lookForARR = [], i, cc, r;
+    rowClone = elmnt.cloneNode(true);
+    pos1 = 0;
+    while (pos1 > -1) {
+      originalHTML = (typ == "attribute") ? rowClone.value : rowClone.innerHTML;
+      pos1 = originalHTML.indexOf("{{", pos1);
+      if (pos1 === -1) {break;}
+      pos2 = originalHTML.indexOf("}}", pos1 + 1);
+      lookFor = originalHTML.substring(pos1 + 2, pos2);
+      lookForARR = lookFor.split("||");
+      value = undefined;
+      for (i = 0; i < lookForARR.length; i += 1) {
+        lookForARR[i] = lookForARR[i].replace(/^\s+|\s+$/gm, ''); //trim
+        if (x) {value = x[lookForARR[i]];}
+        if (value == undefined && data) {value = data[lookForARR[i]];}
+        if (value == undefined) {
+          cc = lookForARR[i].split(".");
+          if (cc[0] == repeatX) {value = x[cc[1]]; }
+        }
+        if (value == undefined) {
+          if (lookForARR[i] == repeatX) {value = x;}
+        }
+        if (value == undefined) {
+          if (lookForARR[i].substr(0, 1) == '"') {
+            value = lookForARR[i].replace(/"/g, "");
+          } else if (lookForARR[i].substr(0,1) == "'") {
+            value = lookForARR[i].replace(/'/g, "");
+          }
+        }
+        if (value != undefined) {break;}
+      }
+      if (value != undefined) {
+        r = "{{" + lookFor + "}}";
+        if (typ == "attribute") {
+          rowClone.value = rowClone.value.replace(r, value);
+        } else {
+          w3_replace_html(rowClone, r, value);
+        }
+      }
+      pos1 = pos1 + 1;
+    }
+    return rowClone;
+  }
+  function w3_replace_html(a, r, result) {
+    var b, l, i, a, x, j;
+    if (a.hasAttributes()) {
+      b = a.attributes;
+      l = b.length;
+      for (i = 0; i < l; i += 1) {
+        if (b[i].value.indexOf(r) > -1) {b[i].value = b[i].value.replace(r, result);}
+      }
+    }
+    x = a.getElementsByTagName("*");
+    l = x.length;
+    a.innerHTML = a.innerHTML.replace(r, result);
+  }
+};
\ No newline at end of file
diff --git a/lolrmm.com/themes/compose/theme.toml b/lolrmm.com/themes/compose/theme.toml
new file mode 100644
index 00000000..6cfd9b2e
--- /dev/null
+++ b/lolrmm.com/themes/compose/theme.toml
@@ -0,0 +1,12 @@
+name = "Compose"
+license = "MIT"
+licenselink = "https://github.com/onweru/compose/blob/master/LICENSE"
+description = "A hugo theme for documentation sites. It's inspired by forestry.io's docs page"
+homepage = "https://docs.neuralvibes.com"
+tags = ["dark mode", "docs", "dark", "blog", "search", "documentation"]
+features = ["dark mode", "docs", "dark", "blog", "search", "documentation"]
+min_version = "0.76.0"
+
+[author]
+  name = "Weru"
+  homepage = "https://github.com/onweru"
diff --git a/poetry.lock b/poetry.lock
new file mode 100644
index 00000000..44a104ef
--- /dev/null
+++ b/poetry.lock
@@ -0,0 +1,1128 @@
+# This file is automatically @generated by Poetry 1.8.2 and should not be changed by hand.
+
+[[package]]
+name = "altair"
+version = "5.3.0"
+description = "Vega-Altair: A declarative statistical visualization library for Python."
+optional = false
+python-versions = ">=3.8"
+files = [
+    {file = "altair-5.3.0-py3-none-any.whl", hash = "sha256:7084a1dab4d83c5e7e5246b92dc1b4451a6c68fd057f3716ee9d315c8980e59a"},
+    {file = "altair-5.3.0.tar.gz", hash = "sha256:5a268b1a0983b23d8f9129f819f956174aa7aea2719ed55a52eba9979b9f6675"},
+]
+
+[package.dependencies]
+jinja2 = "*"
+jsonschema = ">=3.0"
+numpy = "*"
+packaging = "*"
+pandas = ">=0.25"
+toolz = "*"
+
+[package.extras]
+all = ["altair-tiles (>=0.3.0)", "anywidget (>=0.9.0)", "pyarrow (>=11)", "vega-datasets (>=0.9.0)", "vegafusion[embed] (>=1.6.6)", "vl-convert-python (>=1.3.0)"]
+dev = ["geopandas", "hatch", "ipython", "m2r", "mypy", "pandas-stubs", "pytest", "pytest-cov", "ruff (>=0.3.0)", "types-jsonschema", "types-setuptools"]
+doc = ["docutils", "jinja2", "myst-parser", "numpydoc", "pillow (>=9,<10)", "pydata-sphinx-theme (>=0.14.1)", "scipy", "sphinx", "sphinx-copybutton", "sphinx-design", "sphinxext-altair"]
+
+[[package]]
+name = "attrs"
+version = "24.1.0"
+description = "Classes Without Boilerplate"
+optional = false
+python-versions = ">=3.7"
+files = [
+    {file = "attrs-24.1.0-py3-none-any.whl", hash = "sha256:377b47448cb61fea38533f671fba0d0f8a96fd58facd4dc518e3dac9dbea0905"},
+    {file = "attrs-24.1.0.tar.gz", hash = "sha256:adbdec84af72d38be7628e353a09b6a6790d15cd71819f6e9d7b0faa8a125745"},
+]
+
+[package.extras]
+benchmark = ["cloudpickle", "hypothesis", "mypy (>=1.11.1)", "pympler", "pytest (>=4.3.0)", "pytest-codspeed", "pytest-mypy-plugins", "pytest-xdist[psutil]"]
+cov = ["cloudpickle", "coverage[toml] (>=5.3)", "hypothesis", "mypy (>=1.11.1)", "pympler", "pytest (>=4.3.0)", "pytest-mypy-plugins", "pytest-xdist[psutil]"]
+dev = ["cloudpickle", "hypothesis", "mypy (>=1.11.1)", "pre-commit", "pympler", "pytest (>=4.3.0)", "pytest-mypy-plugins", "pytest-xdist[psutil]"]
+docs = ["cogapp", "furo", "myst-parser", "sphinx", "sphinx-notfound-page", "sphinxcontrib-towncrier", "towncrier (<24.7)"]
+tests = ["cloudpickle", "hypothesis", "mypy (>=1.11.1)", "pympler", "pytest (>=4.3.0)", "pytest-mypy-plugins", "pytest-xdist[psutil]"]
+tests-mypy = ["mypy (>=1.11.1)", "pytest-mypy-plugins"]
+
+[[package]]
+name = "blinker"
+version = "1.8.2"
+description = "Fast, simple object-to-object and broadcast signaling"
+optional = false
+python-versions = ">=3.8"
+files = [
+    {file = "blinker-1.8.2-py3-none-any.whl", hash = "sha256:1779309f71bf239144b9399d06ae925637cf6634cf6bd131104184531bf67c01"},
+    {file = "blinker-1.8.2.tar.gz", hash = "sha256:8f77b09d3bf7c795e969e9486f39c2c5e9c39d4ee07424be2bc594ece9642d83"},
+]
+
+[[package]]
+name = "cachetools"
+version = "5.4.0"
+description = "Extensible memoizing collections and decorators"
+optional = false
+python-versions = ">=3.7"
+files = [
+    {file = "cachetools-5.4.0-py3-none-any.whl", hash = "sha256:3ae3b49a3d5e28a77a0be2b37dbcb89005058959cb2323858c2657c4a8cab474"},
+    {file = "cachetools-5.4.0.tar.gz", hash = "sha256:b8adc2e7c07f105ced7bc56dbb6dfbe7c4a00acce20e2227b3f355be89bc6827"},
+]
+
+[[package]]
+name = "certifi"
+version = "2024.7.4"
+description = "Python package for providing Mozilla's CA Bundle."
+optional = false
+python-versions = ">=3.6"
+files = [
+    {file = "certifi-2024.7.4-py3-none-any.whl", hash = "sha256:c198e21b1289c2ab85ee4e67bb4b4ef3ead0892059901a8d5b622f24a1101e90"},
+    {file = "certifi-2024.7.4.tar.gz", hash = "sha256:5a1e7645bc0ec61a09e26c36f6106dd4cf40c6db3a1fb6352b0244e7fb057c7b"},
+]
+
+[[package]]
+name = "charset-normalizer"
+version = "3.3.2"
+description = "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet."
+optional = false
+python-versions = ">=3.7.0"
+files = [
+    {file = "charset-normalizer-3.3.2.tar.gz", hash = "sha256:f30c3cb33b24454a82faecaf01b19c18562b1e89558fb6c56de4d9118a032fd5"},
+    {file = "charset_normalizer-3.3.2-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:25baf083bf6f6b341f4121c2f3c548875ee6f5339300e08be3f2b2ba1721cdd3"},
+    {file = "charset_normalizer-3.3.2-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:06435b539f889b1f6f4ac1758871aae42dc3a8c0e24ac9e60c2384973ad73027"},
+    {file = "charset_normalizer-3.3.2-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:9063e24fdb1e498ab71cb7419e24622516c4a04476b17a2dab57e8baa30d6e03"},
+    {file = "charset_normalizer-3.3.2-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:6897af51655e3691ff853668779c7bad41579facacf5fd7253b0133308cf000d"},
+    {file = "charset_normalizer-3.3.2-cp310-cp310-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:1d3193f4a680c64b4b6a9115943538edb896edc190f0b222e73761716519268e"},
+    {file = "charset_normalizer-3.3.2-cp310-cp310-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:cd70574b12bb8a4d2aaa0094515df2463cb429d8536cfb6c7ce983246983e5a6"},
+    {file = "charset_normalizer-3.3.2-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:8465322196c8b4d7ab6d1e049e4c5cb460d0394da4a27d23cc242fbf0034b6b5"},
+    {file = "charset_normalizer-3.3.2-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:a9a8e9031d613fd2009c182b69c7b2c1ef8239a0efb1df3f7c8da66d5dd3d537"},
+    {file = "charset_normalizer-3.3.2-cp310-cp310-musllinux_1_1_aarch64.whl", hash = "sha256:beb58fe5cdb101e3a055192ac291b7a21e3b7ef4f67fa1d74e331a7f2124341c"},
+    {file = "charset_normalizer-3.3.2-cp310-cp310-musllinux_1_1_i686.whl", hash = "sha256:e06ed3eb3218bc64786f7db41917d4e686cc4856944f53d5bdf83a6884432e12"},
+    {file = "charset_normalizer-3.3.2-cp310-cp310-musllinux_1_1_ppc64le.whl", hash = "sha256:2e81c7b9c8979ce92ed306c249d46894776a909505d8f5a4ba55b14206e3222f"},
+    {file = "charset_normalizer-3.3.2-cp310-cp310-musllinux_1_1_s390x.whl", hash = "sha256:572c3763a264ba47b3cf708a44ce965d98555f618ca42c926a9c1616d8f34269"},
+    {file = "charset_normalizer-3.3.2-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:fd1abc0d89e30cc4e02e4064dc67fcc51bd941eb395c502aac3ec19fab46b519"},
+    {file = "charset_normalizer-3.3.2-cp310-cp310-win32.whl", hash = "sha256:3d47fa203a7bd9c5b6cee4736ee84ca03b8ef23193c0d1ca99b5089f72645c73"},
+    {file = "charset_normalizer-3.3.2-cp310-cp310-win_amd64.whl", hash = "sha256:10955842570876604d404661fbccbc9c7e684caf432c09c715ec38fbae45ae09"},
+    {file = "charset_normalizer-3.3.2-cp311-cp311-macosx_10_9_universal2.whl", hash = "sha256:802fe99cca7457642125a8a88a084cef28ff0cf9407060f7b93dca5aa25480db"},
+    {file = "charset_normalizer-3.3.2-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:573f6eac48f4769d667c4442081b1794f52919e7edada77495aaed9236d13a96"},
+    {file = "charset_normalizer-3.3.2-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:549a3a73da901d5bc3ce8d24e0600d1fa85524c10287f6004fbab87672bf3e1e"},
+    {file = "charset_normalizer-3.3.2-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:f27273b60488abe721a075bcca6d7f3964f9f6f067c8c4c605743023d7d3944f"},
+    {file = "charset_normalizer-3.3.2-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:1ceae2f17a9c33cb48e3263960dc5fc8005351ee19db217e9b1bb15d28c02574"},
+    {file = "charset_normalizer-3.3.2-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:65f6f63034100ead094b8744b3b97965785388f308a64cf8d7c34f2f2e5be0c4"},
+    {file = "charset_normalizer-3.3.2-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:753f10e867343b4511128c6ed8c82f7bec3bd026875576dfd88483c5c73b2fd8"},
+    {file = "charset_normalizer-3.3.2-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:4a78b2b446bd7c934f5dcedc588903fb2f5eec172f3d29e52a9096a43722adfc"},
+    {file = "charset_normalizer-3.3.2-cp311-cp311-musllinux_1_1_aarch64.whl", hash = "sha256:e537484df0d8f426ce2afb2d0f8e1c3d0b114b83f8850e5f2fbea0e797bd82ae"},
+    {file = "charset_normalizer-3.3.2-cp311-cp311-musllinux_1_1_i686.whl", hash = "sha256:eb6904c354526e758fda7167b33005998fb68c46fbc10e013ca97f21ca5c8887"},
+    {file = "charset_normalizer-3.3.2-cp311-cp311-musllinux_1_1_ppc64le.whl", hash = "sha256:deb6be0ac38ece9ba87dea880e438f25ca3eddfac8b002a2ec3d9183a454e8ae"},
+    {file = "charset_normalizer-3.3.2-cp311-cp311-musllinux_1_1_s390x.whl", hash = "sha256:4ab2fe47fae9e0f9dee8c04187ce5d09f48eabe611be8259444906793ab7cbce"},
+    {file = "charset_normalizer-3.3.2-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:80402cd6ee291dcb72644d6eac93785fe2c8b9cb30893c1af5b8fdd753b9d40f"},
+    {file = "charset_normalizer-3.3.2-cp311-cp311-win32.whl", hash = "sha256:7cd13a2e3ddeed6913a65e66e94b51d80a041145a026c27e6bb76c31a853c6ab"},
+    {file = "charset_normalizer-3.3.2-cp311-cp311-win_amd64.whl", hash = "sha256:663946639d296df6a2bb2aa51b60a2454ca1cb29835324c640dafb5ff2131a77"},
+    {file = "charset_normalizer-3.3.2-cp312-cp312-macosx_10_9_universal2.whl", hash = "sha256:0b2b64d2bb6d3fb9112bafa732def486049e63de9618b5843bcdd081d8144cd8"},
+    {file = "charset_normalizer-3.3.2-cp312-cp312-macosx_10_9_x86_64.whl", hash = "sha256:ddbb2551d7e0102e7252db79ba445cdab71b26640817ab1e3e3648dad515003b"},
+    {file = "charset_normalizer-3.3.2-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:55086ee1064215781fff39a1af09518bc9255b50d6333f2e4c74ca09fac6a8f6"},
+    {file = "charset_normalizer-3.3.2-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:8f4a014bc36d3c57402e2977dada34f9c12300af536839dc38c0beab8878f38a"},
+    {file = "charset_normalizer-3.3.2-cp312-cp312-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:a10af20b82360ab00827f916a6058451b723b4e65030c5a18577c8b2de5b3389"},
+    {file = "charset_normalizer-3.3.2-cp312-cp312-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:8d756e44e94489e49571086ef83b2bb8ce311e730092d2c34ca8f7d925cb20aa"},
+    {file = "charset_normalizer-3.3.2-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:90d558489962fd4918143277a773316e56c72da56ec7aa3dc3dbbe20fdfed15b"},
+    {file = "charset_normalizer-3.3.2-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:6ac7ffc7ad6d040517be39eb591cac5ff87416c2537df6ba3cba3bae290c0fed"},
+    {file = "charset_normalizer-3.3.2-cp312-cp312-musllinux_1_1_aarch64.whl", hash = "sha256:7ed9e526742851e8d5cc9e6cf41427dfc6068d4f5a3bb03659444b4cabf6bc26"},
+    {file = "charset_normalizer-3.3.2-cp312-cp312-musllinux_1_1_i686.whl", hash = "sha256:8bdb58ff7ba23002a4c5808d608e4e6c687175724f54a5dade5fa8c67b604e4d"},
+    {file = "charset_normalizer-3.3.2-cp312-cp312-musllinux_1_1_ppc64le.whl", hash = "sha256:6b3251890fff30ee142c44144871185dbe13b11bab478a88887a639655be1068"},
+    {file = "charset_normalizer-3.3.2-cp312-cp312-musllinux_1_1_s390x.whl", hash = "sha256:b4a23f61ce87adf89be746c8a8974fe1c823c891d8f86eb218bb957c924bb143"},
+    {file = "charset_normalizer-3.3.2-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:efcb3f6676480691518c177e3b465bcddf57cea040302f9f4e6e191af91174d4"},
+    {file = "charset_normalizer-3.3.2-cp312-cp312-win32.whl", hash = "sha256:d965bba47ddeec8cd560687584e88cf699fd28f192ceb452d1d7ee807c5597b7"},
+    {file = "charset_normalizer-3.3.2-cp312-cp312-win_amd64.whl", hash = "sha256:96b02a3dc4381e5494fad39be677abcb5e6634bf7b4fa83a6dd3112607547001"},
+    {file = "charset_normalizer-3.3.2-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:95f2a5796329323b8f0512e09dbb7a1860c46a39da62ecb2324f116fa8fdc85c"},
+    {file = "charset_normalizer-3.3.2-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:c002b4ffc0be611f0d9da932eb0f704fe2602a9a949d1f738e4c34c75b0863d5"},
+    {file = "charset_normalizer-3.3.2-cp37-cp37m-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:a981a536974bbc7a512cf44ed14938cf01030a99e9b3a06dd59578882f06f985"},
+    {file = "charset_normalizer-3.3.2-cp37-cp37m-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:3287761bc4ee9e33561a7e058c72ac0938c4f57fe49a09eae428fd88aafe7bb6"},
+    {file = "charset_normalizer-3.3.2-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:42cb296636fcc8b0644486d15c12376cb9fa75443e00fb25de0b8602e64c1714"},
+    {file = "charset_normalizer-3.3.2-cp37-cp37m-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:0a55554a2fa0d408816b3b5cedf0045f4b8e1a6065aec45849de2d6f3f8e9786"},
+    {file = "charset_normalizer-3.3.2-cp37-cp37m-musllinux_1_1_aarch64.whl", hash = "sha256:c083af607d2515612056a31f0a8d9e0fcb5876b7bfc0abad3ecd275bc4ebc2d5"},
+    {file = "charset_normalizer-3.3.2-cp37-cp37m-musllinux_1_1_i686.whl", hash = "sha256:87d1351268731db79e0f8e745d92493ee2841c974128ef629dc518b937d9194c"},
+    {file = "charset_normalizer-3.3.2-cp37-cp37m-musllinux_1_1_ppc64le.whl", hash = "sha256:bd8f7df7d12c2db9fab40bdd87a7c09b1530128315d047a086fa3ae3435cb3a8"},
+    {file = "charset_normalizer-3.3.2-cp37-cp37m-musllinux_1_1_s390x.whl", hash = "sha256:c180f51afb394e165eafe4ac2936a14bee3eb10debc9d9e4db8958fe36afe711"},
+    {file = "charset_normalizer-3.3.2-cp37-cp37m-musllinux_1_1_x86_64.whl", hash = "sha256:8c622a5fe39a48f78944a87d4fb8a53ee07344641b0562c540d840748571b811"},
+    {file = "charset_normalizer-3.3.2-cp37-cp37m-win32.whl", hash = "sha256:db364eca23f876da6f9e16c9da0df51aa4f104a972735574842618b8c6d999d4"},
+    {file = "charset_normalizer-3.3.2-cp37-cp37m-win_amd64.whl", hash = "sha256:86216b5cee4b06df986d214f664305142d9c76df9b6512be2738aa72a2048f99"},
+    {file = "charset_normalizer-3.3.2-cp38-cp38-macosx_10_9_universal2.whl", hash = "sha256:6463effa3186ea09411d50efc7d85360b38d5f09b870c48e4600f63af490e56a"},
+    {file = "charset_normalizer-3.3.2-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:6c4caeef8fa63d06bd437cd4bdcf3ffefe6738fb1b25951440d80dc7df8c03ac"},
+    {file = "charset_normalizer-3.3.2-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:37e55c8e51c236f95b033f6fb391d7d7970ba5fe7ff453dad675e88cf303377a"},
+    {file = "charset_normalizer-3.3.2-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:fb69256e180cb6c8a894fee62b3afebae785babc1ee98b81cdf68bbca1987f33"},
+    {file = "charset_normalizer-3.3.2-cp38-cp38-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:ae5f4161f18c61806f411a13b0310bea87f987c7d2ecdbdaad0e94eb2e404238"},
+    {file = "charset_normalizer-3.3.2-cp38-cp38-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:b2b0a0c0517616b6869869f8c581d4eb2dd83a4d79e0ebcb7d373ef9956aeb0a"},
+    {file = "charset_normalizer-3.3.2-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:45485e01ff4d3630ec0d9617310448a8702f70e9c01906b0d0118bdf9d124cf2"},
+    {file = "charset_normalizer-3.3.2-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:eb00ed941194665c332bf8e078baf037d6c35d7c4f3102ea2d4f16ca94a26dc8"},
+    {file = "charset_normalizer-3.3.2-cp38-cp38-musllinux_1_1_aarch64.whl", hash = "sha256:2127566c664442652f024c837091890cb1942c30937add288223dc895793f898"},
+    {file = "charset_normalizer-3.3.2-cp38-cp38-musllinux_1_1_i686.whl", hash = "sha256:a50aebfa173e157099939b17f18600f72f84eed3049e743b68ad15bd69b6bf99"},
+    {file = "charset_normalizer-3.3.2-cp38-cp38-musllinux_1_1_ppc64le.whl", hash = "sha256:4d0d1650369165a14e14e1e47b372cfcb31d6ab44e6e33cb2d4e57265290044d"},
+    {file = "charset_normalizer-3.3.2-cp38-cp38-musllinux_1_1_s390x.whl", hash = "sha256:923c0c831b7cfcb071580d3f46c4baf50f174be571576556269530f4bbd79d04"},
+    {file = "charset_normalizer-3.3.2-cp38-cp38-musllinux_1_1_x86_64.whl", hash = "sha256:06a81e93cd441c56a9b65d8e1d043daeb97a3d0856d177d5c90ba85acb3db087"},
+    {file = "charset_normalizer-3.3.2-cp38-cp38-win32.whl", hash = "sha256:6ef1d82a3af9d3eecdba2321dc1b3c238245d890843e040e41e470ffa64c3e25"},
+    {file = "charset_normalizer-3.3.2-cp38-cp38-win_amd64.whl", hash = "sha256:eb8821e09e916165e160797a6c17edda0679379a4be5c716c260e836e122f54b"},
+    {file = "charset_normalizer-3.3.2-cp39-cp39-macosx_10_9_universal2.whl", hash = "sha256:c235ebd9baae02f1b77bcea61bce332cb4331dc3617d254df3323aa01ab47bd4"},
+    {file = "charset_normalizer-3.3.2-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:5b4c145409bef602a690e7cfad0a15a55c13320ff7a3ad7ca59c13bb8ba4d45d"},
+    {file = "charset_normalizer-3.3.2-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:68d1f8a9e9e37c1223b656399be5d6b448dea850bed7d0f87a8311f1ff3dabb0"},
+    {file = "charset_normalizer-3.3.2-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:22afcb9f253dac0696b5a4be4a1c0f8762f8239e21b99680099abd9b2b1b2269"},
+    {file = "charset_normalizer-3.3.2-cp39-cp39-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:e27ad930a842b4c5eb8ac0016b0a54f5aebbe679340c26101df33424142c143c"},
+    {file = "charset_normalizer-3.3.2-cp39-cp39-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:1f79682fbe303db92bc2b1136016a38a42e835d932bab5b3b1bfcfbf0640e519"},
+    {file = "charset_normalizer-3.3.2-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:b261ccdec7821281dade748d088bb6e9b69e6d15b30652b74cbbac25e280b796"},
+    {file = "charset_normalizer-3.3.2-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:122c7fa62b130ed55f8f285bfd56d5f4b4a5b503609d181f9ad85e55c89f4185"},
+    {file = "charset_normalizer-3.3.2-cp39-cp39-musllinux_1_1_aarch64.whl", hash = "sha256:d0eccceffcb53201b5bfebb52600a5fb483a20b61da9dbc885f8b103cbe7598c"},
+    {file = "charset_normalizer-3.3.2-cp39-cp39-musllinux_1_1_i686.whl", hash = "sha256:9f96df6923e21816da7e0ad3fd47dd8f94b2a5ce594e00677c0013018b813458"},
+    {file = "charset_normalizer-3.3.2-cp39-cp39-musllinux_1_1_ppc64le.whl", hash = "sha256:7f04c839ed0b6b98b1a7501a002144b76c18fb1c1850c8b98d458ac269e26ed2"},
+    {file = "charset_normalizer-3.3.2-cp39-cp39-musllinux_1_1_s390x.whl", hash = "sha256:34d1c8da1e78d2e001f363791c98a272bb734000fcef47a491c1e3b0505657a8"},
+    {file = "charset_normalizer-3.3.2-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:ff8fa367d09b717b2a17a052544193ad76cd49979c805768879cb63d9ca50561"},
+    {file = "charset_normalizer-3.3.2-cp39-cp39-win32.whl", hash = "sha256:aed38f6e4fb3f5d6bf81bfa990a07806be9d83cf7bacef998ab1a9bd660a581f"},
+    {file = "charset_normalizer-3.3.2-cp39-cp39-win_amd64.whl", hash = "sha256:b01b88d45a6fcb69667cd6d2f7a9aeb4bf53760d7fc536bf679ec94fe9f3ff3d"},
+    {file = "charset_normalizer-3.3.2-py3-none-any.whl", hash = "sha256:3e4d1f6587322d2788836a99c69062fbb091331ec940e02d12d179c1d53e25fc"},
+]
+
+[[package]]
+name = "click"
+version = "8.1.7"
+description = "Composable command line interface toolkit"
+optional = false
+python-versions = ">=3.7"
+files = [
+    {file = "click-8.1.7-py3-none-any.whl", hash = "sha256:ae74fb96c20a0277a1d615f1e4d73c8414f5a98db8b799a7931d1582f3390c28"},
+    {file = "click-8.1.7.tar.gz", hash = "sha256:ca9853ad459e787e2192211578cc907e7594e294c7ccc834310722b41b9ca6de"},
+]
+
+[package.dependencies]
+colorama = {version = "*", markers = "platform_system == \"Windows\""}
+
+[[package]]
+name = "colorama"
+version = "0.4.6"
+description = "Cross-platform colored terminal text."
+optional = false
+python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*,!=3.5.*,!=3.6.*,>=2.7"
+files = [
+    {file = "colorama-0.4.6-py2.py3-none-any.whl", hash = "sha256:4f1d9991f5acc0ca119f9d443620b77f9d6b33703e51011c16baf57afb285fc6"},
+    {file = "colorama-0.4.6.tar.gz", hash = "sha256:08695f5cb7ed6e0531a20572697297273c47b8cae5a63ffc6d6ed5c201be6e44"},
+]
+
+[[package]]
+name = "gitdb"
+version = "4.0.11"
+description = "Git Object Database"
+optional = false
+python-versions = ">=3.7"
+files = [
+    {file = "gitdb-4.0.11-py3-none-any.whl", hash = "sha256:81a3407ddd2ee8df444cbacea00e2d038e40150acfa3001696fe0dcf1d3adfa4"},
+    {file = "gitdb-4.0.11.tar.gz", hash = "sha256:bf5421126136d6d0af55bc1e7c1af1c397a34f5b7bd79e776cd3e89785c2b04b"},
+]
+
+[package.dependencies]
+smmap = ">=3.0.1,<6"
+
+[[package]]
+name = "gitpython"
+version = "3.1.43"
+description = "GitPython is a Python library used to interact with Git repositories"
+optional = false
+python-versions = ">=3.7"
+files = [
+    {file = "GitPython-3.1.43-py3-none-any.whl", hash = "sha256:eec7ec56b92aad751f9912a73404bc02ba212a23adb2c7098ee668417051a1ff"},
+    {file = "GitPython-3.1.43.tar.gz", hash = "sha256:35f314a9f878467f5453cc1fee295c3e18e52f1b99f10f6cf5b1682e968a9e7c"},
+]
+
+[package.dependencies]
+gitdb = ">=4.0.1,<5"
+
+[package.extras]
+doc = ["sphinx (==4.3.2)", "sphinx-autodoc-typehints", "sphinx-rtd-theme", "sphinxcontrib-applehelp (>=1.0.2,<=1.0.4)", "sphinxcontrib-devhelp (==1.0.2)", "sphinxcontrib-htmlhelp (>=2.0.0,<=2.0.1)", "sphinxcontrib-qthelp (==1.0.3)", "sphinxcontrib-serializinghtml (==1.1.5)"]
+test = ["coverage[toml]", "ddt (>=1.1.1,!=1.4.3)", "mock", "mypy", "pre-commit", "pytest (>=7.3.1)", "pytest-cov", "pytest-instafail", "pytest-mock", "pytest-sugar", "typing-extensions"]
+
+[[package]]
+name = "idna"
+version = "3.7"
+description = "Internationalized Domain Names in Applications (IDNA)"
+optional = false
+python-versions = ">=3.5"
+files = [
+    {file = "idna-3.7-py3-none-any.whl", hash = "sha256:82fee1fc78add43492d3a1898bfa6d8a904cc97d8427f683ed8e798d07761aa0"},
+    {file = "idna-3.7.tar.gz", hash = "sha256:028ff3aadf0609c1fd278d8ea3089299412a7a8b9bd005dd08b9f8285bcb5cfc"},
+]
+
+[[package]]
+name = "jinja2"
+version = "3.1.4"
+description = "A very fast and expressive template engine."
+optional = false
+python-versions = ">=3.7"
+files = [
+    {file = "jinja2-3.1.4-py3-none-any.whl", hash = "sha256:bc5dd2abb727a5319567b7a813e6a2e7318c39f4f487cfe6c89c6f9c7d25197d"},
+    {file = "jinja2-3.1.4.tar.gz", hash = "sha256:4a3aee7acbbe7303aede8e9648d13b8bf88a429282aa6122a993f0ac800cb369"},
+]
+
+[package.dependencies]
+MarkupSafe = ">=2.0"
+
+[package.extras]
+i18n = ["Babel (>=2.7)"]
+
+[[package]]
+name = "jsonschema"
+version = "4.23.0"
+description = "An implementation of JSON Schema validation for Python"
+optional = false
+python-versions = ">=3.8"
+files = [
+    {file = "jsonschema-4.23.0-py3-none-any.whl", hash = "sha256:fbadb6f8b144a8f8cf9f0b89ba94501d143e50411a1278633f56a7acf7fd5566"},
+    {file = "jsonschema-4.23.0.tar.gz", hash = "sha256:d71497fef26351a33265337fa77ffeb82423f3ea21283cd9467bb03999266bc4"},
+]
+
+[package.dependencies]
+attrs = ">=22.2.0"
+jsonschema-specifications = ">=2023.03.6"
+referencing = ">=0.28.4"
+rpds-py = ">=0.7.1"
+
+[package.extras]
+format = ["fqdn", "idna", "isoduration", "jsonpointer (>1.13)", "rfc3339-validator", "rfc3987", "uri-template", "webcolors (>=1.11)"]
+format-nongpl = ["fqdn", "idna", "isoduration", "jsonpointer (>1.13)", "rfc3339-validator", "rfc3986-validator (>0.1.0)", "uri-template", "webcolors (>=24.6.0)"]
+
+[[package]]
+name = "jsonschema-specifications"
+version = "2023.12.1"
+description = "The JSON Schema meta-schemas and vocabularies, exposed as a Registry"
+optional = false
+python-versions = ">=3.8"
+files = [
+    {file = "jsonschema_specifications-2023.12.1-py3-none-any.whl", hash = "sha256:87e4fdf3a94858b8a2ba2778d9ba57d8a9cafca7c7489c46ba0d30a8bc6a9c3c"},
+    {file = "jsonschema_specifications-2023.12.1.tar.gz", hash = "sha256:48a76787b3e70f5ed53f1160d2b81f586e4ca6d1548c5de7085d1682674764cc"},
+]
+
+[package.dependencies]
+referencing = ">=0.31.0"
+
+[[package]]
+name = "markdown-it-py"
+version = "3.0.0"
+description = "Python port of markdown-it. Markdown parsing, done right!"
+optional = false
+python-versions = ">=3.8"
+files = [
+    {file = "markdown-it-py-3.0.0.tar.gz", hash = "sha256:e3f60a94fa066dc52ec76661e37c851cb232d92f9886b15cb560aaada2df8feb"},
+    {file = "markdown_it_py-3.0.0-py3-none-any.whl", hash = "sha256:355216845c60bd96232cd8d8c40e8f9765cc86f46880e43a8fd22dc1a1a8cab1"},
+]
+
+[package.dependencies]
+mdurl = ">=0.1,<1.0"
+
+[package.extras]
+benchmarking = ["psutil", "pytest", "pytest-benchmark"]
+code-style = ["pre-commit (>=3.0,<4.0)"]
+compare = ["commonmark (>=0.9,<1.0)", "markdown (>=3.4,<4.0)", "mistletoe (>=1.0,<2.0)", "mistune (>=2.0,<3.0)", "panflute (>=2.3,<3.0)"]
+linkify = ["linkify-it-py (>=1,<3)"]
+plugins = ["mdit-py-plugins"]
+profiling = ["gprof2dot"]
+rtd = ["jupyter_sphinx", "mdit-py-plugins", "myst-parser", "pyyaml", "sphinx", "sphinx-copybutton", "sphinx-design", "sphinx_book_theme"]
+testing = ["coverage", "pytest", "pytest-cov", "pytest-regressions"]
+
+[[package]]
+name = "markupsafe"
+version = "2.1.5"
+description = "Safely add untrusted strings to HTML/XML markup."
+optional = false
+python-versions = ">=3.7"
+files = [
+    {file = "MarkupSafe-2.1.5-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:a17a92de5231666cfbe003f0e4b9b3a7ae3afb1ec2845aadc2bacc93ff85febc"},
+    {file = "MarkupSafe-2.1.5-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:72b6be590cc35924b02c78ef34b467da4ba07e4e0f0454a2c5907f473fc50ce5"},
+    {file = "MarkupSafe-2.1.5-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:e61659ba32cf2cf1481e575d0462554625196a1f2fc06a1c777d3f48e8865d46"},
+    {file = "MarkupSafe-2.1.5-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:2174c595a0d73a3080ca3257b40096db99799265e1c27cc5a610743acd86d62f"},
+    {file = "MarkupSafe-2.1.5-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:ae2ad8ae6ebee9d2d94b17fb62763125f3f374c25618198f40cbb8b525411900"},
+    {file = "MarkupSafe-2.1.5-cp310-cp310-musllinux_1_1_aarch64.whl", hash = "sha256:075202fa5b72c86ad32dc7d0b56024ebdbcf2048c0ba09f1cde31bfdd57bcfff"},
+    {file = "MarkupSafe-2.1.5-cp310-cp310-musllinux_1_1_i686.whl", hash = "sha256:598e3276b64aff0e7b3451b72e94fa3c238d452e7ddcd893c3ab324717456bad"},
+    {file = "MarkupSafe-2.1.5-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:fce659a462a1be54d2ffcacea5e3ba2d74daa74f30f5f143fe0c58636e355fdd"},
+    {file = "MarkupSafe-2.1.5-cp310-cp310-win32.whl", hash = "sha256:d9fad5155d72433c921b782e58892377c44bd6252b5af2f67f16b194987338a4"},
+    {file = "MarkupSafe-2.1.5-cp310-cp310-win_amd64.whl", hash = "sha256:bf50cd79a75d181c9181df03572cdce0fbb75cc353bc350712073108cba98de5"},
+    {file = "MarkupSafe-2.1.5-cp311-cp311-macosx_10_9_universal2.whl", hash = "sha256:629ddd2ca402ae6dbedfceeba9c46d5f7b2a61d9749597d4307f943ef198fc1f"},
+    {file = "MarkupSafe-2.1.5-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:5b7b716f97b52c5a14bffdf688f971b2d5ef4029127f1ad7a513973cfd818df2"},
+    {file = "MarkupSafe-2.1.5-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:6ec585f69cec0aa07d945b20805be741395e28ac1627333b1c5b0105962ffced"},
+    {file = "MarkupSafe-2.1.5-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:b91c037585eba9095565a3556f611e3cbfaa42ca1e865f7b8015fe5c7336d5a5"},
+    {file = "MarkupSafe-2.1.5-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:7502934a33b54030eaf1194c21c692a534196063db72176b0c4028e140f8f32c"},
+    {file = "MarkupSafe-2.1.5-cp311-cp311-musllinux_1_1_aarch64.whl", hash = "sha256:0e397ac966fdf721b2c528cf028494e86172b4feba51d65f81ffd65c63798f3f"},
+    {file = "MarkupSafe-2.1.5-cp311-cp311-musllinux_1_1_i686.whl", hash = "sha256:c061bb86a71b42465156a3ee7bd58c8c2ceacdbeb95d05a99893e08b8467359a"},
+    {file = "MarkupSafe-2.1.5-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:3a57fdd7ce31c7ff06cdfbf31dafa96cc533c21e443d57f5b1ecc6cdc668ec7f"},
+    {file = "MarkupSafe-2.1.5-cp311-cp311-win32.whl", hash = "sha256:397081c1a0bfb5124355710fe79478cdbeb39626492b15d399526ae53422b906"},
+    {file = "MarkupSafe-2.1.5-cp311-cp311-win_amd64.whl", hash = "sha256:2b7c57a4dfc4f16f7142221afe5ba4e093e09e728ca65c51f5620c9aaeb9a617"},
+    {file = "MarkupSafe-2.1.5-cp312-cp312-macosx_10_9_universal2.whl", hash = "sha256:8dec4936e9c3100156f8a2dc89c4b88d5c435175ff03413b443469c7c8c5f4d1"},
+    {file = "MarkupSafe-2.1.5-cp312-cp312-macosx_10_9_x86_64.whl", hash = "sha256:3c6b973f22eb18a789b1460b4b91bf04ae3f0c4234a0a6aa6b0a92f6f7b951d4"},
+    {file = "MarkupSafe-2.1.5-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:ac07bad82163452a6884fe8fa0963fb98c2346ba78d779ec06bd7a6262132aee"},
+    {file = "MarkupSafe-2.1.5-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:f5dfb42c4604dddc8e4305050aa6deb084540643ed5804d7455b5df8fe16f5e5"},
+    {file = "MarkupSafe-2.1.5-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:ea3d8a3d18833cf4304cd2fc9cbb1efe188ca9b5efef2bdac7adc20594a0e46b"},
+    {file = "MarkupSafe-2.1.5-cp312-cp312-musllinux_1_1_aarch64.whl", hash = "sha256:d050b3361367a06d752db6ead6e7edeb0009be66bc3bae0ee9d97fb326badc2a"},
+    {file = "MarkupSafe-2.1.5-cp312-cp312-musllinux_1_1_i686.whl", hash = "sha256:bec0a414d016ac1a18862a519e54b2fd0fc8bbfd6890376898a6c0891dd82e9f"},
+    {file = "MarkupSafe-2.1.5-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:58c98fee265677f63a4385256a6d7683ab1832f3ddd1e66fe948d5880c21a169"},
+    {file = "MarkupSafe-2.1.5-cp312-cp312-win32.whl", hash = "sha256:8590b4ae07a35970728874632fed7bd57b26b0102df2d2b233b6d9d82f6c62ad"},
+    {file = "MarkupSafe-2.1.5-cp312-cp312-win_amd64.whl", hash = "sha256:823b65d8706e32ad2df51ed89496147a42a2a6e01c13cfb6ffb8b1e92bc910bb"},
+    {file = "MarkupSafe-2.1.5-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:c8b29db45f8fe46ad280a7294f5c3ec36dbac9491f2d1c17345be8e69cc5928f"},
+    {file = "MarkupSafe-2.1.5-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:ec6a563cff360b50eed26f13adc43e61bc0c04d94b8be985e6fb24b81f6dcfdf"},
+    {file = "MarkupSafe-2.1.5-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:a549b9c31bec33820e885335b451286e2969a2d9e24879f83fe904a5ce59d70a"},
+    {file = "MarkupSafe-2.1.5-cp37-cp37m-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:4f11aa001c540f62c6166c7726f71f7573b52c68c31f014c25cc7901deea0b52"},
+    {file = "MarkupSafe-2.1.5-cp37-cp37m-musllinux_1_1_aarch64.whl", hash = "sha256:7b2e5a267c855eea6b4283940daa6e88a285f5f2a67f2220203786dfa59b37e9"},
+    {file = "MarkupSafe-2.1.5-cp37-cp37m-musllinux_1_1_i686.whl", hash = "sha256:2d2d793e36e230fd32babe143b04cec8a8b3eb8a3122d2aceb4a371e6b09b8df"},
+    {file = "MarkupSafe-2.1.5-cp37-cp37m-musllinux_1_1_x86_64.whl", hash = "sha256:ce409136744f6521e39fd8e2a24c53fa18ad67aa5bc7c2cf83645cce5b5c4e50"},
+    {file = "MarkupSafe-2.1.5-cp37-cp37m-win32.whl", hash = "sha256:4096e9de5c6fdf43fb4f04c26fb114f61ef0bf2e5604b6ee3019d51b69e8c371"},
+    {file = "MarkupSafe-2.1.5-cp37-cp37m-win_amd64.whl", hash = "sha256:4275d846e41ecefa46e2015117a9f491e57a71ddd59bbead77e904dc02b1bed2"},
+    {file = "MarkupSafe-2.1.5-cp38-cp38-macosx_10_9_universal2.whl", hash = "sha256:656f7526c69fac7f600bd1f400991cc282b417d17539a1b228617081106feb4a"},
+    {file = "MarkupSafe-2.1.5-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:97cafb1f3cbcd3fd2b6fbfb99ae11cdb14deea0736fc2b0952ee177f2b813a46"},
+    {file = "MarkupSafe-2.1.5-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:1f3fbcb7ef1f16e48246f704ab79d79da8a46891e2da03f8783a5b6fa41a9532"},
+    {file = "MarkupSafe-2.1.5-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:fa9db3f79de01457b03d4f01b34cf91bc0048eb2c3846ff26f66687c2f6d16ab"},
+    {file = "MarkupSafe-2.1.5-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:ffee1f21e5ef0d712f9033568f8344d5da8cc2869dbd08d87c84656e6a2d2f68"},
+    {file = "MarkupSafe-2.1.5-cp38-cp38-musllinux_1_1_aarch64.whl", hash = "sha256:5dedb4db619ba5a2787a94d877bc8ffc0566f92a01c0ef214865e54ecc9ee5e0"},
+    {file = "MarkupSafe-2.1.5-cp38-cp38-musllinux_1_1_i686.whl", hash = "sha256:30b600cf0a7ac9234b2638fbc0fb6158ba5bdcdf46aeb631ead21248b9affbc4"},
+    {file = "MarkupSafe-2.1.5-cp38-cp38-musllinux_1_1_x86_64.whl", hash = "sha256:8dd717634f5a044f860435c1d8c16a270ddf0ef8588d4887037c5028b859b0c3"},
+    {file = "MarkupSafe-2.1.5-cp38-cp38-win32.whl", hash = "sha256:daa4ee5a243f0f20d528d939d06670a298dd39b1ad5f8a72a4275124a7819eff"},
+    {file = "MarkupSafe-2.1.5-cp38-cp38-win_amd64.whl", hash = "sha256:619bc166c4f2de5caa5a633b8b7326fbe98e0ccbfacabd87268a2b15ff73a029"},
+    {file = "MarkupSafe-2.1.5-cp39-cp39-macosx_10_9_universal2.whl", hash = "sha256:7a68b554d356a91cce1236aa7682dc01df0edba8d043fd1ce607c49dd3c1edcf"},
+    {file = "MarkupSafe-2.1.5-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:db0b55e0f3cc0be60c1f19efdde9a637c32740486004f20d1cff53c3c0ece4d2"},
+    {file = "MarkupSafe-2.1.5-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:3e53af139f8579a6d5f7b76549125f0d94d7e630761a2111bc431fd820e163b8"},
+    {file = "MarkupSafe-2.1.5-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:17b950fccb810b3293638215058e432159d2b71005c74371d784862b7e4683f3"},
+    {file = "MarkupSafe-2.1.5-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:4c31f53cdae6ecfa91a77820e8b151dba54ab528ba65dfd235c80b086d68a465"},
+    {file = "MarkupSafe-2.1.5-cp39-cp39-musllinux_1_1_aarch64.whl", hash = "sha256:bff1b4290a66b490a2f4719358c0cdcd9bafb6b8f061e45c7a2460866bf50c2e"},
+    {file = "MarkupSafe-2.1.5-cp39-cp39-musllinux_1_1_i686.whl", hash = "sha256:bc1667f8b83f48511b94671e0e441401371dfd0f0a795c7daa4a3cd1dde55bea"},
+    {file = "MarkupSafe-2.1.5-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:5049256f536511ee3f7e1b3f87d1d1209d327e818e6ae1365e8653d7e3abb6a6"},
+    {file = "MarkupSafe-2.1.5-cp39-cp39-win32.whl", hash = "sha256:00e046b6dd71aa03a41079792f8473dc494d564611a8f89bbbd7cb93295ebdcf"},
+    {file = "MarkupSafe-2.1.5-cp39-cp39-win_amd64.whl", hash = "sha256:fa173ec60341d6bb97a89f5ea19c85c5643c1e7dedebc22f5181eb73573142c5"},
+    {file = "MarkupSafe-2.1.5.tar.gz", hash = "sha256:d283d37a890ba4c1ae73ffadf8046435c76e7bc2247bbb63c00bd1a709c6544b"},
+]
+
+[[package]]
+name = "mdurl"
+version = "0.1.2"
+description = "Markdown URL utilities"
+optional = false
+python-versions = ">=3.7"
+files = [
+    {file = "mdurl-0.1.2-py3-none-any.whl", hash = "sha256:84008a41e51615a49fc9966191ff91509e3c40b939176e643fd50a5c2196b8f8"},
+    {file = "mdurl-0.1.2.tar.gz", hash = "sha256:bb413d29f5eea38f31dd4754dd7377d4465116fb207585f97bf925588687c1ba"},
+]
+
+[[package]]
+name = "numpy"
+version = "2.0.1"
+description = "Fundamental package for array computing in Python"
+optional = false
+python-versions = ">=3.9"
+files = [
+    {file = "numpy-2.0.1-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:0fbb536eac80e27a2793ffd787895242b7f18ef792563d742c2d673bfcb75134"},
+    {file = "numpy-2.0.1-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:69ff563d43c69b1baba77af455dd0a839df8d25e8590e79c90fcbe1499ebde42"},
+    {file = "numpy-2.0.1-cp310-cp310-macosx_14_0_arm64.whl", hash = "sha256:1b902ce0e0a5bb7704556a217c4f63a7974f8f43e090aff03fcf262e0b135e02"},
+    {file = "numpy-2.0.1-cp310-cp310-macosx_14_0_x86_64.whl", hash = "sha256:f1659887361a7151f89e79b276ed8dff3d75877df906328f14d8bb40bb4f5101"},
+    {file = "numpy-2.0.1-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:4658c398d65d1b25e1760de3157011a80375da861709abd7cef3bad65d6543f9"},
+    {file = "numpy-2.0.1-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:4127d4303b9ac9f94ca0441138acead39928938660ca58329fe156f84b9f3015"},
+    {file = "numpy-2.0.1-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:e5eeca8067ad04bc8a2a8731183d51d7cbaac66d86085d5f4766ee6bf19c7f87"},
+    {file = "numpy-2.0.1-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:9adbd9bb520c866e1bfd7e10e1880a1f7749f1f6e5017686a5fbb9b72cf69f82"},
+    {file = "numpy-2.0.1-cp310-cp310-win32.whl", hash = "sha256:7b9853803278db3bdcc6cd5beca37815b133e9e77ff3d4733c247414e78eb8d1"},
+    {file = "numpy-2.0.1-cp310-cp310-win_amd64.whl", hash = "sha256:81b0893a39bc5b865b8bf89e9ad7807e16717f19868e9d234bdaf9b1f1393868"},
+    {file = "numpy-2.0.1-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:75b4e316c5902d8163ef9d423b1c3f2f6252226d1aa5cd8a0a03a7d01ffc6268"},
+    {file = "numpy-2.0.1-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:6e4eeb6eb2fced786e32e6d8df9e755ce5be920d17f7ce00bc38fcde8ccdbf9e"},
+    {file = "numpy-2.0.1-cp311-cp311-macosx_14_0_arm64.whl", hash = "sha256:a1e01dcaab205fbece13c1410253a9eea1b1c9b61d237b6fa59bcc46e8e89343"},
+    {file = "numpy-2.0.1-cp311-cp311-macosx_14_0_x86_64.whl", hash = "sha256:a8fc2de81ad835d999113ddf87d1ea2b0f4704cbd947c948d2f5513deafe5a7b"},
+    {file = "numpy-2.0.1-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:5a3d94942c331dd4e0e1147f7a8699a4aa47dffc11bf8a1523c12af8b2e91bbe"},
+    {file = "numpy-2.0.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:15eb4eca47d36ec3f78cde0a3a2ee24cf05ca7396ef808dda2c0ddad7c2bde67"},
+    {file = "numpy-2.0.1-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:b83e16a5511d1b1f8a88cbabb1a6f6a499f82c062a4251892d9ad5d609863fb7"},
+    {file = "numpy-2.0.1-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:1f87fec1f9bc1efd23f4227becff04bd0e979e23ca50cc92ec88b38489db3b55"},
+    {file = "numpy-2.0.1-cp311-cp311-win32.whl", hash = "sha256:36d3a9405fd7c511804dc56fc32974fa5533bdeb3cd1604d6b8ff1d292b819c4"},
+    {file = "numpy-2.0.1-cp311-cp311-win_amd64.whl", hash = "sha256:08458fbf403bff5e2b45f08eda195d4b0c9b35682311da5a5a0a0925b11b9bd8"},
+    {file = "numpy-2.0.1-cp312-cp312-macosx_10_9_x86_64.whl", hash = "sha256:6bf4e6f4a2a2e26655717a1983ef6324f2664d7011f6ef7482e8c0b3d51e82ac"},
+    {file = "numpy-2.0.1-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:7d6fddc5fe258d3328cd8e3d7d3e02234c5d70e01ebe377a6ab92adb14039cb4"},
+    {file = "numpy-2.0.1-cp312-cp312-macosx_14_0_arm64.whl", hash = "sha256:5daab361be6ddeb299a918a7c0864fa8618af66019138263247af405018b04e1"},
+    {file = "numpy-2.0.1-cp312-cp312-macosx_14_0_x86_64.whl", hash = "sha256:ea2326a4dca88e4a274ba3a4405eb6c6467d3ffbd8c7d38632502eaae3820587"},
+    {file = "numpy-2.0.1-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:529af13c5f4b7a932fb0e1911d3a75da204eff023ee5e0e79c1751564221a5c8"},
+    {file = "numpy-2.0.1-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:6790654cb13eab303d8402354fabd47472b24635700f631f041bd0b65e37298a"},
+    {file = "numpy-2.0.1-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:cbab9fc9c391700e3e1287666dfd82d8666d10e69a6c4a09ab97574c0b7ee0a7"},
+    {file = "numpy-2.0.1-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:99d0d92a5e3613c33a5f01db206a33f8fdf3d71f2912b0de1739894668b7a93b"},
+    {file = "numpy-2.0.1-cp312-cp312-win32.whl", hash = "sha256:173a00b9995f73b79eb0191129f2455f1e34c203f559dd118636858cc452a1bf"},
+    {file = "numpy-2.0.1-cp312-cp312-win_amd64.whl", hash = "sha256:bb2124fdc6e62baae159ebcfa368708867eb56806804d005860b6007388df171"},
+    {file = "numpy-2.0.1-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:bfc085b28d62ff4009364e7ca34b80a9a080cbd97c2c0630bb5f7f770dae9414"},
+    {file = "numpy-2.0.1-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:8fae4ebbf95a179c1156fab0b142b74e4ba4204c87bde8d3d8b6f9c34c5825ef"},
+    {file = "numpy-2.0.1-cp39-cp39-macosx_14_0_arm64.whl", hash = "sha256:72dc22e9ec8f6eaa206deb1b1355eb2e253899d7347f5e2fae5f0af613741d06"},
+    {file = "numpy-2.0.1-cp39-cp39-macosx_14_0_x86_64.whl", hash = "sha256:ec87f5f8aca726117a1c9b7083e7656a9d0d606eec7299cc067bb83d26f16e0c"},
+    {file = "numpy-2.0.1-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:1f682ea61a88479d9498bf2091fdcd722b090724b08b31d63e022adc063bad59"},
+    {file = "numpy-2.0.1-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:8efc84f01c1cd7e34b3fb310183e72fcdf55293ee736d679b6d35b35d80bba26"},
+    {file = "numpy-2.0.1-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:3fdabe3e2a52bc4eff8dc7a5044342f8bd9f11ef0934fcd3289a788c0eb10018"},
+    {file = "numpy-2.0.1-cp39-cp39-musllinux_1_2_aarch64.whl", hash = "sha256:24a0e1befbfa14615b49ba9659d3d8818a0f4d8a1c5822af8696706fbda7310c"},
+    {file = "numpy-2.0.1-cp39-cp39-win32.whl", hash = "sha256:f9cf5ea551aec449206954b075db819f52adc1638d46a6738253a712d553c7b4"},
+    {file = "numpy-2.0.1-cp39-cp39-win_amd64.whl", hash = "sha256:e9e81fa9017eaa416c056e5d9e71be93d05e2c3c2ab308d23307a8bc4443c368"},
+    {file = "numpy-2.0.1-pp39-pypy39_pp73-macosx_10_9_x86_64.whl", hash = "sha256:61728fba1e464f789b11deb78a57805c70b2ed02343560456190d0501ba37b0f"},
+    {file = "numpy-2.0.1-pp39-pypy39_pp73-macosx_14_0_x86_64.whl", hash = "sha256:12f5d865d60fb9734e60a60f1d5afa6d962d8d4467c120a1c0cda6eb2964437d"},
+    {file = "numpy-2.0.1-pp39-pypy39_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:eacf3291e263d5a67d8c1a581a8ebbcfd6447204ef58828caf69a5e3e8c75990"},
+    {file = "numpy-2.0.1-pp39-pypy39_pp73-win_amd64.whl", hash = "sha256:2c3a346ae20cfd80b6cfd3e60dc179963ef2ea58da5ec074fd3d9e7a1e7ba97f"},
+    {file = "numpy-2.0.1.tar.gz", hash = "sha256:485b87235796410c3519a699cfe1faab097e509e90ebb05dcd098db2ae87e7b3"},
+]
+
+[[package]]
+name = "packaging"
+version = "24.1"
+description = "Core utilities for Python packages"
+optional = false
+python-versions = ">=3.8"
+files = [
+    {file = "packaging-24.1-py3-none-any.whl", hash = "sha256:5b8f2217dbdbd2f7f384c41c628544e6d52f2d0f53c6d0c3ea61aa5d1d7ff124"},
+    {file = "packaging-24.1.tar.gz", hash = "sha256:026ed72c8ed3fcce5bf8950572258698927fd1dbda10a5e981cdf0ac37f4f002"},
+]
+
+[[package]]
+name = "pandas"
+version = "2.2.2"
+description = "Powerful data structures for data analysis, time series, and statistics"
+optional = false
+python-versions = ">=3.9"
+files = [
+    {file = "pandas-2.2.2-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:90c6fca2acf139569e74e8781709dccb6fe25940488755716d1d354d6bc58bce"},
+    {file = "pandas-2.2.2-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:c7adfc142dac335d8c1e0dcbd37eb8617eac386596eb9e1a1b77791cf2498238"},
+    {file = "pandas-2.2.2-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:4abfe0be0d7221be4f12552995e58723c7422c80a659da13ca382697de830c08"},
+    {file = "pandas-2.2.2-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:8635c16bf3d99040fdf3ca3db669a7250ddf49c55dc4aa8fe0ae0fa8d6dcc1f0"},
+    {file = "pandas-2.2.2-cp310-cp310-musllinux_1_1_aarch64.whl", hash = "sha256:40ae1dffb3967a52203105a077415a86044a2bea011b5f321c6aa64b379a3f51"},
+    {file = "pandas-2.2.2-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:8e5a0b00e1e56a842f922e7fae8ae4077aee4af0acb5ae3622bd4b4c30aedf99"},
+    {file = "pandas-2.2.2-cp310-cp310-win_amd64.whl", hash = "sha256:ddf818e4e6c7c6f4f7c8a12709696d193976b591cc7dc50588d3d1a6b5dc8772"},
+    {file = "pandas-2.2.2-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:696039430f7a562b74fa45f540aca068ea85fa34c244d0deee539cb6d70aa288"},
+    {file = "pandas-2.2.2-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:8e90497254aacacbc4ea6ae5e7a8cd75629d6ad2b30025a4a8b09aa4faf55151"},
+    {file = "pandas-2.2.2-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:58b84b91b0b9f4bafac2a0ac55002280c094dfc6402402332c0913a59654ab2b"},
+    {file = "pandas-2.2.2-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:6d2123dc9ad6a814bcdea0f099885276b31b24f7edf40f6cdbc0912672e22eee"},
+    {file = "pandas-2.2.2-cp311-cp311-musllinux_1_1_aarch64.whl", hash = "sha256:2925720037f06e89af896c70bca73459d7e6a4be96f9de79e2d440bd499fe0db"},
+    {file = "pandas-2.2.2-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:0cace394b6ea70c01ca1595f839cf193df35d1575986e484ad35c4aeae7266c1"},
+    {file = "pandas-2.2.2-cp311-cp311-win_amd64.whl", hash = "sha256:873d13d177501a28b2756375d59816c365e42ed8417b41665f346289adc68d24"},
+    {file = "pandas-2.2.2-cp312-cp312-macosx_10_9_x86_64.whl", hash = "sha256:9dfde2a0ddef507a631dc9dc4af6a9489d5e2e740e226ad426a05cabfbd7c8ef"},
+    {file = "pandas-2.2.2-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:e9b79011ff7a0f4b1d6da6a61aa1aa604fb312d6647de5bad20013682d1429ce"},
+    {file = "pandas-2.2.2-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:1cb51fe389360f3b5a4d57dbd2848a5f033350336ca3b340d1c53a1fad33bcad"},
+    {file = "pandas-2.2.2-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:eee3a87076c0756de40b05c5e9a6069c035ba43e8dd71c379e68cab2c20f16ad"},
+    {file = "pandas-2.2.2-cp312-cp312-musllinux_1_1_aarch64.whl", hash = "sha256:3e374f59e440d4ab45ca2fffde54b81ac3834cf5ae2cdfa69c90bc03bde04d76"},
+    {file = "pandas-2.2.2-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:43498c0bdb43d55cb162cdc8c06fac328ccb5d2eabe3cadeb3529ae6f0517c32"},
+    {file = "pandas-2.2.2-cp312-cp312-win_amd64.whl", hash = "sha256:d187d355ecec3629624fccb01d104da7d7f391db0311145817525281e2804d23"},
+    {file = "pandas-2.2.2-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:0ca6377b8fca51815f382bd0b697a0814c8bda55115678cbc94c30aacbb6eff2"},
+    {file = "pandas-2.2.2-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:9057e6aa78a584bc93a13f0a9bf7e753a5e9770a30b4d758b8d5f2a62a9433cd"},
+    {file = "pandas-2.2.2-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:001910ad31abc7bf06f49dcc903755d2f7f3a9186c0c040b827e522e9cef0863"},
+    {file = "pandas-2.2.2-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:66b479b0bd07204e37583c191535505410daa8df638fd8e75ae1b383851fe921"},
+    {file = "pandas-2.2.2-cp39-cp39-musllinux_1_1_aarch64.whl", hash = "sha256:a77e9d1c386196879aa5eb712e77461aaee433e54c68cf253053a73b7e49c33a"},
+    {file = "pandas-2.2.2-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:92fd6b027924a7e178ac202cfbe25e53368db90d56872d20ffae94b96c7acc57"},
+    {file = "pandas-2.2.2-cp39-cp39-win_amd64.whl", hash = "sha256:640cef9aa381b60e296db324337a554aeeb883ead99dc8f6c18e81a93942f5f4"},
+    {file = "pandas-2.2.2.tar.gz", hash = "sha256:9e79019aba43cb4fda9e4d983f8e88ca0373adbb697ae9c6c43093218de28b54"},
+]
+
+[package.dependencies]
+numpy = {version = ">=1.26.0", markers = "python_version >= \"3.12\""}
+python-dateutil = ">=2.8.2"
+pytz = ">=2020.1"
+tzdata = ">=2022.7"
+
+[package.extras]
+all = ["PyQt5 (>=5.15.9)", "SQLAlchemy (>=2.0.0)", "adbc-driver-postgresql (>=0.8.0)", "adbc-driver-sqlite (>=0.8.0)", "beautifulsoup4 (>=4.11.2)", "bottleneck (>=1.3.6)", "dataframe-api-compat (>=0.1.7)", "fastparquet (>=2022.12.0)", "fsspec (>=2022.11.0)", "gcsfs (>=2022.11.0)", "html5lib (>=1.1)", "hypothesis (>=6.46.1)", "jinja2 (>=3.1.2)", "lxml (>=4.9.2)", "matplotlib (>=3.6.3)", "numba (>=0.56.4)", "numexpr (>=2.8.4)", "odfpy (>=1.4.1)", "openpyxl (>=3.1.0)", "pandas-gbq (>=0.19.0)", "psycopg2 (>=2.9.6)", "pyarrow (>=10.0.1)", "pymysql (>=1.0.2)", "pyreadstat (>=1.2.0)", "pytest (>=7.3.2)", "pytest-xdist (>=2.2.0)", "python-calamine (>=0.1.7)", "pyxlsb (>=1.0.10)", "qtpy (>=2.3.0)", "s3fs (>=2022.11.0)", "scipy (>=1.10.0)", "tables (>=3.8.0)", "tabulate (>=0.9.0)", "xarray (>=2022.12.0)", "xlrd (>=2.0.1)", "xlsxwriter (>=3.0.5)", "zstandard (>=0.19.0)"]
+aws = ["s3fs (>=2022.11.0)"]
+clipboard = ["PyQt5 (>=5.15.9)", "qtpy (>=2.3.0)"]
+compression = ["zstandard (>=0.19.0)"]
+computation = ["scipy (>=1.10.0)", "xarray (>=2022.12.0)"]
+consortium-standard = ["dataframe-api-compat (>=0.1.7)"]
+excel = ["odfpy (>=1.4.1)", "openpyxl (>=3.1.0)", "python-calamine (>=0.1.7)", "pyxlsb (>=1.0.10)", "xlrd (>=2.0.1)", "xlsxwriter (>=3.0.5)"]
+feather = ["pyarrow (>=10.0.1)"]
+fss = ["fsspec (>=2022.11.0)"]
+gcp = ["gcsfs (>=2022.11.0)", "pandas-gbq (>=0.19.0)"]
+hdf5 = ["tables (>=3.8.0)"]
+html = ["beautifulsoup4 (>=4.11.2)", "html5lib (>=1.1)", "lxml (>=4.9.2)"]
+mysql = ["SQLAlchemy (>=2.0.0)", "pymysql (>=1.0.2)"]
+output-formatting = ["jinja2 (>=3.1.2)", "tabulate (>=0.9.0)"]
+parquet = ["pyarrow (>=10.0.1)"]
+performance = ["bottleneck (>=1.3.6)", "numba (>=0.56.4)", "numexpr (>=2.8.4)"]
+plot = ["matplotlib (>=3.6.3)"]
+postgresql = ["SQLAlchemy (>=2.0.0)", "adbc-driver-postgresql (>=0.8.0)", "psycopg2 (>=2.9.6)"]
+pyarrow = ["pyarrow (>=10.0.1)"]
+spss = ["pyreadstat (>=1.2.0)"]
+sql-other = ["SQLAlchemy (>=2.0.0)", "adbc-driver-postgresql (>=0.8.0)", "adbc-driver-sqlite (>=0.8.0)"]
+test = ["hypothesis (>=6.46.1)", "pytest (>=7.3.2)", "pytest-xdist (>=2.2.0)"]
+xml = ["lxml (>=4.9.2)"]
+
+[[package]]
+name = "pillow"
+version = "10.4.0"
+description = "Python Imaging Library (Fork)"
+optional = false
+python-versions = ">=3.8"
+files = [
+    {file = "pillow-10.4.0-cp310-cp310-macosx_10_10_x86_64.whl", hash = "sha256:4d9667937cfa347525b319ae34375c37b9ee6b525440f3ef48542fcf66f2731e"},
+    {file = "pillow-10.4.0-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:543f3dc61c18dafb755773efc89aae60d06b6596a63914107f75459cf984164d"},
+    {file = "pillow-10.4.0-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:7928ecbf1ece13956b95d9cbcfc77137652b02763ba384d9ab508099a2eca856"},
+    {file = "pillow-10.4.0-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:e4d49b85c4348ea0b31ea63bc75a9f3857869174e2bf17e7aba02945cd218e6f"},
+    {file = "pillow-10.4.0-cp310-cp310-manylinux_2_28_aarch64.whl", hash = "sha256:6c762a5b0997f5659a5ef2266abc1d8851ad7749ad9a6a5506eb23d314e4f46b"},
+    {file = "pillow-10.4.0-cp310-cp310-manylinux_2_28_x86_64.whl", hash = "sha256:a985e028fc183bf12a77a8bbf36318db4238a3ded7fa9df1b9a133f1cb79f8fc"},
+    {file = "pillow-10.4.0-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:812f7342b0eee081eaec84d91423d1b4650bb9828eb53d8511bcef8ce5aecf1e"},
+    {file = "pillow-10.4.0-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:ac1452d2fbe4978c2eec89fb5a23b8387aba707ac72810d9490118817d9c0b46"},
+    {file = "pillow-10.4.0-cp310-cp310-win32.whl", hash = "sha256:bcd5e41a859bf2e84fdc42f4edb7d9aba0a13d29a2abadccafad99de3feff984"},
+    {file = "pillow-10.4.0-cp310-cp310-win_amd64.whl", hash = "sha256:ecd85a8d3e79cd7158dec1c9e5808e821feea088e2f69a974db5edf84dc53141"},
+    {file = "pillow-10.4.0-cp310-cp310-win_arm64.whl", hash = "sha256:ff337c552345e95702c5fde3158acb0625111017d0e5f24bf3acdb9cc16b90d1"},
+    {file = "pillow-10.4.0-cp311-cp311-macosx_10_10_x86_64.whl", hash = "sha256:0a9ec697746f268507404647e531e92889890a087e03681a3606d9b920fbee3c"},
+    {file = "pillow-10.4.0-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:dfe91cb65544a1321e631e696759491ae04a2ea11d36715eca01ce07284738be"},
+    {file = "pillow-10.4.0-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:5dc6761a6efc781e6a1544206f22c80c3af4c8cf461206d46a1e6006e4429ff3"},
+    {file = "pillow-10.4.0-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:5e84b6cc6a4a3d76c153a6b19270b3526a5a8ed6b09501d3af891daa2a9de7d6"},
+    {file = "pillow-10.4.0-cp311-cp311-manylinux_2_28_aarch64.whl", hash = "sha256:bbc527b519bd3aa9d7f429d152fea69f9ad37c95f0b02aebddff592688998abe"},
+    {file = "pillow-10.4.0-cp311-cp311-manylinux_2_28_x86_64.whl", hash = "sha256:76a911dfe51a36041f2e756b00f96ed84677cdeb75d25c767f296c1c1eda1319"},
+    {file = "pillow-10.4.0-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:59291fb29317122398786c2d44427bbd1a6d7ff54017075b22be9d21aa59bd8d"},
+    {file = "pillow-10.4.0-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:416d3a5d0e8cfe4f27f574362435bc9bae57f679a7158e0096ad2beb427b8696"},
+    {file = "pillow-10.4.0-cp311-cp311-win32.whl", hash = "sha256:7086cc1d5eebb91ad24ded9f58bec6c688e9f0ed7eb3dbbf1e4800280a896496"},
+    {file = "pillow-10.4.0-cp311-cp311-win_amd64.whl", hash = "sha256:cbed61494057c0f83b83eb3a310f0bf774b09513307c434d4366ed64f4128a91"},
+    {file = "pillow-10.4.0-cp311-cp311-win_arm64.whl", hash = "sha256:f5f0c3e969c8f12dd2bb7e0b15d5c468b51e5017e01e2e867335c81903046a22"},
+    {file = "pillow-10.4.0-cp312-cp312-macosx_10_10_x86_64.whl", hash = "sha256:673655af3eadf4df6b5457033f086e90299fdd7a47983a13827acf7459c15d94"},
+    {file = "pillow-10.4.0-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:866b6942a92f56300012f5fbac71f2d610312ee65e22f1aa2609e491284e5597"},
+    {file = "pillow-10.4.0-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:29dbdc4207642ea6aad70fbde1a9338753d33fb23ed6956e706936706f52dd80"},
+    {file = "pillow-10.4.0-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:bf2342ac639c4cf38799a44950bbc2dfcb685f052b9e262f446482afaf4bffca"},
+    {file = "pillow-10.4.0-cp312-cp312-manylinux_2_28_aarch64.whl", hash = "sha256:f5b92f4d70791b4a67157321c4e8225d60b119c5cc9aee8ecf153aace4aad4ef"},
+    {file = "pillow-10.4.0-cp312-cp312-manylinux_2_28_x86_64.whl", hash = "sha256:86dcb5a1eb778d8b25659d5e4341269e8590ad6b4e8b44d9f4b07f8d136c414a"},
+    {file = "pillow-10.4.0-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:780c072c2e11c9b2c7ca37f9a2ee8ba66f44367ac3e5c7832afcfe5104fd6d1b"},
+    {file = "pillow-10.4.0-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:37fb69d905be665f68f28a8bba3c6d3223c8efe1edf14cc4cfa06c241f8c81d9"},
+    {file = "pillow-10.4.0-cp312-cp312-win32.whl", hash = "sha256:7dfecdbad5c301d7b5bde160150b4db4c659cee2b69589705b6f8a0c509d9f42"},
+    {file = "pillow-10.4.0-cp312-cp312-win_amd64.whl", hash = "sha256:1d846aea995ad352d4bdcc847535bd56e0fd88d36829d2c90be880ef1ee4668a"},
+    {file = "pillow-10.4.0-cp312-cp312-win_arm64.whl", hash = "sha256:e553cad5179a66ba15bb18b353a19020e73a7921296a7979c4a2b7f6a5cd57f9"},
+    {file = "pillow-10.4.0-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:8bc1a764ed8c957a2e9cacf97c8b2b053b70307cf2996aafd70e91a082e70df3"},
+    {file = "pillow-10.4.0-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:6209bb41dc692ddfee4942517c19ee81b86c864b626dbfca272ec0f7cff5d9fb"},
+    {file = "pillow-10.4.0-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:bee197b30783295d2eb680b311af15a20a8b24024a19c3a26431ff83eb8d1f70"},
+    {file = "pillow-10.4.0-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:1ef61f5dd14c300786318482456481463b9d6b91ebe5ef12f405afbba77ed0be"},
+    {file = "pillow-10.4.0-cp313-cp313-manylinux_2_28_aarch64.whl", hash = "sha256:297e388da6e248c98bc4a02e018966af0c5f92dfacf5a5ca22fa01cb3179bca0"},
+    {file = "pillow-10.4.0-cp313-cp313-manylinux_2_28_x86_64.whl", hash = "sha256:e4db64794ccdf6cb83a59d73405f63adbe2a1887012e308828596100a0b2f6cc"},
+    {file = "pillow-10.4.0-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:bd2880a07482090a3bcb01f4265f1936a903d70bc740bfcb1fd4e8a2ffe5cf5a"},
+    {file = "pillow-10.4.0-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:4b35b21b819ac1dbd1233317adeecd63495f6babf21b7b2512d244ff6c6ce309"},
+    {file = "pillow-10.4.0-cp313-cp313-win32.whl", hash = "sha256:551d3fd6e9dc15e4c1eb6fc4ba2b39c0c7933fa113b220057a34f4bb3268a060"},
+    {file = "pillow-10.4.0-cp313-cp313-win_amd64.whl", hash = "sha256:030abdbe43ee02e0de642aee345efa443740aa4d828bfe8e2eb11922ea6a21ea"},
+    {file = "pillow-10.4.0-cp313-cp313-win_arm64.whl", hash = "sha256:5b001114dd152cfd6b23befeb28d7aee43553e2402c9f159807bf55f33af8a8d"},
+    {file = "pillow-10.4.0-cp38-cp38-macosx_10_10_x86_64.whl", hash = "sha256:8d4d5063501b6dd4024b8ac2f04962d661222d120381272deea52e3fc52d3736"},
+    {file = "pillow-10.4.0-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:7c1ee6f42250df403c5f103cbd2768a28fe1a0ea1f0f03fe151c8741e1469c8b"},
+    {file = "pillow-10.4.0-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:b15e02e9bb4c21e39876698abf233c8c579127986f8207200bc8a8f6bb27acf2"},
+    {file = "pillow-10.4.0-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:7a8d4bade9952ea9a77d0c3e49cbd8b2890a399422258a77f357b9cc9be8d680"},
+    {file = "pillow-10.4.0-cp38-cp38-manylinux_2_28_aarch64.whl", hash = "sha256:43efea75eb06b95d1631cb784aa40156177bf9dd5b4b03ff38979e048258bc6b"},
+    {file = "pillow-10.4.0-cp38-cp38-manylinux_2_28_x86_64.whl", hash = "sha256:950be4d8ba92aca4b2bb0741285a46bfae3ca699ef913ec8416c1b78eadd64cd"},
+    {file = "pillow-10.4.0-cp38-cp38-musllinux_1_2_aarch64.whl", hash = "sha256:d7480af14364494365e89d6fddc510a13e5a2c3584cb19ef65415ca57252fb84"},
+    {file = "pillow-10.4.0-cp38-cp38-musllinux_1_2_x86_64.whl", hash = "sha256:73664fe514b34c8f02452ffb73b7a92c6774e39a647087f83d67f010eb9a0cf0"},
+    {file = "pillow-10.4.0-cp38-cp38-win32.whl", hash = "sha256:e88d5e6ad0d026fba7bdab8c3f225a69f063f116462c49892b0149e21b6c0a0e"},
+    {file = "pillow-10.4.0-cp38-cp38-win_amd64.whl", hash = "sha256:5161eef006d335e46895297f642341111945e2c1c899eb406882a6c61a4357ab"},
+    {file = "pillow-10.4.0-cp39-cp39-macosx_10_10_x86_64.whl", hash = "sha256:0ae24a547e8b711ccaaf99c9ae3cd975470e1a30caa80a6aaee9a2f19c05701d"},
+    {file = "pillow-10.4.0-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:298478fe4f77a4408895605f3482b6cc6222c018b2ce565c2b6b9c354ac3229b"},
+    {file = "pillow-10.4.0-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:134ace6dc392116566980ee7436477d844520a26a4b1bd4053f6f47d096997fd"},
+    {file = "pillow-10.4.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:930044bb7679ab003b14023138b50181899da3f25de50e9dbee23b61b4de2126"},
+    {file = "pillow-10.4.0-cp39-cp39-manylinux_2_28_aarch64.whl", hash = "sha256:c76e5786951e72ed3686e122d14c5d7012f16c8303a674d18cdcd6d89557fc5b"},
+    {file = "pillow-10.4.0-cp39-cp39-manylinux_2_28_x86_64.whl", hash = "sha256:b2724fdb354a868ddf9a880cb84d102da914e99119211ef7ecbdc613b8c96b3c"},
+    {file = "pillow-10.4.0-cp39-cp39-musllinux_1_2_aarch64.whl", hash = "sha256:dbc6ae66518ab3c5847659e9988c3b60dc94ffb48ef9168656e0019a93dbf8a1"},
+    {file = "pillow-10.4.0-cp39-cp39-musllinux_1_2_x86_64.whl", hash = "sha256:06b2f7898047ae93fad74467ec3d28fe84f7831370e3c258afa533f81ef7f3df"},
+    {file = "pillow-10.4.0-cp39-cp39-win32.whl", hash = "sha256:7970285ab628a3779aecc35823296a7869f889b8329c16ad5a71e4901a3dc4ef"},
+    {file = "pillow-10.4.0-cp39-cp39-win_amd64.whl", hash = "sha256:961a7293b2457b405967af9c77dcaa43cc1a8cd50d23c532e62d48ab6cdd56f5"},
+    {file = "pillow-10.4.0-cp39-cp39-win_arm64.whl", hash = "sha256:32cda9e3d601a52baccb2856b8ea1fc213c90b340c542dcef77140dfa3278a9e"},
+    {file = "pillow-10.4.0-pp310-pypy310_pp73-macosx_10_15_x86_64.whl", hash = "sha256:5b4815f2e65b30f5fbae9dfffa8636d992d49705723fe86a3661806e069352d4"},
+    {file = "pillow-10.4.0-pp310-pypy310_pp73-macosx_11_0_arm64.whl", hash = "sha256:8f0aef4ef59694b12cadee839e2ba6afeab89c0f39a3adc02ed51d109117b8da"},
+    {file = "pillow-10.4.0-pp310-pypy310_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:9f4727572e2918acaa9077c919cbbeb73bd2b3ebcfe033b72f858fc9fbef0026"},
+    {file = "pillow-10.4.0-pp310-pypy310_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:ff25afb18123cea58a591ea0244b92eb1e61a1fd497bf6d6384f09bc3262ec3e"},
+    {file = "pillow-10.4.0-pp310-pypy310_pp73-manylinux_2_28_aarch64.whl", hash = "sha256:dc3e2db6ba09ffd7d02ae9141cfa0ae23393ee7687248d46a7507b75d610f4f5"},
+    {file = "pillow-10.4.0-pp310-pypy310_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:02a2be69f9c9b8c1e97cf2713e789d4e398c751ecfd9967c18d0ce304efbf885"},
+    {file = "pillow-10.4.0-pp310-pypy310_pp73-win_amd64.whl", hash = "sha256:0755ffd4a0c6f267cccbae2e9903d95477ca2f77c4fcf3a3a09570001856c8a5"},
+    {file = "pillow-10.4.0-pp39-pypy39_pp73-macosx_10_15_x86_64.whl", hash = "sha256:a02364621fe369e06200d4a16558e056fe2805d3468350df3aef21e00d26214b"},
+    {file = "pillow-10.4.0-pp39-pypy39_pp73-macosx_11_0_arm64.whl", hash = "sha256:1b5dea9831a90e9d0721ec417a80d4cbd7022093ac38a568db2dd78363b00908"},
+    {file = "pillow-10.4.0-pp39-pypy39_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:9b885f89040bb8c4a1573566bbb2f44f5c505ef6e74cec7ab9068c900047f04b"},
+    {file = "pillow-10.4.0-pp39-pypy39_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:87dd88ded2e6d74d31e1e0a99a726a6765cda32d00ba72dc37f0651f306daaa8"},
+    {file = "pillow-10.4.0-pp39-pypy39_pp73-manylinux_2_28_aarch64.whl", hash = "sha256:2db98790afc70118bd0255c2eeb465e9767ecf1f3c25f9a1abb8ffc8cfd1fe0a"},
+    {file = "pillow-10.4.0-pp39-pypy39_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:f7baece4ce06bade126fb84b8af1c33439a76d8a6fd818970215e0560ca28c27"},
+    {file = "pillow-10.4.0-pp39-pypy39_pp73-win_amd64.whl", hash = "sha256:cfdd747216947628af7b259d274771d84db2268ca062dd5faf373639d00113a3"},
+    {file = "pillow-10.4.0.tar.gz", hash = "sha256:166c1cd4d24309b30d61f79f4a9114b7b2313d7450912277855ff5dfd7cd4a06"},
+]
+
+[package.extras]
+docs = ["furo", "olefile", "sphinx (>=7.3)", "sphinx-copybutton", "sphinx-inline-tabs", "sphinxext-opengraph"]
+fpx = ["olefile"]
+mic = ["olefile"]
+tests = ["check-manifest", "coverage", "defusedxml", "markdown2", "olefile", "packaging", "pyroma", "pytest", "pytest-cov", "pytest-timeout"]
+typing = ["typing-extensions"]
+xmp = ["defusedxml"]
+
+[[package]]
+name = "protobuf"
+version = "5.27.3"
+description = ""
+optional = false
+python-versions = ">=3.8"
+files = [
+    {file = "protobuf-5.27.3-cp310-abi3-win32.whl", hash = "sha256:dcb307cd4ef8fec0cf52cb9105a03d06fbb5275ce6d84a6ae33bc6cf84e0a07b"},
+    {file = "protobuf-5.27.3-cp310-abi3-win_amd64.whl", hash = "sha256:16ddf3f8c6c41e1e803da7abea17b1793a97ef079a912e42351eabb19b2cffe7"},
+    {file = "protobuf-5.27.3-cp38-abi3-macosx_10_9_universal2.whl", hash = "sha256:68248c60d53f6168f565a8c76dc58ba4fa2ade31c2d1ebdae6d80f969cdc2d4f"},
+    {file = "protobuf-5.27.3-cp38-abi3-manylinux2014_aarch64.whl", hash = "sha256:b8a994fb3d1c11156e7d1e427186662b64694a62b55936b2b9348f0a7c6625ce"},
+    {file = "protobuf-5.27.3-cp38-abi3-manylinux2014_x86_64.whl", hash = "sha256:a55c48f2a2092d8e213bd143474df33a6ae751b781dd1d1f4d953c128a415b25"},
+    {file = "protobuf-5.27.3-cp38-cp38-win32.whl", hash = "sha256:043853dcb55cc262bf2e116215ad43fa0859caab79bb0b2d31b708f128ece035"},
+    {file = "protobuf-5.27.3-cp38-cp38-win_amd64.whl", hash = "sha256:c2a105c24f08b1e53d6c7ffe69cb09d0031512f0b72f812dd4005b8112dbe91e"},
+    {file = "protobuf-5.27.3-cp39-cp39-win32.whl", hash = "sha256:c84eee2c71ed83704f1afbf1a85c3171eab0fd1ade3b399b3fad0884cbcca8bf"},
+    {file = "protobuf-5.27.3-cp39-cp39-win_amd64.whl", hash = "sha256:af7c0b7cfbbb649ad26132e53faa348580f844d9ca46fd3ec7ca48a1ea5db8a1"},
+    {file = "protobuf-5.27.3-py3-none-any.whl", hash = "sha256:8572c6533e544ebf6899c360e91d6bcbbee2549251643d32c52cf8a5de295ba5"},
+    {file = "protobuf-5.27.3.tar.gz", hash = "sha256:82460903e640f2b7e34ee81a947fdaad89de796d324bcbc38ff5430bcdead82c"},
+]
+
+[[package]]
+name = "pyarrow"
+version = "17.0.0"
+description = "Python library for Apache Arrow"
+optional = false
+python-versions = ">=3.8"
+files = [
+    {file = "pyarrow-17.0.0-cp310-cp310-macosx_10_15_x86_64.whl", hash = "sha256:a5c8b238d47e48812ee577ee20c9a2779e6a5904f1708ae240f53ecbee7c9f07"},
+    {file = "pyarrow-17.0.0-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:db023dc4c6cae1015de9e198d41250688383c3f9af8f565370ab2b4cb5f62655"},
+    {file = "pyarrow-17.0.0-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:da1e060b3876faa11cee287839f9cc7cdc00649f475714b8680a05fd9071d545"},
+    {file = "pyarrow-17.0.0-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:75c06d4624c0ad6674364bb46ef38c3132768139ddec1c56582dbac54f2663e2"},
+    {file = "pyarrow-17.0.0-cp310-cp310-manylinux_2_28_aarch64.whl", hash = "sha256:fa3c246cc58cb5a4a5cb407a18f193354ea47dd0648194e6265bd24177982fe8"},
+    {file = "pyarrow-17.0.0-cp310-cp310-manylinux_2_28_x86_64.whl", hash = "sha256:f7ae2de664e0b158d1607699a16a488de3d008ba99b3a7aa5de1cbc13574d047"},
+    {file = "pyarrow-17.0.0-cp310-cp310-win_amd64.whl", hash = "sha256:5984f416552eea15fd9cee03da53542bf4cddaef5afecefb9aa8d1010c335087"},
+    {file = "pyarrow-17.0.0-cp311-cp311-macosx_10_15_x86_64.whl", hash = "sha256:1c8856e2ef09eb87ecf937104aacfa0708f22dfeb039c363ec99735190ffb977"},
+    {file = "pyarrow-17.0.0-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:2e19f569567efcbbd42084e87f948778eb371d308e137a0f97afe19bb860ccb3"},
+    {file = "pyarrow-17.0.0-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:6b244dc8e08a23b3e352899a006a26ae7b4d0da7bb636872fa8f5884e70acf15"},
+    {file = "pyarrow-17.0.0-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:0b72e87fe3e1db343995562f7fff8aee354b55ee83d13afba65400c178ab2597"},
+    {file = "pyarrow-17.0.0-cp311-cp311-manylinux_2_28_aarch64.whl", hash = "sha256:dc5c31c37409dfbc5d014047817cb4ccd8c1ea25d19576acf1a001fe07f5b420"},
+    {file = "pyarrow-17.0.0-cp311-cp311-manylinux_2_28_x86_64.whl", hash = "sha256:e3343cb1e88bc2ea605986d4b94948716edc7a8d14afd4e2c097232f729758b4"},
+    {file = "pyarrow-17.0.0-cp311-cp311-win_amd64.whl", hash = "sha256:a27532c38f3de9eb3e90ecab63dfda948a8ca859a66e3a47f5f42d1e403c4d03"},
+    {file = "pyarrow-17.0.0-cp312-cp312-macosx_10_15_x86_64.whl", hash = "sha256:9b8a823cea605221e61f34859dcc03207e52e409ccf6354634143e23af7c8d22"},
+    {file = "pyarrow-17.0.0-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:f1e70de6cb5790a50b01d2b686d54aaf73da01266850b05e3af2a1bc89e16053"},
+    {file = "pyarrow-17.0.0-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:0071ce35788c6f9077ff9ecba4858108eebe2ea5a3f7cf2cf55ebc1dbc6ee24a"},
+    {file = "pyarrow-17.0.0-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:757074882f844411fcca735e39aae74248a1531367a7c80799b4266390ae51cc"},
+    {file = "pyarrow-17.0.0-cp312-cp312-manylinux_2_28_aarch64.whl", hash = "sha256:9ba11c4f16976e89146781a83833df7f82077cdab7dc6232c897789343f7891a"},
+    {file = "pyarrow-17.0.0-cp312-cp312-manylinux_2_28_x86_64.whl", hash = "sha256:b0c6ac301093b42d34410b187bba560b17c0330f64907bfa4f7f7f2444b0cf9b"},
+    {file = "pyarrow-17.0.0-cp312-cp312-win_amd64.whl", hash = "sha256:392bc9feabc647338e6c89267635e111d71edad5fcffba204425a7c8d13610d7"},
+    {file = "pyarrow-17.0.0-cp38-cp38-macosx_10_15_x86_64.whl", hash = "sha256:af5ff82a04b2171415f1410cff7ebb79861afc5dae50be73ce06d6e870615204"},
+    {file = "pyarrow-17.0.0-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:edca18eaca89cd6382dfbcff3dd2d87633433043650c07375d095cd3517561d8"},
+    {file = "pyarrow-17.0.0-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:7c7916bff914ac5d4a8fe25b7a25e432ff921e72f6f2b7547d1e325c1ad9d155"},
+    {file = "pyarrow-17.0.0-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:f553ca691b9e94b202ff741bdd40f6ccb70cdd5fbf65c187af132f1317de6145"},
+    {file = "pyarrow-17.0.0-cp38-cp38-manylinux_2_28_aarch64.whl", hash = "sha256:0cdb0e627c86c373205a2f94a510ac4376fdc523f8bb36beab2e7f204416163c"},
+    {file = "pyarrow-17.0.0-cp38-cp38-manylinux_2_28_x86_64.whl", hash = "sha256:d7d192305d9d8bc9082d10f361fc70a73590a4c65cf31c3e6926cd72b76bc35c"},
+    {file = "pyarrow-17.0.0-cp38-cp38-win_amd64.whl", hash = "sha256:02dae06ce212d8b3244dd3e7d12d9c4d3046945a5933d28026598e9dbbda1fca"},
+    {file = "pyarrow-17.0.0-cp39-cp39-macosx_10_15_x86_64.whl", hash = "sha256:13d7a460b412f31e4c0efa1148e1d29bdf18ad1411eb6757d38f8fbdcc8645fb"},
+    {file = "pyarrow-17.0.0-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:9b564a51fbccfab5a04a80453e5ac6c9954a9c5ef2890d1bcf63741909c3f8df"},
+    {file = "pyarrow-17.0.0-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:32503827abbc5aadedfa235f5ece8c4f8f8b0a3cf01066bc8d29de7539532687"},
+    {file = "pyarrow-17.0.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:a155acc7f154b9ffcc85497509bcd0d43efb80d6f733b0dc3bb14e281f131c8b"},
+    {file = "pyarrow-17.0.0-cp39-cp39-manylinux_2_28_aarch64.whl", hash = "sha256:dec8d129254d0188a49f8a1fc99e0560dc1b85f60af729f47de4046015f9b0a5"},
+    {file = "pyarrow-17.0.0-cp39-cp39-manylinux_2_28_x86_64.whl", hash = "sha256:a48ddf5c3c6a6c505904545c25a4ae13646ae1f8ba703c4df4a1bfe4f4006bda"},
+    {file = "pyarrow-17.0.0-cp39-cp39-win_amd64.whl", hash = "sha256:42bf93249a083aca230ba7e2786c5f673507fa97bbd9725a1e2754715151a204"},
+    {file = "pyarrow-17.0.0.tar.gz", hash = "sha256:4beca9521ed2c0921c1023e68d097d0299b62c362639ea315572a58f3f50fd28"},
+]
+
+[package.dependencies]
+numpy = ">=1.16.6"
+
+[package.extras]
+test = ["cffi", "hypothesis", "pandas", "pytest", "pytz"]
+
+[[package]]
+name = "pydeck"
+version = "0.9.1"
+description = "Widget for deck.gl maps"
+optional = false
+python-versions = ">=3.8"
+files = [
+    {file = "pydeck-0.9.1-py2.py3-none-any.whl", hash = "sha256:b3f75ba0d273fc917094fa61224f3f6076ca8752b93d46faf3bcfd9f9d59b038"},
+    {file = "pydeck-0.9.1.tar.gz", hash = "sha256:f74475ae637951d63f2ee58326757f8d4f9cd9f2a457cf42950715003e2cb605"},
+]
+
+[package.dependencies]
+jinja2 = ">=2.10.1"
+numpy = ">=1.16.4"
+
+[package.extras]
+carto = ["pydeck-carto"]
+jupyter = ["ipykernel (>=5.1.2)", "ipython (>=5.8.0)", "ipywidgets (>=7,<8)", "traitlets (>=4.3.2)"]
+
+[[package]]
+name = "pygments"
+version = "2.18.0"
+description = "Pygments is a syntax highlighting package written in Python."
+optional = false
+python-versions = ">=3.8"
+files = [
+    {file = "pygments-2.18.0-py3-none-any.whl", hash = "sha256:b8e6aca0523f3ab76fee51799c488e38782ac06eafcf95e7ba832985c8e7b13a"},
+    {file = "pygments-2.18.0.tar.gz", hash = "sha256:786ff802f32e91311bff3889f6e9a86e81505fe99f2735bb6d60ae0c5004f199"},
+]
+
+[package.extras]
+windows-terminal = ["colorama (>=0.4.6)"]
+
+[[package]]
+name = "python-dateutil"
+version = "2.9.0.post0"
+description = "Extensions to the standard Python datetime module"
+optional = false
+python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,>=2.7"
+files = [
+    {file = "python-dateutil-2.9.0.post0.tar.gz", hash = "sha256:37dd54208da7e1cd875388217d5e00ebd4179249f90fb72437e91a35459a0ad3"},
+    {file = "python_dateutil-2.9.0.post0-py2.py3-none-any.whl", hash = "sha256:a8b2bc7bffae282281c8140a97d3aa9c14da0b136dfe83f850eea9a5f7470427"},
+]
+
+[package.dependencies]
+six = ">=1.5"
+
+[[package]]
+name = "pytz"
+version = "2024.1"
+description = "World timezone definitions, modern and historical"
+optional = false
+python-versions = "*"
+files = [
+    {file = "pytz-2024.1-py2.py3-none-any.whl", hash = "sha256:328171f4e3623139da4983451950b28e95ac706e13f3f2630a879749e7a8b319"},
+    {file = "pytz-2024.1.tar.gz", hash = "sha256:2a29735ea9c18baf14b448846bde5a48030ed267578472d8955cd0e7443a9812"},
+]
+
+[[package]]
+name = "referencing"
+version = "0.35.1"
+description = "JSON Referencing + Python"
+optional = false
+python-versions = ">=3.8"
+files = [
+    {file = "referencing-0.35.1-py3-none-any.whl", hash = "sha256:eda6d3234d62814d1c64e305c1331c9a3a6132da475ab6382eaa997b21ee75de"},
+    {file = "referencing-0.35.1.tar.gz", hash = "sha256:25b42124a6c8b632a425174f24087783efb348a6f1e0008e63cd4466fedf703c"},
+]
+
+[package.dependencies]
+attrs = ">=22.2.0"
+rpds-py = ">=0.7.0"
+
+[[package]]
+name = "requests"
+version = "2.32.3"
+description = "Python HTTP for Humans."
+optional = false
+python-versions = ">=3.8"
+files = [
+    {file = "requests-2.32.3-py3-none-any.whl", hash = "sha256:70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6"},
+    {file = "requests-2.32.3.tar.gz", hash = "sha256:55365417734eb18255590a9ff9eb97e9e1da868d4ccd6402399eaf68af20a760"},
+]
+
+[package.dependencies]
+certifi = ">=2017.4.17"
+charset-normalizer = ">=2,<4"
+idna = ">=2.5,<4"
+urllib3 = ">=1.21.1,<3"
+
+[package.extras]
+socks = ["PySocks (>=1.5.6,!=1.5.7)"]
+use-chardet-on-py3 = ["chardet (>=3.0.2,<6)"]
+
+[[package]]
+name = "rich"
+version = "13.7.1"
+description = "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal"
+optional = false
+python-versions = ">=3.7.0"
+files = [
+    {file = "rich-13.7.1-py3-none-any.whl", hash = "sha256:4edbae314f59eb482f54e9e30bf00d33350aaa94f4bfcd4e9e3110e64d0d7222"},
+    {file = "rich-13.7.1.tar.gz", hash = "sha256:9be308cb1fe2f1f57d67ce99e95af38a1e2bc71ad9813b0e247cf7ffbcc3a432"},
+]
+
+[package.dependencies]
+markdown-it-py = ">=2.2.0"
+pygments = ">=2.13.0,<3.0.0"
+
+[package.extras]
+jupyter = ["ipywidgets (>=7.5.1,<9)"]
+
+[[package]]
+name = "rpds-py"
+version = "0.19.1"
+description = "Python bindings to Rust's persistent data structures (rpds)"
+optional = false
+python-versions = ">=3.8"
+files = [
+    {file = "rpds_py-0.19.1-cp310-cp310-macosx_10_12_x86_64.whl", hash = "sha256:aaf71f95b21f9dc708123335df22e5a2fef6307e3e6f9ed773b2e0938cc4d491"},
+    {file = "rpds_py-0.19.1-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:ca0dda0c5715efe2ab35bb83f813f681ebcd2840d8b1b92bfc6fe3ab382fae4a"},
+    {file = "rpds_py-0.19.1-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:81db2e7282cc0487f500d4db203edc57da81acde9e35f061d69ed983228ffe3b"},
+    {file = "rpds_py-0.19.1-cp310-cp310-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:1a8dfa125b60ec00c7c9baef945bb04abf8ac772d8ebefd79dae2a5f316d7850"},
+    {file = "rpds_py-0.19.1-cp310-cp310-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:271accf41b02687cef26367c775ab220372ee0f4925591c6796e7c148c50cab5"},
+    {file = "rpds_py-0.19.1-cp310-cp310-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:f9bc4161bd3b970cd6a6fcda70583ad4afd10f2750609fb1f3ca9505050d4ef3"},
+    {file = "rpds_py-0.19.1-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:f0cf2a0dbb5987da4bd92a7ca727eadb225581dd9681365beba9accbe5308f7d"},
+    {file = "rpds_py-0.19.1-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:b5e28e56143750808c1c79c70a16519e9bc0a68b623197b96292b21b62d6055c"},
+    {file = "rpds_py-0.19.1-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:c7af6f7b80f687b33a4cdb0a785a5d4de1fb027a44c9a049d8eb67d5bfe8a687"},
+    {file = "rpds_py-0.19.1-cp310-cp310-musllinux_1_2_i686.whl", hash = "sha256:e429fc517a1c5e2a70d576077231538a98d59a45dfc552d1ac45a132844e6dfb"},
+    {file = "rpds_py-0.19.1-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:d2dbd8f4990d4788cb122f63bf000357533f34860d269c1a8e90ae362090ff3a"},
+    {file = "rpds_py-0.19.1-cp310-none-win32.whl", hash = "sha256:e0f9d268b19e8f61bf42a1da48276bcd05f7ab5560311f541d22557f8227b866"},
+    {file = "rpds_py-0.19.1-cp310-none-win_amd64.whl", hash = "sha256:df7c841813f6265e636fe548a49664c77af31ddfa0085515326342a751a6ba51"},
+    {file = "rpds_py-0.19.1-cp311-cp311-macosx_10_12_x86_64.whl", hash = "sha256:902cf4739458852fe917104365ec0efbea7d29a15e4276c96a8d33e6ed8ec137"},
+    {file = "rpds_py-0.19.1-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:f3d73022990ab0c8b172cce57c69fd9a89c24fd473a5e79cbce92df87e3d9c48"},
+    {file = "rpds_py-0.19.1-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:3837c63dd6918a24de6c526277910e3766d8c2b1627c500b155f3eecad8fad65"},
+    {file = "rpds_py-0.19.1-cp311-cp311-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:cdb7eb3cf3deb3dd9e7b8749323b5d970052711f9e1e9f36364163627f96da58"},
+    {file = "rpds_py-0.19.1-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:26ab43b6d65d25b1a333c8d1b1c2f8399385ff683a35ab5e274ba7b8bb7dc61c"},
+    {file = "rpds_py-0.19.1-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:75130df05aae7a7ac171b3b5b24714cffeabd054ad2ebc18870b3aa4526eba23"},
+    {file = "rpds_py-0.19.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:c34f751bf67cab69638564eee34023909380ba3e0d8ee7f6fe473079bf93f09b"},
+    {file = "rpds_py-0.19.1-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:f2671cb47e50a97f419a02cd1e0c339b31de017b033186358db92f4d8e2e17d8"},
+    {file = "rpds_py-0.19.1-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:3c73254c256081704dba0a333457e2fb815364018788f9b501efe7c5e0ada401"},
+    {file = "rpds_py-0.19.1-cp311-cp311-musllinux_1_2_i686.whl", hash = "sha256:4383beb4a29935b8fa28aca8fa84c956bf545cb0c46307b091b8d312a9150e6a"},
+    {file = "rpds_py-0.19.1-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:dbceedcf4a9329cc665452db1aaf0845b85c666e4885b92ee0cddb1dbf7e052a"},
+    {file = "rpds_py-0.19.1-cp311-none-win32.whl", hash = "sha256:f0a6d4a93d2a05daec7cb885157c97bbb0be4da739d6f9dfb02e101eb40921cd"},
+    {file = "rpds_py-0.19.1-cp311-none-win_amd64.whl", hash = "sha256:c149a652aeac4902ecff2dd93c3b2681c608bd5208c793c4a99404b3e1afc87c"},
+    {file = "rpds_py-0.19.1-cp312-cp312-macosx_10_12_x86_64.whl", hash = "sha256:56313be667a837ff1ea3508cebb1ef6681d418fa2913a0635386cf29cff35165"},
+    {file = "rpds_py-0.19.1-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:6d1d7539043b2b31307f2c6c72957a97c839a88b2629a348ebabe5aa8b626d6b"},
+    {file = "rpds_py-0.19.1-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:3e1dc59a5e7bc7f44bd0c048681f5e05356e479c50be4f2c1a7089103f1621d5"},
+    {file = "rpds_py-0.19.1-cp312-cp312-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:b8f78398e67a7227aefa95f876481485403eb974b29e9dc38b307bb6eb2315ea"},
+    {file = "rpds_py-0.19.1-cp312-cp312-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:ef07a0a1d254eeb16455d839cef6e8c2ed127f47f014bbda64a58b5482b6c836"},
+    {file = "rpds_py-0.19.1-cp312-cp312-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:8124101e92c56827bebef084ff106e8ea11c743256149a95b9fd860d3a4f331f"},
+    {file = "rpds_py-0.19.1-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:08ce9c95a0b093b7aec75676b356a27879901488abc27e9d029273d280438505"},
+    {file = "rpds_py-0.19.1-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:0b02dd77a2de6e49078c8937aadabe933ceac04b41c5dde5eca13a69f3cf144e"},
+    {file = "rpds_py-0.19.1-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:4dd02e29c8cbed21a1875330b07246b71121a1c08e29f0ee3db5b4cfe16980c4"},
+    {file = "rpds_py-0.19.1-cp312-cp312-musllinux_1_2_i686.whl", hash = "sha256:9c7042488165f7251dc7894cd533a875d2875af6d3b0e09eda9c4b334627ad1c"},
+    {file = "rpds_py-0.19.1-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:f809a17cc78bd331e137caa25262b507225854073fd319e987bd216bed911b7c"},
+    {file = "rpds_py-0.19.1-cp312-none-win32.whl", hash = "sha256:3ddab996807c6b4227967fe1587febade4e48ac47bb0e2d3e7858bc621b1cace"},
+    {file = "rpds_py-0.19.1-cp312-none-win_amd64.whl", hash = "sha256:32e0db3d6e4f45601b58e4ac75c6f24afbf99818c647cc2066f3e4b192dabb1f"},
+    {file = "rpds_py-0.19.1-cp313-cp313-macosx_10_12_x86_64.whl", hash = "sha256:747251e428406b05fc86fee3904ee19550c4d2d19258cef274e2151f31ae9d38"},
+    {file = "rpds_py-0.19.1-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:dc733d35f861f8d78abfaf54035461e10423422999b360966bf1c443cbc42705"},
+    {file = "rpds_py-0.19.1-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:bbda75f245caecff8faa7e32ee94dfaa8312a3367397975527f29654cd17a6ed"},
+    {file = "rpds_py-0.19.1-cp313-cp313-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:bd04d8cab16cab5b0a9ffc7d10f0779cf1120ab16c3925404428f74a0a43205a"},
+    {file = "rpds_py-0.19.1-cp313-cp313-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:e2d66eb41ffca6cc3c91d8387509d27ba73ad28371ef90255c50cb51f8953301"},
+    {file = "rpds_py-0.19.1-cp313-cp313-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:fdf4890cda3b59170009d012fca3294c00140e7f2abe1910e6a730809d0f3f9b"},
+    {file = "rpds_py-0.19.1-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:d1fa67ef839bad3815124f5f57e48cd50ff392f4911a9f3cf449d66fa3df62a5"},
+    {file = "rpds_py-0.19.1-cp313-cp313-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:b82c9514c6d74b89a370c4060bdb80d2299bc6857e462e4a215b4ef7aa7b090e"},
+    {file = "rpds_py-0.19.1-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:c7b07959866a6afb019abb9564d8a55046feb7a84506c74a6f197cbcdf8a208e"},
+    {file = "rpds_py-0.19.1-cp313-cp313-musllinux_1_2_i686.whl", hash = "sha256:4f580ae79d0b861dfd912494ab9d477bea535bfb4756a2269130b6607a21802e"},
+    {file = "rpds_py-0.19.1-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:c6d20c8896c00775e6f62d8373aba32956aa0b850d02b5ec493f486c88e12859"},
+    {file = "rpds_py-0.19.1-cp313-none-win32.whl", hash = "sha256:afedc35fe4b9e30ab240b208bb9dc8938cb4afe9187589e8d8d085e1aacb8309"},
+    {file = "rpds_py-0.19.1-cp313-none-win_amd64.whl", hash = "sha256:1d4af2eb520d759f48f1073ad3caef997d1bfd910dc34e41261a595d3f038a94"},
+    {file = "rpds_py-0.19.1-cp38-cp38-macosx_10_12_x86_64.whl", hash = "sha256:34bca66e2e3eabc8a19e9afe0d3e77789733c702c7c43cd008e953d5d1463fde"},
+    {file = "rpds_py-0.19.1-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:24f8ae92c7fae7c28d0fae9b52829235df83f34847aa8160a47eb229d9666c7b"},
+    {file = "rpds_py-0.19.1-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:71157f9db7f6bc6599a852852f3389343bea34315b4e6f109e5cbc97c1fb2963"},
+    {file = "rpds_py-0.19.1-cp38-cp38-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:1d494887d40dc4dd0d5a71e9d07324e5c09c4383d93942d391727e7a40ff810b"},
+    {file = "rpds_py-0.19.1-cp38-cp38-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:7b3661e6d4ba63a094138032c1356d557de5b3ea6fd3cca62a195f623e381c76"},
+    {file = "rpds_py-0.19.1-cp38-cp38-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:97fbb77eaeb97591efdc654b8b5f3ccc066406ccfb3175b41382f221ecc216e8"},
+    {file = "rpds_py-0.19.1-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:4cc4bc73e53af8e7a42c8fd7923bbe35babacfa7394ae9240b3430b5dcf16b2a"},
+    {file = "rpds_py-0.19.1-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:35af5e4d5448fa179fd7fff0bba0fba51f876cd55212f96c8bbcecc5c684ae5c"},
+    {file = "rpds_py-0.19.1-cp38-cp38-musllinux_1_2_aarch64.whl", hash = "sha256:3511f6baf8438326e351097cecd137eb45c5f019944fe0fd0ae2fea2fd26be39"},
+    {file = "rpds_py-0.19.1-cp38-cp38-musllinux_1_2_i686.whl", hash = "sha256:57863d16187995c10fe9cf911b897ed443ac68189179541734502353af33e693"},
+    {file = "rpds_py-0.19.1-cp38-cp38-musllinux_1_2_x86_64.whl", hash = "sha256:9e318e6786b1e750a62f90c6f7fa8b542102bdcf97c7c4de2a48b50b61bd36ec"},
+    {file = "rpds_py-0.19.1-cp38-none-win32.whl", hash = "sha256:53dbc35808c6faa2ce3e48571f8f74ef70802218554884787b86a30947842a14"},
+    {file = "rpds_py-0.19.1-cp38-none-win_amd64.whl", hash = "sha256:8df1c283e57c9cb4d271fdc1875f4a58a143a2d1698eb0d6b7c0d7d5f49c53a1"},
+    {file = "rpds_py-0.19.1-cp39-cp39-macosx_10_12_x86_64.whl", hash = "sha256:e76c902d229a3aa9d5ceb813e1cbcc69bf5bda44c80d574ff1ac1fa3136dea71"},
+    {file = "rpds_py-0.19.1-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:de1f7cd5b6b351e1afd7568bdab94934d656abe273d66cda0ceea43bbc02a0c2"},
+    {file = "rpds_py-0.19.1-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:24fc5a84777cb61692d17988989690d6f34f7f95968ac81398d67c0d0994a897"},
+    {file = "rpds_py-0.19.1-cp39-cp39-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:74129d5ffc4cde992d89d345f7f7d6758320e5d44a369d74d83493429dad2de5"},
+    {file = "rpds_py-0.19.1-cp39-cp39-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:5e360188b72f8080fefa3adfdcf3618604cc8173651c9754f189fece068d2a45"},
+    {file = "rpds_py-0.19.1-cp39-cp39-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:13e6d4840897d4e4e6b2aa1443e3a8eca92b0402182aafc5f4ca1f5e24f9270a"},
+    {file = "rpds_py-0.19.1-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:f09529d2332264a902688031a83c19de8fda5eb5881e44233286b9c9ec91856d"},
+    {file = "rpds_py-0.19.1-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:0d4b52811dcbc1aba08fd88d475f75b4f6db0984ba12275d9bed1a04b2cae9b5"},
+    {file = "rpds_py-0.19.1-cp39-cp39-musllinux_1_2_aarch64.whl", hash = "sha256:dd635c2c4043222d80d80ca1ac4530a633102a9f2ad12252183bcf338c1b9474"},
+    {file = "rpds_py-0.19.1-cp39-cp39-musllinux_1_2_i686.whl", hash = "sha256:f35b34a5184d5e0cc360b61664c1c06e866aab077b5a7c538a3e20c8fcdbf90b"},
+    {file = "rpds_py-0.19.1-cp39-cp39-musllinux_1_2_x86_64.whl", hash = "sha256:d4ec0046facab83012d821b33cead742a35b54575c4edfb7ed7445f63441835f"},
+    {file = "rpds_py-0.19.1-cp39-none-win32.whl", hash = "sha256:f5b8353ea1a4d7dfb59a7f45c04df66ecfd363bb5b35f33b11ea579111d4655f"},
+    {file = "rpds_py-0.19.1-cp39-none-win_amd64.whl", hash = "sha256:1fb93d3486f793d54a094e2bfd9cd97031f63fcb5bc18faeb3dd4b49a1c06523"},
+    {file = "rpds_py-0.19.1-pp310-pypy310_pp73-macosx_10_12_x86_64.whl", hash = "sha256:7d5c7e32f3ee42f77d8ff1a10384b5cdcc2d37035e2e3320ded909aa192d32c3"},
+    {file = "rpds_py-0.19.1-pp310-pypy310_pp73-macosx_11_0_arm64.whl", hash = "sha256:89cc8921a4a5028d6dd388c399fcd2eef232e7040345af3d5b16c04b91cf3c7e"},
+    {file = "rpds_py-0.19.1-pp310-pypy310_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:bca34e913d27401bda2a6f390d0614049f5a95b3b11cd8eff80fe4ec340a1208"},
+    {file = "rpds_py-0.19.1-pp310-pypy310_pp73-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:5953391af1405f968eb5701ebbb577ebc5ced8d0041406f9052638bafe52209d"},
+    {file = "rpds_py-0.19.1-pp310-pypy310_pp73-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:840e18c38098221ea6201f091fc5d4de6128961d2930fbbc96806fb43f69aec1"},
+    {file = "rpds_py-0.19.1-pp310-pypy310_pp73-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:6d8b735c4d162dc7d86a9cf3d717f14b6c73637a1f9cd57fe7e61002d9cb1972"},
+    {file = "rpds_py-0.19.1-pp310-pypy310_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:ce757c7c90d35719b38fa3d4ca55654a76a40716ee299b0865f2de21c146801c"},
+    {file = "rpds_py-0.19.1-pp310-pypy310_pp73-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:a9421b23c85f361a133aa7c5e8ec757668f70343f4ed8fdb5a4a14abd5437244"},
+    {file = "rpds_py-0.19.1-pp310-pypy310_pp73-musllinux_1_2_aarch64.whl", hash = "sha256:3b823be829407393d84ee56dc849dbe3b31b6a326f388e171555b262e8456cc1"},
+    {file = "rpds_py-0.19.1-pp310-pypy310_pp73-musllinux_1_2_i686.whl", hash = "sha256:5e58b61dcbb483a442c6239c3836696b79f2cd8e7eec11e12155d3f6f2d886d1"},
+    {file = "rpds_py-0.19.1-pp310-pypy310_pp73-musllinux_1_2_x86_64.whl", hash = "sha256:39d67896f7235b2c886fb1ee77b1491b77049dcef6fbf0f401e7b4cbed86bbd4"},
+    {file = "rpds_py-0.19.1-pp310-pypy310_pp73-win_amd64.whl", hash = "sha256:8b32cd4ab6db50c875001ba4f5a6b30c0f42151aa1fbf9c2e7e3674893fb1dc4"},
+    {file = "rpds_py-0.19.1-pp39-pypy39_pp73-macosx_10_12_x86_64.whl", hash = "sha256:1c32e41de995f39b6b315d66c27dea3ef7f7c937c06caab4c6a79a5e09e2c415"},
+    {file = "rpds_py-0.19.1-pp39-pypy39_pp73-macosx_11_0_arm64.whl", hash = "sha256:1a129c02b42d46758c87faeea21a9f574e1c858b9f358b6dd0bbd71d17713175"},
+    {file = "rpds_py-0.19.1-pp39-pypy39_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:346557f5b1d8fd9966059b7a748fd79ac59f5752cd0e9498d6a40e3ac1c1875f"},
+    {file = "rpds_py-0.19.1-pp39-pypy39_pp73-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:31e450840f2f27699d014cfc8865cc747184286b26d945bcea6042bb6aa4d26e"},
+    {file = "rpds_py-0.19.1-pp39-pypy39_pp73-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:01227f8b3e6c8961490d869aa65c99653df80d2f0a7fde8c64ebddab2b9b02fd"},
+    {file = "rpds_py-0.19.1-pp39-pypy39_pp73-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:69084fd29bfeff14816666c93a466e85414fe6b7d236cfc108a9c11afa6f7301"},
+    {file = "rpds_py-0.19.1-pp39-pypy39_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:e4d2b88efe65544a7d5121b0c3b003ebba92bfede2ea3577ce548b69c5235185"},
+    {file = "rpds_py-0.19.1-pp39-pypy39_pp73-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:6ea961a674172ed2235d990d7edf85d15d8dfa23ab8575e48306371c070cda67"},
+    {file = "rpds_py-0.19.1-pp39-pypy39_pp73-musllinux_1_2_aarch64.whl", hash = "sha256:5beffdbe766cfe4fb04f30644d822a1080b5359df7db3a63d30fa928375b2720"},
+    {file = "rpds_py-0.19.1-pp39-pypy39_pp73-musllinux_1_2_i686.whl", hash = "sha256:720f3108fb1bfa32e51db58b832898372eb5891e8472a8093008010911e324c5"},
+    {file = "rpds_py-0.19.1-pp39-pypy39_pp73-musllinux_1_2_x86_64.whl", hash = "sha256:c2087dbb76a87ec2c619253e021e4fb20d1a72580feeaa6892b0b3d955175a71"},
+    {file = "rpds_py-0.19.1-pp39-pypy39_pp73-win_amd64.whl", hash = "sha256:2ddd50f18ebc05ec29a0d9271e9dbe93997536da3546677f8ca00b76d477680c"},
+    {file = "rpds_py-0.19.1.tar.gz", hash = "sha256:31dd5794837f00b46f4096aa8ccaa5972f73a938982e32ed817bb520c465e520"},
+]
+
+[[package]]
+name = "six"
+version = "1.16.0"
+description = "Python 2 and 3 compatibility utilities"
+optional = false
+python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*"
+files = [
+    {file = "six-1.16.0-py2.py3-none-any.whl", hash = "sha256:8abb2f1d86890a2dfb989f9a77cfcfd3e47c2a354b01111771326f8aa26e0254"},
+    {file = "six-1.16.0.tar.gz", hash = "sha256:1e61c37477a1626458e36f7b1d82aa5c9b094fa4802892072e49de9c60c4c926"},
+]
+
+[[package]]
+name = "smmap"
+version = "5.0.1"
+description = "A pure Python implementation of a sliding window memory map manager"
+optional = false
+python-versions = ">=3.7"
+files = [
+    {file = "smmap-5.0.1-py3-none-any.whl", hash = "sha256:e6d8668fa5f93e706934a62d7b4db19c8d9eb8cf2adbb75ef1b675aa332b69da"},
+    {file = "smmap-5.0.1.tar.gz", hash = "sha256:dceeb6c0028fdb6734471eb07c0cd2aae706ccaecab45965ee83f11c8d3b1f62"},
+]
+
+[[package]]
+name = "streamlit"
+version = "1.37.0"
+description = "A faster way to build and share data apps"
+optional = false
+python-versions = "!=3.9.7,>=3.8"
+files = [
+    {file = "streamlit-1.37.0-py2.py3-none-any.whl", hash = "sha256:d17e2d32b075a270a97f134ab5d22bbb98b4e474fa261ff49dc4a2b380386c84"},
+    {file = "streamlit-1.37.0.tar.gz", hash = "sha256:463ef728ba21e74e05122e3704e8af644a7bdbb5822e281b8daf4a0a48761879"},
+]
+
+[package.dependencies]
+altair = ">=4.0,<6"
+blinker = ">=1.0.0,<2"
+cachetools = ">=4.0,<6"
+click = ">=7.0,<9"
+gitpython = ">=3.0.7,<3.1.19 || >3.1.19,<4"
+numpy = ">=1.20,<3"
+packaging = ">=20,<25"
+pandas = ">=1.3.0,<3"
+pillow = ">=7.1.0,<11"
+protobuf = ">=3.20,<6"
+pyarrow = ">=7.0"
+pydeck = ">=0.8.0b4,<1"
+requests = ">=2.27,<3"
+rich = ">=10.14.0,<14"
+tenacity = ">=8.1.0,<9"
+toml = ">=0.10.1,<2"
+tornado = ">=6.0.3,<7"
+typing-extensions = ">=4.3.0,<5"
+watchdog = {version = ">=2.1.5,<5", markers = "platform_system != \"Darwin\""}
+
+[package.extras]
+snowflake = ["snowflake-connector-python (>=2.8.0)", "snowflake-snowpark-python (>=0.9.0)"]
+
+[[package]]
+name = "tenacity"
+version = "8.5.0"
+description = "Retry code until it succeeds"
+optional = false
+python-versions = ">=3.8"
+files = [
+    {file = "tenacity-8.5.0-py3-none-any.whl", hash = "sha256:b594c2a5945830c267ce6b79a166228323ed52718f30302c1359836112346687"},
+    {file = "tenacity-8.5.0.tar.gz", hash = "sha256:8bc6c0c8a09b31e6cad13c47afbed1a567518250a9a171418582ed8d9c20ca78"},
+]
+
+[package.extras]
+doc = ["reno", "sphinx"]
+test = ["pytest", "tornado (>=4.5)", "typeguard"]
+
+[[package]]
+name = "toml"
+version = "0.10.2"
+description = "Python Library for Tom's Obvious, Minimal Language"
+optional = false
+python-versions = ">=2.6, !=3.0.*, !=3.1.*, !=3.2.*"
+files = [
+    {file = "toml-0.10.2-py2.py3-none-any.whl", hash = "sha256:806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b"},
+    {file = "toml-0.10.2.tar.gz", hash = "sha256:b3bda1d108d5dd99f4a20d24d9c348e91c4db7ab1b749200bded2f839ccbe68f"},
+]
+
+[[package]]
+name = "toolz"
+version = "0.12.1"
+description = "List processing tools and functional utilities"
+optional = false
+python-versions = ">=3.7"
+files = [
+    {file = "toolz-0.12.1-py3-none-any.whl", hash = "sha256:d22731364c07d72eea0a0ad45bafb2c2937ab6fd38a3507bf55eae8744aa7d85"},
+    {file = "toolz-0.12.1.tar.gz", hash = "sha256:ecca342664893f177a13dac0e6b41cbd8ac25a358e5f215316d43e2100224f4d"},
+]
+
+[[package]]
+name = "tornado"
+version = "6.4.1"
+description = "Tornado is a Python web framework and asynchronous networking library, originally developed at FriendFeed."
+optional = false
+python-versions = ">=3.8"
+files = [
+    {file = "tornado-6.4.1-cp38-abi3-macosx_10_9_universal2.whl", hash = "sha256:163b0aafc8e23d8cdc3c9dfb24c5368af84a81e3364745ccb4427669bf84aec8"},
+    {file = "tornado-6.4.1-cp38-abi3-macosx_10_9_x86_64.whl", hash = "sha256:6d5ce3437e18a2b66fbadb183c1d3364fb03f2be71299e7d10dbeeb69f4b2a14"},
+    {file = "tornado-6.4.1-cp38-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:e2e20b9113cd7293f164dc46fffb13535266e713cdb87bd2d15ddb336e96cfc4"},
+    {file = "tornado-6.4.1-cp38-abi3-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:8ae50a504a740365267b2a8d1a90c9fbc86b780a39170feca9bcc1787ff80842"},
+    {file = "tornado-6.4.1-cp38-abi3-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:613bf4ddf5c7a95509218b149b555621497a6cc0d46ac341b30bd9ec19eac7f3"},
+    {file = "tornado-6.4.1-cp38-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:25486eb223babe3eed4b8aecbac33b37e3dd6d776bc730ca14e1bf93888b979f"},
+    {file = "tornado-6.4.1-cp38-abi3-musllinux_1_2_i686.whl", hash = "sha256:454db8a7ecfcf2ff6042dde58404164d969b6f5d58b926da15e6b23817950fc4"},
+    {file = "tornado-6.4.1-cp38-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:a02a08cc7a9314b006f653ce40483b9b3c12cda222d6a46d4ac63bb6c9057698"},
+    {file = "tornado-6.4.1-cp38-abi3-win32.whl", hash = "sha256:d9a566c40b89757c9aa8e6f032bcdb8ca8795d7c1a9762910c722b1635c9de4d"},
+    {file = "tornado-6.4.1-cp38-abi3-win_amd64.whl", hash = "sha256:b24b8982ed444378d7f21d563f4180a2de31ced9d8d84443907a0a64da2072e7"},
+    {file = "tornado-6.4.1.tar.gz", hash = "sha256:92d3ab53183d8c50f8204a51e6f91d18a15d5ef261e84d452800d4ff6fc504e9"},
+]
+
+[[package]]
+name = "typing-extensions"
+version = "4.12.2"
+description = "Backported and Experimental Type Hints for Python 3.8+"
+optional = false
+python-versions = ">=3.8"
+files = [
+    {file = "typing_extensions-4.12.2-py3-none-any.whl", hash = "sha256:04e5ca0351e0f3f85c6853954072df659d0d13fac324d0072316b67d7794700d"},
+    {file = "typing_extensions-4.12.2.tar.gz", hash = "sha256:1a7ead55c7e559dd4dee8856e3a88b41225abfe1ce8df57b7c13915fe121ffb8"},
+]
+
+[[package]]
+name = "tzdata"
+version = "2024.1"
+description = "Provider of IANA time zone data"
+optional = false
+python-versions = ">=2"
+files = [
+    {file = "tzdata-2024.1-py2.py3-none-any.whl", hash = "sha256:9068bc196136463f5245e51efda838afa15aaeca9903f49050dfa2679db4d252"},
+    {file = "tzdata-2024.1.tar.gz", hash = "sha256:2674120f8d891909751c38abcdfd386ac0a5a1127954fbc332af6b5ceae07efd"},
+]
+
+[[package]]
+name = "urllib3"
+version = "2.2.2"
+description = "HTTP library with thread-safe connection pooling, file post, and more."
+optional = false
+python-versions = ">=3.8"
+files = [
+    {file = "urllib3-2.2.2-py3-none-any.whl", hash = "sha256:a448b2f64d686155468037e1ace9f2d2199776e17f0a46610480d311f73e3472"},
+    {file = "urllib3-2.2.2.tar.gz", hash = "sha256:dd505485549a7a552833da5e6063639d0d177c04f23bc3864e41e5dc5f612168"},
+]
+
+[package.extras]
+brotli = ["brotli (>=1.0.9)", "brotlicffi (>=0.8.0)"]
+h2 = ["h2 (>=4,<5)"]
+socks = ["pysocks (>=1.5.6,!=1.5.7,<2.0)"]
+zstd = ["zstandard (>=0.18.0)"]
+
+[[package]]
+name = "watchdog"
+version = "4.0.1"
+description = "Filesystem events monitoring"
+optional = false
+python-versions = ">=3.8"
+files = [
+    {file = "watchdog-4.0.1-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:da2dfdaa8006eb6a71051795856bedd97e5b03e57da96f98e375682c48850645"},
+    {file = "watchdog-4.0.1-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:e93f451f2dfa433d97765ca2634628b789b49ba8b504fdde5837cdcf25fdb53b"},
+    {file = "watchdog-4.0.1-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:ef0107bbb6a55f5be727cfc2ef945d5676b97bffb8425650dadbb184be9f9a2b"},
+    {file = "watchdog-4.0.1-cp311-cp311-macosx_10_9_universal2.whl", hash = "sha256:17e32f147d8bf9657e0922c0940bcde863b894cd871dbb694beb6704cfbd2fb5"},
+    {file = "watchdog-4.0.1-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:03e70d2df2258fb6cb0e95bbdbe06c16e608af94a3ffbd2b90c3f1e83eb10767"},
+    {file = "watchdog-4.0.1-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:123587af84260c991dc5f62a6e7ef3d1c57dfddc99faacee508c71d287248459"},
+    {file = "watchdog-4.0.1-cp312-cp312-macosx_10_9_universal2.whl", hash = "sha256:093b23e6906a8b97051191a4a0c73a77ecc958121d42346274c6af6520dec175"},
+    {file = "watchdog-4.0.1-cp312-cp312-macosx_10_9_x86_64.whl", hash = "sha256:611be3904f9843f0529c35a3ff3fd617449463cb4b73b1633950b3d97fa4bfb7"},
+    {file = "watchdog-4.0.1-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:62c613ad689ddcb11707f030e722fa929f322ef7e4f18f5335d2b73c61a85c28"},
+    {file = "watchdog-4.0.1-cp38-cp38-macosx_10_9_universal2.whl", hash = "sha256:d4925e4bf7b9bddd1c3de13c9b8a2cdb89a468f640e66fbfabaf735bd85b3e35"},
+    {file = "watchdog-4.0.1-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:cad0bbd66cd59fc474b4a4376bc5ac3fc698723510cbb64091c2a793b18654db"},
+    {file = "watchdog-4.0.1-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:a3c2c317a8fb53e5b3d25790553796105501a235343f5d2bf23bb8649c2c8709"},
+    {file = "watchdog-4.0.1-cp39-cp39-macosx_10_9_universal2.whl", hash = "sha256:c9904904b6564d4ee8a1ed820db76185a3c96e05560c776c79a6ce5ab71888ba"},
+    {file = "watchdog-4.0.1-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:667f3c579e813fcbad1b784db7a1aaa96524bed53437e119f6a2f5de4db04235"},
+    {file = "watchdog-4.0.1-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:d10a681c9a1d5a77e75c48a3b8e1a9f2ae2928eda463e8d33660437705659682"},
+    {file = "watchdog-4.0.1-pp310-pypy310_pp73-macosx_10_9_x86_64.whl", hash = "sha256:0144c0ea9997b92615af1d94afc0c217e07ce2c14912c7b1a5731776329fcfc7"},
+    {file = "watchdog-4.0.1-pp310-pypy310_pp73-macosx_11_0_arm64.whl", hash = "sha256:998d2be6976a0ee3a81fb8e2777900c28641fb5bfbd0c84717d89bca0addcdc5"},
+    {file = "watchdog-4.0.1-pp38-pypy38_pp73-macosx_10_9_x86_64.whl", hash = "sha256:e7921319fe4430b11278d924ef66d4daa469fafb1da679a2e48c935fa27af193"},
+    {file = "watchdog-4.0.1-pp38-pypy38_pp73-macosx_11_0_arm64.whl", hash = "sha256:f0de0f284248ab40188f23380b03b59126d1479cd59940f2a34f8852db710625"},
+    {file = "watchdog-4.0.1-pp39-pypy39_pp73-macosx_10_9_x86_64.whl", hash = "sha256:bca36be5707e81b9e6ce3208d92d95540d4ca244c006b61511753583c81c70dd"},
+    {file = "watchdog-4.0.1-pp39-pypy39_pp73-macosx_11_0_arm64.whl", hash = "sha256:ab998f567ebdf6b1da7dc1e5accfaa7c6992244629c0fdaef062f43249bd8dee"},
+    {file = "watchdog-4.0.1-py3-none-manylinux2014_aarch64.whl", hash = "sha256:dddba7ca1c807045323b6af4ff80f5ddc4d654c8bce8317dde1bd96b128ed253"},
+    {file = "watchdog-4.0.1-py3-none-manylinux2014_armv7l.whl", hash = "sha256:4513ec234c68b14d4161440e07f995f231be21a09329051e67a2118a7a612d2d"},
+    {file = "watchdog-4.0.1-py3-none-manylinux2014_i686.whl", hash = "sha256:4107ac5ab936a63952dea2a46a734a23230aa2f6f9db1291bf171dac3ebd53c6"},
+    {file = "watchdog-4.0.1-py3-none-manylinux2014_ppc64.whl", hash = "sha256:6e8c70d2cd745daec2a08734d9f63092b793ad97612470a0ee4cbb8f5f705c57"},
+    {file = "watchdog-4.0.1-py3-none-manylinux2014_ppc64le.whl", hash = "sha256:f27279d060e2ab24c0aa98363ff906d2386aa6c4dc2f1a374655d4e02a6c5e5e"},
+    {file = "watchdog-4.0.1-py3-none-manylinux2014_s390x.whl", hash = "sha256:f8affdf3c0f0466e69f5b3917cdd042f89c8c63aebdb9f7c078996f607cdb0f5"},
+    {file = "watchdog-4.0.1-py3-none-manylinux2014_x86_64.whl", hash = "sha256:ac7041b385f04c047fcc2951dc001671dee1b7e0615cde772e84b01fbf68ee84"},
+    {file = "watchdog-4.0.1-py3-none-win32.whl", hash = "sha256:206afc3d964f9a233e6ad34618ec60b9837d0582b500b63687e34011e15bb429"},
+    {file = "watchdog-4.0.1-py3-none-win_amd64.whl", hash = "sha256:7577b3c43e5909623149f76b099ac49a1a01ca4e167d1785c76eb52fa585745a"},
+    {file = "watchdog-4.0.1-py3-none-win_ia64.whl", hash = "sha256:d7b9f5f3299e8dd230880b6c55504a1f69cf1e4316275d1b215ebdd8187ec88d"},
+    {file = "watchdog-4.0.1.tar.gz", hash = "sha256:eebaacf674fa25511e8867028d281e602ee6500045b57f43b08778082f7f8b44"},
+]
+
+[package.extras]
+watchmedo = ["PyYAML (>=3.10)"]
+
+[metadata]
+lock-version = "2.0"
+python-versions = "^3.12"
+content-hash = "8a1c5fef843676476219d4bcb72402f0075e534a21faead1548cbf8559ed9060"
diff --git a/pyproject.toml b/pyproject.toml
new file mode 100644
index 00000000..dde4e14b
--- /dev/null
+++ b/pyproject.toml
@@ -0,0 +1,15 @@
+[tool.poetry]
+name = "lolrmm"
+version = "0.1.0"
+description = ""
+authors = ["Jose Hernandez <jhernandez@magicsword.io>"]
+readme = "README.md"
+
+[tool.poetry.dependencies]
+python = "^3.12"
+streamlit = "^1.37.0"
+
+
+[build-system]
+requires = ["poetry-core"]
+build-backend = "poetry.core.masonry.api"